From b16362fab65d0700bd6a8cf6569a9e21c7e6b069 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 22 Jul 2005 04:10:07 +0000 Subject: r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88) --- source4/rpc_server/lsa/dcesrv_lsa.c | 2 +- source4/rpc_server/netlogon/dcerpc_netlogon.c | 53 +++++++++++++++++---------- 2 files changed, 34 insertions(+), 21 deletions(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 71132119ac..78973776f1 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -619,7 +619,7 @@ static NTSTATUS lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_call, TALL samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "securityIdentifier", sid_string); } - /* pull in all the template attributes. Note this is always from the global samdb */ + /* pull in all the template attributes. */ ret = samdb_copy_template(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "(&(name=TemplateTrustedDomain)(objectclass=trustedDomainTemplate))"); if (ret != 0) { diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index ca7b938ea6..31db7c81f3 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -436,13 +436,21 @@ static NTSTATUS netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_ struct auth_usersupplied_info *user_info; struct auth_serversupplied_info *server_info; NTSTATUS nt_status; - const uint8_t *chal; static const char zeros[16]; struct netr_SamBaseInfo *sam; struct netr_SamInfo2 *sam2; struct netr_SamInfo3 *sam3; struct netr_SamInfo6 *sam6; + user_info = talloc(mem_ctx, struct auth_usersupplied_info); + if (!user_info) { + return NT_STATUS_NO_MEMORY; + } + + user_info->flags = 0; + user_info->mapped_state = False; + user_info->remote_host = NULL; + switch (r->in.logon_level) { case 1: case 3: @@ -464,21 +472,26 @@ static NTSTATUS netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_ dce_call->event_ctx); NT_STATUS_NOT_OK_RETURN(nt_status); - nt_status = auth_get_challenge(auth_context, &chal); - NT_STATUS_NOT_OK_RETURN(nt_status); + user_info->client.account_name = r->in.logon.network->identity_info.account_name.string; + user_info->client.domain_name = r->in.logon.network->identity_info.domain_name.string; + user_info->workstation_name = r->in.logon.network->identity_info.workstation.string; + + user_info->password_state = AUTH_PASSWORD_HASH; + user_info->password.hash.lanman = talloc(user_info, struct samr_Password); + if (!user_info->password.hash.lanman) { + return NT_STATUS_NO_MEMORY; + } + *user_info->password.hash.lanman = r->in.logon.password->lmpassword; - nt_status = make_user_info_netlogon_interactive(mem_ctx, - r->in.logon.password->identity_info.account_name.string, - r->in.logon.password->identity_info.domain_name.string, - r->in.logon.password->identity_info.workstation.string, - chal, - &r->in.logon.password->lmpassword, - &r->in.logon.password->ntpassword, - &user_info); - NT_STATUS_NOT_OK_RETURN(nt_status); + user_info->password.hash.nt = talloc(user_info, struct samr_Password); + if (!user_info->password.hash.nt) { + return NT_STATUS_NO_MEMORY; + } + *user_info->password.hash.nt = r->in.logon.password->ntpassword; break; case 2: case 6: + /* TODO: we need to deny anonymous access here */ nt_status = auth_context_create(mem_ctx, lp_auth_methods(), &auth_context, dce_call->event_ctx); @@ -487,14 +500,14 @@ static NTSTATUS netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_ nt_status = auth_context_set_challenge(auth_context, r->in.logon.network->challenge, "netr_LogonSamLogonWithFlags"); NT_STATUS_NOT_OK_RETURN(nt_status); - nt_status = make_user_info_netlogon_network(auth_context, - r->in.logon.network->identity_info.account_name.string, - r->in.logon.network->identity_info.domain_name.string, - r->in.logon.network->identity_info.workstation.string, - r->in.logon.network->lm.data, r->in.logon.network->lm.length, - r->in.logon.network->nt.data, r->in.logon.network->nt.length, - &user_info); - NT_STATUS_NOT_OK_RETURN(nt_status); + user_info->client.account_name = r->in.logon.network->identity_info.account_name.string; + user_info->client.domain_name = r->in.logon.network->identity_info.domain_name.string; + user_info->workstation_name = r->in.logon.network->identity_info.workstation.string; + + user_info->password_state = AUTH_PASSWORD_RESPONSE; + user_info->password.response.lanman = data_blob(r->in.logon.network->lm.data, r->in.logon.network->lm.length); + user_info->password.response.nt = data_blob(r->in.logon.network->nt.data, r->in.logon.network->nt.length); + break; default: return NT_STATUS_INVALID_PARAMETER; -- cgit