#include "source3/include/messages.h"
#include "source3/include/g_lock.h"
#include "libds/common/roles.h"
+<<<<<<< HEAD
#include "lib/crypto/crypto.h"
+=======
+>>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
#include "auth/credentials/credentials.h"
struct netlogon_creds_cli_locked_state;
struct tevent_context *ev;
struct netlogon_creds_cli_context *context;
struct dcerpc_binding_handle *binding_handle;
+<<<<<<< HEAD
uint8_t num_nt_hashes;
uint8_t idx_nt_hashes;
const struct samr_Password * const *nt_hashes;
const struct samr_Password *used_nt_hash;
+=======
+ struct cli_credentials *cli_creds;
+ struct samr_Password *nt_hash;
+ struct samr_Password used_nt_hash;
+>>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
char *srv_name_slash;
uint32_t current_flags;
struct netr_Credential client_challenge;
bool try_auth3;
bool try_auth2;
bool require_auth2;
+<<<<<<< HEAD
+=======
+ struct netlogon_creds_cli_locked_state *locked_state;
+>>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
};
static void netlogon_creds_cli_auth_challenge_start(struct tevent_req *req);
struct tevent_context *ev,
struct netlogon_creds_cli_context *context,
struct dcerpc_binding_handle *b,
+<<<<<<< HEAD
uint8_t num_nt_hashes,
const struct samr_Password * const *nt_hashes)
+=======
+ struct cli_credentials *cli_creds)
+>>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
{
struct tevent_req *req;
struct netlogon_creds_cli_auth_state *state;
NTSTATUS status;
+ const char *client_account;
+ const char *client_domain;
+ enum netr_SchannelType client_channel_type;
req = tevent_req_create(mem_ctx, &state,
struct netlogon_creds_cli_auth_state);
state->ev = ev;
state->context = context;
state->binding_handle = b;
+<<<<<<< HEAD
if (num_nt_hashes < 1) {
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
return tevent_req_post(req, ev);
}
if (num_nt_hashes > 4) {
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+=======
+ state->cli_creds = cli_creds;
+
+ if (context->db.locked_state != NULL) {
+ tevent_req_nterror(req, NT_STATUS_LOCK_NOT_GRANTED);
+>>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
return tevent_req_post(req, ev);
}
return tevent_req_post(req, ev);
}
+ client_channel_type = cli_credentials_get_secure_channel_type(cli_creds);
+
+ client_account = cli_credentials_get_username(cli_creds);
+ if (client_account == NULL) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
+ }
+
+ client_domain = cli_credentials_get_domain(cli_creds);
+ if (client_domain == NULL) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
+ }
+
+ if (strcasecmp_m(context->client.account, client_account) != 0) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
+ }
+
+ if (strcasecmp_m(context->server.netbios_domain, client_domain) != 0) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
+ }
+
+ if (context->client.type != client_channel_type) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
+ }
+
+ state->nt_hash = cli_credentials_get_nt_hash(state->cli_creds, state);
+ if (state->nt_hash == NULL) {
+ tevent_req_nterror(req, NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
+ return tevent_req_post(req, ev);
+ }
+
state->srv_name_slash = talloc_asprintf(state, "\\\\%s",
context->server.computer);
if (tevent_req_nomem(state->srv_name_slash, req)) {
state->require_auth2 = true;
}
+<<<<<<< HEAD
state->used_nt_hash = state->nt_hashes[state->idx_nt_hashes];
+=======
+ state->used_nt_hash = *state->nt_hash;
+>>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
state->current_flags = context->client.proposed_flags;
status = dbwrap_purge(state->context->db.ctx,
}
if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) {
+ bool retry;
+ int cmp;
tmp_flags = state->context->client.proposed_flags;
if ((state->current_flags == tmp_flags) &&
return;
}
+<<<<<<< HEAD
state->idx_nt_hashes += 1;
if (state->idx_nt_hashes >= state->num_nt_hashes) {
+=======
+ TALLOC_FREE(state->nt_hash);
+
+ retry = cli_credentials_wrong_password(state->cli_creds);
+ if (!retry) {
+>>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
/*
- * we already retried, giving up...
+ * we're not allowed to retry, giving up...
*/
tevent_req_nterror(req, result);
return;
/*
* lets retry with the old nt hash.
*/
+<<<<<<< HEAD
state->used_nt_hash = state->nt_hashes[state->idx_nt_hashes];
+=======
+ state->nt_hash = cli_credentials_get_nt_hash(state->cli_creds,
+ state);
+ if (state->nt_hash == NULL) {
+ tevent_req_nterror(req, NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
+ return;
+ }
+
+ cmp = memcmp(state->used_nt_hash.hash,
+ state->nt_hash->hash,
+ sizeof(state->nt_hash->hash));
+ if (cmp == 0) {
+ /*
+ * we don't retry with the same nt_hash, giving up...
+ */
+ tevent_req_nterror(req, result);
+ return;
+ }
+
+ state->used_nt_hash = *state->nt_hash;
+>>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
state->current_flags = state->context->client.proposed_flags;
netlogon_creds_cli_auth_challenge_start(req);
return;
NTSTATUS netlogon_creds_cli_auth(struct netlogon_creds_cli_context *context,
struct dcerpc_binding_handle *b,
+<<<<<<< HEAD
uint8_t num_nt_hashes,
const struct samr_Password * const *nt_hashes,
uint8_t *idx_nt_hashes)
+=======
+ struct cli_credentials *cli_creds)
+>>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
{
TALLOC_CTX *frame = talloc_stackframe();
struct tevent_context *ev;
if (ev == NULL) {
goto fail;
}
+<<<<<<< HEAD
req = netlogon_creds_cli_auth_send(frame, ev, context, b,
num_nt_hashes, nt_hashes);
+=======
+ req = netlogon_creds_cli_auth_send(frame, ev, context, b, cli_creds);
+>>>>>>> a7ff30b... TODO netlogon_creds_cli_auth* cli_credentials
if (req == NULL) {
goto fail;
}