s4:librpc/rpc: make use of netlogon_creds_client_verify()

author Stefan Metzmacher <metze@samba.org>

Tue, 29 Oct 2024 09:31:52 +0000 (10:31 +0100)

committer Douglas Bagnall <dbagnall@samba.org>

Wed, 30 Oct 2024 23:08:36 +0000 (23:08 +0000)
author Stefan Metzmacher <metze@samba.org>
Tue, 29 Oct 2024 09:31:52 +0000 (10:31 +0100)
committer Douglas Bagnall <dbagnall@samba.org>
Wed, 30 Oct 2024 23:08:36 +0000 (23:08 +0000)
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c

index e2f4a8fa3d51bf521ecb077d15c112ba10a44542..033b964233cae5b3cef827dbdeaca69fa40adf3f 100644 (file)
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -224,10 +224,17 @@ static void continue_srv_auth2(struct tevent_req *subreq)
  {
         struct composite_context *c;
         struct schannel_key_state *s;
+       enum dcerpc_AuthType auth_type;
+       enum dcerpc_AuthLevel auth_level;
+       NTSTATUS status;
  
         c = tevent_req_callback_data(subreq, struct composite_context);
         s = talloc_get_type(c->private_data, struct schannel_key_state);
  
+       dcerpc_binding_handle_auth_info(s->pipe2->binding_handle,
+                                       &auth_type,
+                                       &auth_level);
+
         /* receive rpc request result - auth2 credentials */ 
         c->status = dcerpc_netr_ServerAuthenticate2_r_recv(subreq, s);
         TALLOC_FREE(subreq);
@@ -330,8 +337,12 @@ static void continue_srv_auth2(struct tevent_req *subreq)
         }
  
         /* verify credentials */
-       if (!netlogon_creds_client_check(s->creds, s->a.out.return_credentials)) {
-               composite_error(c, NT_STATUS_UNSUCCESSFUL);
+       status = netlogon_creds_client_verify(s->creds,
+                                             s->a.out.return_credentials,
+                                             auth_type,
+                                             auth_level);
+       if (!NT_STATUS_IS_OK(status)) {
+               composite_error(c, status);
                 return;
         }
  
@@ -604,11 +615,17 @@ static void continue_get_negotiated_capabilities(struct tevent_req *subreq)
  {
         struct composite_context *c;
         struct auth_schannel_state *s;
+       enum dcerpc_AuthType auth_type;
+       enum dcerpc_AuthLevel auth_level;
         NTSTATUS status;
  
         c = tevent_req_callback_data(subreq, struct composite_context);
         s = talloc_get_type(c->private_data, struct auth_schannel_state);
  
+       dcerpc_binding_handle_auth_info(s->pipe->binding_handle,
+                                       &auth_type,
+                                       &auth_level);
+
         /* receive rpc request result */
         c->status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, s);
         TALLOC_FREE(subreq);
@@ -644,9 +661,12 @@ static void continue_get_negotiated_capabilities(struct tevent_req *subreq)
         }
  
         /* verify credentials */
-       if (!netlogon_creds_client_check(&s->save_creds_state,
-                                        &s->c.out.return_authenticator->cred)) {
-               composite_error(c, NT_STATUS_UNSUCCESSFUL);
+       status = netlogon_creds_client_verify(&s->save_creds_state,
+                                             &s->c.out.return_authenticator->cred,
+                                             auth_type,
+                                             auth_level);
+       if (!NT_STATUS_IS_OK(status)) {
+               composite_error(c, status);
                 return;
         }
  
@@ -707,10 +727,17 @@ static void continue_get_client_capabilities(struct tevent_req *subreq)
  {
         struct composite_context *c;
         struct auth_schannel_state *s;
+       enum dcerpc_AuthType auth_type;
+       enum dcerpc_AuthLevel auth_level;
+       NTSTATUS status;
  
         c = tevent_req_callback_data(subreq, struct composite_context);
         s = talloc_get_type(c->private_data, struct auth_schannel_state);
  
+       dcerpc_binding_handle_auth_info(s->pipe->binding_handle,
+                                       &auth_type,
+                                       &auth_level);
+
         /* receive rpc request result */
         c->status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, s);
         TALLOC_FREE(subreq);
@@ -745,9 +772,12 @@ static void continue_get_client_capabilities(struct tevent_req *subreq)
         }
  
         /* verify credentials */
-       if (!netlogon_creds_client_check(&s->save_creds_state,
-                                        &s->c.out.return_authenticator->cred)) {
-               composite_error(c, NT_STATUS_UNSUCCESSFUL);
+       status = netlogon_creds_client_verify(&s->save_creds_state,
+                                             &s->c.out.return_authenticator->cred,
+                                             auth_type,
+                                             auth_level);
+       if (!NT_STATUS_IS_OK(status)) {
+               composite_error(c, status);
                 return;
         }
author	Stefan Metzmacher <metze@samba.org>
	Tue, 29 Oct 2024 09:31:52 +0000 (10:31 +0100)
committer	Douglas Bagnall <dbagnall@samba.org>
	Wed, 30 Oct 2024 23:08:36 +0000 (23:08 +0000)