1 files changed, 102 insertions, 11 deletions

diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c
index df87ed13d1..de45e714eb 100644
--- a/source/rpc_client/cli_netlogon.c
+++ b/source/rpc_client/cli_netlogon.c
@@ -22,6 +22,97 @@
 
 #include "includes.h"
 
+/* LSA Request Challenge. Sends our challenge to server, then gets
+   server response. These are used to generate the credentials.
+ The sent and received challenges are stored in the netlog pipe
+ private data. Only call this via rpccli_netlogon_setup_creds(). JRA.
+*/
+
+/* instead of rpccli_net_req_chal() we use rpccli_netr_ServerReqChallenge() now - gd */
+
+#if 0
+/****************************************************************************
+LSA Authenticate 2
+
+Send the client credential, receive back a server credential.
+Ensure that the server credential returned matches the session key
+encrypt of the server challenge originally received. JRA.
+****************************************************************************/
+
+  NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli,
+		       uint16 sec_chan,
+		       uint32 *neg_flags, DOM_CHAL *srv_chal)
+{
+        prs_struct qbuf, rbuf;
+        NET_Q_AUTH_2 q;
+        NET_R_AUTH_2 r;
+        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	fstring machine_acct;
+
+	if ( sec_chan == SEC_CHAN_DOMAIN )
+		fstr_sprintf( machine_acct, "%s$", lp_workgroup() );
+	else
+		fstrcpy( machine_acct, cli->mach_acct );
+
+        /* create and send a MSRPC command with api NET_AUTH2 */
+
+        DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
+                 cli->srv_name_slash, machine_acct, sec_chan, global_myname(),
+                 credstr(cli->clnt_cred.challenge.data), *neg_flags));
+
+        /* store the parameters */
+
+        init_q_auth_2(&q, cli->srv_name_slash, machine_acct,
+                      sec_chan, global_myname(), &cli->clnt_cred.challenge,
+                      *neg_flags);
+
+        /* turn parameters into data stream */
+
+	CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH2,
+		q, r,
+		qbuf, rbuf,
+		net_io_q_auth_2,
+		net_io_r_auth_2,
+		NT_STATUS_UNSUCCESSFUL);
+
+        result = r.status;
+
+        if (NT_STATUS_IS_OK(result)) {
+                UTIME zerotime;
+
+                /*
+                 * Check the returned value using the initial
+                 * server received challenge.
+                 */
+
+                zerotime.time = 0;
+                if (cred_assert( &r.srv_chal, cli->sess_key, srv_chal, zerotime) == 0) {
+
+                        /*
+                         * Server replied with bad credential. Fail.
+                         */
+                        DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \
+password ?).\n", cli->cli->desthost ));
+			return NT_STATUS_ACCESS_DENIED;
+                }
+		*neg_flags = r.srv_flgs.neg_flags;
+        }
+
+        return result;
+}
+#endif
+
+/****************************************************************************
+ LSA Authenticate 2
+
+ Send the client credential, receive back a server credential.
+ The caller *must* ensure that the server credential returned matches the session key
+ encrypt of the server challenge originally received. JRA.
+****************************************************************************/
+
+/* instead of rpccli_net_auth2() we use rpccli_netr_ServerAuthenticate2() now -  gd */
+
+
 /****************************************************************************
  Wrapper function that uses the auth and auth2 calls to set up a NETLOGON
  credentials chain. Stores the credentials in the struct dcinfo in the
@@ -43,15 +134,15 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 	struct dcinfo *dc;
 	bool retried = false;
 
-	SMB_ASSERT(ndr_syntax_id_equal(&cli->abstract_syntax,
-				       &ndr_table_netlogon.syntax_id));
+	SMB_ASSERT(cli->pipe_idx == PI_NETLOGON);
 
-	TALLOC_FREE(cli->dc);
-	cli->dc = talloc_zero(cli, struct dcinfo);
-	if (cli->dc == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
 	dc = cli->dc;
+	if (!dc) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* Ensure we don't reuse any of this state. */
+	ZERO_STRUCTP(dc);
 
 	/* Store the machine account password we're going to use. */
 	memcpy(dc->mach_pw, machine_pwd, 16);
@@ -68,7 +159,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 	generate_random_buffer(clnt_chal_send.data, 8);
 
 	/* Get the server challenge. */
-	result = rpccli_netr_ServerReqChallenge(cli, talloc_tos(),
+	result = rpccli_netr_ServerReqChallenge(cli, cli->mem_ctx,
 						dc->remote_machine,
 						clnt_name,
 						&clnt_chal_send,
@@ -89,7 +180,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 	 * Send client auth-2 challenge and receive server repy.
 	 */
 
-	result = rpccli_netr_ServerAuthenticate2(cli, talloc_tos(),
+	result = rpccli_netr_ServerAuthenticate2(cli, cli->mem_ctx,
 						 dc->remote_machine,
 						 dc->mach_acct,
 						 sec_chan_type,
@@ -121,13 +212,13 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 		 */
 		DEBUG(0,("rpccli_netlogon_setup_creds: server %s "
 			"replied with bad credential\n",
-			cli->desthost ));
+			cli->cli->desthost ));
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	DEBUG(5,("rpccli_netlogon_setup_creds: server %s credential "
 		"chain established.\n",
-		cli->desthost ));
+		cli->cli->desthost ));
 
 	return NT_STATUS_OK;
 }