if (seal_secure_channel) {
auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
- auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
} else {
auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
}
struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator req_auth;
struct netr_Authenticator rep_auth;
-
- struct {
- uint32_t negotiate_flags;
- struct netr_Credential client_credential;
- struct netr_Credential server_credential;
- } verify1, verify2, verify3;
};
static void netlogon_creds_cli_check_cleanup(struct tevent_req *req,
TALLOC_FREE(state->creds);
}
-static void netlogon_creds_cli_check_verify(struct tevent_req *req);
-
static void netlogon_creds_cli_check_caps(struct tevent_req *subreq)
{
struct tevent_req *req =
* already, we expect this to work!
*/
status = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
tevent_req_nterror(req, status);
netlogon_creds_cli_check_cleanup(req, status);
return;
* allowed without "require strong key = no"
*/
status = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
tevent_req_nterror(req, status);
netlogon_creds_cli_check_cleanup(req, status);
return;
* gets out of sync.
*/
netlogon_creds_cli_check_cleanup(req, status);
- netlogon_creds_cli_check_verify(req);
- //tevent_req_done(req);
+ tevent_req_done(req);
return;
}
if (tevent_req_nterror(req, status)) {
* already, we expect this to work!
*/
status = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
tevent_req_nterror(req, status);
netlogon_creds_cli_check_cleanup(req, status);
return;
}
+
/*
* This is ok, the server does not support
* NETLOGON_NEG_SUPPORTS_AES.
* NETLOGON_NEG_SUPPORTS_AES was invented.
*/
netlogon_creds_cli_check_cleanup(req, result);
- netlogon_creds_cli_check_verify(req);
- //tevent_req_done(req);
+ tevent_req_done(req);
return;
}
if (state->caps.server_capabilities != state->creds->negotiate_flags) {
status = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
tevent_req_nterror(req, status);
netlogon_creds_cli_check_cleanup(req, status);
return;
*/
if (!(state->caps.server_capabilities & NETLOGON_NEG_SUPPORTS_AES)) {
status = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
tevent_req_nterror(req, status);
netlogon_creds_cli_check_cleanup(req, status);
return;
return;
}
- netlogon_creds_cli_check_verify(req);
- //tevent_req_done(req);
-}
-
-static void netlogon_creds_cli_check_verify1(struct tevent_req *subreq);
-
-static void netlogon_creds_cli_check_verify(struct tevent_req *req)
-{
- struct netlogon_creds_cli_check_state *state =
- tevent_req_data(req,
- struct netlogon_creds_cli_check_state);
- struct tevent_req *subreq;
-
- state->verify1.negotiate_flags = UINT32_MAX;
- subreq = dcerpc_netr_ServerAuthenticate2_send(state, state->ev,
- state->binding_handle,
- state->srv_name_slash,
- "__samba_verify1_no_account__",
- SEC_CHAN_NULL,
- "__samba_verify1_no_computer__",
- &state->verify1.client_credential,
- &state->verify1.server_credential,
- &state->verify1.negotiate_flags);
- if (tevent_req_nomem(subreq, req)) {
- return;
- }
- tevent_req_set_callback(subreq,
- netlogon_creds_cli_check_verify1,
- req);
-}
-
-static void netlogon_creds_cli_check_verify2(struct tevent_req *subreq);
-
-static void netlogon_creds_cli_check_verify1(struct tevent_req *subreq)
-{
- struct tevent_req *req =
- tevent_req_callback_data(subreq,
- struct tevent_req);
- struct netlogon_creds_cli_check_state *state =
- tevent_req_data(req,
- struct netlogon_creds_cli_check_state);
- NTSTATUS status;
- NTSTATUS result;
-
- status = dcerpc_netr_ServerAuthenticate2_recv(subreq, state,
- &result);
- TALLOC_FREE(subreq);
- if (tevent_req_nterror(req, status)) {
- return;
- }
- if (NT_STATUS_IS_OK(result)) {
- result = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
- tevent_req_nterror(req, result);
- return;
- }
- if (!NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) {
- //tevent_req_nterror(req, result);
- //return;
- }
-
- state->verify2.negotiate_flags = 0;
- subreq = dcerpc_netr_ServerAuthenticate2_send(state, state->ev,
- state->binding_handle,
- state->srv_name_slash,
- "__samba_verify2_no_account__",
- SEC_CHAN_NULL,
- "__samba_verify2_no_computer__",
- &state->verify2.client_credential,
- &state->verify2.server_credential,
- &state->verify2.negotiate_flags);
- if (tevent_req_nomem(subreq, req)) {
- status = NT_STATUS_NO_MEMORY;
- return;
- }
- tevent_req_set_callback(subreq,
- netlogon_creds_cli_check_verify2,
- req);
-}
-
-static void netlogon_creds_cli_check_verify3(struct tevent_req *subreq);
-
-static void netlogon_creds_cli_check_verify2(struct tevent_req *subreq)
-{
- struct tevent_req *req =
- tevent_req_callback_data(subreq,
- struct tevent_req);
- struct netlogon_creds_cli_check_state *state =
- tevent_req_data(req,
- struct netlogon_creds_cli_check_state);
- NTSTATUS status;
- NTSTATUS result;
-
- status = dcerpc_netr_ServerAuthenticate2_recv(subreq, state,
- &result);
- TALLOC_FREE(subreq);
- if (tevent_req_nterror(req, status)) {
- return;
- }
- if (NT_STATUS_IS_OK(result)) {
- result = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
- tevent_req_nterror(req, result);
- return;
- }
- if (!NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) {
- }
-
- state->verify3.negotiate_flags = state->context->client.proposed_flags;
- subreq = dcerpc_netr_ServerAuthenticate2_send(state, state->ev,
- state->binding_handle,
- state->srv_name_slash,
- "__samba_verify3_no_account__",
- SEC_CHAN_NULL,
- "__samba_verify3_no_computer__",
- &state->verify3.client_credential,
- &state->verify3.server_credential,
- &state->verify3.negotiate_flags);
- if (tevent_req_nomem(subreq, req)) {
- status = NT_STATUS_NO_MEMORY;
- return;
- }
- tevent_req_set_callback(subreq,
- netlogon_creds_cli_check_verify3,
- req);
-}
-
-static void netlogon_creds_cli_check_verify3(struct tevent_req *subreq)
-{
- struct tevent_req *req =
- tevent_req_callback_data(subreq,
- struct tevent_req);
- struct netlogon_creds_cli_check_state *state =
- tevent_req_data(req,
- struct netlogon_creds_cli_check_state);
- NTSTATUS status;
- NTSTATUS result;
-
- status = dcerpc_netr_ServerAuthenticate2_recv(subreq, state,
- &result);
- TALLOC_FREE(subreq);
- if (tevent_req_nterror(req, status)) {
- return;
- }
- if (NT_STATUS_IS_OK(result)) {
- result = NT_STATUS_DOWNGRADE_DETECTED;
-DEBUG(0,("%s:%s\n", __location__, __func__));
- tevent_req_nterror(req, result);
- return;
- }
- if (!NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) {
- }
-
- DEBUG(0, ("domain[%s] flags: proposed[0x%08X] required[0x%08X] client[0x%08X] "
- "server[0x%08X] verify1[0x%08X] verify2[0x%08X] verify3[0x%08X]\n",
- state->context->server.netbios_domain,
- (unsigned int)state->context->client.proposed_flags,
- (unsigned int)state->context->client.required_flags,
- (unsigned int)state->tmp_creds.negotiate_flags,
- (unsigned int)state->caps.server_capabilities,
- (unsigned int)state->verify1.negotiate_flags,
- (unsigned int)state->verify2.negotiate_flags,
- (unsigned int)state->verify3.negotiate_flags));
-
tevent_req_done(req);
}