$self->pidl("p = dcesrv_get_pipes_struct(dce_call->conn);");
$self->pidl("p->dce_call = dce_call;");
$self->pidl("p->mem_ctx = mem_ctx;");
- $self->pidl("p->auth.auth_type = dce_call->auth_state->auth_type;");
- $self->pidl("p->auth.auth_level = dce_call->auth_state->auth_level;");
- $self->pidl("p->auth.auth_context_id = dce_call->auth_state->auth_context_id;");
$self->pidl("/* Reset pipes struct fault state */");
$self->pidl("p->fault_state = 0;");
$self->pidl("");
$self->pidl("p->dce_call = NULL;");
$self->pidl("p->mem_ctx = NULL;");
- $self->pidl("p->auth.auth_type = 0;");
- $self->pidl("p->auth.auth_level = 0;");
- $self->pidl("p->auth.auth_context_id = 0;");
$self->pidl("/* Check pipes struct fault state */");
$self->pidl("if (p->fault_state != 0) {");
$self->indent();
NTSTATUS _lsa_LookupSids3(struct pipes_struct *p,
struct lsa_LookupSids3 *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+ enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
struct lsa_LookupSids2 q;
if (p->transport != NCACN_IP_TCP) {
return NT_STATUS_ACCESS_DENIED;
}
+ dcesrv_call_auth_info(dce_call, &auth_type, &auth_level);
+
/* No policy handle on this call. Restrict to crypto connections. */
- if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
- p->auth.auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+ if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
+ auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
DEBUG(1, ("_lsa_LookupSids3: The client %s is not using "
"a secure connection over netlogon\n",
get_remote_machine_name() ));
NTSTATUS _lsa_LookupNames4(struct pipes_struct *p,
struct lsa_LookupNames4 *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+ enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
struct lsa_LookupNames3 q;
if (p->transport != NCACN_IP_TCP) {
return NT_STATUS_ACCESS_DENIED;
}
+ dcesrv_call_auth_info(dce_call, &auth_type, &auth_level);
+
/* No policy handle on this call. Restrict to crypto connections. */
- if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
- p->auth.auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+ if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
+ auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
DEBUG(1, ("_lsa_LookupNames4: The client %s is not using "
"a secure connection over netlogon\n",
get_remote_machine_name()));
opname = ndr_table_netlogon.calls[opnum].name;
}
- auth_type = p->auth.auth_type;
+ dcesrv_call_auth_info(dce_call, &auth_type, NULL);
lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers());
if (lp_ctx == NULL) {
status = serverinfo_to_SamInfo3(server_info,
r->out.validation->sam3);
break;
- case 6:
+ case 6: {
+ enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+ dcesrv_call_auth_info(dce_call, NULL, &auth_level);
+
/* Only allow this if the pipe is protected. */
- if (p->auth.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) {
+ if (auth_level < DCERPC_AUTH_LEVEL_PRIVACY) {
DEBUG(0,("netr_Validation6: client %s not using privacy for netlogon\n",
get_remote_machine_name()));
status = NT_STATUS_INVALID_PARAMETER;
r->out.validation->sam6);
break;
}
+ }
TALLOC_FREE(server_info);
NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
struct netr_LogonSamLogonEx *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
NTSTATUS status;
struct netlogon_creds_CredentialState *creds = NULL;
struct loadparm_context *lp_ctx;
}
/* Only allow this if the pipe is protected. */
- if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
+
+ dcesrv_call_auth_info(dce_call, &auth_type, NULL);
+
+ if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
DEBUG(0,("_netr_LogonSamLogonEx: client %s not using schannel for netlogon\n",
get_remote_machine_name() ));
return NT_STATUS_INVALID_PARAMETER;
struct messaging_context *msg_ctx;
- struct pipe_auth_data auth;
-
/*
* Set the DCERPC_FAULT to return.
*/
NTSTATUS _samr_ValidatePassword(struct pipes_struct *p,
struct samr_ValidatePassword *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
union samr_ValidatePasswordRep *rep;
NTSTATUS status;
struct samr_GetDomPwInfo pw;
return NT_STATUS_ACCESS_DENIED;
}
- if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
+ dcesrv_call_auth_info(dce_call, NULL, &auth_level);
+
+ if (auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
return NT_STATUS_ACCESS_DENIED;
}
p = dcesrv_get_pipes_struct(dce_call->conn);
p->dce_call = dce_call;
p->mem_ctx = mem_ctx;
- p->auth.auth_type = dce_call->auth_state->auth_type;
- p->auth.auth_level = dce_call->auth_state->auth_level;
- p->auth.auth_context_id = dce_call->auth_state->auth_context_id;
/* Reset pipes struct fault state */
p->fault_state = 0;
p->dce_call = NULL;
p->mem_ctx = NULL;
- p->auth.auth_type = 0;
- p->auth.auth_level = 0;
- p->auth.auth_context_id = 0;
/* Check pipes struct fault state */
if (p->fault_state != 0) {
dce_call->fault_code = p->fault_state;