Revert "HACK verify with Authenticate2"

This reverts commit db6f1e3b0c609ef6cbc0ec9c6b0d8471160eb28a.

diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 7ed1390d28b3bf33c1909d3c76dc5193babc2063..72f33bd601432fb11bc63d098a1d16215d3b60b9 100644 (file)
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -409,7 +409,6 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
 
        if (seal_secure_channel) {
                auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
-               auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
        } else {
                auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
        }
@@ -1471,12 +1470,6 @@ struct netlogon_creds_cli_check_state {
        struct netlogon_creds_CredentialState *creds;
        struct netr_Authenticator req_auth;
        struct netr_Authenticator rep_auth;
-
-       struct {
-               uint32_t negotiate_flags;
-               struct netr_Credential client_credential;
-               struct netr_Credential server_credential;
-       } verify1, verify2, verify3;
 };
 
 static void netlogon_creds_cli_check_cleanup(struct tevent_req *req,
@@ -1591,8 +1584,6 @@ static void netlogon_creds_cli_check_cleanup(struct tevent_req *req,
        TALLOC_FREE(state->creds);
 }
 
-static void netlogon_creds_cli_check_verify(struct tevent_req *req);
-
 static void netlogon_creds_cli_check_caps(struct tevent_req *subreq)
 {
        struct tevent_req *req =
@@ -1621,7 +1612,6 @@ static void netlogon_creds_cli_check_caps(struct tevent_req *subreq)
                         * already, we expect this to work!
                         */
                        status = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
                        tevent_req_nterror(req, status);
                        netlogon_creds_cli_check_cleanup(req, status);
                        return;
@@ -1637,7 +1627,6 @@ DEBUG(0,("%s:%s\n", __location__, __func__));
                         * allowed without "require strong key = no"
                         */
                        status = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
                        tevent_req_nterror(req, status);
                        netlogon_creds_cli_check_cleanup(req, status);
                        return;
@@ -1657,8 +1646,7 @@ DEBUG(0,("%s:%s\n", __location__, __func__));
                 * gets out of sync.
                 */
                netlogon_creds_cli_check_cleanup(req, status);
-               netlogon_creds_cli_check_verify(req);
-               //tevent_req_done(req);
+               tevent_req_done(req);
                return;
        }
        if (tevent_req_nterror(req, status)) {
@@ -1679,11 +1667,11 @@ DEBUG(0,("%s:%s\n", __location__, __func__));
                         * already, we expect this to work!
                         */
                        status = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
                        tevent_req_nterror(req, status);
                        netlogon_creds_cli_check_cleanup(req, status);
                        return;
                }
+
                /*
                 * This is ok, the server does not support
                 * NETLOGON_NEG_SUPPORTS_AES.
@@ -1693,8 +1681,7 @@ DEBUG(0,("%s:%s\n", __location__, __func__));
                 * NETLOGON_NEG_SUPPORTS_AES was invented.
                 */
                netlogon_creds_cli_check_cleanup(req, result);
-               netlogon_creds_cli_check_verify(req);
-               //tevent_req_done(req);
+               tevent_req_done(req);
                return;
        }
 
@@ -1713,7 +1700,6 @@ DEBUG(0,("%s:%s\n", __location__, __func__));
 
        if (state->caps.server_capabilities != state->creds->negotiate_flags) {
                status = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
                tevent_req_nterror(req, status);
                netlogon_creds_cli_check_cleanup(req, status);
                return;
@@ -1729,7 +1715,6 @@ DEBUG(0,("%s:%s\n", __location__, __func__));
         */
        if (!(state->caps.server_capabilities & NETLOGON_NEG_SUPPORTS_AES)) {
                status = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
                tevent_req_nterror(req, status);
                netlogon_creds_cli_check_cleanup(req, status);
                return;
@@ -1741,170 +1726,6 @@ DEBUG(0,("%s:%s\n", __location__, __func__));
                return;
        }
 
-       netlogon_creds_cli_check_verify(req);
-       //tevent_req_done(req);
-}
-
-static void netlogon_creds_cli_check_verify1(struct tevent_req *subreq);
-
-static void netlogon_creds_cli_check_verify(struct tevent_req *req)
-{
-       struct netlogon_creds_cli_check_state *state =
-               tevent_req_data(req,
-               struct netlogon_creds_cli_check_state);
-       struct tevent_req *subreq;
-
-       state->verify1.negotiate_flags = UINT32_MAX;
-       subreq = dcerpc_netr_ServerAuthenticate2_send(state, state->ev,
-                                               state->binding_handle,
-                                               state->srv_name_slash,
-                                               "__samba_verify1_no_account__",
-                                               SEC_CHAN_NULL,
-                                               "__samba_verify1_no_computer__",
-                                               &state->verify1.client_credential,
-                                               &state->verify1.server_credential,
-                                               &state->verify1.negotiate_flags);       
-       if (tevent_req_nomem(subreq, req)) {
-               return;
-       }
-       tevent_req_set_callback(subreq,
-                               netlogon_creds_cli_check_verify1,
-                               req);
-}
-
-static void netlogon_creds_cli_check_verify2(struct tevent_req *subreq);
-
-static void netlogon_creds_cli_check_verify1(struct tevent_req *subreq)
-{
-       struct tevent_req *req =
-               tevent_req_callback_data(subreq,
-               struct tevent_req);
-       struct netlogon_creds_cli_check_state *state =
-               tevent_req_data(req,
-               struct netlogon_creds_cli_check_state);
-       NTSTATUS status;
-       NTSTATUS result;
-
-       status = dcerpc_netr_ServerAuthenticate2_recv(subreq, state,
-                                                     &result);
-       TALLOC_FREE(subreq);
-       if (tevent_req_nterror(req, status)) {
-               return;
-       }
-       if (NT_STATUS_IS_OK(result)) {
-               result = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
-               tevent_req_nterror(req, result);
-               return;
-       }
-       if (!NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) {
-               //tevent_req_nterror(req, result);
-               //return;
-       }
-
-       state->verify2.negotiate_flags = 0;
-       subreq = dcerpc_netr_ServerAuthenticate2_send(state, state->ev,
-                                               state->binding_handle,
-                                               state->srv_name_slash,
-                                               "__samba_verify2_no_account__",
-                                               SEC_CHAN_NULL,
-                                               "__samba_verify2_no_computer__",
-                                               &state->verify2.client_credential,
-                                               &state->verify2.server_credential,
-                                               &state->verify2.negotiate_flags);       
-       if (tevent_req_nomem(subreq, req)) {
-               status = NT_STATUS_NO_MEMORY;
-               return;
-       }
-       tevent_req_set_callback(subreq,
-                               netlogon_creds_cli_check_verify2,
-                               req);
-}
-
-static void netlogon_creds_cli_check_verify3(struct tevent_req *subreq);
-
-static void netlogon_creds_cli_check_verify2(struct tevent_req *subreq)
-{
-       struct tevent_req *req =
-               tevent_req_callback_data(subreq,
-               struct tevent_req);
-       struct netlogon_creds_cli_check_state *state =
-               tevent_req_data(req,
-               struct netlogon_creds_cli_check_state);
-       NTSTATUS status;
-       NTSTATUS result;
-
-       status = dcerpc_netr_ServerAuthenticate2_recv(subreq, state,
-                                                     &result);
-       TALLOC_FREE(subreq);
-       if (tevent_req_nterror(req, status)) {
-               return;
-       }
-       if (NT_STATUS_IS_OK(result)) {
-               result = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
-               tevent_req_nterror(req, result);
-               return;
-       }
-       if (!NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) {
-       }
-
-       state->verify3.negotiate_flags = state->context->client.proposed_flags;
-       subreq = dcerpc_netr_ServerAuthenticate2_send(state, state->ev,
-                                               state->binding_handle,
-                                               state->srv_name_slash,
-                                               "__samba_verify3_no_account__",
-                                               SEC_CHAN_NULL,
-                                               "__samba_verify3_no_computer__",
-                                               &state->verify3.client_credential,
-                                               &state->verify3.server_credential,
-                                               &state->verify3.negotiate_flags);       
-       if (tevent_req_nomem(subreq, req)) {
-               status = NT_STATUS_NO_MEMORY;
-               return;
-       }
-       tevent_req_set_callback(subreq,
-                               netlogon_creds_cli_check_verify3,
-                               req);
-}
-
-static void netlogon_creds_cli_check_verify3(struct tevent_req *subreq)
-{
-       struct tevent_req *req =
-               tevent_req_callback_data(subreq,
-               struct tevent_req);
-       struct netlogon_creds_cli_check_state *state =
-               tevent_req_data(req,
-               struct netlogon_creds_cli_check_state);
-       NTSTATUS status;
-       NTSTATUS result;
-
-       status = dcerpc_netr_ServerAuthenticate2_recv(subreq, state,
-                                                     &result);
-       TALLOC_FREE(subreq);
-       if (tevent_req_nterror(req, status)) {
-               return;
-       }
-       if (NT_STATUS_IS_OK(result)) {
-               result = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
-               tevent_req_nterror(req, result);
-               return;
-       }
-       if (!NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) {
-       }
-
-       DEBUG(0, ("domain[%s] flags: proposed[0x%08X] required[0x%08X] client[0x%08X] "
-                 "server[0x%08X] verify1[0x%08X] verify2[0x%08X] verify3[0x%08X]\n",
-                 state->context->server.netbios_domain,
-                 (unsigned int)state->context->client.proposed_flags,
-                 (unsigned int)state->context->client.required_flags,
-                 (unsigned int)state->tmp_creds.negotiate_flags,
-                 (unsigned int)state->caps.server_capabilities,
-                 (unsigned int)state->verify1.negotiate_flags,
-                 (unsigned int)state->verify2.negotiate_flags,
-                 (unsigned int)state->verify3.negotiate_flags));
-
        tevent_req_done(req);
 }