s4:rpc_server/netlogon: make use of dcesrv_call_auth_info()

author Stefan Metzmacher <metze@samba.org>

Thu, 8 Nov 2018 11:44:30 +0000 (12:44 +0100)

committer Jeremy Allison <jra@samba.org>

Sat, 12 Jan 2019 02:13:36 +0000 (03:13 +0100)
author Stefan Metzmacher <metze@samba.org>
Thu, 8 Nov 2018 11:44:30 +0000 (12:44 +0100)
committer Jeremy Allison <jra@samba.org>
Sat, 12 Jan 2019 02:13:36 +0000 (03:13 +0100)
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c

index 72b50327c5093ed25e3c347a0fedcb82b4978e8d..c1237933e686337035ae2167b64f936bbe399309 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -632,7 +632,11 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
         bool schannel_global_required = (schannel == true);
  
         if (schannel_global_required) {
-               if (dce_call->conn->auth_state.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
+               enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+
+               dcesrv_call_auth_info(dce_call, &auth_type, NULL);
+
+               if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
                         DBG_ERR("[%s] is not using schannel\n",
                                 computer_name);
                         return NT_STATUS_ACCESS_DENIED;
@@ -834,6 +838,8 @@ static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TAL
  static NTSTATUS dcesrv_netr_LogonSamLogon_check(struct dcesrv_call_state *dce_call,
                                                 const struct netr_LogonSamLogonEx *r)
  {
+       enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+
         switch (r->in.logon_level) {
         case NetlogonInteractiveInformation:
         case NetlogonServiceInformation:
@@ -888,9 +894,11 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_check(struct dcesrv_call_state *dce_ca
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
+       dcesrv_call_auth_info(dce_call, NULL, &auth_level);
+
         switch (r->in.validation_level) {
         case NetlogonValidationSamInfo4: /* 6 */
-               if (dce_call->conn->auth_state.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) {
+               if (auth_level < DCERPC_AUTH_LEVEL_PRIVACY) {
                         return NT_STATUS_INVALID_PARAMETER;
                 }
                 break;
@@ -1278,6 +1286,7 @@ static void dcesrv_netr_LogonSamLogon_base_reply(
  static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                      struct netr_LogonSamLogonEx *r)
  {
+       enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
         struct dcesrv_netr_LogonSamLogon_base_state *state;
         NTSTATUS nt_status;
  
@@ -1315,7 +1324,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call,
                 return nt_status;
         }
  
-       if (dce_call->conn->auth_state.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
+       dcesrv_call_auth_info(dce_call, &auth_type, NULL);
+
+       if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
                 return NT_STATUS_ACCESS_DENIED;
         }
author	Stefan Metzmacher <metze@samba.org>
	Thu, 8 Nov 2018 11:44:30 +0000 (12:44 +0100)
committer	Jeremy Allison <jra@samba.org>
	Sat, 12 Jan 2019 02:13:36 +0000 (03:13 +0100)