1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

libcli/auth: remember client_requested_flags and auth_time in netlogon_creds_server_init()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit dfbc5e5a19)
This commit is contained in:
Stefan Metzmacher 2024-10-02 19:06:59 +02:00 committed by Jule Anger
parent 71c0e18766
commit 5c74014ae8
5 changed files with 14 additions and 1 deletions

View File

@ -657,11 +657,14 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
const struct samr_Password *machine_password,
const struct netr_Credential *credentials_in,
struct netr_Credential *credentials_out,
uint32_t client_requested_flags,
const struct dom_sid *client_sid,
uint32_t negotiate_flags)
{
struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
struct timeval tv = timeval_current();
NTTIME now = timeval_to_nttime(&tv);
NTSTATUS status;
bool ok;
@ -707,6 +710,8 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
talloc_free(creds);
return NULL;
}
creds->ex->client_requested_flags = client_requested_flags;
creds->ex->auth_time = now;
creds->ex->client_sid = *client_sid;
if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {

View File

@ -69,6 +69,7 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
const struct samr_Password *machine_password,
const struct netr_Credential *credentials_in,
struct netr_Credential *credentials_out,
uint32_t client_requested_flags,
const struct dom_sid *client_sid,
uint32_t negotiate_flags);
NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,

View File

@ -22,6 +22,8 @@ interface schannel
* On the server we use CLEAR_IF_FIRST,
* so db layout changes don't matter there.
*/
netr_NegotiateFlags client_requested_flags;
NTTIME auth_time;
dom_sid client_sid;
} netlogon_creds_CredentialState_extra_info;

View File

@ -1010,6 +1010,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
&mach_pwd,
r->in.credentials,
r->out.return_credentials,
in_neg_flags,
&sid,
neg_flags);
if (!creds) {

View File

@ -416,6 +416,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
"samAccountName",
NULL};
uint32_t server_flags = 0;
uint32_t client_flags = 0;
uint32_t negotiate_flags = 0;
ZERO_STRUCTP(r->out.return_credentials);
@ -509,7 +510,8 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
* NETLOGON_NEG_STRONG_KEYS from server_flags...
*/
negotiate_flags = *r->in.negotiate_flags & server_flags;
client_flags = *r->in.negotiate_flags;
negotiate_flags = client_flags & server_flags;
switch (r->in.secure_channel_type) {
case SEC_CHAN_WKSTA:
@ -782,6 +784,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
curNtHash,
r->in.credentials,
r->out.return_credentials,
client_flags,
*sid,
negotiate_flags);
if (creds == NULL && prevNtHash != NULL) {
@ -800,6 +803,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
prevNtHash,
r->in.credentials,
r->out.return_credentials,
client_flags,
*sid,
negotiate_flags);
}