libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_logon()

This will be needed when we implement netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 3d4ea276bdf44202250246cd6edae2bc17e92c74)

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 0f5dd1a676ac7c70ef55ca263c6365f0bd6127c2..dd43036c9bc4759abcda154a3467aad8ec31d658 100644 (file)
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -976,6 +976,8 @@ NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_Creden
 static NTSTATUS netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
                                                    enum netr_LogonInfoClass level,
                                                    union netr_LogonLevel *logon,
+                                                   enum dcerpc_AuthType auth_type,
+                                                   enum dcerpc_AuthLevel auth_level,
                                                    bool do_encrypt)
 {
        NTSTATUS status;
@@ -1121,16 +1123,30 @@ static NTSTATUS netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Creden
 
 NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
                                               enum netr_LogonInfoClass level,
-                                              union netr_LogonLevel *logon)
+                                              union netr_LogonLevel *logon,
+                                              enum dcerpc_AuthType auth_type,
+                                              enum dcerpc_AuthLevel auth_level)
 {
-       return netlogon_creds_crypt_samlogon_logon(creds, level, logon, false);
+       return netlogon_creds_crypt_samlogon_logon(creds,
+                                                  level,
+                                                  logon,
+                                                  auth_type,
+                                                  auth_level,
+                                                  false);
 }
 
 NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
                                               enum netr_LogonInfoClass level,
-                                              union netr_LogonLevel *logon)
+                                              union netr_LogonLevel *logon,
+                                              enum dcerpc_AuthType auth_type,
+                                              enum dcerpc_AuthLevel auth_level)
 {
-       return netlogon_creds_crypt_samlogon_logon(creds, level, logon, true);
+       return netlogon_creds_crypt_samlogon_logon(creds,
+                                                  level,
+                                                  logon,
+                                                  auth_type,
+                                                  auth_level,
+                                                  true);
 }
 
 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,

diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 4f5a5f5d2ca99b773c586e68a99c75c45b728985..78aa9bf8b7598b532f2caf428a5a7657a670cd8c 100644 (file)
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -2738,7 +2738,9 @@ static void netlogon_creds_cli_LogonSamLogon_start(struct tevent_req *req)
 
                        status = netlogon_creds_encrypt_samlogon_logon(state->ro_creds,
                                                                       state->logon_level,
-                                                                      state->logon);
+                                                                      state->logon,
+                                                                      auth_type,
+                                                                      auth_level);
                        if (!NT_STATUS_IS_OK(status)) {
                                status = NT_STATUS_ACCESS_DENIED;
                                tevent_req_nterror(req, status);
@@ -2802,7 +2804,9 @@ static void netlogon_creds_cli_LogonSamLogon_start(struct tevent_req *req)
 
        status = netlogon_creds_encrypt_samlogon_logon(&state->tmp_creds,
                                                       state->logon_level,
-                                                      state->logon);
+                                                      state->logon,
+                                                      auth_type,
+                                                      auth_level);
        if (tevent_req_nterror(req, status)) {
                netlogon_creds_cli_LogonSamLogon_cleanup(req, status);
                return;

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 1eec792d8041e4379d8ca09c28976562a7d58cfd..c5e26d183ab4dee111c1cfd48861905207628701 100644 (file)
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -88,10 +88,14 @@ NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_Creden
                                                    enum dcerpc_AuthLevel auth_level);
 NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
                                               enum netr_LogonInfoClass level,
-                                              union netr_LogonLevel *logon);
+                                              union netr_LogonLevel *logon,
+                                              enum dcerpc_AuthType auth_type,
+                                              enum dcerpc_AuthLevel auth_level);
 NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
                                               enum netr_LogonInfoClass level,
-                                              union netr_LogonLevel *logon);
+                                              union netr_LogonLevel *logon,
+                                              enum dcerpc_AuthType auth_type,
+                                              enum dcerpc_AuthLevel auth_level);
 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
                                        enum netr_LogonInfoClass level,
                                        const union netr_LogonLevel *in);

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 843b2c4dfbe45c850a90d33c94f5ff41ea9d4b0c..8dce49946171fec081c381960dc9525e78de610c 100644 (file)
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1755,7 +1755,9 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
 
        status = netlogon_creds_decrypt_samlogon_logon(creds,
                                                       r->in.logon_level,
-                                                      logon);
+                                                      logon,
+                                                      auth_type,
+                                                      auth_level);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 70e41699b9b7ddc7e7a492fa5b9dd6781eea74c9..050e6e4bcdde7ef1ca4f0fbb6280a7a36f0006ac 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1377,7 +1377,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base_call(struct dcesrv_netr_LogonSamL
 
        nt_status = netlogon_creds_decrypt_samlogon_logon(creds,
                                                          r->in.logon_level,
-                                                         r->in.logon);
+                                                         r->in.logon,
+                                                         auth_type,
+                                                         auth_level);
        NT_STATUS_NOT_OK_RETURN(nt_status);
 
        switch (r->in.logon_level) {