1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_validation()

This will be needed when we implement netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit a56356e399339d5bce2e699431cd3e6186229170)
This commit is contained in:
Stefan Metzmacher 2024-10-28 12:43:44 +01:00 committed by Jule Anger
parent 1637e23c35
commit 91154188e2
7 changed files with 57 additions and 11 deletions

View File

@ -830,6 +830,8 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
static NTSTATUS netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level,
bool do_encrypt)
{
struct netr_SamBaseInfo *base = NULL;
@ -945,21 +947,29 @@ static NTSTATUS netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_C
NTSTATUS netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation)
union netr_Validation *validation,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level)
{
return netlogon_creds_crypt_samlogon_validation(creds,
validation_level,
validation,
auth_type,
auth_level,
false);
}
NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation)
union netr_Validation *validation,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level)
{
return netlogon_creds_crypt_samlogon_validation(creds,
validation_level,
validation,
auth_type,
auth_level,
true);
}

View File

@ -17,6 +17,7 @@
#ifndef __LIBCLI_AUTH_H__
#define __LIBCLI_AUTH_H__
#include "librpc/gen_ndr/dcerpc.h"
#include "librpc/gen_ndr/netlogon.h"
#include "librpc/gen_ndr/wkssvc.h"
#include "librpc/gen_ndr/schannel.h"

View File

@ -2862,10 +2862,16 @@ static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req *subreq)
struct netlogon_creds_cli_LogonSamLogon_state *state =
tevent_req_data(req,
struct netlogon_creds_cli_LogonSamLogon_state);
enum dcerpc_AuthType auth_type;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
NTSTATUS result;
bool ok;
dcerpc_binding_handle_auth_info(state->binding_handle,
&auth_type,
&auth_level);
if (state->try_logon_ex) {
status = dcerpc_netr_LogonSamLogonEx_recv(subreq,
state->validation,
@ -2918,7 +2924,9 @@ static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req *subreq)
status = netlogon_creds_decrypt_samlogon_validation(state->ro_creds,
state->validation_level,
state->validation);
state->validation,
auth_type,
auth_level);
if (tevent_req_nterror(req, status)) {
netlogon_creds_cli_LogonSamLogon_cleanup(req, status);
return;
@ -2992,7 +3000,9 @@ static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req *subreq)
status = netlogon_creds_decrypt_samlogon_validation(&state->tmp_creds,
state->validation_level,
state->validation);
state->validation,
auth_type,
auth_level);
if (tevent_req_nterror(req, status)) {
netlogon_creds_cli_LogonSamLogon_cleanup(req, result);
return;

View File

@ -78,10 +78,14 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
struct netr_Authenticator *return_authenticator) ;
NTSTATUS netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation);
union netr_Validation *validation,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level);
NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation);
union netr_Validation *validation,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level);
NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level,
union netr_LogonLevel *logon);

View File

@ -1938,7 +1938,9 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
status = netlogon_creds_encrypt_samlogon_validation(creds,
r->in.validation_level,
r->out.validation);
r->out.validation,
auth_type,
auth_level);
return status;
}

View File

@ -1673,9 +1673,16 @@ static void dcesrv_netr_LogonSamLogon_base_reply(
NTSTATUS status;
if (NT_STATUS_IS_OK(r->out.result)) {
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
dcesrv_call_auth_info(state->dce_call, &auth_type, &auth_level);
status = netlogon_creds_encrypt_samlogon_validation(state->creds,
r->in.validation_level,
r->out.validation);
r->out.validation,
auth_type,
auth_level);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("netlogon_creds_encrypt_samlogon_validation() "
"failed - %s\n",

View File

@ -91,6 +91,12 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
struct netr_NetworkInfo ninfo;
struct netr_SamBaseInfo *base = NULL;
uint16_t validation_level = 0;
enum dcerpc_AuthType auth_type;
enum dcerpc_AuthLevel auth_level;
dcerpc_binding_handle_auth_info(samlogon_state->p->binding_handle,
&auth_type,
&auth_level);
samlogon_state->r.in.logon->network = &ninfo;
samlogon_state->r_ex.in.logon->network = &ninfo;
@ -178,7 +184,9 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
status = netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
validation_level,
r->out.validation);
r->out.validation,
auth_type,
auth_level);
if (!NT_STATUS_IS_OK(status)) {
if (error_string) {
*error_string = strdup(nt_errstr(status));
@ -218,7 +226,9 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
status = netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
validation_level,
r_ex->out.validation);
r_ex->out.validation,
auth_type,
auth_level);
if (!NT_STATUS_IS_OK(status)) {
if (error_string) {
*error_string = strdup(nt_errstr(status));
@ -266,7 +276,9 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
status = netlogon_creds_decrypt_samlogon_validation(samlogon_state->creds,
validation_level,
r_flags->out.validation);
r_flags->out.validation,
auth_type,
auth_level);
if (!NT_STATUS_IS_OK(status)) {
if (error_string) {
*error_string = strdup(nt_errstr(status));