libcli/auth: pass trust_forest_domain_info array to NTLMv2_RESPONSE_verify_netlogon_creds

author Stefan Metzmacher <metze@samba.org>

Fri, 14 Feb 2025 19:02:30 +0000 (20:02 +0100)

committer Ralph Boehme <slow@samba.org>

Sat, 22 Feb 2025 16:00:36 +0000 (16:00 +0000)
author Stefan Metzmacher <metze@samba.org>
Fri, 14 Feb 2025 19:02:30 +0000 (20:02 +0100)
committer Ralph Boehme <slow@samba.org>
Sat, 22 Feb 2025 16:00:36 +0000 (16:00 +0000)
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h

index 8a9087bb647030506f14ee41bd5f0dc0b58deb2f..792823ed2425f7761bfb5f6466d62b2c174682fc 100644 (file)
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -217,11 +217,21 @@ bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ctx,
                       const DATA_BLOB *names_blob,
                       DATA_BLOB *lm_response, DATA_BLOB *nt_response,
                       DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) ;
+struct lsa_TrustDomainInfoInfoEx;
+struct lsa_ForestTrustInformation2;
+struct trust_forest_domain_info {
+       bool is_local_forest;
+       bool is_checked_trust;
+       struct lsa_TrustDomainInfoInfoEx *tdo;
+       struct lsa_ForestTrustInformation2 *fti;
+};
  NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name,
                         const char *account_domain,
                         const DATA_BLOB response,
                         const struct netlogon_creds_CredentialState *creds,
-                       const char *workgroup);
+                       const char *workgroup,
+                       size_t num_domains,
+                       const struct trust_forest_domain_info *domains);
  
  /***********************************************************
   encode a password buffer with a unicode password.  The buffer
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c

index 53ad3d5dc1552ea73a6d8e2085691b887d0aea07..cd60f207148c81e0408932ea7ba36d9788afd9e8 100644 (file)
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -741,7 +741,9 @@ NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name,
                         const char *account_domain,
                         const DATA_BLOB response,
                         const struct netlogon_creds_CredentialState *creds,
-                       const char *workgroup)
+                       const char *workgroup,
+                       size_t num_domains,
+                       const struct trust_forest_domain_info *domains)
  {
         TALLOC_CTX *frame = NULL;
         /* RespType + HiRespType */
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c

index 2a5bfb40a5511fade5dde4cfcbaf30ce903da54c..ab661931b2cc659757e78d30c48a4764669f9954 100644 (file)
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1646,13 +1646,17 @@ static NTSTATUS _netr_NTLMv2_RESPONSE_verify(
         TALLOC_CTX *frame = talloc_stackframe();
         const char *workgroup = lp_workgroup();
         NTSTATUS status;
+       size_t num_trusts = 0;
+       struct trust_forest_domain_info *trusts = NULL;
  
         status = NTLMv2_RESPONSE_verify_netlogon_creds(
                                         user_info->client.account_name,
                                         user_info->client.domain_name,
                                         user_info->password.response.nt,
                                         creds,
-                                       workgroup);
+                                       workgroup,
+                                       num_trusts,
+                                       trusts);
         if (!NT_STATUS_IS_OK(status)) {
                 TALLOC_FREE(frame);
                 return status;
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c

index 3af9ce6f225cacde05af4f4a5f06b12edd617f76..e1d66a86cdf5399b1c72c5f42a7e61df5683cdf4 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1424,13 +1424,17 @@ static NTSTATUS dcesrv_netr_NTLMv2_RESPONSE_verify(
         struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
         const char *workgroup = lpcfg_workgroup(lp_ctx);
         NTSTATUS status;
+       size_t num_trusts = 0;
+       struct trust_forest_domain_info *trusts = NULL;
  
         status = NTLMv2_RESPONSE_verify_netlogon_creds(
                                         user_info->client.account_name,
                                         user_info->client.domain_name,
                                         user_info->password.response.nt,
                                         creds,
-                                       workgroup);
+                                       workgroup,
+                                       num_trusts,
+                                       trusts);
         if (!NT_STATUS_IS_OK(status)) {
                 TALLOC_FREE(frame);
                 return status;
author	Stefan Metzmacher <metze@samba.org>
	Fri, 14 Feb 2025 19:02:30 +0000 (20:02 +0100)
committer	Ralph Boehme <slow@samba.org>
	Sat, 22 Feb 2025 16:00:36 +0000 (16:00 +0000)
libcli/auth/proto.h		patch \| blob \| blame \| history
libcli/auth/smbencrypt.c		patch \| blob \| blame \| history
source3/rpc_server/netlogon/srv_netlog_nt.c		patch \| blob \| blame \| history
source4/rpc_server/netlogon/dcerpc_netlogon.c		patch \| blob \| blame \| history