sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Code

libcli/auth: pass client_sid to netlogon_creds_server_init()

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Stefan Metzmacher 2024-10-02 18:46:43 +02:00 committed by Douglas Bagnall
parent 2e8949495f
commit c2ef866fca
4 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libcli/auth/credentials.c
View File

@ -657,6 +657,7 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
const struct samr_Password *machine_password,
const struct netr_Credential *credentials_in,
struct netr_Credential *credentials_out,
const struct dom_sid *client_sid,
uint32_t negotiate_flags)
{
@ -700,6 +701,12 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
return NULL;
}
creds->sid = dom_sid_dup(creds, client_sid);
if (creds->sid == NULL) {
talloc_free(creds);
return NULL;
}
if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
status = netlogon_creds_init_hmac_sha256(creds,
client_challenge,

1
libcli/auth/proto.h
View File

@ -69,6 +69,7 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
const struct samr_Password *machine_password,
const struct netr_Credential *credentials_in,
struct netr_Credential *credentials_out,
const struct dom_sid *client_sid,
uint32_t negotiate_flags);
NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
const struct netr_Authenticator *received_authenticator,

7
source3/rpc_server/netlogon/srv_netlog_nt.c
View File

@ -1020,6 +1020,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
&mach_pwd,
r->in.credentials,
r->out.return_credentials,
&sid,
neg_flags);
if (!creds) {
DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
@ -1030,12 +1031,6 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
goto out;
}
creds->sid = dom_sid_dup(creds, &sid);
if (!creds->sid) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
/* Store off the state so we can continue after client disconnect. */
become_root();
status = schannel_save_creds_state(p->mem_ctx, lp_ctx, creds);

9
source4/rpc_server/netlogon/dcerpc_netlogon.c
View File

@ -778,6 +778,11 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
return NT_STATUS_ACCESS_DENIED;
}
*sid = samdb_result_dom_sid(mem_ctx, msgs[0], "objectSid");
if (*sid == NULL) {
return NT_STATUS_ACCESS_DENIED;
}
creds = netlogon_creds_server_init(mem_ctx,
r->in.account_name,
r->in.computer_name,
@ -787,6 +792,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
curNtHash,
r->in.credentials,
r->out.return_credentials,
*sid,
negotiate_flags);
if (creds == NULL && prevNtHash != NULL) {
/*
@ -804,14 +810,13 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
prevNtHash,
r->in.credentials,
r->out.return_credentials,
*sid,
negotiate_flags);
}
if (creds == NULL) {
return NT_STATUS_ACCESS_DENIED;
}
creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
*sid = talloc_memdup(mem_ctx, creds->sid, sizeof(struct dom_sid));
nt_status = schannel_save_creds_state(mem_ctx,
dce_call->conn->dce_ctx->lp_ctx,