s3:rpc_server/netlogon: add _netr_LogonSamLogon_check()

author Stefan Metzmacher <metze@samba.org>

Tue, 1 Feb 2011 13:47:05 +0000 (14:47 +0100)

committer Stefan Metzmacher <metze@samba.org>

Wed, 2 Feb 2011 10:58:26 +0000 (11:58 +0100)
author Stefan Metzmacher <metze@samba.org>
Tue, 1 Feb 2011 13:47:05 +0000 (14:47 +0100)
committer Stefan Metzmacher <metze@samba.org>
Wed, 2 Feb 2011 10:58:26 +0000 (11:58 +0100)
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c

index ff0f72b1a078800bc4c7847f5e586801cd49b473..11fa9462dacf1b0872a17ec9dba136d6955fc7e3 100644 (file)
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -1300,6 +1300,65 @@ NTSTATUS _netr_LogonSamLogoff(struct pipes_struct *p,
         return status;
  }
  
+static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r)
+{
+       switch (r->in.logon_level) {
+       case NetlogonInteractiveInformation:
+       case NetlogonServiceInformation:
+       case NetlogonInteractiveTransitiveInformation:
+       case NetlogonServiceTransitiveInformation:
+               if (r->in.logon->password == NULL) {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
+               switch (r->in.validation_level) {
+               case NetlogonValidationSamInfo:  /* 2 */
+               case NetlogonValidationSamInfo2: /* 3 */
+               case NetlogonValidationSamInfo4: /* 6 */
+                       break;
+               default:
+                       return NT_STATUS_INVALID_INFO_CLASS;
+               }
+
+               break;
+       case NetlogonNetworkInformation:
+       case NetlogonNetworkTransitiveInformation:
+               if (r->in.logon->network == NULL) {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
+               switch (r->in.validation_level) {
+               case NetlogonValidationSamInfo:  /* 2 */
+               case NetlogonValidationSamInfo2: /* 3 */
+               case NetlogonValidationSamInfo4: /* 6 */
+                       break;
+               default:
+                       return NT_STATUS_INVALID_INFO_CLASS;
+               }
+
+               break;
+
+       case NetlogonGenericInformation:
+               if (r->in.logon->generic == NULL) {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
+               switch (r->in.validation_level) {
+               /* TODO: case NetlogonValidationGenericInfo: 4 */
+               case NetlogonValidationGenericInfo2: /* 5 */
+                       break;
+               default:
+                       return NT_STATUS_INVALID_INFO_CLASS;
+               }
+
+               break;
+       default:
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       return NT_STATUS_OK;
+}
+
  /*************************************************************************
   _netr_LogonSamLogon_base
   *************************************************************************/
@@ -1556,16 +1615,7 @@ NTSTATUS _netr_LogonSamLogonWithFlags(struct pipes_struct *p,
         struct netr_LogonSamLogonEx r2;
         struct netr_Authenticator return_authenticator;
  
-       become_root();
-       status = netr_creds_server_step_check(p, p->mem_ctx,
-                                             r->in.computer_name,
-                                             r->in.credential,
-                                             &return_authenticator,
-                                             &creds);
-       unbecome_root();
-       if (!NT_STATUS_IS_OK(status)) {
-               return status;
-       }
+       *r->out.authoritative = true;
  
         r2.in.server_name       = r->in.server_name;
         r2.in.computer_name     = r->in.computer_name;
@@ -1577,6 +1627,22 @@ NTSTATUS _netr_LogonSamLogonWithFlags(struct pipes_struct *p,
         r2.out.authoritative    = r->out.authoritative;
         r2.out.flags            = r->out.flags;
  
+       status = _netr_LogonSamLogon_check(&r2);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
+       become_root();
+       status = netr_creds_server_step_check(p, p->mem_ctx,
+                                             r->in.computer_name,
+                                             r->in.credential,
+                                             &return_authenticator,
+                                             &creds);
+       unbecome_root();
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
         status = _netr_LogonSamLogon_base(p, &r2, creds);
  
         *r->out.return_authenticator = return_authenticator;
@@ -1624,10 +1690,9 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
         NTSTATUS status;
         struct netlogon_creds_CredentialState *creds = NULL;
  
-       become_root();
-       status = schannel_get_creds_state(p->mem_ctx, lp_private_dir(),
-                                         r->in.computer_name, &creds);
-       unbecome_root();
+       *r->out.authoritative = true;
+
+       status = _netr_LogonSamLogon_check(r);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
@@ -1639,6 +1704,14 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
                 return NT_STATUS_INVALID_PARAMETER;
          }
  
+       become_root();
+       status = schannel_get_creds_state(p->mem_ctx, lp_private_dir(),
+                                         r->in.computer_name, &creds);
+       unbecome_root();
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
         status = _netr_LogonSamLogon_base(p, r, creds);
         TALLOC_FREE(creds);
author	Stefan Metzmacher <metze@samba.org>
	Tue, 1 Feb 2011 13:47:05 +0000 (14:47 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 2 Feb 2011 10:58:26 +0000 (11:58 +0100)