[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1176-ge460c21
Günther Deschner
gd at samba.org
Tue Aug 25 16:52:24 MDT 2009
The branch, master has been updated
via e460c211b01f6642d9064e11432577fbb728cefb (commit)
via 5b46e5985e0f0edc199408c713a02dbe37faa381 (commit)
via 1a53b617710b1bf9555de6ab01afeaf6f9c1d42a (commit)
from 808a0d44f84ed668c906eaa6777d2c0743351560 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e460c211b01f6642d9064e11432577fbb728cefb
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 25 18:47:15 2009 +0200
s3-netlogon: get rid of init_net_r_req_chal().
Guenther
commit 5b46e5985e0f0edc199408c713a02dbe37faa381
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 25 18:44:24 2009 +0200
s3-netlogon: let get_md4pw() return a struct samr_Password.
(in preparation of credential merge).
Guenther
commit 1a53b617710b1bf9555de6ab01afeaf6f9c1d42a
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 25 18:36:28 2009 +0200
s3-netlogon: make _netr_ServerAuthenticate a callback to _netr_ServerAuthenticate3.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/credentials.c | 4 +-
source3/rpc_server/srv_netlog_nt.c | 87 +++++++++--------------------------
2 files changed, 24 insertions(+), 67 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 9dc0b9f..d202409 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -104,9 +104,7 @@ static void creds_init_64(struct dcinfo *dc,
unsigned char sum2[8];
/* Just in case this isn't already there */
- if (dc->mach_pw != mach_pw) {
- memcpy(dc->mach_pw, mach_pw, 16);
- }
+ memcpy(dc->mach_pw, mach_pw, 16);
sum[0] = IVAL(clnt_chal_in->data, 0) + IVAL(srv_chal_in->data, 0);
sum[1] = IVAL(clnt_chal_in->data, 4) + IVAL(srv_chal_in->data, 4);
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 8a93b20..81a4801 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -32,18 +32,6 @@ extern userdom_struct current_user_info;
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
-/*************************************************************************
- init_net_r_req_chal:
- *************************************************************************/
-
-static void init_net_r_req_chal(struct netr_Credential *r,
- struct netr_Credential *srv_chal)
-{
- DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__));
-
- memcpy(r->data, srv_chal->data, sizeof(r->data));
-}
-
/*******************************************************************
Inits a netr_NETLOGON_INFO_1 structure.
********************************************************************/
@@ -296,7 +284,7 @@ WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
gets a machine password entry. checks access rights of the host.
******************************************************************/
-static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct,
+static NTSTATUS get_md4pw(struct samr_Password *md4pw, const char *mach_acct,
uint16_t sec_chan_type, uint32_t *rid)
{
struct samu *sampass = NULL;
@@ -390,8 +378,8 @@ static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct,
return NT_STATUS_LOGON_FAILURE;
}
- memcpy(md4pw, pass, 16);
- dump_data(5, (uint8 *)md4pw, 16);
+ memcpy(md4pw->hash, pass, 16);
+ dump_data(5, md4pw->hash, 16);
if (rid) {
*rid = pdb_get_user_rid(sampass);
@@ -432,7 +420,7 @@ NTSTATUS _netr_ServerReqChallenge(pipes_struct *p,
generate_random_buffer(p->dc->srv_chal.data, 8);
/* set up the LSA REQUEST CHALLENGE response */
- init_net_r_req_chal(r->out.return_credentials, &p->dc->srv_chal);
+ *r->out.return_credentials = p->dc->srv_chal;
p->dc->challenge_sent = True;
@@ -447,56 +435,23 @@ NTSTATUS _netr_ServerReqChallenge(pipes_struct *p,
NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
struct netr_ServerAuthenticate *r)
{
- NTSTATUS status;
- struct netr_Credential srv_chal_out;
-
- if (!p->dc || !p->dc->challenge_sent) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- status = get_md4pw((char *)p->dc->mach_pw,
- r->in.account_name,
- r->in.secure_channel_type,
- NULL);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("_netr_ServerAuthenticate: get_md4pw failed. Failed to "
- "get password for machine account %s "
- "from client %s: %s\n",
- r->in.account_name,
- r->in.computer_name,
- nt_errstr(status) ));
- /* always return NT_STATUS_ACCESS_DENIED */
- return NT_STATUS_ACCESS_DENIED;
- }
-
- /* From the client / server challenges and md4 password, generate sess key */
- creds_server_init(0, /* No neg flags. */
- p->dc,
- &p->dc->clnt_chal, /* Stored client chal. */
- &p->dc->srv_chal, /* Stored server chal. */
- p->dc->mach_pw,
- &srv_chal_out);
-
- /* Check client credentials are valid. */
- if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
- DEBUG(0,("_netr_ServerAuthenticate: netlogon_creds_server_check failed. Rejecting auth "
- "request from client %s machine account %s\n",
- r->in.computer_name,
- r->in.account_name));
- return NT_STATUS_ACCESS_DENIED;
- }
+ struct netr_ServerAuthenticate3 a;
+ uint32_t negotiate_flags = 0;
+ uint32_t rid;
- fstrcpy(p->dc->mach_acct, r->in.account_name);
- fstrcpy(p->dc->remote_machine, r->in.computer_name);
- p->dc->authenticated = True;
+ a.in.server_name = r->in.server_name;
+ a.in.account_name = r->in.account_name;
+ a.in.secure_channel_type = r->in.secure_channel_type;
+ a.in.computer_name = r->in.computer_name;
+ a.in.credentials = r->in.credentials;
+ a.in.negotiate_flags = &negotiate_flags;
- /* set up the LSA AUTH response */
- /* Return the server credentials. */
+ a.out.return_credentials = r->out.return_credentials;
+ a.out.rid = &rid;
+ a.out.negotiate_flags = &negotiate_flags;
- memcpy(r->out.return_credentials->data, &srv_chal_out.data,
- sizeof(r->out.return_credentials->data));
+ return _netr_ServerAuthenticate3(p, &a);
- return NT_STATUS_OK;
}
/*************************************************************************
@@ -514,6 +469,7 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
struct netr_Credential srv_chal_out;
const char *fn;
uint32_t rid;
+ struct samr_Password mach_pwd;
/* According to Microsoft (see bugid #6099)
* Windows 7 looks at the negotiate_flags
@@ -545,6 +501,9 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
}
switch (p->hdr_req.opnum) {
+ case NDR_NETR_SERVERAUTHENTICATE:
+ fn = "_netr_ServerAuthenticate";
+ break;
case NDR_NETR_SERVERAUTHENTICATE2:
fn = "_netr_ServerAuthenticate2";
break;
@@ -576,7 +535,7 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
goto out;
}
- status = get_md4pw((char *)p->dc->mach_pw,
+ status = get_md4pw(&mach_pwd,
r->in.account_name,
r->in.secure_channel_type,
&rid);
@@ -594,7 +553,7 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
p->dc,
&p->dc->clnt_chal, /* Stored client chal. */
&p->dc->srv_chal, /* Stored server chal. */
- p->dc->mach_pw,
+ mach_pwd.hash,
&srv_chal_out);
/* Check client credentials are valid. */
--
Samba Shared Repository
More information about the samba-cvs
mailing list