From: Stefan Metzmacher Date: Tue, 29 Oct 2024 09:31:52 +0000 (+0100) Subject: s4:librpc/rpc: make use of netlogon_creds_client_verify() X-Git-Tag: ldb-2.9.2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=75e62cc19bed300696ddcbd7617ff86283032ef0;p=thirdparty%2Fsamba.git s4:librpc/rpc: make use of netlogon_creds_client_verify() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher Reviewed-by: Douglas Bagnall (cherry picked from commit 132629ee3a9b73d0888d1110e4d0a45ded778e5a) --- diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index ca0495c4d47..8622791fe30 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -222,10 +222,17 @@ static void continue_srv_auth2(struct tevent_req *subreq) { struct composite_context *c; struct schannel_key_state *s; + enum dcerpc_AuthType auth_type; + enum dcerpc_AuthLevel auth_level; + NTSTATUS status; c = tevent_req_callback_data(subreq, struct composite_context); s = talloc_get_type(c->private_data, struct schannel_key_state); + dcerpc_binding_handle_auth_info(s->pipe2->binding_handle, + &auth_type, + &auth_level); + /* receive rpc request result - auth2 credentials */ c->status = dcerpc_netr_ServerAuthenticate2_r_recv(subreq, s); TALLOC_FREE(subreq); @@ -328,8 +335,12 @@ static void continue_srv_auth2(struct tevent_req *subreq) } /* verify credentials */ - if (!netlogon_creds_client_check(s->creds, s->a.out.return_credentials)) { - composite_error(c, NT_STATUS_UNSUCCESSFUL); + status = netlogon_creds_client_verify(s->creds, + s->a.out.return_credentials, + auth_type, + auth_level); + if (!NT_STATUS_IS_OK(status)) { + composite_error(c, status); return; } @@ -602,11 +613,17 @@ static void continue_get_negotiated_capabilities(struct tevent_req *subreq) { struct composite_context *c; struct auth_schannel_state *s; + enum dcerpc_AuthType auth_type; + enum dcerpc_AuthLevel auth_level; NTSTATUS status; c = tevent_req_callback_data(subreq, struct composite_context); s = talloc_get_type(c->private_data, struct auth_schannel_state); + dcerpc_binding_handle_auth_info(s->pipe->binding_handle, + &auth_type, + &auth_level); + /* receive rpc request result */ c->status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, s); TALLOC_FREE(subreq); @@ -642,9 +659,12 @@ static void continue_get_negotiated_capabilities(struct tevent_req *subreq) } /* verify credentials */ - if (!netlogon_creds_client_check(&s->save_creds_state, - &s->c.out.return_authenticator->cred)) { - composite_error(c, NT_STATUS_UNSUCCESSFUL); + status = netlogon_creds_client_verify(&s->save_creds_state, + &s->c.out.return_authenticator->cred, + auth_type, + auth_level); + if (!NT_STATUS_IS_OK(status)) { + composite_error(c, status); return; } @@ -705,10 +725,17 @@ static void continue_get_client_capabilities(struct tevent_req *subreq) { struct composite_context *c; struct auth_schannel_state *s; + enum dcerpc_AuthType auth_type; + enum dcerpc_AuthLevel auth_level; + NTSTATUS status; c = tevent_req_callback_data(subreq, struct composite_context); s = talloc_get_type(c->private_data, struct auth_schannel_state); + dcerpc_binding_handle_auth_info(s->pipe->binding_handle, + &auth_type, + &auth_level); + /* receive rpc request result */ c->status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, s); TALLOC_FREE(subreq); @@ -743,9 +770,12 @@ static void continue_get_client_capabilities(struct tevent_req *subreq) } /* verify credentials */ - if (!netlogon_creds_client_check(&s->save_creds_state, - &s->c.out.return_authenticator->cred)) { - composite_error(c, NT_STATUS_UNSUCCESSFUL); + status = netlogon_creds_client_verify(&s->save_creds_state, + &s->c.out.return_authenticator->cred, + auth_type, + auth_level); + if (!NT_STATUS_IS_OK(status)) { + composite_error(c, status); return; }