From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 28 Oct 2024 11:55:12 +0000 (+0100)
Subject: libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_logon()
X-Git-Tag: ldb-2.9.2~29
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=838e5257d2a5cca576549b52b19c3015ec17fdb2;p=thirdparty%2Fsamba.git

libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_logon()

This will be needed when we implement netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 3d4ea276bdf44202250246cd6edae2bc17e92c74)
---

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 0f5dd1a676a..dd43036c9bc 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -976,6 +976,8 @@ NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_Creden
 static NTSTATUS netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
 						    enum netr_LogonInfoClass level,
 						    union netr_LogonLevel *logon,
+						    enum dcerpc_AuthType auth_type,
+						    enum dcerpc_AuthLevel auth_level,
 						    bool do_encrypt)
 {
 	NTSTATUS status;
@@ -1121,16 +1123,30 @@ static NTSTATUS netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Creden
 
 NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
 					       enum netr_LogonInfoClass level,
-					       union netr_LogonLevel *logon)
+					       union netr_LogonLevel *logon,
+					       enum dcerpc_AuthType auth_type,
+					       enum dcerpc_AuthLevel auth_level)
 {
-	return netlogon_creds_crypt_samlogon_logon(creds, level, logon, false);
+	return netlogon_creds_crypt_samlogon_logon(creds,
+						   level,
+						   logon,
+						   auth_type,
+						   auth_level,
+						   false);
 }
 
 NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
 					       enum netr_LogonInfoClass level,
-					       union netr_LogonLevel *logon)
+					       union netr_LogonLevel *logon,
+					       enum dcerpc_AuthType auth_type,
+					       enum dcerpc_AuthLevel auth_level)
 {
-	return netlogon_creds_crypt_samlogon_logon(creds, level, logon, true);
+	return netlogon_creds_crypt_samlogon_logon(creds,
+						   level,
+						   logon,
+						   auth_type,
+						   auth_level,
+						   true);
 }
 
 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 4f5a5f5d2ca..78aa9bf8b75 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -2738,7 +2738,9 @@ static void netlogon_creds_cli_LogonSamLogon_start(struct tevent_req *req)
 
 			status = netlogon_creds_encrypt_samlogon_logon(state->ro_creds,
 								       state->logon_level,
-								       state->logon);
+								       state->logon,
+								       auth_type,
+								       auth_level);
 			if (!NT_STATUS_IS_OK(status)) {
 				status = NT_STATUS_ACCESS_DENIED;
 				tevent_req_nterror(req, status);
@@ -2802,7 +2804,9 @@ static void netlogon_creds_cli_LogonSamLogon_start(struct tevent_req *req)
 
 	status = netlogon_creds_encrypt_samlogon_logon(&state->tmp_creds,
 						       state->logon_level,
-						       state->logon);
+						       state->logon,
+						       auth_type,
+						       auth_level);
 	if (tevent_req_nterror(req, status)) {
 		netlogon_creds_cli_LogonSamLogon_cleanup(req, status);
 		return;
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 1eec792d804..c5e26d183ab 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -88,10 +88,14 @@ NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_Creden
 						    enum dcerpc_AuthLevel auth_level);
 NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
 					       enum netr_LogonInfoClass level,
-					       union netr_LogonLevel *logon);
+					       union netr_LogonLevel *logon,
+					       enum dcerpc_AuthType auth_type,
+					       enum dcerpc_AuthLevel auth_level);
 NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
 					       enum netr_LogonInfoClass level,
-					       union netr_LogonLevel *logon);
+					       union netr_LogonLevel *logon,
+					       enum dcerpc_AuthType auth_type,
+					       enum dcerpc_AuthLevel auth_level);
 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
 					enum netr_LogonInfoClass level,
 					const union netr_LogonLevel *in);
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 843b2c4dfbe..8dce4994617 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1755,7 +1755,9 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
 
 	status = netlogon_creds_decrypt_samlogon_logon(creds,
 						       r->in.logon_level,
-						       logon);
+						       logon,
+						       auth_type,
+						       auth_level);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 70e41699b9b..050e6e4bcdd 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1377,7 +1377,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base_call(struct dcesrv_netr_LogonSamL
 
 	nt_status = netlogon_creds_decrypt_samlogon_logon(creds,
 							  r->in.logon_level,
-							  r->in.logon);
+							  r->in.logon,
+							  auth_type,
+							  auth_level);
 	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	switch (r->in.logon_level) {