diff options
| author | Andrew Tridgell <tridge@samba.org> | 2004-06-14 08:12:50 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:39 -0500 |
| commit | bccac81d8792f85ae37d4a6617a92e2fae75aa50 (patch) | |
| tree | f0c16dd01073e4c7276a23b0b7a666b33e055053 /source4/rpc_server/netlogon/schannel_state.c | |
| parent | 2fcf85920deb2bb3e564c7be611b2cec838afbf1 (diff) | |
| download | samba-bccac81d8792f85ae37d4a6617a92e2fae75aa50.tar.gz samba-bccac81d8792f85ae37d4a6617a92e2fae75aa50.tar.bz2 samba-bccac81d8792f85ae37d4a6617a92e2fae75aa50.zip | |
r1136: - added IDL for netr_LogonGetDomainInfo()
- added workstation to auth_session_info in rpc servers
- added session key fetch hook in crypto backends in dcesrv
- store and fetch seed as well as a session key in schannel ldb
- when a client uses schannel to setup a netlogon pipe connection we
also need to setup the credentials from the schannel negotiation so
credentials chaining works
- added server side netr_LogonGetDomainInfo() call
(This used to be commit a35459387de3b6a422c5af6f658338fc7e4314b0)
Diffstat (limited to 'source4/rpc_server/netlogon/schannel_state.c')
| -rw-r--r-- | source4/rpc_server/netlogon/schannel_state.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/source4/rpc_server/netlogon/schannel_state.c b/source4/rpc_server/netlogon/schannel_state.c index eaa5013572..43134fd437 100644 --- a/source4/rpc_server/netlogon/schannel_state.c +++ b/source4/rpc_server/netlogon/schannel_state.c @@ -53,11 +53,12 @@ static struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) use a simple ldb structure */ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, - const char *computer_name, struct creds_CredentialState *creds) + const char *computer_name, + struct creds_CredentialState *creds) { struct ldb_context *ldb; struct ldb_message msg; - struct ldb_val val; + struct ldb_val val, seed; char *s = NULL; time_t expiry = time(NULL) + SCHANNEL_CREDENTIALS_EXPIRY; int ret; @@ -85,7 +86,11 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, val.data = creds->session_key; val.length = sizeof(creds->session_key); + seed.data = creds->seed.data; + seed.length = sizeof(creds->seed.data); + ldb_msg_add_value(ldb, &msg, "sessionKey", &val); + ldb_msg_add_value(ldb, &msg, "seed", &seed); ldb_msg_add_string(ldb, &msg, "expiry", s); ldb_delete(ldb, msg.dn); @@ -104,10 +109,11 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, /* - read back a session key for a computer + read back a credentials back for a computer */ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, - const char *computer_name, uint8_t session_key[16]) + const char *computer_name, + struct creds_CredentialState *creds) { struct ldb_context *ldb; time_t expiry; @@ -116,6 +122,8 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, const struct ldb_val *val; char *expr=NULL; + ZERO_STRUCTP(creds); + ldb = schannel_db_connect(mem_ctx); if (ldb == NULL) { return NT_STATUS_NO_MEMORY; @@ -146,7 +154,15 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_HANDLE; } - memcpy(session_key, val->data, 16); + memcpy(creds->session_key, val->data, 16); + + val = ldb_msg_find_ldb_val(res[0], "seed"); + if (val == NULL || val->length != 8) { + ldb_close(ldb); + return NT_STATUS_INVALID_HANDLE; + } + + memcpy(creds->seed.data, val->data, 8); ldb_close(ldb); |