diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-07-27 11:30:13 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2014-01-07 12:47:06 +0100 |
commit | 38d4dba37406515181e4d6f1a1faffc18e652e27 (patch) | |
tree | d7644727673b23e6167958e6c32422a2ab3a82d6 /source3/rpcclient/cmd_netlogon.c | |
parent | 11aed7cd3dbd967593b34a206f0802fd0002bf27 (diff) | |
download | samba-38d4dba37406515181e4d6f1a1faffc18e652e27.tar.gz |
s3:rpc_client: make use of the new netlogon_creds_cli_context
This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds
and lets the secure channel session state be stored in node local database.
This is the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563
https://bugzilla.samba.org/show_bug.cgi?id=7944
https://bugzilla.samba.org/show_bug.cgi?id=7945
https://bugzilla.samba.org/show_bug.cgi?id=7568
https://bugzilla.samba.org/show_bug.cgi?id=8599
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3/rpcclient/cmd_netlogon.c')
-rw-r--r-- | source3/rpcclient/cmd_netlogon.c | 57 |
1 files changed, 49 insertions, 8 deletions
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index d92434b23c7..2e0b5e5a871 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -26,6 +26,7 @@ #include "../librpc/gen_ndr/ndr_netlogon_c.h" #include "rpc_client/cli_netlogon.h" #include "secrets.h" +#include "../libcli/auth/netlogon_creds_cli.h" static WERROR cmd_netlogon_logon_ctrl2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, @@ -630,8 +631,15 @@ static NTSTATUS cmd_netlogon_sam_sync(struct rpc_pipe_client *cli, do { struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + struct netlogon_creds_CredentialState *creds = NULL; - netlogon_creds_client_authenticator(cli->dc, &credential); + status = netlogon_creds_cli_lock(cli->netlogon_creds, + mem_ctx, &creds); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + netlogon_creds_client_authenticator(creds, &credential); status = dcerpc_netr_DatabaseSync2(b, mem_ctx, logon_server, @@ -645,15 +653,18 @@ static NTSTATUS cmd_netlogon_sam_sync(struct rpc_pipe_client *cli, 0xffff, &result); if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(creds); return status; } /* Check returned credentials. */ - if (!netlogon_creds_client_check(cli->dc, + if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) { DEBUG(0,("credentials chain check failed\n")); + TALLOC_FREE(creds); return NT_STATUS_ACCESS_DENIED; } + TALLOC_FREE(creds); if (NT_STATUS_IS_ERR(result)) { break; @@ -699,8 +710,15 @@ static NTSTATUS cmd_netlogon_sam_deltas(struct rpc_pipe_client *cli, do { struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + struct netlogon_creds_CredentialState *creds = NULL; + + status = netlogon_creds_cli_lock(cli->netlogon_creds, + mem_ctx, &creds); + if (!NT_STATUS_IS_OK(status)) { + return status; + } - netlogon_creds_client_authenticator(cli->dc, &credential); + netlogon_creds_client_authenticator(creds, &credential); status = dcerpc_netr_DatabaseDeltas(b, mem_ctx, logon_server, @@ -713,15 +731,18 @@ static NTSTATUS cmd_netlogon_sam_deltas(struct rpc_pipe_client *cli, 0xffff, &result); if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(creds); return status; } /* Check returned credentials. */ - if (!netlogon_creds_client_check(cli->dc, + if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) { DEBUG(0,("credentials chain check failed\n")); + TALLOC_FREE(creds); return NT_STATUS_ACCESS_DENIED; } + TALLOC_FREE(creds); if (NT_STATUS_IS_ERR(result)) { break; @@ -1129,6 +1150,7 @@ static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli, struct netr_ChangeLogEntry e; uint32_t rid = 500; struct dcerpc_binding_handle *b = cli->binding_handle; + struct netlogon_creds_CredentialState *creds = NULL; if (argc > 2) { fprintf(stderr, "Usage: %s <user rid>\n", argv[0]); @@ -1158,7 +1180,13 @@ static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli, return status; } - netlogon_creds_client_authenticator(cli->dc, &clnt_creds); + status = netlogon_creds_cli_lock(cli->netlogon_creds, + mem_ctx, &creds); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + netlogon_creds_client_authenticator(creds, &clnt_creds); ZERO_STRUCT(e); @@ -1176,13 +1204,16 @@ static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli, &delta_enum_array, &result); if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(creds); return status; } - if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { + if (!netlogon_creds_client_check(creds, &srv_cred.cred)) { DEBUG(0,("credentials chain check failed\n")); + TALLOC_FREE(creds); return NT_STATUS_ACCESS_DENIED; } + TALLOC_FREE(creds); return result; } @@ -1198,6 +1229,7 @@ static NTSTATUS cmd_netlogon_capabilities(struct rpc_pipe_client *cli, union netr_Capabilities capabilities; uint32_t level = 1; struct dcerpc_binding_handle *b = cli->binding_handle; + struct netlogon_creds_CredentialState *creds = NULL; if (argc > 2) { fprintf(stderr, "Usage: %s <level>\n", argv[0]); @@ -1210,7 +1242,13 @@ static NTSTATUS cmd_netlogon_capabilities(struct rpc_pipe_client *cli, ZERO_STRUCT(return_authenticator); - netlogon_creds_client_authenticator(cli->dc, &credential); + status = netlogon_creds_cli_lock(cli->netlogon_creds, + mem_ctx, &creds); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + netlogon_creds_client_authenticator(creds, &credential); status = dcerpc_netr_LogonGetCapabilities(b, mem_ctx, cli->desthost, @@ -1221,14 +1259,17 @@ static NTSTATUS cmd_netlogon_capabilities(struct rpc_pipe_client *cli, &capabilities, &result); if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(creds); return status; } - if (!netlogon_creds_client_check(cli->dc, + if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) { DEBUG(0,("credentials chain check failed\n")); + TALLOC_FREE(creds); return NT_STATUS_ACCESS_DENIED; } + TALLOC_FREE(creds); printf("capabilities: 0x%08x\n", capabilities.server_capabilities); |