#include "source3/include/messages.h"
#include "source3/include/g_lock.h"
#include "libds/common/roles.h"
-<<<<<<< HEAD
#include "lib/crypto/crypto.h"
-=======
->>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
#include "auth/credentials/credentials.h"
struct netlogon_creds_cli_locked_state;
struct tevent_context *ev;
struct netlogon_creds_cli_context *context;
struct dcerpc_binding_handle *binding_handle;
-<<<<<<< HEAD
uint8_t num_nt_hashes;
uint8_t idx_nt_hashes;
const struct samr_Password * const *nt_hashes;
const struct samr_Password *used_nt_hash;
-=======
- struct cli_credentials *cli_creds;
- struct samr_Password *nt_hash;
- struct samr_Password used_nt_hash;
->>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
char *srv_name_slash;
uint32_t current_flags;
struct netr_Credential client_challenge;
bool try_auth3;
bool try_auth2;
bool require_auth2;
-<<<<<<< HEAD
-=======
- struct netlogon_creds_cli_locked_state *locked_state;
->>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
};
static void netlogon_creds_cli_auth_challenge_start(struct tevent_req *req);
struct tevent_context *ev,
struct netlogon_creds_cli_context *context,
struct dcerpc_binding_handle *b,
-<<<<<<< HEAD
uint8_t num_nt_hashes,
const struct samr_Password * const *nt_hashes)
-=======
- struct cli_credentials *cli_creds)
->>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
{
struct tevent_req *req;
struct netlogon_creds_cli_auth_state *state;
NTSTATUS status;
- const char *client_account;
- const char *client_domain;
- enum netr_SchannelType client_channel_type;
req = tevent_req_create(mem_ctx, &state,
struct netlogon_creds_cli_auth_state);
state->ev = ev;
state->context = context;
state->binding_handle = b;
-<<<<<<< HEAD
if (num_nt_hashes < 1) {
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
return tevent_req_post(req, ev);
}
if (num_nt_hashes > 4) {
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
-=======
- state->cli_creds = cli_creds;
-
- if (context->db.locked_state != NULL) {
- tevent_req_nterror(req, NT_STATUS_LOCK_NOT_GRANTED);
->>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
return tevent_req_post(req, ev);
}
return tevent_req_post(req, ev);
}
- client_channel_type = cli_credentials_get_secure_channel_type(cli_creds);
-
- client_account = cli_credentials_get_username(cli_creds);
- if (client_account == NULL) {
- tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
- return tevent_req_post(req, ev);
- }
-
- client_domain = cli_credentials_get_domain(cli_creds);
- if (client_domain == NULL) {
- tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
- return tevent_req_post(req, ev);
- }
-
- if (strcasecmp_m(context->client.account, client_account) != 0) {
- tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
- return tevent_req_post(req, ev);
- }
-
- if (strcasecmp_m(context->server.netbios_domain, client_domain) != 0) {
- tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
- return tevent_req_post(req, ev);
- }
-
- if (context->client.type != client_channel_type) {
- tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
- return tevent_req_post(req, ev);
- }
-
- state->nt_hash = cli_credentials_get_nt_hash(state->cli_creds, state);
- if (state->nt_hash == NULL) {
- tevent_req_nterror(req, NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
- return tevent_req_post(req, ev);
- }
-
state->srv_name_slash = talloc_asprintf(state, "\\\\%s",
context->server.computer);
if (tevent_req_nomem(state->srv_name_slash, req)) {
state->require_auth2 = true;
}
-<<<<<<< HEAD
state->used_nt_hash = state->nt_hashes[state->idx_nt_hashes];
-=======
- state->used_nt_hash = *state->nt_hash;
->>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
state->current_flags = context->client.proposed_flags;
status = dbwrap_purge(state->context->db.ctx,
}
if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) {
- bool retry;
- int cmp;
tmp_flags = state->context->client.proposed_flags;
if ((state->current_flags == tmp_flags) &&
return;
}
-<<<<<<< HEAD
state->idx_nt_hashes += 1;
if (state->idx_nt_hashes >= state->num_nt_hashes) {
-=======
- TALLOC_FREE(state->nt_hash);
-
- retry = cli_credentials_wrong_password(state->cli_creds);
- if (!retry) {
->>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
/*
- * we're not allowed to retry, giving up...
+ * we already retried, giving up...
*/
tevent_req_nterror(req, result);
return;
/*
* lets retry with the old nt hash.
*/
-<<<<<<< HEAD
state->used_nt_hash = state->nt_hashes[state->idx_nt_hashes];
-=======
- state->nt_hash = cli_credentials_get_nt_hash(state->cli_creds,
- state);
- if (state->nt_hash == NULL) {
- tevent_req_nterror(req, NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
- return;
- }
-
- cmp = memcmp(state->used_nt_hash.hash,
- state->nt_hash->hash,
- sizeof(state->nt_hash->hash));
- if (cmp == 0) {
- /*
- * we don't retry with the same nt_hash, giving up...
- */
- tevent_req_nterror(req, result);
- return;
- }
-
- state->used_nt_hash = *state->nt_hash;
->>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
state->current_flags = state->context->client.proposed_flags;
netlogon_creds_cli_auth_challenge_start(req);
return;
NTSTATUS netlogon_creds_cli_auth(struct netlogon_creds_cli_context *context,
struct dcerpc_binding_handle *b,
-<<<<<<< HEAD
uint8_t num_nt_hashes,
const struct samr_Password * const *nt_hashes,
uint8_t *idx_nt_hashes)
-=======
- struct cli_credentials *cli_creds)
->>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
{
TALLOC_CTX *frame = talloc_stackframe();
struct tevent_context *ev;
if (ev == NULL) {
goto fail;
}
-<<<<<<< HEAD
req = netlogon_creds_cli_auth_send(frame, ev, context, b,
num_nt_hashes, nt_hashes);
-=======
- req = netlogon_creds_cli_auth_send(frame, ev, context, b, cli_creds);
->>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
if (req == NULL) {
goto fail;
}