summaryrefslogtreecommitdiff
path: root/source4/rpc_server/netlogon
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-07-22 04:10:07 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:29:55 -0500
commitb16362fab65d0700bd6a8cf6569a9e21c7e6b069 (patch)
treecd68807d497dac925038d03c3786308825b02e10 /source4/rpc_server/netlogon
parent176c0d1b771d0e81167a12eb81eddb40732b074a (diff)
downloadsamba-b16362fab65d0700bd6a8cf6569a9e21c7e6b069.tar.gz
samba-b16362fab65d0700bd6a8cf6569a9e21c7e6b069.tar.bz2
samba-b16362fab65d0700bd6a8cf6569a9e21c7e6b069.zip
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the
user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
Diffstat (limited to 'source4/rpc_server/netlogon')
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c53
1 files changed, 33 insertions, 20 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index ca7b938ea6..31db7c81f3 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -436,13 +436,21 @@ static NTSTATUS netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_
struct auth_usersupplied_info *user_info;
struct auth_serversupplied_info *server_info;
NTSTATUS nt_status;
- const uint8_t *chal;
static const char zeros[16];
struct netr_SamBaseInfo *sam;
struct netr_SamInfo2 *sam2;
struct netr_SamInfo3 *sam3;
struct netr_SamInfo6 *sam6;
+ user_info = talloc(mem_ctx, struct auth_usersupplied_info);
+ if (!user_info) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ user_info->flags = 0;
+ user_info->mapped_state = False;
+ user_info->remote_host = NULL;
+
switch (r->in.logon_level) {
case 1:
case 3:
@@ -464,21 +472,26 @@ static NTSTATUS netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_
dce_call->event_ctx);
NT_STATUS_NOT_OK_RETURN(nt_status);
- nt_status = auth_get_challenge(auth_context, &chal);
- NT_STATUS_NOT_OK_RETURN(nt_status);
+ user_info->client.account_name = r->in.logon.network->identity_info.account_name.string;
+ user_info->client.domain_name = r->in.logon.network->identity_info.domain_name.string;
+ user_info->workstation_name = r->in.logon.network->identity_info.workstation.string;
+
+ user_info->password_state = AUTH_PASSWORD_HASH;
+ user_info->password.hash.lanman = talloc(user_info, struct samr_Password);
+ if (!user_info->password.hash.lanman) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ *user_info->password.hash.lanman = r->in.logon.password->lmpassword;
- nt_status = make_user_info_netlogon_interactive(mem_ctx,
- r->in.logon.password->identity_info.account_name.string,
- r->in.logon.password->identity_info.domain_name.string,
- r->in.logon.password->identity_info.workstation.string,
- chal,
- &r->in.logon.password->lmpassword,
- &r->in.logon.password->ntpassword,
- &user_info);
- NT_STATUS_NOT_OK_RETURN(nt_status);
+ user_info->password.hash.nt = talloc(user_info, struct samr_Password);
+ if (!user_info->password.hash.nt) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ *user_info->password.hash.nt = r->in.logon.password->ntpassword;
break;
case 2:
case 6:
+
/* TODO: we need to deny anonymous access here */
nt_status = auth_context_create(mem_ctx, lp_auth_methods(), &auth_context,
dce_call->event_ctx);
@@ -487,14 +500,14 @@ static NTSTATUS netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_
nt_status = auth_context_set_challenge(auth_context, r->in.logon.network->challenge, "netr_LogonSamLogonWithFlags");
NT_STATUS_NOT_OK_RETURN(nt_status);
- nt_status = make_user_info_netlogon_network(auth_context,
- r->in.logon.network->identity_info.account_name.string,
- r->in.logon.network->identity_info.domain_name.string,
- r->in.logon.network->identity_info.workstation.string,
- r->in.logon.network->lm.data, r->in.logon.network->lm.length,
- r->in.logon.network->nt.data, r->in.logon.network->nt.length,
- &user_info);
- NT_STATUS_NOT_OK_RETURN(nt_status);
+ user_info->client.account_name = r->in.logon.network->identity_info.account_name.string;
+ user_info->client.domain_name = r->in.logon.network->identity_info.domain_name.string;
+ user_info->workstation_name = r->in.logon.network->identity_info.workstation.string;
+
+ user_info->password_state = AUTH_PASSWORD_RESPONSE;
+ user_info->password.response.lanman = data_blob(r->in.logon.network->lm.data, r->in.logon.network->lm.length);
+ user_info->password.response.nt = data_blob(r->in.logon.network->nt.data, r->in.logon.network->nt.length);
+
break;
default:
return NT_STATUS_INVALID_PARAMETER;