summaryrefslogtreecommitdiff
path: root/source4/rpc_server/netlogon/dcerpc_netlogon.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-02-13 00:04:28 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:51:55 -0500
commite9815c38dddbb79c0cd47c3b81eae2cec850a760 (patch)
treeec4dfcd3202e954698ecd6bb0a09032d779437dc /source4/rpc_server/netlogon/dcerpc_netlogon.c
parent358122c688518ffce389644b1c3b4a33e2c24c50 (diff)
downloadsamba-e9815c38dddbb79c0cd47c3b81eae2cec850a760.tar.gz
samba-e9815c38dddbb79c0cd47c3b81eae2cec850a760.tar.bz2
samba-e9815c38dddbb79c0cd47c3b81eae2cec850a760.zip
r13480: Explain a little about how these credentials structures should be used.
Andrew Bartlett (This used to be commit b90959f7968ebbfc82ac55d4775d5574b1fc6925)
Diffstat (limited to 'source4/rpc_server/netlogon/dcerpc_netlogon.c')
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 03d325020f..176246901b 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -31,7 +31,13 @@
struct server_pipe_state {
struct netr_Credential client_challenge;
struct netr_Credential server_challenge;
- struct creds_CredentialState *creds;
+
+ /* This is a bit (dangeroursly?) tricky:
+ - The session key, computer name and domain elements are
+ valid.
+ - However the credentials chaining (seed, client, server etc)
+ should be obtained from the database at runtime */
+ struct creds_CredentialState *creds;
};
@@ -286,7 +292,16 @@ static NTSTATUS netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TAL
return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
}
+/*
+ Validate an incoming authenticator against the credentials for the remote machine.
+
+ The credentials are (re)read and from the schannel database, and
+ written back after the caclulations are performed.
+
+ The creds_out parameter (if not NULL) returns the credentials, if
+ the caller needs some of that information.
+*/
static NTSTATUS netr_creds_server_step_check(struct server_pipe_state *pipe_state,
TALLOC_CTX *mem_ctx,
struct netr_Authenticator *received_authenticator,