mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
libcli/auth: remember client_requested_flags and auth_time in netlogon_creds_server_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit dfbc5e5a19
)
This commit is contained in:
parent
71c0e18766
commit
5c74014ae8
@ -657,11 +657,14 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
|
||||
const struct samr_Password *machine_password,
|
||||
const struct netr_Credential *credentials_in,
|
||||
struct netr_Credential *credentials_out,
|
||||
uint32_t client_requested_flags,
|
||||
const struct dom_sid *client_sid,
|
||||
uint32_t negotiate_flags)
|
||||
{
|
||||
|
||||
struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
|
||||
struct timeval tv = timeval_current();
|
||||
NTTIME now = timeval_to_nttime(&tv);
|
||||
NTSTATUS status;
|
||||
bool ok;
|
||||
|
||||
@ -707,6 +710,8 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
|
||||
talloc_free(creds);
|
||||
return NULL;
|
||||
}
|
||||
creds->ex->client_requested_flags = client_requested_flags;
|
||||
creds->ex->auth_time = now;
|
||||
creds->ex->client_sid = *client_sid;
|
||||
|
||||
if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
||||
|
@ -69,6 +69,7 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
|
||||
const struct samr_Password *machine_password,
|
||||
const struct netr_Credential *credentials_in,
|
||||
struct netr_Credential *credentials_out,
|
||||
uint32_t client_requested_flags,
|
||||
const struct dom_sid *client_sid,
|
||||
uint32_t negotiate_flags);
|
||||
NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
|
||||
|
@ -22,6 +22,8 @@ interface schannel
|
||||
* On the server we use CLEAR_IF_FIRST,
|
||||
* so db layout changes don't matter there.
|
||||
*/
|
||||
netr_NegotiateFlags client_requested_flags;
|
||||
NTTIME auth_time;
|
||||
dom_sid client_sid;
|
||||
} netlogon_creds_CredentialState_extra_info;
|
||||
|
||||
|
@ -1010,6 +1010,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
|
||||
&mach_pwd,
|
||||
r->in.credentials,
|
||||
r->out.return_credentials,
|
||||
in_neg_flags,
|
||||
&sid,
|
||||
neg_flags);
|
||||
if (!creds) {
|
||||
|
@ -416,6 +416,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
|
||||
"samAccountName",
|
||||
NULL};
|
||||
uint32_t server_flags = 0;
|
||||
uint32_t client_flags = 0;
|
||||
uint32_t negotiate_flags = 0;
|
||||
|
||||
ZERO_STRUCTP(r->out.return_credentials);
|
||||
@ -509,7 +510,8 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
|
||||
* NETLOGON_NEG_STRONG_KEYS from server_flags...
|
||||
*/
|
||||
|
||||
negotiate_flags = *r->in.negotiate_flags & server_flags;
|
||||
client_flags = *r->in.negotiate_flags;
|
||||
negotiate_flags = client_flags & server_flags;
|
||||
|
||||
switch (r->in.secure_channel_type) {
|
||||
case SEC_CHAN_WKSTA:
|
||||
@ -782,6 +784,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
|
||||
curNtHash,
|
||||
r->in.credentials,
|
||||
r->out.return_credentials,
|
||||
client_flags,
|
||||
*sid,
|
||||
negotiate_flags);
|
||||
if (creds == NULL && prevNtHash != NULL) {
|
||||
@ -800,6 +803,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
|
||||
prevNtHash,
|
||||
r->in.credentials,
|
||||
r->out.return_credentials,
|
||||
client_flags,
|
||||
*sid,
|
||||
negotiate_flags);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user