return NT_STATUS_ACCESS_DENIED;
}
- nt_status = schannel_store_session_key(schannel_ldb, mem_ctx, creds);
+ nt_status = schannel_store_session_key_ldb(schannel_ldb, mem_ctx, creds);
talloc_free(schannel_ldb);
return nt_status;
if (!ldb) {
return NT_STATUS_ACCESS_DENIED;
}
- nt_status = schannel_creds_server_step_check(ldb, mem_ctx,
- computer_name,
- schannel_global_required,
- schannel_in_use,
- received_authenticator,
- return_authenticator, creds_out);
+ nt_status = schannel_creds_server_step_check_ldb(ldb, mem_ctx,
+ computer_name,
+ schannel_global_required,
+ schannel_in_use,
+ received_authenticator,
+ return_authenticator, creds_out);
talloc_free(ldb);
return nt_status;
}
return NT_STATUS_ACCESS_DENIED;
}
- nt_status = schannel_fetch_session_key(ldb, mem_ctx, r->in.computer_name, &creds);
+ nt_status = schannel_fetch_session_key_ldb(ldb, mem_ctx, r->in.computer_name, &creds);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
struct netlogon_creds_CredentialState *creds;
const char * const attrs[] = { "objectSid", "objectGUID", "flatName",
"securityIdentifier", "trustPartner", NULL };
+ const char *temp_str;
const char *old_dns_hostname;
struct ldb_context *sam_ctx;
struct ldb_message **res1, **res2, *new_msg;
struct netr_DomainInformation *domain_info;
struct netr_LsaPolicyInformation *lsa_policy_info;
struct netr_OsVersionInfoEx *os_version;
+ uint32_t default_supported_enc_types =
+ ENC_CRC32|ENC_RSA_MD5|ENC_RC4_HMAC_MD5;
int ret1, ret2, i;
NTSTATUS status;
switch (r->in.level) {
case 1: /* Domain information */
+ /* TODO: check NTSTATUS results - and fail also on SAMDB
+ * errors (needs some testing against Windows Server 2008) */
+
+ /*
+ * Check that the computer name parameter matches as prefix with
+ * the DNS hostname in the workstation info structure.
+ */
+ temp_str = strndup(r->in.query->workstation_info->dns_hostname,
+ strcspn(r->in.query->workstation_info->dns_hostname,
+ "."));
+ if (strcasecmp(r->in.computer_name, temp_str) != 0)
+ return NT_STATUS_INVALID_PARAMETER;
+
workstation_dn = ldb_dn_new_fmt(mem_ctx, sam_ctx, "<SID=%s>",
dom_sid_string(mem_ctx, creds->sid));
NT_STATUS_HAVE_NO_MEMORY(workstation_dn);
/* Gets the old DNS hostname */
old_dns_hostname = samdb_search_string(sam_ctx, mem_ctx,
- workstation_dn, "dNSHostName",
- NULL);
+ workstation_dn,
+ "dNSHostName",
+ NULL);
/* Gets host informations and put them in our directory */
new_msg = ldb_msg_new(mem_ctx);
&domain_info->trusted_domains[i], true, true);
NT_STATUS_NOT_OK_RETURN(status);
+ /* Sets the supported encryption types */
+ domain_info->supported_enc_types = samdb_search_uint(
+ sam_ctx, mem_ctx,
+ default_supported_enc_types, workstation_dn,
+ "msDS-SupportedEncryptionTypes", NULL);
+
/* Other host domain informations */
lsa_policy_info = talloc(mem_ctx,
domain_info->dns_hostname.string = old_dns_hostname;
domain_info->workstation_flags =
r->in.query->workstation_info->workstation_flags;
- domain_info->supported_enc_types = 0; /* w2008 gives this 0 */
r->out.info->domain_info = domain_info;
break;
git.samba.org / ira / wip.git / blobdiff