libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds() return the computer_name

This will be used to implement the MS-NRPC 3.5.4.5.1.2 RODC server cachability validation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 792823ed2425f7761bfb5f6466d62b2c174682fc..79ab72cb852eca0135613349bfe1788b1e1bc52f 100644 (file)
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -231,7 +231,9 @@ NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name,
                        const struct netlogon_creds_CredentialState *creds,
                        const char *workgroup,
                        size_t num_domains,
-                       const struct trust_forest_domain_info *domains);
+                       const struct trust_forest_domain_info *domains,
+                       TALLOC_CTX *mem_ctx,
+                       char **_computer_name);
 
 /***********************************************************
  encode a password buffer with a unicode password.  The buffer

diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 468300af437e76cddc4f268dc0ff6aff0baef80a..ed9c52e0ede1eaa6ab6616a2726ed21a2295d4f3 100644 (file)
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -1149,7 +1149,9 @@ NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name,
                        const struct netlogon_creds_CredentialState *creds,
                        const char *workgroup,
                        size_t num_domains,
-                       const struct trust_forest_domain_info *domains)
+                       const struct trust_forest_domain_info *domains,
+                       TALLOC_CTX *mem_ctx,
+                       char **_computer_name)
 {
        TALLOC_CTX *frame = NULL;
        /* RespType + HiRespType */
@@ -1159,6 +1161,10 @@ NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name,
        enum ndr_err_code err;
        NTSTATUS status;
 
+       if (_computer_name != NULL) {
+               *_computer_name = NULL;
+       }
+
        if (response.length < 48) {
                /*
                 * NTLMv2_RESPONSE has at least 48 bytes.
@@ -1273,6 +1279,25 @@ NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name,
                NDR_PRINT_DEBUG(NTLMv2_RESPONSE, &v2_resp);
        }
 
+       if (_computer_name != NULL) {
+               const struct AV_PAIR *av_nb_cn = NULL;
+               const char *nb_cn = NULL;
+
+               av_nb_cn = ndr_ntlmssp_find_av(&v2_resp.Challenge.AvPairs,
+                                              MsvAvNbComputerName);
+               if (av_nb_cn != NULL) {
+                       nb_cn = av_nb_cn->Value.AvNbComputerName;
+               }
+
+               if (nb_cn != NULL) {
+                       *_computer_name = talloc_strdup(mem_ctx, nb_cn);
+                       if (*_computer_name == NULL) {
+                               TALLOC_FREE(frame);
+                               return NT_STATUS_NO_MEMORY;
+                       }
+               }
+       }
+
        switch (creds->secure_channel_type) {
        case SEC_CHAN_NULL:
        case SEC_CHAN_LOCAL:

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index aadea68950135466b55d42acc0d1ec8890c9d23e..39bf2b3084124a566ea862eab7dc74be7fa7c64b 100644 (file)
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1881,7 +1881,9 @@ static NTSTATUS _netr_NTLMv2_RESPONSE_verify(
                                        creds,
                                        workgroup,
                                        num_trusts,
-                                       trusts);
+                                       trusts,
+                                       NULL,  /* mem_ctx */
+                                       NULL); /* _computer_name */
        if (!NT_STATUS_IS_OK(status)) {
                TALLOC_FREE(frame);
                return status;

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index f9919466ba457e463b38c09d6cabb24f74713336..f8a363734b162fe3024e6f4ae2e3ada19cb2029d 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1555,7 +1555,9 @@ static NTSTATUS dcesrv_netr_NTLMv2_RESPONSE_verify(
                                        creds,
                                        workgroup,
                                        num_trusts,
-                                       trusts);
+                                       trusts,
+                                       NULL,  /* mem_ctx */
+                                       NULL); /* _computer_name */
        if (!NT_STATUS_IS_OK(status)) {
                TALLOC_FREE(frame);
                return status;