From e9815c38dddbb79c0cd47c3b81eae2cec850a760 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 13 Feb 2006 00:04:28 +0000 Subject: r13480: Explain a little about how these credentials structures should be used. Andrew Bartlett (This used to be commit b90959f7968ebbfc82ac55d4775d5574b1fc6925) --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 03d325020f..176246901b 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -31,7 +31,13 @@ struct server_pipe_state { struct netr_Credential client_challenge; struct netr_Credential server_challenge; - struct creds_CredentialState *creds; + + /* This is a bit (dangeroursly?) tricky: + - The session key, computer name and domain elements are + valid. + - However the credentials chaining (seed, client, server etc) + should be obtained from the database at runtime */ + struct creds_CredentialState *creds; }; @@ -286,7 +292,16 @@ static NTSTATUS netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TAL return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3); } +/* + Validate an incoming authenticator against the credentials for the remote machine. + + The credentials are (re)read and from the schannel database, and + written back after the caclulations are performed. + + The creds_out parameter (if not NULL) returns the credentials, if + the caller needs some of that information. +*/ static NTSTATUS netr_creds_server_step_check(struct server_pipe_state *pipe_state, TALLOC_CTX *mem_ctx, struct netr_Authenticator *received_authenticator, -- cgit