From: Günther Deschner Date: Tue, 25 Aug 2009 16:36:28 +0000 (+0200) Subject: s3-netlogon: make _netr_ServerAuthenticate a callback to _netr_ServerAuthenticate3. X-Git-Tag: tevent-0.9.8~206 X-Git-Url: http://git.samba.org/samba.git/?p=ira%2Fwip.git;a=commitdiff_plain;h=1a53b617710b1bf9555de6ab01afeaf6f9c1d42a s3-netlogon: make _netr_ServerAuthenticate a callback to _netr_ServerAuthenticate3. Guenther --- diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 8a93b206415..de898569f20 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -447,56 +447,23 @@ NTSTATUS _netr_ServerReqChallenge(pipes_struct *p, NTSTATUS _netr_ServerAuthenticate(pipes_struct *p, struct netr_ServerAuthenticate *r) { - NTSTATUS status; - struct netr_Credential srv_chal_out; - - if (!p->dc || !p->dc->challenge_sent) { - return NT_STATUS_ACCESS_DENIED; - } - - status = get_md4pw((char *)p->dc->mach_pw, - r->in.account_name, - r->in.secure_channel_type, - NULL); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("_netr_ServerAuthenticate: get_md4pw failed. Failed to " - "get password for machine account %s " - "from client %s: %s\n", - r->in.account_name, - r->in.computer_name, - nt_errstr(status) )); - /* always return NT_STATUS_ACCESS_DENIED */ - return NT_STATUS_ACCESS_DENIED; - } - - /* From the client / server challenges and md4 password, generate sess key */ - creds_server_init(0, /* No neg flags. */ - p->dc, - &p->dc->clnt_chal, /* Stored client chal. */ - &p->dc->srv_chal, /* Stored server chal. */ - p->dc->mach_pw, - &srv_chal_out); - - /* Check client credentials are valid. */ - if (!netlogon_creds_server_check(p->dc, r->in.credentials)) { - DEBUG(0,("_netr_ServerAuthenticate: netlogon_creds_server_check failed. Rejecting auth " - "request from client %s machine account %s\n", - r->in.computer_name, - r->in.account_name)); - return NT_STATUS_ACCESS_DENIED; - } + struct netr_ServerAuthenticate3 a; + uint32_t negotiate_flags = 0; + uint32_t rid; - fstrcpy(p->dc->mach_acct, r->in.account_name); - fstrcpy(p->dc->remote_machine, r->in.computer_name); - p->dc->authenticated = True; + a.in.server_name = r->in.server_name; + a.in.account_name = r->in.account_name; + a.in.secure_channel_type = r->in.secure_channel_type; + a.in.computer_name = r->in.computer_name; + a.in.credentials = r->in.credentials; + a.in.negotiate_flags = &negotiate_flags; - /* set up the LSA AUTH response */ - /* Return the server credentials. */ + a.out.return_credentials = r->out.return_credentials; + a.out.rid = &rid; + a.out.negotiate_flags = &negotiate_flags; - memcpy(r->out.return_credentials->data, &srv_chal_out.data, - sizeof(r->out.return_credentials->data)); + return _netr_ServerAuthenticate3(p, &a); - return NT_STATUS_OK; } /************************************************************************* @@ -545,6 +512,9 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, } switch (p->hdr_req.opnum) { + case NDR_NETR_SERVERAUTHENTICATE: + fn = "_netr_ServerAuthenticate"; + break; case NDR_NETR_SERVERAUTHENTICATE2: fn = "_netr_ServerAuthenticate2"; break;