s3-rpc_server: use NL_AUTH_MESSAGE in pipe_schannel_auth_bind().
authorGünther Deschner <gd@samba.org>
Tue, 8 Sep 2009 13:31:01 +0000 (15:31 +0200)
committerGünther Deschner <gd@samba.org>
Tue, 8 Sep 2009 15:07:03 +0000 (17:07 +0200)
Guenther

source3/rpc_server/srv_pipe.c

index bf55d47d0a1873b1474423277ad768f8aa1faf45..e42c81ed4f118a28a537e00f2607b469403bf3d0 100644 (file)
@@ -29,6 +29,7 @@
 
 #include "includes.h"
 #include "../libcli/auth/libcli_auth.h"
+#include "../librpc/gen_ndr/ndr_schannel.h"
 
 extern struct current_user current_user;
 
@@ -1326,28 +1327,44 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
                                        RPC_HDR_AUTH *pauth_info, prs_struct *pout_auth)
 {
        RPC_HDR_AUTH auth_info;
-       RPC_AUTH_SCHANNEL_NEG neg;
+       struct NL_AUTH_MESSAGE neg;
        RPC_AUTH_VERIFIER auth_verifier;
        bool ret;
        NTSTATUS status;
        struct netlogon_creds_CredentialState *creds;
        uint32 flags;
        DATA_BLOB session_key;
+       enum ndr_err_code ndr_err;
+       DATA_BLOB blob;
+
+       blob = data_blob_const(prs_data_p(rpc_in_p) + prs_offset(rpc_in_p),
+                              prs_data_size(rpc_in_p));
 
-       if (!smb_io_rpc_auth_schannel_neg("", &neg, rpc_in_p, 0)) {
+       ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &neg,
+                              (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE);
+       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL auth neg\n"));
-               return False;
+               return false;
+       }
+
+       if (DEBUGLEVEL >= 10) {
+               NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &neg);
+       }
+
+       if (!(neg.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME)) {
+               DEBUG(0,("pipe_schannel_auth_bind: Did not receive netbios computer name\n"));
+               return false;
        }
 
        /*
-        * The neg.myname key here must match the remote computer name
+        * The neg.oem_netbios_computer.a key here must match the remote computer name
         * given in the DOM_CLNT_SRV.uni_comp_name used on all netlogon pipe
         * operations that use credentials.
         */
 
        become_root();
        status = schannel_fetch_session_key(p->mem_ctx,
-                                           neg.myname,
+                                           neg.oem_netbios_computer.a,
                                            &creds);
        unbecome_root();
 
@@ -1419,7 +1436,7 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
        }
 
        DEBUG(10,("pipe_schannel_auth_bind: schannel auth: domain [%s] myname [%s]\n",
-               neg.domain, neg.myname));
+               neg.oem_netbios_domain.a, neg.oem_netbios_computer.a));
 
        /* We're finished with this bind - no more packets. */
        p->auth.auth_data_free_func = NULL;