diff options
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 10 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 29 |
2 files changed, 20 insertions, 19 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 1ad058b519..2dd8b821d8 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -26,8 +26,6 @@ #include "includes.h" -extern struct dcinfo last_dcinfo; -extern BOOL server_auth2_negotiated; extern userdom_struct current_user_info; #undef DBGC_CLASS @@ -438,10 +436,14 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u) fstrcpy(p->dc->mach_acct, mach_acct); fstrcpy(p->dc->remote_machine, remote_machine); + fstrcpy(p->dc->domain, lp_workgroup() ); - server_auth2_negotiated = True; p->dc->authenticated = True; - last_dcinfo = *p->dc; + + /* Store off the state so we can continue after client disconnect. */ + become_root(); + secrets_store_schannel_session_info(p->mem_ctx, p->dc); + unbecome_root(); return r_u->status; } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index ba6d9704e8..1ca5210842 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -36,15 +36,6 @@ extern struct current_user current_user; #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV -/************************************************************* - HACK Alert! - We need to transfer the session key from one rpc bind to the - next. This is the way the netlogon schannel works. -**************************************************************/ - -struct dcinfo last_dcinfo; -BOOL server_auth2_negotiated = False; - static void free_pipe_ntlmssp_auth_data(struct pipe_auth_data *auth) { AUTH_NTLMSSP_STATE *a = auth->a_u.auth_ntlmssp_state; @@ -1218,15 +1209,23 @@ static BOOL pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p, RPC_HDR_AUTH auth_info; RPC_AUTH_SCHANNEL_NEG neg; RPC_AUTH_VERIFIER auth_verifier; + BOOL ret; + struct dcinfo stored_dcinfo; uint32 flags; - if (!server_auth2_negotiated) { - DEBUG(0, ("pipe_schannel_auth_bind: Attempt to bind using schannel without successful serverauth2\n")); + if (!smb_io_rpc_auth_schannel_neg("", &neg, rpc_in_p, 0)) { + DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL auth neg\n")); return False; } - if (!smb_io_rpc_auth_schannel_neg("", &neg, rpc_in_p, 0)) { - DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL auth neg\n")); + ZERO_STRUCT(stored_dcinfo); + + become_root(); + ret = secrets_restore_schannel_session_info(p->mem_ctx, neg.myname, &stored_dcinfo); + unbecome_root(); + + if (!ret) { + DEBUG(0, ("pipe_schannel_auth_bind: Attempt to bind using schannel without successful serverauth2\n")); return False; } @@ -1236,7 +1235,7 @@ static BOOL pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p, } memset(p->auth.a_u.schannel_auth->sess_key, 0, sizeof(p->auth.a_u.schannel_auth->sess_key)); - memcpy(p->auth.a_u.schannel_auth->sess_key, last_dcinfo.sess_key, sizeof(last_dcinfo.sess_key)); + memcpy(p->auth.a_u.schannel_auth->sess_key, stored_dcinfo.sess_key, sizeof(stored_dcinfo.sess_key)); p->auth.a_u.schannel_auth->seq_num = 0; @@ -1253,7 +1252,7 @@ static BOOL pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p, if (!p->dc) { return False; } - *p->dc = last_dcinfo; + *p->dc = stored_dcinfo; init_rpc_hdr_auth(&auth_info, RPC_SCHANNEL_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) { |