1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

libcli/auth: pass client_sid to netlogon_creds_server_init()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Stefan Metzmacher 2024-10-02 18:46:43 +02:00 committed by Douglas Bagnall
parent 2e8949495f
commit c2ef866fca
4 changed files with 16 additions and 8 deletions

View File

@ -657,6 +657,7 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
const struct samr_Password *machine_password, const struct samr_Password *machine_password,
const struct netr_Credential *credentials_in, const struct netr_Credential *credentials_in,
struct netr_Credential *credentials_out, struct netr_Credential *credentials_out,
const struct dom_sid *client_sid,
uint32_t negotiate_flags) uint32_t negotiate_flags)
{ {
@ -700,6 +701,12 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
return NULL; return NULL;
} }
creds->sid = dom_sid_dup(creds, client_sid);
if (creds->sid == NULL) {
talloc_free(creds);
return NULL;
}
if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
status = netlogon_creds_init_hmac_sha256(creds, status = netlogon_creds_init_hmac_sha256(creds,
client_challenge, client_challenge,

View File

@ -69,6 +69,7 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
const struct samr_Password *machine_password, const struct samr_Password *machine_password,
const struct netr_Credential *credentials_in, const struct netr_Credential *credentials_in,
struct netr_Credential *credentials_out, struct netr_Credential *credentials_out,
const struct dom_sid *client_sid,
uint32_t negotiate_flags); uint32_t negotiate_flags);
NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds, NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
const struct netr_Authenticator *received_authenticator, const struct netr_Authenticator *received_authenticator,

View File

@ -1020,6 +1020,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
&mach_pwd, &mach_pwd,
r->in.credentials, r->in.credentials,
r->out.return_credentials, r->out.return_credentials,
&sid,
neg_flags); neg_flags);
if (!creds) { if (!creds) {
DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth " DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
@ -1030,12 +1031,6 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
goto out; goto out;
} }
creds->sid = dom_sid_dup(creds, &sid);
if (!creds->sid) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
/* Store off the state so we can continue after client disconnect. */ /* Store off the state so we can continue after client disconnect. */
become_root(); become_root();
status = schannel_save_creds_state(p->mem_ctx, lp_ctx, creds); status = schannel_save_creds_state(p->mem_ctx, lp_ctx, creds);

View File

@ -778,6 +778,11 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
return NT_STATUS_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED;
} }
*sid = samdb_result_dom_sid(mem_ctx, msgs[0], "objectSid");
if (*sid == NULL) {
return NT_STATUS_ACCESS_DENIED;
}
creds = netlogon_creds_server_init(mem_ctx, creds = netlogon_creds_server_init(mem_ctx,
r->in.account_name, r->in.account_name,
r->in.computer_name, r->in.computer_name,
@ -787,6 +792,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
curNtHash, curNtHash,
r->in.credentials, r->in.credentials,
r->out.return_credentials, r->out.return_credentials,
*sid,
negotiate_flags); negotiate_flags);
if (creds == NULL && prevNtHash != NULL) { if (creds == NULL && prevNtHash != NULL) {
/* /*
@ -804,14 +810,13 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
prevNtHash, prevNtHash,
r->in.credentials, r->in.credentials,
r->out.return_credentials, r->out.return_credentials,
*sid,
negotiate_flags); negotiate_flags);
} }
if (creds == NULL) { if (creds == NULL) {
return NT_STATUS_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED;
} }
creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
*sid = talloc_memdup(mem_ctx, creds->sid, sizeof(struct dom_sid));
nt_status = schannel_save_creds_state(mem_ctx, nt_status = schannel_save_creds_state(mem_ctx,
dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->dce_ctx->lp_ctx,