struct auth_serversupplied_info *server_info = NULL;
struct auth_context *auth_context = NULL;
const char *fn;
+ enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+ enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+ uint16_t opnum = dce_call->pkt.u.request.opnum;
+
+ dcesrv_call_auth_info(dce_call, &auth_type, &auth_level);
#ifdef DEBUG_PASSWORD
logon = netlogon_creds_shallow_copy_logon(p->mem_ctx,
}
#endif
- switch (dce_call->pkt.u.request.opnum) {
+ switch (opnum) {
case NDR_NETR_LOGONSAMLOGON:
fn = "_netr_LogonSamLogon";
+ /*
+ * Already called netr_check_schannel() via
+ * netr_creds_server_step_check()
+ */
break;
case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
fn = "_netr_LogonSamLogonWithFlags";
+ /*
+ * Already called netr_check_schannel() via
+ * netr_creds_server_step_check()
+ */
break;
case NDR_NETR_LOGONSAMLOGONEX:
fn = "_netr_LogonSamLogonEx";
+
+ if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ status = dcesrv_netr_check_schannel(p->dce_call,
+ creds,
+ auth_type,
+ auth_level,
+ opnum);
+ if (NT_STATUS_IS_ERR(status)) {
+ return status;
+ }
+
break;
default:
return NT_STATUS_INTERNAL_ERROR;
r->out.validation->sam3);
break;
case 6: {
- enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
-
- dcesrv_call_auth_info(dce_call, NULL, &auth_level);
-
/* Only allow this if the pipe is protected. */
if (auth_level < DCERPC_AUTH_LEVEL_PRIVACY) {
DEBUG(0,("netr_Validation6: client %s not using privacy for netlogon\n",
NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
struct netr_LogonSamLogonEx *r)
{
- struct dcesrv_call_state *dce_call = p->dce_call;
- enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
NTSTATUS status;
struct netlogon_creds_CredentialState *creds = NULL;
struct loadparm_context *lp_ctx;
return status;
}
- /* Only allow this if the pipe is protected. */
-
- dcesrv_call_auth_info(dce_call, &auth_type, NULL);
-
- if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
- DEBUG(0,("_netr_LogonSamLogonEx: client %s not using schannel for netlogon\n",
- get_remote_machine_name() ));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
if (lp_ctx == NULL) {
DEBUG(0, ("loadparm_init_s3 failed\n"));