From 5095d7b1c84e7e37f553867d699a1983f74d4314 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 6 Apr 2009 22:54:44 +1000
Subject: Rework Samba4 to use the new common libcli/auth code

In particular, this is the rename from creds_ to netlogon_creds_, as
well as other links to use the new common crypto.

Andrew Bartlett
---
 source4/auth/gensec/gensec.h   |  4 ++--
 source4/auth/gensec/schannel.c | 29 ++++++++++++++++++++---------
 source4/auth/gensec/schannel.h |  6 ++++--
 3 files changed, 26 insertions(+), 13 deletions(-)

(limited to 'source4/auth/gensec')

diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index c4e93ee97b..3b27e0f733 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -284,10 +284,10 @@ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
 NTSTATUS gensec_session_info(struct gensec_security *gensec_security, 
 			     struct auth_session_info **session_info);
 NTSTATUS auth_nt_status_squash(NTSTATUS nt_status);
-struct creds_CredentialState;
+struct netlogon_creds_CredentialState;
 NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
 			       TALLOC_CTX *mem_ctx,
-			       struct creds_CredentialState **creds);
+			       struct netlogon_creds_CredentialState **creds);
 NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr);
 NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr);
 
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index e6d38c14a3..b71748943b 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -27,8 +27,6 @@
 #include "auth/gensec/gensec.h"
 #include "auth/gensec/gensec_proto.h"
 #include "auth/gensec/schannel.h"
-#include "auth/gensec/schannel_state.h"
-#include "auth/gensec/schannel_proto.h"
 #include "librpc/rpc/dcerpc.h"
 #include "param/param.h"
 #include "auth/session_proto.h"
@@ -52,8 +50,8 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
 	enum ndr_err_code ndr_err;
 	struct schannel_bind bind_schannel;
 	struct schannel_bind_ack bind_schannel_ack;
-	struct creds_CredentialState *creds;
-
+	struct netlogon_creds_CredentialState *creds;
+	struct ldb_context *schannel_ldb;
 	const char *workstation;
 	const char *domain;
 	*out = data_blob(NULL, 0);
@@ -124,10 +122,22 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
 			domain = bind_schannel.u.info3.domain;
 		}
 		
+		if (strcasecmp_m(domain, lp_workgroup(gensec_security->settings->lp_ctx)) != 0) {
+			DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
+				  domain, lp_workgroup(gensec_security->settings->lp_ctx)));
+			
+			return NT_STATUS_LOGON_FAILURE;
+		}
+
+		schannel_ldb = schannel_db_connect(out_mem_ctx, gensec_security->event_ctx, 
+						   gensec_security->settings->lp_ctx);
+		if (!schannel_ldb) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
 		/* pull the session key for this client */
-		status = schannel_fetch_session_key(out_mem_ctx, gensec_security->event_ctx, 
-						    gensec_security->settings->lp_ctx, workstation, 
-						    domain, &creds);
+		status = schannel_fetch_session_key(schannel_ldb, 
+						    out_mem_ctx, workstation, &creds);
+		talloc_free(schannel_ldb);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
 				  workstation, nt_errstr(status)));
@@ -167,9 +177,10 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
  */
 
 /* TODO: make this non-public */
+
 _PUBLIC_ NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
-			       TALLOC_CTX *mem_ctx,
-			       struct creds_CredentialState **creds)
+					TALLOC_CTX *mem_ctx,
+					struct netlogon_creds_CredentialState **creds)
 { 
 	struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
 
diff --git a/source4/auth/gensec/schannel.h b/source4/auth/gensec/schannel.h
index 2ddea29006..ee841ef639 100644
--- a/source4/auth/gensec/schannel.h
+++ b/source4/auth/gensec/schannel.h
@@ -20,7 +20,9 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#include "libcli/auth/credentials.h"
+#include "auth/gensec/schannel_proto.h"
+#include "auth/gensec/schannel_state.h"
+#include "libcli/auth/schannel_state.h"
 
 enum schannel_position {
 	SCHANNEL_STATE_START = 0,
@@ -31,6 +33,6 @@ struct schannel_state {
 	enum schannel_position state;
 	uint32_t seq_num;
 	bool initiator;
-	struct creds_CredentialState *creds;
+	struct netlogon_creds_CredentialState *creds;
 };
 
-- 
cgit