schannel_tdb: make code compilable in both trees

[samba.git] / source3 / rpc_server / srv_netlog_nt.c

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 71463c28ad82a21bc45994b795beccb1c6ed17ad..b9bfda9a83bbbaa6c062f28a9825d088a7be2760 100644 (file)
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -724,7 +724,8 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
 
        /* Store off the state so we can continue after client disconnect. */
        become_root();
-       status = schannel_store_session_key(p->mem_ctx, creds);
+       status = schannel_save_creds_state(p->mem_ctx,
+                                          NULL, lp_private_dir(), creds);
        unbecome_root();
 
        if (!NT_STATUS_IS_OK(status)) {
@@ -765,6 +766,36 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
        return _netr_ServerAuthenticate3(p, &a);
 }
 
+/*************************************************************************
+ * If schannel is required for this call test that it actually is available.
+ *************************************************************************/
+static NTSTATUS schannel_check_required(struct pipe_auth_data *auth_info,
+                                       const char *computer_name,
+                                       bool integrity, bool privacy)
+{
+       if (auth_info && auth_info->auth_type == PIPE_AUTH_TYPE_SCHANNEL) {
+               if (!privacy && !integrity) {
+                       return NT_STATUS_OK;
+               }
+
+               if ((!privacy && integrity) &&
+                   auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
+                       return NT_STATUS_OK;
+               }
+
+               if ((privacy || integrity) &&
+                   auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+                       return NT_STATUS_OK;
+               }
+       }
+
+       /* test didn't pass */
+       DEBUG(0, ("schannel_check_required: [%s] is not using schannel\n",
+                 computer_name));
+
+       return NT_STATUS_ACCESS_DENIED;
+}
+
 /*************************************************************************
  *************************************************************************/
 
@@ -776,25 +807,23 @@ static NTSTATUS netr_creds_server_step_check(pipes_struct *p,
                                             struct netlogon_creds_CredentialState **creds_out)
 {
        NTSTATUS status;
-       struct tdb_context *tdb;
        bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
-       bool schannel_in_use = (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL) ? true:false; /* &&
-               (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY ||
-                p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY); */
 
-       tdb = open_schannel_session_store(mem_ctx);
-       if (!tdb) {
-               return NT_STATUS_ACCESS_DENIED;
+       if (schannel_global_required) {
+               status = schannel_check_required(&p->auth,
+                                                computer_name,
+                                                false, false);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
        }
 
-       status = schannel_creds_server_step_check_tdb(tdb, mem_ctx,
-                                                     computer_name,
-                                                     schannel_global_required,
-                                                     schannel_in_use,
-                                                     received_authenticator,
-                                                     return_authenticator,
-                                                     creds_out);
-       tdb_close(tdb);
+       status = schannel_check_creds_state(mem_ctx, NULL,
+                                           lp_private_dir(),
+                                           computer_name,
+                                           received_authenticator,
+                                           return_authenticator,
+                                           creds_out);
 
        return status;
 }
@@ -1359,7 +1388,9 @@ NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p,
        struct netlogon_creds_CredentialState *creds = NULL;
 
        become_root();
-       status = schannel_fetch_session_key(p->mem_ctx, r->in.computer_name, &creds);
+       status = schannel_get_creds_state(p->mem_ctx,
+                                         NULL, lp_private_dir(),
+                                         r->in.computer_name, &creds);
        unbecome_root();
        if (!NT_STATUS_IS_OK(status)) {
                return status;