The branch, master has been updated
via f340dce6546 libcli/auth: make use of
netlogon_creds_cli_check_transport() in more places
from 4569c652881 ctdb-scripts: Add configuration variable
CTDB_KILLTCP_USE_SS_KILL
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f340dce6546a22d857cad440f8afaee9815dbdb1
Author: Stefan Metzmacher <[email protected]>
Date: Wed Nov 6 17:18:58 2024 +0100
libcli/auth: make use of netlogon_creds_cli_check_transport() in more places
This was somehow missing in commit
7a5ad9f64a905f5744430c6e0796c646baf9432e
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Autobuild-User(master): Stefan Metzmacher <[email protected]>
Autobuild-Date(master): Thu Nov 7 09:14:33 UTC 2024 on atb-devel-224
-----------------------------------------------------------------------
Summary of changes:
libcli/auth/netlogon_creds_cli.c | 96 ++++++++--------------------------------
1 file changed, 18 insertions(+), 78 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 19c4a104937..c452623d12e 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -3748,32 +3748,12 @@ static void
netlogon_creds_cli_GetForestTrustInformation_locked(struct tevent_re
return;
}
- if (state->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
- switch (state->auth_level) {
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- case DCERPC_AUTH_LEVEL_PRIVACY:
- break;
- default:
- tevent_req_nterror(req,
NT_STATUS_INVALID_PARAMETER_MIX);
- return;
- }
- } else {
- uint32_t tmp = state->creds->negotiate_flags;
-
- if (tmp & NETLOGON_NEG_AUTHENTICATED_RPC) {
- /*
- * if DCERPC_AUTH_TYPE_SCHANNEL is supported
- * it should be used, which means
- * we had a chance to verify no downgrade
- * happened.
- *
- * This relies on netlogon_creds_cli_check*
- * being called before, as first request after
- * the DCERPC bind.
- */
- tevent_req_nterror(req,
NT_STATUS_INVALID_PARAMETER_MIX);
- return;
- }
+ status = netlogon_creds_cli_check_transport(state->auth_type,
+ state->auth_level,
+ state->creds,
+ DCERPC_AUTH_LEVEL_NONE);
+ if (tevent_req_nterror(req, status)) {
+ return;
}
/*
@@ -4027,32 +4007,12 @@ static void netlogon_creds_cli_SendToSam_locked(struct
tevent_req *subreq)
return;
}
- if (state->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
- switch (state->auth_level) {
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- case DCERPC_AUTH_LEVEL_PRIVACY:
- break;
- default:
- tevent_req_nterror(req,
NT_STATUS_INVALID_PARAMETER_MIX);
- return;
- }
- } else {
- uint32_t tmp = state->creds->negotiate_flags;
-
- if (tmp & NETLOGON_NEG_AUTHENTICATED_RPC) {
- /*
- * if DCERPC_AUTH_TYPE_SCHANNEL is supported
- * it should be used, which means
- * we had a chance to verify no downgrade
- * happened.
- *
- * This relies on netlogon_creds_cli_check*
- * being called before, as first request after
- * the DCERPC bind.
- */
- tevent_req_nterror(req,
NT_STATUS_INVALID_PARAMETER_MIX);
- return;
- }
+ status = netlogon_creds_cli_check_transport(state->auth_type,
+ state->auth_level,
+ state->creds,
+ DCERPC_AUTH_LEVEL_NONE);
+ if (tevent_req_nterror(req, status)) {
+ return;
}
/*
@@ -4303,32 +4263,12 @@ static void
netlogon_creds_cli_LogonGetDomainInfo_locked(struct tevent_req *subr
return;
}
- if (state->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
- switch (state->auth_level) {
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- case DCERPC_AUTH_LEVEL_PRIVACY:
- break;
- default:
- tevent_req_nterror(req,
NT_STATUS_INVALID_PARAMETER_MIX);
- return;
- }
- } else {
- uint32_t tmp = state->creds->negotiate_flags;
-
- if (tmp & NETLOGON_NEG_AUTHENTICATED_RPC) {
- /*
- * if DCERPC_AUTH_TYPE_SCHANNEL is supported
- * it should be used, which means
- * we had a chance to verify no downgrade
- * happened.
- *
- * This relies on netlogon_creds_cli_check*
- * being called before, as first request after
- * the DCERPC bind.
- */
- tevent_req_nterror(req,
NT_STATUS_INVALID_PARAMETER_MIX);
- return;
- }
+ status = netlogon_creds_cli_check_transport(state->auth_type,
+ state->auth_level,
+ state->creds,
+ DCERPC_AUTH_LEVEL_NONE);
+ if (tevent_req_nterror(req, status)) {
+ return;
}
/*
--
Samba Shared Repository
