Rework to use new API for common netlogon credential chaining

author Andrew Bartlett <abartlet@samba.org>

Thu, 9 Apr 2009 04:26:04 +0000 (14:26 +1000)

committer Andrew Bartlett <abartlet@samba.org>

Tue, 14 Apr 2009 06:23:45 +0000 (16:23 +1000)
author Andrew Bartlett <abartlet@samba.org>
Thu, 9 Apr 2009 04:26:04 +0000 (14:26 +1000)
committer Andrew Bartlett <abartlet@samba.org>
Tue, 14 Apr 2009 06:23:45 +0000 (16:23 +1000)
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c

index b71748943ba21b6ac205619f3eaa3df646fc17ec..08fce2f049fca7154e5fc3c8bc575a75c7041cee 100644 (file)
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -171,7 +171,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
  }
  
  /**
- * Return the struct creds_CredentialState.
+ * Return the struct netlogon_creds_CredentialState.
   *
   * Make sure not to call this unless gensec is using schannel...
   */
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c

index 05f39f78170e1f85b54a004bc419263ac6f89127..b17ab86e264fe496d465dd7432efef98c1835904 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -240,8 +240,8 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
         }
  
         creds = netlogon_creds_server_init(mem_ctx,     
-                                          r->in.computer_name,
                                            r->in.account_name,
+                                          r->in.computer_name,
                                            r->in.secure_channel_type,
                                            &pipe_state->client_challenge, 
                                            &pipe_state->server_challenge, 
@@ -325,15 +325,17 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_ca
  
  */
  static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dce_call,
-                                                   const char *computer_name,
                                                     TALLOC_CTX *mem_ctx, 
+                                                   const char *computer_name,
                                                     struct netr_Authenticator *received_authenticator,
                                                     struct netr_Authenticator *return_authenticator,
                                                     struct netlogon_creds_CredentialState **creds_out) 
  {
         NTSTATUS nt_status;
         struct ldb_context *ldb;
-       bool schannel_in_use = dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL
+       bool schannel_global_required = false; /* Should be lp_schannel_server() == true */
+       bool schannel_in_use = dce_call->conn->auth_state.auth_info
+               && dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL
                 && (dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY 
                     || dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY);
  
@@ -341,10 +343,10 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
         if (!ldb) {
                 return NT_STATUS_ACCESS_DENIED;
         }
-       
         nt_status = schannel_creds_server_step_check(ldb, mem_ctx,
-                                                    schannel_in_use,
                                                      computer_name,
+                                                    schannel_global_required,
+                                                    schannel_in_use,
                                                      received_authenticator, 
                                                      return_authenticator, creds_out); 
         talloc_free(ldb);
@@ -364,7 +366,8 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
         NTSTATUS nt_status;
  
         nt_status = dcesrv_netr_creds_server_step_check(dce_call,
-                                                       r->in.computer_name, mem_ctx, 
+                                                       mem_ctx, 
+                                                       r->in.computer_name, 
                                                         r->in.credential, r->out.return_authenticator,
                                                         &creds);
         NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -401,7 +404,8 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
         struct samr_CryptPassword password_buf;
  
         nt_status = dcesrv_netr_creds_server_step_check(dce_call,
-                                                       r->in.computer_name, mem_ctx, 
+                                                       mem_ctx, 
+                                                       r->in.computer_name, 
                                                         r->in.credential, r->out.return_authenticator,
                                                         &creds);
         NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -703,7 +707,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
         NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
  
         nt_status = dcesrv_netr_creds_server_step_check(dce_call,
-                                                       r->in.computer_name, mem_ctx, 
+                                                       mem_ctx, 
+                                                       r->in.computer_name, 
                                                         r->in.credential, return_authenticator,
                                                         &creds);
         NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -1070,10 +1075,11 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
         const char *local_domain;
  
         status = dcesrv_netr_creds_server_step_check(dce_call,
-                                                    r->in.computer_name, mem_ctx, 
-                                             r->in.credential, 
-                                             r->out.return_authenticator,
-                                             NULL);
+                                                    mem_ctx, 
+                                                    r->in.computer_name, 
+                                                    r->in.credential, 
+                                                    r->out.return_authenticator,
+                                                    NULL);
         if (!NT_STATUS_IS_OK(status)) {
                 DEBUG(0,(__location__ " Bad credentials - error\n"));
         }
author	Andrew Bartlett <abartlet@samba.org>
	Thu, 9 Apr 2009 04:26:04 +0000 (14:26 +1000)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 14 Apr 2009 06:23:45 +0000 (16:23 +1000)
source4/auth/gensec/schannel.c		patch \| blob \| history
source4/rpc_server/netlogon/dcerpc_netlogon.c		patch \| blob \| history