1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00

libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_logon()

This will be needed when we implement netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 3d4ea276bdf44202250246cd6edae2bc17e92c74)
This commit is contained in:
Stefan Metzmacher 2024-10-28 12:55:12 +01:00 committed by Jule Anger
parent 4410937888
commit 4da8ed66be
5 changed files with 38 additions and 10 deletions

View File

@ -976,6 +976,8 @@ NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_Creden
static NTSTATUS netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, static NTSTATUS netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level, enum netr_LogonInfoClass level,
union netr_LogonLevel *logon, union netr_LogonLevel *logon,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level,
bool do_encrypt) bool do_encrypt)
{ {
NTSTATUS status; NTSTATUS status;
@ -1121,16 +1123,30 @@ static NTSTATUS netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Creden
NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level, enum netr_LogonInfoClass level,
union netr_LogonLevel *logon) union netr_LogonLevel *logon,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level)
{ {
return netlogon_creds_crypt_samlogon_logon(creds, level, logon, false); return netlogon_creds_crypt_samlogon_logon(creds,
level,
logon,
auth_type,
auth_level,
false);
} }
NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level, enum netr_LogonInfoClass level,
union netr_LogonLevel *logon) union netr_LogonLevel *logon,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level)
{ {
return netlogon_creds_crypt_samlogon_logon(creds, level, logon, true); return netlogon_creds_crypt_samlogon_logon(creds,
level,
logon,
auth_type,
auth_level,
true);
} }
union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx, union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,

View File

@ -2738,7 +2738,9 @@ static void netlogon_creds_cli_LogonSamLogon_start(struct tevent_req *req)
status = netlogon_creds_encrypt_samlogon_logon(state->ro_creds, status = netlogon_creds_encrypt_samlogon_logon(state->ro_creds,
state->logon_level, state->logon_level,
state->logon); state->logon,
auth_type,
auth_level);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
status = NT_STATUS_ACCESS_DENIED; status = NT_STATUS_ACCESS_DENIED;
tevent_req_nterror(req, status); tevent_req_nterror(req, status);
@ -2802,7 +2804,9 @@ static void netlogon_creds_cli_LogonSamLogon_start(struct tevent_req *req)
status = netlogon_creds_encrypt_samlogon_logon(&state->tmp_creds, status = netlogon_creds_encrypt_samlogon_logon(&state->tmp_creds,
state->logon_level, state->logon_level,
state->logon); state->logon,
auth_type,
auth_level);
if (tevent_req_nterror(req, status)) { if (tevent_req_nterror(req, status)) {
netlogon_creds_cli_LogonSamLogon_cleanup(req, status); netlogon_creds_cli_LogonSamLogon_cleanup(req, status);
return; return;

View File

@ -88,10 +88,14 @@ NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_Creden
enum dcerpc_AuthLevel auth_level); enum dcerpc_AuthLevel auth_level);
NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level, enum netr_LogonInfoClass level,
union netr_LogonLevel *logon); union netr_LogonLevel *logon,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level);
NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds, NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level, enum netr_LogonInfoClass level,
union netr_LogonLevel *logon); union netr_LogonLevel *logon,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level);
union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx, union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
enum netr_LogonInfoClass level, enum netr_LogonInfoClass level,
const union netr_LogonLevel *in); const union netr_LogonLevel *in);

View File

@ -1765,7 +1765,9 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
status = netlogon_creds_decrypt_samlogon_logon(creds, status = netlogon_creds_decrypt_samlogon_logon(creds,
r->in.logon_level, r->in.logon_level,
logon); logon,
auth_type,
auth_level);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
return status; return status;
} }

View File

@ -1387,7 +1387,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base_call(struct dcesrv_netr_LogonSamL
nt_status = netlogon_creds_decrypt_samlogon_logon(creds, nt_status = netlogon_creds_decrypt_samlogon_logon(creds,
r->in.logon_level, r->in.logon_level,
r->in.logon); r->in.logon,
auth_type,
auth_level);
NT_STATUS_NOT_OK_RETURN(nt_status); NT_STATUS_NOT_OK_RETURN(nt_status);
switch (r->in.logon_level) { switch (r->in.logon_level) {