diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-11-08 12:44:30 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2019-01-12 03:13:36 +0100 |
commit | 6b49e325f11847ba3a3efa7ba79c7a4992b81714 (patch) | |
tree | 1067ad7cedadb9f6d640cdede220cf2fabe04a61 /source4 | |
parent | cd380d8adad8cea7df8ee2cfb33dab86ba3900b6 (diff) | |
download | samba-6b49e325f11847ba3a3efa7ba79c7a4992b81714.tar.gz |
s4:rpc_server/netlogon: make use of dcesrv_call_auth_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 72b50327c50..c1237933e68 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -632,7 +632,11 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc bool schannel_global_required = (schannel == true); if (schannel_global_required) { - if (dce_call->conn->auth_state.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { + enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE; + + dcesrv_call_auth_info(dce_call, &auth_type, NULL); + + if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { DBG_ERR("[%s] is not using schannel\n", computer_name); return NT_STATUS_ACCESS_DENIED; @@ -834,6 +838,8 @@ static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TAL static NTSTATUS dcesrv_netr_LogonSamLogon_check(struct dcesrv_call_state *dce_call, const struct netr_LogonSamLogonEx *r) { + enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE; + switch (r->in.logon_level) { case NetlogonInteractiveInformation: case NetlogonServiceInformation: @@ -888,9 +894,11 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_check(struct dcesrv_call_state *dce_ca return NT_STATUS_INVALID_PARAMETER; } + dcesrv_call_auth_info(dce_call, NULL, &auth_level); + switch (r->in.validation_level) { case NetlogonValidationSamInfo4: /* 6 */ - if (dce_call->conn->auth_state.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) { + if (auth_level < DCERPC_AUTH_LEVEL_PRIVACY) { return NT_STATUS_INVALID_PARAMETER; } break; @@ -1278,6 +1286,7 @@ static void dcesrv_netr_LogonSamLogon_base_reply( static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct netr_LogonSamLogonEx *r) { + enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE; struct dcesrv_netr_LogonSamLogon_base_state *state; NTSTATUS nt_status; @@ -1315,7 +1324,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, return nt_status; } - if (dce_call->conn->auth_state.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { + dcesrv_call_auth_info(dce_call, &auth_type, NULL); + + if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { return NT_STATUS_ACCESS_DENIED; } |