mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
libcli/auth: pass client_sid to netlogon_creds_server_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
2e8949495f
commit
c2ef866fca
@ -657,6 +657,7 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
|
|||||||
const struct samr_Password *machine_password,
|
const struct samr_Password *machine_password,
|
||||||
const struct netr_Credential *credentials_in,
|
const struct netr_Credential *credentials_in,
|
||||||
struct netr_Credential *credentials_out,
|
struct netr_Credential *credentials_out,
|
||||||
|
const struct dom_sid *client_sid,
|
||||||
uint32_t negotiate_flags)
|
uint32_t negotiate_flags)
|
||||||
{
|
{
|
||||||
|
|
||||||
@ -700,6 +701,12 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
creds->sid = dom_sid_dup(creds, client_sid);
|
||||||
|
if (creds->sid == NULL) {
|
||||||
|
talloc_free(creds);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
||||||
status = netlogon_creds_init_hmac_sha256(creds,
|
status = netlogon_creds_init_hmac_sha256(creds,
|
||||||
client_challenge,
|
client_challenge,
|
||||||
|
@ -69,6 +69,7 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me
|
|||||||
const struct samr_Password *machine_password,
|
const struct samr_Password *machine_password,
|
||||||
const struct netr_Credential *credentials_in,
|
const struct netr_Credential *credentials_in,
|
||||||
struct netr_Credential *credentials_out,
|
struct netr_Credential *credentials_out,
|
||||||
|
const struct dom_sid *client_sid,
|
||||||
uint32_t negotiate_flags);
|
uint32_t negotiate_flags);
|
||||||
NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
|
NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
|
||||||
const struct netr_Authenticator *received_authenticator,
|
const struct netr_Authenticator *received_authenticator,
|
||||||
|
@ -1020,6 +1020,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
|
|||||||
&mach_pwd,
|
&mach_pwd,
|
||||||
r->in.credentials,
|
r->in.credentials,
|
||||||
r->out.return_credentials,
|
r->out.return_credentials,
|
||||||
|
&sid,
|
||||||
neg_flags);
|
neg_flags);
|
||||||
if (!creds) {
|
if (!creds) {
|
||||||
DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
|
DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
|
||||||
@ -1030,12 +1031,6 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
creds->sid = dom_sid_dup(creds, &sid);
|
|
||||||
if (!creds->sid) {
|
|
||||||
status = NT_STATUS_NO_MEMORY;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Store off the state so we can continue after client disconnect. */
|
/* Store off the state so we can continue after client disconnect. */
|
||||||
become_root();
|
become_root();
|
||||||
status = schannel_save_creds_state(p->mem_ctx, lp_ctx, creds);
|
status = schannel_save_creds_state(p->mem_ctx, lp_ctx, creds);
|
||||||
|
@ -778,6 +778,11 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
|
|||||||
return NT_STATUS_ACCESS_DENIED;
|
return NT_STATUS_ACCESS_DENIED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
*sid = samdb_result_dom_sid(mem_ctx, msgs[0], "objectSid");
|
||||||
|
if (*sid == NULL) {
|
||||||
|
return NT_STATUS_ACCESS_DENIED;
|
||||||
|
}
|
||||||
|
|
||||||
creds = netlogon_creds_server_init(mem_ctx,
|
creds = netlogon_creds_server_init(mem_ctx,
|
||||||
r->in.account_name,
|
r->in.account_name,
|
||||||
r->in.computer_name,
|
r->in.computer_name,
|
||||||
@ -787,6 +792,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
|
|||||||
curNtHash,
|
curNtHash,
|
||||||
r->in.credentials,
|
r->in.credentials,
|
||||||
r->out.return_credentials,
|
r->out.return_credentials,
|
||||||
|
*sid,
|
||||||
negotiate_flags);
|
negotiate_flags);
|
||||||
if (creds == NULL && prevNtHash != NULL) {
|
if (creds == NULL && prevNtHash != NULL) {
|
||||||
/*
|
/*
|
||||||
@ -804,14 +810,13 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3_helper(
|
|||||||
prevNtHash,
|
prevNtHash,
|
||||||
r->in.credentials,
|
r->in.credentials,
|
||||||
r->out.return_credentials,
|
r->out.return_credentials,
|
||||||
|
*sid,
|
||||||
negotiate_flags);
|
negotiate_flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (creds == NULL) {
|
if (creds == NULL) {
|
||||||
return NT_STATUS_ACCESS_DENIED;
|
return NT_STATUS_ACCESS_DENIED;
|
||||||
}
|
}
|
||||||
creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
|
|
||||||
*sid = talloc_memdup(mem_ctx, creds->sid, sizeof(struct dom_sid));
|
|
||||||
|
|
||||||
nt_status = schannel_save_creds_state(mem_ctx,
|
nt_status = schannel_save_creds_state(mem_ctx,
|
||||||
dce_call->conn->dce_ctx->lp_ctx,
|
dce_call->conn->dce_ctx->lp_ctx,
|
||||||
|
Loading…
Reference in New Issue
Block a user