diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-10-06 11:15:20 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:39:28 -0500 |
commit | 39daa629ff74b1a16a2c53ba82628fdabd4d1a93 (patch) | |
tree | cde0b24de062748a2c57311a0f8a836c1d9228f8 | |
parent | 8af30ce3130888a22a99bbb1c9b65d7b699b0614 (diff) | |
download | samba-39daa629ff74b1a16a2c53ba82628fdabd4d1a93.tar.gz samba-39daa629ff74b1a16a2c53ba82628fdabd4d1a93.tar.bz2 samba-39daa629ff74b1a16a2c53ba82628fdabd4d1a93.zip |
r10764: To match Win2k3 SP1, we need to set an anonymous user token for
schannel connections.
Test for Win2k3 SP1 behaviour in RPC-SCHANNEL.
Andrew Bartlett
(This used to be commit 1c3911374ec65e4770c2fe9109d7b7d3ecd99f6a)
-rw-r--r-- | source4/auth/gensec/schannel.c | 31 | ||||
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 2 | ||||
-rw-r--r-- | source4/torture/rpc/schannel.c | 4 |
3 files changed, 24 insertions, 13 deletions
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index a4561ee996..8d5c7554f5 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -160,22 +160,33 @@ NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security, /** - * Return the credentials of a logged on user, including session keys - * etc. - * - * Only valid after a successful authentication - * - * May only be called once per authentication. + * Returns anonymous credentials for schannel, matching Win2k3. * */ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security, - struct auth_session_info **session_info) + struct auth_session_info **_session_info) { - (*session_info) = talloc(gensec_security, struct auth_session_info); - NT_STATUS_HAVE_NO_MEMORY(*session_info); + NTSTATUS nt_status; + struct schannel_state *state = gensec_security->private_data; + struct auth_serversupplied_info *server_info = NULL; + struct auth_session_info *session_info = NULL; + TALLOC_CTX *mem_ctx = talloc_new(state); + + nt_status = auth_anonymous_server_info(mem_ctx, + &server_info); + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(mem_ctx); + return nt_status; + } + + /* references the server_info into the session_info */ + nt_status = auth_generate_session_info(state, server_info, &session_info); + talloc_free(mem_ctx); + + NT_STATUS_NOT_OK_RETURN(nt_status); - ZERO_STRUCTP(*session_info); + *_session_info = session_info; return NT_STATUS_OK; } diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 4222447f01..ba28462d5e 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -2404,7 +2404,7 @@ static NTSTATUS lsa_RetrievePrivateData(struct dcesrv_call_state *dce_call, TALL lsa_GetUserName */ static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_GetUserName *r) + struct lsa_GetUserName *r) { NTSTATUS status = NT_STATUS_OK; const char *account_name; diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 7674b30417..056684631a 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -112,9 +112,9 @@ static BOOL test_lsa_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return False; } - if (strcmp(r.out.account_name->string, "SYSTEM") != 0) { + if (strcmp(r.out.account_name->string, "ANONYMOUS LOGON") != 0) { printf("GetUserName returned wrong user: %s, expected %s\n", - r.out.account_name->string, "SYSTEM"); + r.out.account_name->string, "ANONYMOUS LOGON"); return False; } if (!r.out.authority_name || !r.out.authority_name->string) { |