#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
+#include "../librpc/gen_ndr/ndr_netlogon.h"
+#include "rpc_client/cli_netlogon.h"
+#include "secrets.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
const struct auth_context *auth_context,
const char *ncalrpc_sockname,
uint8_t schannel_key[16],
- const auth_usersupplied_info *user_info,
+ const struct auth_usersupplied_info *user_info,
struct netr_SamInfo3 **pinfo3,
NTSTATUS *schannel_bind_result)
{
- struct rpc_pipe_client *p;
- struct cli_pipe_auth_data *auth;
+ struct rpc_pipe_client *p = NULL;
+ struct pipe_auth_data *auth = NULL;
struct netr_SamInfo3 *info3 = NULL;
NTSTATUS status;
return status;
}
+ /*
+ * We have to fake a struct dcinfo, so that
+ * rpccli_netlogon_sam_network_logon_ex can decrypt the session keys.
+ */
+
+ p->dc = netlogon_creds_client_init_session_key(p, schannel_key);
+ if (p->dc == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(p);
+ return NT_STATUS_NO_MEMORY;
+ }
+
status = rpccli_schannel_bind_data(p, lp_workgroup(),
- PIPE_AUTH_LEVEL_PRIVACY,
- schannel_key, &auth);
+ DCERPC_AUTH_LEVEL_PRIVACY,
+ p->dc, &auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("rpccli_schannel_bind_data failed: %s\n",
nt_errstr(status)));
return status;
}
- /*
- * We have to fake a struct dcinfo, so that
- * rpccli_netlogon_sam_network_logon_ex can decrypt the session keys.
- */
-
- p->dc = netlogon_creds_client_init_session_key(p, schannel_key);
- if (p->dc == NULL) {
- DEBUG(0, ("talloc failed\n"));
- TALLOC_FREE(p);
- return NT_STATUS_NO_MEMORY;
- }
-
status = rpccli_netlogon_sam_network_logon_ex(
p, p,
- user_info->logon_parameters,/* flags such as 'allow
- * workstation logon' */
- global_myname(), /* server name */
- user_info->smb_name, /* user name logging on. */
- user_info->client_domain, /* domain name */
- user_info->wksta_name, /* workstation name */
+ user_info->logon_parameters, /* flags such as 'allow
+ * workstation logon' */
+ global_myname(), /* server name */
+ user_info->client.account_name, /* user name logging on. */
+ user_info->client.domain_name, /* domain name */
+ user_info->workstation_name, /* workstation name */
(uchar *)auth_context->challenge.data, /* 8 byte challenge. */
- user_info->lm_resp, /* lanman 24 byte response */
- user_info->nt_resp, /* nt 24 byte response */
- &info3); /* info3 out */
+ user_info->password.response.lanman, /* lanman 24 byte response */
+ user_info->password.response.nt, /* nt 24 byte response */
+ &info3); /* info3 out */
DEBUG(10, ("rpccli_netlogon_sam_network_logon_ex returned %s\n",
nt_errstr(status)));
static NTSTATUS check_netlogond_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
TALLOC_CTX *frame = talloc_stackframe();
struct netr_SamInfo3 *info3 = NULL;
- struct rpc_pipe_client *p;
- struct cli_pipe_auth_data *auth;
+ struct rpc_pipe_client *p = NULL;
+ struct pipe_auth_data *auth = NULL;
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
- char *plaintext_machinepw;
+ char *plaintext_machinepw = NULL;
uint8_t machine_password[16];
uint8_t schannel_key[16];
NTSTATUS schannel_bind_result, status;
- struct named_mutex *mutex;
+ struct named_mutex *mutex = NULL;
const char *ncalrpcsock;
+ DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
+
ncalrpcsock = lp_parm_const_string(
GLOBAL_SECTION_SNUM, "auth_netlogond", "socket", NULL);
okay:
- status = make_server_info_info3(mem_ctx, user_info->smb_name,
- user_info->domain, server_info,
+ status = make_server_info_info3(mem_ctx, user_info->client.account_name,
+ user_info->mapped.domain_name, server_info,
info3);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("make_server_info_info3 failed: %s\n",
const char *param,
auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method)) {
+ struct auth_methods *result;
+
+ result = TALLOC_ZERO_P(auth_context, struct auth_methods);
+ if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ result->name = "netlogond";
+ result->auth = check_netlogond_security;
- (*auth_method)->name = "netlogond";
- (*auth_method)->auth = check_netlogond_security;
+ *auth_method = result;
return NT_STATUS_OK;
}
git.samba.org / abartlet / samba.git / .git / blobdiff