s4:rpc_server/netlogon: fix dcesrv_netr_LogonSamLogon_base_call() for ServerAuthentic...

author Stefan Metzmacher <metze@samba.org>

Tue, 26 Nov 2024 10:13:32 +0000 (11:13 +0100)

committer Andreas Schneider <asn@cryptomilk.org>

Thu, 12 Dec 2024 15:00:10 +0000 (15:00 +0000)
author Stefan Metzmacher <metze@samba.org>
Tue, 26 Nov 2024 10:13:32 +0000 (11:13 +0100)
committer Andreas Schneider <asn@cryptomilk.org>
Thu, 12 Dec 2024 15:00:10 +0000 (15:00 +0000)
diff --git a/selftest/knownfail.d/samba.tests.krb5.netlogon b/selftest/knownfail.d/samba.tests.krb5.netlogon

index a59934805b4b101a4023da067bf15b0e76aa42d3..dc2304c116218f73c7e7862ed3f553e9064430ee 100644 (file)
--- a/selftest/knownfail.d/samba.tests.krb5.netlogon
+++ b/selftest/knownfail.d/samba.tests.krb5.netlogon
@@ -1,4 +1,2 @@
  # This is not implemented yet
  ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_ticket_samlogon
-# These will be fixed in the next commits
-^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_.*_samlogon_.*_authK
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c

index 0c36ad6be2085dfbd8e57bfb1f186f34f938892c..7fce61c5792a9ecbce1312444e76c18c0a8a1a1d 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1445,10 +1445,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base_call(struct dcesrv_netr_LogonSamL
                 break;
         case NDR_NETR_LOGONSAMLOGONEX:
         default:
-               if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
-                       return NT_STATUS_ACCESS_DENIED;
-               }
-
                 nt_status = dcesrv_netr_check_schannel(dce_call,
                                                        creds,
                                                        auth_type,
@@ -1457,6 +1453,13 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base_call(struct dcesrv_netr_LogonSamL
                 if (!NT_STATUS_IS_OK(nt_status)) {
                         return nt_status;
                 }
+
+               if (!creds->authenticate_kerberos &&
+                   auth_type != DCERPC_AUTH_TYPE_SCHANNEL)
+               {
+                       return NT_STATUS_ACCESS_DENIED;
+               }
+
                 break;
         }
  
@@ -1598,7 +1601,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base_call(struct dcesrv_netr_LogonSamL
  
         case NetlogonGenericInformation:
         {
-               if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+               if (creds->authenticate_kerberos) {
+                       /* OK */
+               } else if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
                         /* OK */
                 } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
                         /* OK */
author	Stefan Metzmacher <metze@samba.org>
	Tue, 26 Nov 2024 10:13:32 +0000 (11:13 +0100)
committer	Andreas Schneider <asn@cryptomilk.org>
	Thu, 12 Dec 2024 15:00:10 +0000 (15:00 +0000)
selftest/knownfail.d/samba.tests.krb5.netlogon		patch \| blob \| blame \| history
source4/rpc_server/netlogon/dcerpc_netlogon.c		patch \| blob \| blame \| history