sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-20 14:03:59 +03:00
Code

libcli/auth: make use of netlogon_creds_cli_check_transport() in more places

Browse Source 
This was somehow missing in commit
7a5ad9f64a905f5744430c6e0796c646baf9432e

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Nov  7 09:14:33 UTC 2024 on atb-devel-224
This commit is contained in:
Stefan Metzmacher 2024-11-06 17:18:58 +01:00
parent 4569c65288
commit f340dce654
1 changed files with 18 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
libcli/auth/netlogon_creds_cli.c
View File

@ -3748,33 +3748,13 @@ static void netlogon_creds_cli_GetForestTrustInformation_locked(struct tevent_re
return; return;
} }
if (state->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { status = netlogon_creds_cli_check_transport(state->auth_type,
switch (state->auth_level) { state->auth_level,
case DCERPC_AUTH_LEVEL_INTEGRITY: state->creds,
case DCERPC_AUTH_LEVEL_PRIVACY: DCERPC_AUTH_LEVEL_NONE);
break; if (tevent_req_nterror(req, status)) {
default:
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
return; return;
} }
} else {
uint32_t tmp = state->creds->negotiate_flags;
if (tmp & NETLOGON_NEG_AUTHENTICATED_RPC) {
/*
* if DCERPC_AUTH_TYPE_SCHANNEL is supported
* it should be used, which means
* we had a chance to verify no downgrade
* happened.
*
* This relies on netlogon_creds_cli_check*
* being called before, as first request after
* the DCERPC bind.
*/
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
return;
}
}
/* /*
* we defer all callbacks in order to cleanup * we defer all callbacks in order to cleanup
@ -4027,33 +4007,13 @@ static void netlogon_creds_cli_SendToSam_locked(struct tevent_req *subreq)
return; return;
} }
if (state->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { status = netlogon_creds_cli_check_transport(state->auth_type,
switch (state->auth_level) { state->auth_level,
case DCERPC_AUTH_LEVEL_INTEGRITY: state->creds,
case DCERPC_AUTH_LEVEL_PRIVACY: DCERPC_AUTH_LEVEL_NONE);
break; if (tevent_req_nterror(req, status)) {
default:
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
return; return;
} }
} else {
uint32_t tmp = state->creds->negotiate_flags;
if (tmp & NETLOGON_NEG_AUTHENTICATED_RPC) {
/*
* if DCERPC_AUTH_TYPE_SCHANNEL is supported
* it should be used, which means
* we had a chance to verify no downgrade
* happened.
*
* This relies on netlogon_creds_cli_check*
* being called before, as first request after
* the DCERPC bind.
*/
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
return;
}
}
/* /*
* we defer all callbacks in order to cleanup * we defer all callbacks in order to cleanup
@ -4303,33 +4263,13 @@ static void netlogon_creds_cli_LogonGetDomainInfo_locked(struct tevent_req *subr
return; return;
} }
if (state->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { status = netlogon_creds_cli_check_transport(state->auth_type,
switch (state->auth_level) { state->auth_level,
case DCERPC_AUTH_LEVEL_INTEGRITY: state->creds,
case DCERPC_AUTH_LEVEL_PRIVACY: DCERPC_AUTH_LEVEL_NONE);
break; if (tevent_req_nterror(req, status)) {
default:
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
return; return;
} }
} else {
uint32_t tmp = state->creds->negotiate_flags;
if (tmp & NETLOGON_NEG_AUTHENTICATED_RPC) {
/*
* if DCERPC_AUTH_TYPE_SCHANNEL is supported
* it should be used, which means
* we had a chance to verify no downgrade
* happened.
*
* This relies on netlogon_creds_cli_check*
* being called before, as first request after
* the DCERPC bind.
*/
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
return;
}
}
/* /*
* we defer all callbacks in order to cleanup * we defer all callbacks in order to cleanup