From 4507d2b9eb2ddabf8b101ed1c744981014298049 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 1 Feb 2011 14:47:05 +0100 Subject: s3:rpc_server/netlogon: add _netr_LogonSamLogon_check() We need to check for invalid parameters before we check for access denied. metze --- source3/rpc_server/srv_netlog_nt.c | 101 ++++++++++++++++++++++++++++++++----- 1 file changed, 87 insertions(+), 14 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index ff0f72b1a0..11fa9462da 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -1300,6 +1300,65 @@ NTSTATUS _netr_LogonSamLogoff(struct pipes_struct *p, return status; } +static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r) +{ + switch (r->in.logon_level) { + case NetlogonInteractiveInformation: + case NetlogonServiceInformation: + case NetlogonInteractiveTransitiveInformation: + case NetlogonServiceTransitiveInformation: + if (r->in.logon->password == NULL) { + return NT_STATUS_INVALID_PARAMETER; + } + + switch (r->in.validation_level) { + case NetlogonValidationSamInfo: /* 2 */ + case NetlogonValidationSamInfo2: /* 3 */ + case NetlogonValidationSamInfo4: /* 6 */ + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + break; + case NetlogonNetworkInformation: + case NetlogonNetworkTransitiveInformation: + if (r->in.logon->network == NULL) { + return NT_STATUS_INVALID_PARAMETER; + } + + switch (r->in.validation_level) { + case NetlogonValidationSamInfo: /* 2 */ + case NetlogonValidationSamInfo2: /* 3 */ + case NetlogonValidationSamInfo4: /* 6 */ + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + break; + + case NetlogonGenericInformation: + if (r->in.logon->generic == NULL) { + return NT_STATUS_INVALID_PARAMETER; + } + + switch (r->in.validation_level) { + /* TODO: case NetlogonValidationGenericInfo: 4 */ + case NetlogonValidationGenericInfo2: /* 5 */ + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + break; + default: + return NT_STATUS_INVALID_PARAMETER; + } + + return NT_STATUS_OK; +} + /************************************************************************* _netr_LogonSamLogon_base *************************************************************************/ @@ -1556,16 +1615,7 @@ NTSTATUS _netr_LogonSamLogonWithFlags(struct pipes_struct *p, struct netr_LogonSamLogonEx r2; struct netr_Authenticator return_authenticator; - become_root(); - status = netr_creds_server_step_check(p, p->mem_ctx, - r->in.computer_name, - r->in.credential, - &return_authenticator, - &creds); - unbecome_root(); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + *r->out.authoritative = true; r2.in.server_name = r->in.server_name; r2.in.computer_name = r->in.computer_name; @@ -1577,6 +1627,22 @@ NTSTATUS _netr_LogonSamLogonWithFlags(struct pipes_struct *p, r2.out.authoritative = r->out.authoritative; r2.out.flags = r->out.flags; + status = _netr_LogonSamLogon_check(&r2); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + become_root(); + status = netr_creds_server_step_check(p, p->mem_ctx, + r->in.computer_name, + r->in.credential, + &return_authenticator, + &creds); + unbecome_root(); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + status = _netr_LogonSamLogon_base(p, &r2, creds); *r->out.return_authenticator = return_authenticator; @@ -1624,10 +1690,9 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p, NTSTATUS status; struct netlogon_creds_CredentialState *creds = NULL; - become_root(); - status = schannel_get_creds_state(p->mem_ctx, lp_private_dir(), - r->in.computer_name, &creds); - unbecome_root(); + *r->out.authoritative = true; + + status = _netr_LogonSamLogon_check(r); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -1639,6 +1704,14 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p, return NT_STATUS_INVALID_PARAMETER; } + become_root(); + status = schannel_get_creds_state(p->mem_ctx, lp_private_dir(), + r->in.computer_name, &creds); + unbecome_root(); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + status = _netr_LogonSamLogon_base(p, r, creds); TALLOC_FREE(creds); -- cgit