libcli/auth: split out netlogon_creds_client_verify() that takes auth_{type,level}

author Stefan Metzmacher <metze@samba.org>

Tue, 29 Oct 2024 08:54:42 +0000 (09:54 +0100)

committer Jule Anger <janger@samba.org>

Wed, 13 Nov 2024 10:39:12 +0000 (10:39 +0000)
author Stefan Metzmacher <metze@samba.org>
Tue, 29 Oct 2024 08:54:42 +0000 (09:54 +0100)
committer Jule Anger <janger@samba.org>
Wed, 13 Nov 2024 10:39:12 +0000 (10:39 +0000)
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c

index 2c46c5a582c0909ded04cb2b5dff06715928c12a..2d2da080efe328beb230d9b9756f45f245ec3ca2 100644 (file)
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -657,14 +657,34 @@ netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds
  /*
    check that a credentials reply from a server is correct
  */
-bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
-                       const struct netr_Credential *received_credentials)
+NTSTATUS netlogon_creds_client_verify(struct netlogon_creds_CredentialState *creds,
+                       const struct netr_Credential *received_credentials,
+                       enum dcerpc_AuthType auth_type,
+                       enum dcerpc_AuthLevel auth_level)
  {
         if (!received_credentials ||
             !mem_equal_const_time(received_credentials->data, creds->server.data, 8)) {
                 DEBUG(2,("credentials check failed\n"));
+               return NT_STATUS_ACCESS_DENIED;
+       }
+       return NT_STATUS_OK;
+}
+
+bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
+                       const struct netr_Credential *received_credentials)
+{
+       enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+       enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+       NTSTATUS status;
+
+       status = netlogon_creds_client_verify(creds,
+                                             received_credentials,
+                                             auth_type,
+                                             auth_level);
+       if (!NT_STATUS_IS_OK(status)) {
                 return false;
         }
+
         return true;
  }
  
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h

index 75eb41abed1f4355638c339808c9baa6dccc03cf..4c0c4243217c81fa15dfb786ddfbf844229383c9 100644 (file)
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -47,6 +47,10 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me
  NTSTATUS
  netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds,
                                     struct netr_Authenticator *next);
+NTSTATUS netlogon_creds_client_verify(struct netlogon_creds_CredentialState *creds,
+                       const struct netr_Credential *received_credentials,
+                       enum dcerpc_AuthType auth_type,
+                       enum dcerpc_AuthLevel auth_level);
  bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
                         const struct netr_Credential *received_credentials);
  struct netlogon_creds_CredentialState *netlogon_creds_copy(
author	Stefan Metzmacher <metze@samba.org>
	Tue, 29 Oct 2024 08:54:42 +0000 (09:54 +0100)
committer	Jule Anger <janger@samba.org>
	Wed, 13 Nov 2024 10:39:12 +0000 (10:39 +0000)
libcli/auth/credentials.c		patch \| blob \| blame \| history
libcli/auth/proto.h		patch \| blob \| blame \| history