sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-24 21:49:29 +03:00
Code Activity

libcli/auth: let netlogon_creds_cli_store_internal check netlogon_creds_CredentialState_legacy

Browse Source 
Before storing the structure into a ctdb managed volatile database
we check against netlogon_creds_CredentialState_legacy (the structure
used before recent changes). This makes sure unpatched cluster nodes
would not get a parsing error.

We'll remove this again in master when we try to implement
netr_ServerAuthenticateKerberos() and the related changes
to netlogon_creds_CredentialState, which will break the compat...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 3792fe3728)
This commit is contained in:
Stefan Metzmacher
2024-10-10 13:39:38 +02:00
committed by Jule Anger
parent bc8dcaa109
commit 4419fc6c48
2 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
libcli/auth/netlogon_creds_cli.c
View File

@ -752,6 +752,7 @@ static NTSTATUS netlogon_creds_cli_store_internal(
enum ndr_err_code ndr_err;
DATA_BLOB blob;
TDB_DATA data;
struct netlogon_creds_CredentialState_legacy lc = { .sequence = 0, };
if (DEBUGLEVEL >= 10) {
NDR_PRINT_DEBUG(netlogon_creds_CredentialState, creds);
@ -765,6 +766,18 @@ static NTSTATUS netlogon_creds_cli_store_internal(
return status;
}
ndr_err = ndr_pull_struct_blob_all(&blob, frame, &lc,
(ndr_pull_flags_fn_t)ndr_pull_netlogon_creds_CredentialState_legacy);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
TALLOC_FREE(frame);
return status;
}
if (DEBUGLEVEL >= 11) {
NDR_PRINT_DEBUG(netlogon_creds_CredentialState_legacy, &lc);
}
data.dptr = blob.data;
data.dsize = blob.length;

13
librpc/idl/schannel.idl
View File

@ -85,6 +85,19 @@ interface schannel
netlogon_creds_CredentialState_extra_info *ex;
} netlogon_creds_CredentialState;
typedef [public,flag(NDR_PAHEX)] struct {
netr_NegotiateFlags negotiate_flags;
uint8 session_key[16];
uint32 sequence;
netr_Credential seed;
netr_Credential client;
netr_Credential server;
netr_SchannelType secure_channel_type;
[string,charset(UTF8)] uint8 computer_name[];
[string,charset(UTF8)] uint8 account_name[];
dom_sid *sid;
} netlogon_creds_CredentialState_legacy;
/* This is used in the schannel_store.tdb */
typedef [public] struct {
[string,charset(UTF16)] uint16 *computer_name;