sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-18 06:04:06 +03:00
Code

s4:librpc/rpc: make use of netlogon_creds_client_verify()

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Stefan Metzmacher 2024-10-29 10:31:52 +01:00 committed by Douglas Bagnall
parent 1a5984ac63
commit 132629ee3a
1 changed files with 38 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
source4/librpc/rpc/dcerpc_schannel.c
View File

@ -224,10 +224,17 @@ static void continue_srv_auth2(struct tevent_req *subreq)
{
struct composite_context *c;
struct schannel_key_state *s;
enum dcerpc_AuthType auth_type;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
c = tevent_req_callback_data(subreq, struct composite_context);
s = talloc_get_type(c->private_data, struct schannel_key_state);
dcerpc_binding_handle_auth_info(s->pipe2->binding_handle,
&auth_type,
&auth_level);
/* receive rpc request result - auth2 credentials */
c->status = dcerpc_netr_ServerAuthenticate2_r_recv(subreq, s);
TALLOC_FREE(subreq);
@ -330,8 +337,12 @@ static void continue_srv_auth2(struct tevent_req *subreq)
}
/* verify credentials */
if (!netlogon_creds_client_check(s->creds, s->a.out.return_credentials)) {
composite_error(c, NT_STATUS_UNSUCCESSFUL);
status = netlogon_creds_client_verify(s->creds,
s->a.out.return_credentials,
auth_type,
auth_level);
if (!NT_STATUS_IS_OK(status)) {
composite_error(c, status);
return;
}
@ -604,11 +615,17 @@ static void continue_get_negotiated_capabilities(struct tevent_req *subreq)
{
struct composite_context *c;
struct auth_schannel_state *s;
enum dcerpc_AuthType auth_type;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
c = tevent_req_callback_data(subreq, struct composite_context);
s = talloc_get_type(c->private_data, struct auth_schannel_state);
dcerpc_binding_handle_auth_info(s->pipe->binding_handle,
&auth_type,
&auth_level);
/* receive rpc request result */
c->status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, s);
TALLOC_FREE(subreq);
@ -644,9 +661,12 @@ static void continue_get_negotiated_capabilities(struct tevent_req *subreq)
}
/* verify credentials */
if (!netlogon_creds_client_check(&s->save_creds_state,
&s->c.out.return_authenticator->cred)) {
composite_error(c, NT_STATUS_UNSUCCESSFUL);
status = netlogon_creds_client_verify(&s->save_creds_state,
&s->c.out.return_authenticator->cred,
auth_type,
auth_level);
if (!NT_STATUS_IS_OK(status)) {
composite_error(c, status);
return;
}
@ -707,10 +727,17 @@ static void continue_get_client_capabilities(struct tevent_req *subreq)
{
struct composite_context *c;
struct auth_schannel_state *s;
enum dcerpc_AuthType auth_type;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
c = tevent_req_callback_data(subreq, struct composite_context);
s = talloc_get_type(c->private_data, struct auth_schannel_state);
dcerpc_binding_handle_auth_info(s->pipe->binding_handle,
&auth_type,
&auth_level);
/* receive rpc request result */
c->status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, s);
TALLOC_FREE(subreq);
@ -745,9 +772,12 @@ static void continue_get_client_capabilities(struct tevent_req *subreq)
}
/* verify credentials */
if (!netlogon_creds_client_check(&s->save_creds_state,
&s->c.out.return_authenticator->cred)) {
composite_error(c, NT_STATUS_UNSUCCESSFUL);
status = netlogon_creds_client_verify(&s->save_creds_state,
&s->c.out.return_authenticator->cred,
auth_type,
auth_level);
if (!NT_STATUS_IS_OK(status)) {
composite_error(c, status);
return;
}