sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-18 06:04:06 +03:00
Code

libcli/auth: split out netlogon_creds_client_verify() that takes auth_{type,level}

Browse Source 
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 45faf6c35a033ec46a546dfb9d5d6aeb2fb2b83c)
This commit is contained in:
Stefan Metzmacher 2024-10-29 09:54:42 +01:00 committed by Jule Anger
parent 1edb984810
commit bd5058538c
2 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
libcli/auth/credentials.c
View File

@ -657,14 +657,34 @@ netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds
/* /*
check that a credentials reply from a server is correct check that a credentials reply from a server is correct
*/ */
bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds, NTSTATUS netlogon_creds_client_verify(struct netlogon_creds_CredentialState *creds,
const struct netr_Credential *received_credentials) const struct netr_Credential *received_credentials,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level)
{ {
if (!received_credentials || if (!received_credentials ||
!mem_equal_const_time(received_credentials->data, creds->server.data, 8)) { !mem_equal_const_time(received_credentials->data, creds->server.data, 8)) {
DEBUG(2,("credentials check failed\n")); DEBUG(2,("credentials check failed\n"));
return NT_STATUS_ACCESS_DENIED;
}
return NT_STATUS_OK;
}
bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
const struct netr_Credential *received_credentials)
{
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
NTSTATUS status;
status = netlogon_creds_client_verify(creds,
received_credentials,
auth_type,
auth_level);
if (!NT_STATUS_IS_OK(status)) {
return false; return false;
} }
return true; return true;
} }

4
libcli/auth/proto.h
View File

@ -47,6 +47,10 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me
NTSTATUS NTSTATUS
netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds, netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds,
struct netr_Authenticator *next); struct netr_Authenticator *next);
NTSTATUS netlogon_creds_client_verify(struct netlogon_creds_CredentialState *creds,
const struct netr_Credential *received_credentials,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level);
bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds, bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
const struct netr_Credential *received_credentials); const struct netr_Credential *received_credentials);
struct netlogon_creds_CredentialState *netlogon_creds_copy( struct netlogon_creds_CredentialState *netlogon_creds_copy(