summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source4/libcli/auth/credentials.h1
-rw-r--r--source4/libcli/auth/gensec.mk10
-rw-r--r--source4/libcli/auth/schannel_state.c (renamed from source4/rpc_server/netlogon/schannel_state.c)11
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c7
-rw-r--r--source4/rpc_server/config.mk9
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c11
6 files changed, 25 insertions, 24 deletions
diff --git a/source4/libcli/auth/credentials.h b/source4/libcli/auth/credentials.h
index 7c3c4379d1..d1417bf83e 100644
--- a/source4/libcli/auth/credentials.h
+++ b/source4/libcli/auth/credentials.h
@@ -32,6 +32,7 @@ struct creds_CredentialState {
uint16_t secure_channel_type;
const char *computer_name;
const char *account_name;
+ uint32_t rid;
};
/* for the timebeing, use the same neg flags as Samba3. */
diff --git a/source4/libcli/auth/gensec.mk b/source4/libcli/auth/gensec.mk
index e4559bb972..7e2e34081d 100644
--- a/source4/libcli/auth/gensec.mk
+++ b/source4/libcli/auth/gensec.mk
@@ -67,3 +67,13 @@ ADD_OBJ_FILES = \
REQUIRED_SUBSYSTEMS = AUTH
# End MODULE gensec_ntlmssp
################################################
+
+################################################
+# Start SUBSYSTEM SCHANNELDB
+[SUBSYSTEM::SCHANNELDB]
+INIT_OBJ_FILES = \
+ libcli/auth/schannel_state.o
+#
+# End SUBSYSTEM SCHANNELDB
+################################################
+
diff --git a/source4/rpc_server/netlogon/schannel_state.c b/source4/libcli/auth/schannel_state.c
index e7c9c13314..2a9e0a3ec3 100644
--- a/source4/rpc_server/netlogon/schannel_state.c
+++ b/source4/libcli/auth/schannel_state.c
@@ -64,6 +64,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
char *s;
char *f;
char *sct;
+ char *rid;
time_t expiry = time(NULL) + SCHANNEL_CREDENTIALS_EXPIRY;
int ret;
@@ -93,6 +94,13 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
+ rid = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->rid);
+
+ if (rid == NULL) {
+ talloc_free(ldb);
+ return NT_STATUS_NO_MEMORY;
+ }
+
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
talloc_free(ldb);
@@ -119,6 +127,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
ldb_msg_add_string(ldb, msg, "secureChannelType", sct);
ldb_msg_add_string(ldb, msg, "accountName", creds->account_name);
ldb_msg_add_string(ldb, msg, "computerName", creds->computer_name);
+ ldb_msg_add_string(ldb, msg, "rid", rid);
ldb_delete(ldb, msg->dn);
@@ -208,6 +217,8 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
(*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_string(res[0], "computerName", NULL));
+ (*creds)->rid = ldb_msg_find_uint(res[0], "rid", 0);
+
talloc_free(ldb);
return NT_STATUS_OK;
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index a6262d85f0..d99d43ad58 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -36,13 +36,6 @@ struct dcerpc_schannel_state {
char *account_name;
};
-static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
- const char *domain,
- const char *username,
- const char *password,
- int chan_type,
- struct creds_CredentialState *creds);
-
/*
wrappers for the schannel_*() functions
diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk
index e50aa58c35..765f2237bc 100644
--- a/source4/rpc_server/config.mk
+++ b/source4/rpc_server/config.mk
@@ -32,15 +32,6 @@ REQUIRED_SUBSYSTEMS = \
################################################
################################################
-# Start SUBSYSTEM SCHANNELDB
-[SUBSYSTEM::SCHANNELDB]
-INIT_OBJ_FILES = \
- rpc_server/netlogon/schannel_state.o
-#
-# End SUBSYSTEM SCHANNELDB
-################################################
-
-################################################
# Start MODULE dcerpc_rpcecho
[MODULE::dcerpc_rpcecho]
INIT_FUNCTION = dcerpc_server_rpcecho_init
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index bb16ed54c6..fd93d495e2 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -45,17 +45,11 @@ static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call)
struct server_pipe_state *state;
NTSTATUS status;
- state = talloc(dce_call->conn, struct server_pipe_state);
+ /* We want the client and server challenge zero */
+ state = talloc_zero(dce_call->conn, struct server_pipe_state);
if (state == NULL) {
return NT_STATUS_NO_MEMORY;
}
- ZERO_STRUCTP(state);
-
- if (dce_call->conn->auth_state.session_info == NULL) {
- talloc_free(state);
- smb_panic("No session info provided by schannel level setup!");
- return NT_STATUS_NO_USER_SESSION_KEY;
- }
status = dcerpc_schannel_creds(dce_call->conn->auth_state.gensec_security,
state,
@@ -235,6 +229,7 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL
pipe_state->creds->secure_channel_type = r->in.secure_channel_type;
+ pipe_state->creds->rid = *r->out.rid;
/* remember this session key state */
nt_status = schannel_store_session_key(mem_ctx, pipe_state->creds);
generated by cgit (git 2.34.1) at 2025-01-23 00:22:06 +0000