diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-03-06 06:37:38 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:10:58 -0500 |
| commit | 765832748b4ef6141802ff72e3dea99453bf23d8 (patch) | |
| tree | 3f775e2d72b9ca604149c8e5fb6af910ce796ff0 /source4 | |
| parent | a52a6f1c425335a4154fcd0d8f1c45f6e387ce53 (diff) | |
| download | samba-765832748b4ef6141802ff72e3dea99453bf23d8.tar.gz samba-765832748b4ef6141802ff72e3dea99453bf23d8.tar.bz2 samba-765832748b4ef6141802ff72e3dea99453bf23d8.zip | |
r5667: Move schannel state into libcli/auth (as it belongs with schannel,
which will move in with the rest of GENSEC shortly).
Add the RID as another element in the schannel state.
Andrew Bartlett
(This used to be commit 69114b4a8e1c937ab5ff12ca91dd22bd83fd9a3b)
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/libcli/auth/credentials.h | 1 | ||||
| -rw-r--r-- | source4/libcli/auth/gensec.mk | 10 | ||||
| -rw-r--r-- | source4/libcli/auth/schannel_state.c (renamed from source4/rpc_server/netlogon/schannel_state.c) | 11 | ||||
| -rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 7 | ||||
| -rw-r--r-- | source4/rpc_server/config.mk | 9 | ||||
| -rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 11 |
6 files changed, 25 insertions, 24 deletions
diff --git a/source4/libcli/auth/credentials.h b/source4/libcli/auth/credentials.h index 7c3c4379d1..d1417bf83e 100644 --- a/source4/libcli/auth/credentials.h +++ b/source4/libcli/auth/credentials.h @@ -32,6 +32,7 @@ struct creds_CredentialState { uint16_t secure_channel_type; const char *computer_name; const char *account_name; + uint32_t rid; }; /* for the timebeing, use the same neg flags as Samba3. */ diff --git a/source4/libcli/auth/gensec.mk b/source4/libcli/auth/gensec.mk index e4559bb972..7e2e34081d 100644 --- a/source4/libcli/auth/gensec.mk +++ b/source4/libcli/auth/gensec.mk @@ -67,3 +67,13 @@ ADD_OBJ_FILES = \ REQUIRED_SUBSYSTEMS = AUTH # End MODULE gensec_ntlmssp ################################################ + +################################################ +# Start SUBSYSTEM SCHANNELDB +[SUBSYSTEM::SCHANNELDB] +INIT_OBJ_FILES = \ + libcli/auth/schannel_state.o +# +# End SUBSYSTEM SCHANNELDB +################################################ + diff --git a/source4/rpc_server/netlogon/schannel_state.c b/source4/libcli/auth/schannel_state.c index e7c9c13314..2a9e0a3ec3 100644 --- a/source4/rpc_server/netlogon/schannel_state.c +++ b/source4/libcli/auth/schannel_state.c @@ -64,6 +64,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, char *s; char *f; char *sct; + char *rid; time_t expiry = time(NULL) + SCHANNEL_CREDENTIALS_EXPIRY; int ret; @@ -93,6 +94,13 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } + rid = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->rid); + + if (rid == NULL) { + talloc_free(ldb); + return NT_STATUS_NO_MEMORY; + } + msg = ldb_msg_new(mem_ctx); if (msg == NULL) { talloc_free(ldb); @@ -119,6 +127,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, ldb_msg_add_string(ldb, msg, "secureChannelType", sct); ldb_msg_add_string(ldb, msg, "accountName", creds->account_name); ldb_msg_add_string(ldb, msg, "computerName", creds->computer_name); + ldb_msg_add_string(ldb, msg, "rid", rid); ldb_delete(ldb, msg->dn); @@ -208,6 +217,8 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, (*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_string(res[0], "computerName", NULL)); + (*creds)->rid = ldb_msg_find_uint(res[0], "rid", 0); + talloc_free(ldb); return NT_STATUS_OK; diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index a6262d85f0..d99d43ad58 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -36,13 +36,6 @@ struct dcerpc_schannel_state { char *account_name; }; -static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, - const char *domain, - const char *username, - const char *password, - int chan_type, - struct creds_CredentialState *creds); - /* wrappers for the schannel_*() functions diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk index e50aa58c35..765f2237bc 100644 --- a/source4/rpc_server/config.mk +++ b/source4/rpc_server/config.mk @@ -32,15 +32,6 @@ REQUIRED_SUBSYSTEMS = \ ################################################ ################################################ -# Start SUBSYSTEM SCHANNELDB -[SUBSYSTEM::SCHANNELDB] -INIT_OBJ_FILES = \ - rpc_server/netlogon/schannel_state.o -# -# End SUBSYSTEM SCHANNELDB -################################################ - -################################################ # Start MODULE dcerpc_rpcecho [MODULE::dcerpc_rpcecho] INIT_FUNCTION = dcerpc_server_rpcecho_init diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index bb16ed54c6..fd93d495e2 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -45,17 +45,11 @@ static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call) struct server_pipe_state *state; NTSTATUS status; - state = talloc(dce_call->conn, struct server_pipe_state); + /* We want the client and server challenge zero */ + state = talloc_zero(dce_call->conn, struct server_pipe_state); if (state == NULL) { return NT_STATUS_NO_MEMORY; } - ZERO_STRUCTP(state); - - if (dce_call->conn->auth_state.session_info == NULL) { - talloc_free(state); - smb_panic("No session info provided by schannel level setup!"); - return NT_STATUS_NO_USER_SESSION_KEY; - } status = dcerpc_schannel_creds(dce_call->conn->auth_state.gensec_security, state, @@ -235,6 +229,7 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL pipe_state->creds->secure_channel_type = r->in.secure_channel_type; + pipe_state->creds->rid = *r->out.rid; /* remember this session key state */ nt_status = schannel_store_session_key(mem_ctx, pipe_state->creds); |