mirror of
https://github.com/samba-team/samba.git
synced 2025-01-25 06:04:04 +03:00
libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_validation()
This will be needed when we implement netr_ServerAuthenticateKerberos... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit a56356e399339d5bce2e699431cd3e6186229170)
This commit is contained in:
parent
1637e23c35
commit
91154188e2
@ -830,6 +830,8 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
|
||||
static NTSTATUS netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
|
||||
uint16_t validation_level,
|
||||
union netr_Validation *validation,
|
||||
enum dcerpc_AuthType auth_type,
|
||||
enum dcerpc_AuthLevel auth_level,
|
||||
bool do_encrypt)
|
||||
{
|
||||
struct netr_SamBaseInfo *base = NULL;
|
||||
@ -945,21 +947,29 @@ static NTSTATUS netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_C
|
||||
|
||||
NTSTATUS netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
|
||||
uint16_t validation_level,
|
||||
union netr_Validation *validation)
|
||||
union netr_Validation *validation,
|
||||
enum dcerpc_AuthType auth_type,
|
||||
enum dcerpc_AuthLevel auth_level)
|
||||
{
|
||||
return netlogon_creds_crypt_samlogon_validation(creds,
|
||||
validation_level,
|
||||
validation,
|
||||
auth_type,
|
||||
auth_level,
|
||||
false);
|
||||
}
|
||||
|
||||
NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
|
||||
uint16_t validation_level,
|
||||
union netr_Validation *validation)
|
||||
union netr_Validation *validation,
|
||||
enum dcerpc_AuthType auth_type,
|
||||
enum dcerpc_AuthLevel auth_level)
|
||||
{
|
||||
return netlogon_creds_crypt_samlogon_validation(creds,
|
||||
validation_level,
|
||||
validation,
|
||||
auth_type,
|
||||
auth_level,
|
||||
true);
|
||||
}
|
||||
|
||||
|
@ -17,6 +17,7 @@
|
||||
#ifndef __LIBCLI_AUTH_H__
|
||||
#define __LIBCLI_AUTH_H__
|
||||
|
||||
#include "librpc/gen_ndr/dcerpc.h"
|
||||
#include "librpc/gen_ndr/netlogon.h"
|
||||
#include "librpc/gen_ndr/wkssvc.h"
|
||||
#include "librpc/gen_ndr/schannel.h"
|
||||
|
@ -2862,10 +2862,16 @@ static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req *subreq)
|
||||
struct netlogon_creds_cli_LogonSamLogon_state *state =
|
||||
tevent_req_data(req,
|
||||
struct netlogon_creds_cli_LogonSamLogon_state);
|
||||
enum dcerpc_AuthType auth_type;
|
||||
enum dcerpc_AuthLevel auth_level;
|
||||
NTSTATUS status;
|
||||
NTSTATUS result;
|
||||
bool ok;
|
||||
|
||||
dcerpc_binding_handle_auth_info(state->binding_handle,
|
||||
&auth_type,
|
||||
&auth_level);
|
||||
|
||||
if (state->try_logon_ex) {
|
||||
status = dcerpc_netr_LogonSamLogonEx_recv(subreq,
|
||||
state->validation,
|
||||
@ -2918,7 +2924,9 @@ static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req *subreq)
|
||||
|
||||
status = netlogon_creds_decrypt_samlogon_validation(state->ro_creds,
|
||||
state->validation_level,
|
||||
state->validation);
|
||||
state->validation,
|
||||
auth_type,
|
||||
auth_level);
|
||||
if (tevent_req_nterror(req, status)) {
|
||||
netlogon_creds_cli_LogonSamLogon_cleanup(req, status);
|
||||
return;
|
||||
@ -2992,7 +3000,9 @@ static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req *subreq)
|
||||
|
||||
status = netlogon_creds_decrypt_samlogon_validation(&state->tmp_creds,
|
||||
state->validation_level,
|
||||
state->validation);
|
||||
state->validation,
|
||||
auth_type,
|
||||
auth_level);
|
||||
if (tevent_req_nterror(req, status)) {
|
||||
netlogon_creds_cli_LogonSamLogon_cleanup(req, result);
|
||||
return;
|
||||
|
@ -78,10 +78,14 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
|
||||
struct netr_Authenticator *return_authenticator) ;
|
||||
NTSTATUS netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
|
||||
uint16_t validation_level,
|
||||
union netr_Validation *validation);
|
||||
union netr_Validation *validation,
|
||||
enum dcerpc_AuthType auth_type,
|
||||
enum dcerpc_AuthLevel auth_level);
|
||||
NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
|
||||
uint16_t validation_level,
|
||||
union netr_Validation *validation);
|
||||
union netr_Validation *validation,
|
||||
enum dcerpc_AuthType auth_type,
|
||||
enum dcerpc_AuthLevel auth_level);
|
||||
NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
|
||||
enum netr_LogonInfoClass level,
|
||||
union netr_LogonLevel *logon);
|
||||
|
@ -1938,7 +1938,9 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
|
||||
|
||||
status = netlogon_creds_encrypt_samlogon_validation(creds,
|
||||
r->in.validation_level,
|
||||
r->out.validation);
|
||||
r->out.validation,
|
||||
auth_type,
|
||||
auth_level);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
@ -1673,9 +1673,16 @@ static void dcesrv_netr_LogonSamLogon_base_reply(
|
||||
NTSTATUS status;
|
||||
|
||||
if (NT_STATUS_IS_OK(r->out.result)) {
|
||||
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
|
||||
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
|
||||
|
||||
dcesrv_call_auth_info(state->dce_call, &auth_type, &auth_level);
|
||||
|
||||
status = netlogon_creds_encrypt_samlogon_validation(state->creds,
|
||||
r->in.validation_level,
|
||||
r->out.validation);
|
||||
r->out.validation,
|
||||
auth_type,
|
||||
auth_level);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DBG_ERR("netlogon_creds_encrypt_samlogon_validation() "
|
||||
"failed - %s\n",
|
||||
|
@ -91,6 +91,12 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
|
||||
struct netr_NetworkInfo ninfo;
|
||||
struct netr_SamBaseInfo *base = NULL;
|
||||
uint16_t validation_level = 0;
|
||||
enum dcerpc_AuthType auth_type;
|
||||
enum dcerpc_AuthLevel auth_level;
|
||||
|
||||
dcerpc_binding_handle_auth_info(samlogon_state->p->binding_handle,
|
||||
&auth_type,
|
||||
&auth_level);
|
||||
|
||||
samlogon_state->r.in.logon->network = &ninfo;
|
||||
samlogon_state->r_ex.in.logon->network = &ninfo;
|
||||
@ -178,7 +184,9 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
|
||||
|
||||
status = netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
|
||||
validation_level,
|
||||
r->out.validation);
|
||||
r->out.validation,
|
||||
auth_type,
|
||||
auth_level);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
if (error_string) {
|
||||
*error_string = strdup(nt_errstr(status));
|
||||
@ -218,7 +226,9 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
|
||||
|
||||
status = netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
|
||||
validation_level,
|
||||
r_ex->out.validation);
|
||||
r_ex->out.validation,
|
||||
auth_type,
|
||||
auth_level);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
if (error_string) {
|
||||
*error_string = strdup(nt_errstr(status));
|
||||
@ -266,7 +276,9 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
|
||||
|
||||
status = netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
|
||||
validation_level,
|
||||
r_flags->out.validation);
|
||||
r_flags->out.validation,
|
||||
auth_type,
|
||||
auth_level);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
if (error_string) {
|
||||
*error_string = strdup(nt_errstr(status));
|
||||
|
Loading…
x
Reference in New Issue
Block a user