mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
libcli/auth: let schannel_check_creds_state() take an access_check callback
This allows the callback to decide if the updated creds should be stored or not. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
parent
e830da448b
commit
2cf8a8ea35
@ -39,6 +39,11 @@ NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx,
|
||||
struct netr_Authenticator *return_authenticator,
|
||||
enum dcerpc_AuthType auth_type,
|
||||
enum dcerpc_AuthLevel auth_level,
|
||||
NTSTATUS (*access_check_cb)(struct netlogon_creds_CredentialState *creds,
|
||||
NTSTATUS step_status,
|
||||
bool *store,
|
||||
void *access_check_private),
|
||||
void *access_check_private,
|
||||
struct netlogon_creds_CredentialState **creds_out);
|
||||
|
||||
NTSTATUS schannel_get_challenge(struct loadparm_context *lp_ctx,
|
||||
|
@ -562,6 +562,11 @@ NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx,
|
||||
struct netr_Authenticator *return_authenticator,
|
||||
enum dcerpc_AuthType auth_type,
|
||||
enum dcerpc_AuthLevel auth_level,
|
||||
NTSTATUS (*access_check_cb)(struct netlogon_creds_CredentialState *creds,
|
||||
NTSTATUS step_status,
|
||||
bool *store,
|
||||
void *access_check_private),
|
||||
void *access_check_private,
|
||||
struct netlogon_creds_CredentialState **creds_out)
|
||||
{
|
||||
TALLOC_CTX *tmpctx;
|
||||
@ -572,6 +577,7 @@ NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx,
|
||||
char *keystr = NULL;
|
||||
struct db_record *record;
|
||||
TDB_DATA key;
|
||||
bool store = true;
|
||||
|
||||
if (creds_out != NULL) {
|
||||
*creds_out = NULL;
|
||||
@ -624,14 +630,23 @@ NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx,
|
||||
return_authenticator,
|
||||
auth_type,
|
||||
auth_level);
|
||||
if (access_check_cb != NULL) {
|
||||
NTSTATUS step_status = status;
|
||||
status = access_check_cb(creds,
|
||||
step_status,
|
||||
&store,
|
||||
access_check_private);
|
||||
}
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (store) {
|
||||
status = schannel_store_session_key_tdb(db_sc, tmpctx, creds);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
if (creds_out) {
|
||||
*creds_out = talloc_steal(mem_ctx, creds);
|
||||
|
@ -600,6 +600,8 @@ NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dce_call,
|
||||
return_authenticator,
|
||||
auth_type,
|
||||
auth_level,
|
||||
NULL, /* access_check_cb */
|
||||
NULL, /* access_check_private */
|
||||
&creds);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
ZERO_STRUCTP(return_authenticator);
|
||||
|
Loading…
Reference in New Issue
Block a user