s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in netr_creds_server_step_c...

The gensec schannel module already asserts that at least
AUTH_LEVEL_INTEGRITY is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 8c7b0db77fc1b25c0a47954716b608c0533435b4..1bc5d62f979d4a3c096c14265b411ee5a0f1b7e1 100644 (file)
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1060,36 +1060,6 @@ NTSTATUS _netr_ServerAuthenticate2(struct pipes_struct *p,
        return _netr_ServerAuthenticate3(p, &a);
 }
 
-/*************************************************************************
- * If schannel is required for this call test that it actually is available.
- *************************************************************************/
-static NTSTATUS schannel_check_required(struct pipe_auth_data *auth_info,
-                                       const char *computer_name,
-                                       bool integrity, bool privacy)
-{
-       if (auth_info && auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
-               if (!privacy && !integrity) {
-                       return NT_STATUS_OK;
-               }
-
-               if ((!privacy && integrity) &&
-                   auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
-                       return NT_STATUS_OK;
-               }
-
-               if ((privacy || integrity) &&
-                   auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
-                       return NT_STATUS_OK;
-               }
-       }
-
-       /* test didn't pass */
-       DEBUG(0, ("schannel_check_required: [%s] is not using schannel\n",
-                 computer_name));
-
-       return NT_STATUS_ACCESS_DENIED;
-}
-
 /*************************************************************************
  *************************************************************************/
 
@@ -1109,11 +1079,10 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
        }
 
        if (schannel_global_required) {
-               status = schannel_check_required(&p->auth,
-                                                computer_name,
-                                                false, false);
-               if (!NT_STATUS_IS_OK(status)) {
-                       return status;
+               if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
+                       DBG_ERR("[%s] is not using schannel\n",
+                               computer_name);
+                       return NT_STATUS_ACCESS_DENIED;
                }
        }