s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in netr_creds_server_step_c...

author Stefan Metzmacher <metze@samba.org>

Mon, 27 May 2019 11:12:14 +0000 (13:12 +0200)

committer Karolin Seeger <kseeger@samba.org>

Mon, 8 Jul 2019 11:43:57 +0000 (11:43 +0000)
author Stefan Metzmacher <metze@samba.org>
Mon, 27 May 2019 11:12:14 +0000 (13:12 +0200)
committer Karolin Seeger <kseeger@samba.org>
Mon, 8 Jul 2019 11:43:57 +0000 (11:43 +0000)
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c

index afe7b25f74d6d303a3ed666a15752beabe098047..d799ba4feefa656f164b6f76261d1e97b110df49 100644 (file)
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1061,36 +1061,6 @@ NTSTATUS _netr_ServerAuthenticate2(struct pipes_struct *p,
         return _netr_ServerAuthenticate3(p, &a);
  }
  
-/*************************************************************************
- * If schannel is required for this call test that it actually is available.
- *************************************************************************/
-static NTSTATUS schannel_check_required(struct pipe_auth_data *auth_info,
-                                       const char *computer_name,
-                                       bool integrity, bool privacy)
-{
-       if (auth_info && auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
-               if (!privacy && !integrity) {
-                       return NT_STATUS_OK;
-               }
-
-               if ((!privacy && integrity) &&
-                   auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
-                       return NT_STATUS_OK;
-               }
-
-               if ((privacy || integrity) &&
-                   auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
-                       return NT_STATUS_OK;
-               }
-       }
-
-       /* test didn't pass */
-       DEBUG(0, ("schannel_check_required: [%s] is not using schannel\n",
-                 computer_name));
-
-       return NT_STATUS_ACCESS_DENIED;
-}
-
  /*************************************************************************
   *************************************************************************/
  
@@ -1110,11 +1080,10 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
         }
  
         if (schannel_global_required) {
-               status = schannel_check_required(&p->auth,
-                                                computer_name,
-                                                false, false);
-               if (!NT_STATUS_IS_OK(status)) {
-                       return status;
+               if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
+                       DBG_ERR("[%s] is not using schannel\n",
+                               computer_name);
+                       return NT_STATUS_ACCESS_DENIED;
                 }
         }
author	Stefan Metzmacher <metze@samba.org>
	Mon, 27 May 2019 11:12:14 +0000 (13:12 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Mon, 8 Jul 2019 11:43:57 +0000 (11:43 +0000)