diff options
author | Stefan Metzmacher <metze@samba.org> | 2019-05-27 13:12:14 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-07-09 06:33:30 +0000 |
commit | 1f0870a7b28c5485e1b8131088ff16fca4d04f15 (patch) | |
tree | 7b95d15096d876fddeff67e663ef76b661b2dc91 /source3 | |
parent | b7f586ca6c996213732ea6574f1dc7ad5915983b (diff) | |
download | samba-1f0870a7b28c5485e1b8131088ff16fca4d04f15.tar.gz |
s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in netr_creds_server_step_check()
The gensec schannel module already asserts that at least
AUTH_LEVEL_INTEGRITY is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0b6e37c9e801435e094194dd60d9213b4868c3de)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/rpc_server/netlogon/srv_netlog_nt.c | 39 |
1 files changed, 4 insertions, 35 deletions
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index afe7b25f74d..d799ba4feef 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1062,36 +1062,6 @@ NTSTATUS _netr_ServerAuthenticate2(struct pipes_struct *p, } /************************************************************************* - * If schannel is required for this call test that it actually is available. - *************************************************************************/ -static NTSTATUS schannel_check_required(struct pipe_auth_data *auth_info, - const char *computer_name, - bool integrity, bool privacy) -{ - if (auth_info && auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { - if (!privacy && !integrity) { - return NT_STATUS_OK; - } - - if ((!privacy && integrity) && - auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { - return NT_STATUS_OK; - } - - if ((privacy || integrity) && - auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { - return NT_STATUS_OK; - } - } - - /* test didn't pass */ - DEBUG(0, ("schannel_check_required: [%s] is not using schannel\n", - computer_name)); - - return NT_STATUS_ACCESS_DENIED; -} - -/************************************************************************* *************************************************************************/ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p, @@ -1110,11 +1080,10 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p, } if (schannel_global_required) { - status = schannel_check_required(&p->auth, - computer_name, - false, false); - if (!NT_STATUS_IS_OK(status)) { - return status; + if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { + DBG_ERR("[%s] is not using schannel\n", + computer_name); + return NT_STATUS_ACCESS_DENIED; } } |