diff options
| author | Stefan Metzmacher <metze@samba.org> | 2004-06-07 21:34:32 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:37 -0500 |
| commit | b717b40235b2433b26b20ced36142c250f9c411e (patch) | |
| tree | a473705f0b0a7a509d0d675998b763fc6e244a65 | |
| parent | fb1cc0fc0d0dec3384886b42e9377b531defe352 (diff) | |
| download | samba-b717b40235b2433b26b20ced36142c250f9c411e.tar.gz samba-b717b40235b2433b26b20ced36142c250f9c411e.tar.bz2 samba-b717b40235b2433b26b20ced36142c250f9c411e.zip | |
r1078: the dxesrv_crypto_* implementations should now explicit set
the dce_conn->auth_state.session_info
( the ntlmssp one works fine, but the schannel one isn't implemented yet)
this is also set by the ntvfs_ipc backend on the endpoint connect.
metze
(This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051)
| -rw-r--r-- | source4/auth/auth_util.c | 16 | ||||
| -rw-r--r-- | source4/ntvfs/ipc/vfs_ipc.c | 21 | ||||
| -rw-r--r-- | source4/rpc_server/dcerpc_server.c | 13 | ||||
| -rw-r--r-- | source4/rpc_server/dcerpc_server.h | 5 | ||||
| -rw-r--r-- | source4/rpc_server/dcesrv_crypto.c | 8 | ||||
| -rw-r--r-- | source4/rpc_server/dcesrv_crypto_ntlmssp.c | 18 | ||||
| -rw-r--r-- | source4/rpc_server/dcesrv_crypto_schannel.c | 14 | ||||
| -rw-r--r-- | source4/rpc_server/samr/samr_password.c | 16 |
8 files changed, 59 insertions, 52 deletions
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index c505d4a88e..24a419586d 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -330,7 +330,7 @@ BOOL make_user_info_guest(struct auth_usersupplied_info **user_info) prints a NT_USER_TOKEN to debug output. ****************************************************************************/ -void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token) +void debug_nt_user_token(int dbg_class, int dbg_lev, const NT_USER_TOKEN *token) { TALLOC_CTX *mem_ctx; @@ -357,6 +357,20 @@ void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token) } /**************************************************************************** + prints a NT_USER_TOKEN to debug output. +****************************************************************************/ + +void debug_session_info(int dbg_class, int dbg_lev, const struct auth_session_info *session_info) +{ + if (!session_info) { + DEBUGC(dbg_class, dbg_lev, ("Session Info: (NULL)\n")); + return; + } + + debug_nt_user_token(dbg_class, dbg_lev, session_info->nt_user_token); +} + +/**************************************************************************** Create the SID list for this user. ****************************************************************************/ diff --git a/source4/ntvfs/ipc/vfs_ipc.c b/source4/ntvfs/ipc/vfs_ipc.c index 7ebf35d5cb..9279e0e85a 100644 --- a/source4/ntvfs/ipc/vfs_ipc.c +++ b/source4/ntvfs/ipc/vfs_ipc.c @@ -195,6 +195,7 @@ static NTSTATUS ipc_open_generic(struct request_context *req, const char *fname, TALLOC_CTX *mem_ctx; NTSTATUS status; struct dcesrv_ep_description ep_description; + struct auth_session_info *session_info = NULL; struct ipc_private *private = req->conn->ntvfs_private; mem_ctx = talloc_init("ipc_open '%s'", fname); @@ -240,7 +241,18 @@ static NTSTATUS ipc_open_generic(struct request_context *req, const char *fname, ep_description.type = ENDPOINT_SMB; ep_description.info.smb_pipe = p->pipe_name; - status = dcesrv_endpoint_search_connect(&req->smb->dcesrv, &ep_description, &p->dce_conn); + /* tell the RPC layer the session_info */ + if (req->user_ctx->vuser) { + /* + * TODO: we need to reference count the entire session_info + */ + session_info = req->user_ctx->vuser->session_info; + } + + status = dcesrv_endpoint_search_connect(&req->smb->dcesrv, + &ep_description, + session_info, + &p->dce_conn); if (!NT_STATUS_IS_OK(status)) { talloc_destroy(mem_ctx); return status; @@ -252,13 +264,6 @@ static NTSTATUS ipc_open_generic(struct request_context *req, const char *fname, *ps = p; - /* tell the RPC layer the transport session key */ - if (req->user_ctx->vuser) { - /* TODO: Fix this to push more than just a session key - * down - we need the entire session_info, reference counted... */ - dcesrv_set_session_key(p->dce_conn, req->user_ctx->vuser->session_info->session_key); - } - return NT_STATUS_OK; } diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index a084477b36..20ed50d128 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -271,24 +271,17 @@ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx, (*p)->auth_state.auth_info = NULL; (*p)->auth_state.crypto_ctx.private_data = NULL; (*p)->auth_state.crypto_ctx.ops = NULL; - (*p)->session_key = data_blob(NULL, 0); + (*p)->auth_state.session_info = NULL; return NT_STATUS_OK; } /* - set the transport level session key -*/ -void dcesrv_set_session_key(struct dcesrv_connection *p, DATA_BLOB key) -{ - p->session_key = data_blob_talloc(p->mem_ctx, key.data, key.length); -} - -/* search and connect to a dcerpc endpoint */ NTSTATUS dcesrv_endpoint_search_connect(struct dcesrv_context *dce_ctx, const struct dcesrv_ep_description *ep_description, + struct auth_session_info *session_info, struct dcesrv_connection **dce_conn_p) { NTSTATUS status; @@ -305,6 +298,8 @@ NTSTATUS dcesrv_endpoint_search_connect(struct dcesrv_context *dce_ctx, return status; } + (*dce_conn_p)->auth_state.session_info = session_info; + /* TODO: check security descriptor of the endpoint here * if it's a smb named pipe * if it's failed free dce_conn_p diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index f73dbaf4cb..918b68f511 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -100,7 +100,6 @@ struct dcesrv_crypto_ops { NTSTATUS (*start)(struct dcesrv_auth *auth, DATA_BLOB *auth_blob); NTSTATUS (*update)(struct dcesrv_auth *auth, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out); - NTSTATUS (*session_info)(struct dcesrv_auth *auth, struct auth_session_info **session_info); NTSTATUS (*seal)(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx, uint8_t *data, size_t length, DATA_BLOB *sig); NTSTATUS (*sign)(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx, @@ -119,6 +118,7 @@ struct dcesrv_auth { void *private_data; const struct dcesrv_crypto_ops *ops; } crypto_ctx; + struct auth_session_info *session_info; }; @@ -152,9 +152,6 @@ struct dcesrv_connection { /* the current authentication state */ struct dcesrv_auth auth_state; - - /* the transport level session key, if any */ - DATA_BLOB session_key; }; diff --git a/source4/rpc_server/dcesrv_crypto.c b/source4/rpc_server/dcesrv_crypto.c index 31039510ab..de1976ff91 100644 --- a/source4/rpc_server/dcesrv_crypto.c +++ b/source4/rpc_server/dcesrv_crypto.c @@ -84,14 +84,6 @@ NTSTATUS dcesrv_crypto_update(struct dcesrv_auth *auth, } /* - get auth_session_info state -*/ -NTSTATUS dcesrv_crypto_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info) -{ - return auth->crypto_ctx.ops->session_info(auth, session_info); -} - -/* seal a packet */ NTSTATUS dcesrv_crypto_seal(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx, diff --git a/source4/rpc_server/dcesrv_crypto_ntlmssp.c b/source4/rpc_server/dcesrv_crypto_ntlmssp.c index e23f136308..67242c3cc0 100644 --- a/source4/rpc_server/dcesrv_crypto_ntlmssp.c +++ b/source4/rpc_server/dcesrv_crypto_ntlmssp.c @@ -53,18 +53,15 @@ static NTSTATUS dcesrv_crypto_ntlmssp_update(struct dcesrv_auth *auth, TALLOC_CT const DATA_BLOB in, DATA_BLOB *out) { struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data; + NTSTATUS status; - return auth_ntlmssp_update(auth_ntlmssp_state, out_mem_ctx, in, out); -} - -/* - get auth_session_info state -*/ -static NTSTATUS dcesrv_crypto_ntlmssp_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info) -{ - struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data; + status = auth_ntlmssp_update(auth_ntlmssp_state, out_mem_ctx, in, out); + if (NT_STATUS_IS_OK(status)) { + /* TODO: what is when the session_info is already set */ + return auth_ntlmssp_get_session_info(auth_ntlmssp_state, &auth->session_info); + } - return auth_ntlmssp_get_session_info(auth_ntlmssp_state, session_info); + return status; } /* @@ -130,7 +127,6 @@ static const struct dcesrv_crypto_ops dcesrv_crypto_ntlmssp_ops = { .auth_type = DCERPC_AUTH_TYPE_NTLMSSP, .start = dcesrv_crypto_ntlmssp_start, .update = dcesrv_crypto_ntlmssp_update, - .session_info = dcesrv_crypto_ntlmssp_session_info, .seal = dcesrv_crypto_ntlmssp_seal, .sign = dcesrv_crypto_ntlmssp_sign, .check_sig = dcesrv_crypto_ntlmssp_check_sig, diff --git a/source4/rpc_server/dcesrv_crypto_schannel.c b/source4/rpc_server/dcesrv_crypto_schannel.c index c7466d43a8..fba882e2a4 100644 --- a/source4/rpc_server/dcesrv_crypto_schannel.c +++ b/source4/rpc_server/dcesrv_crypto_schannel.c @@ -81,6 +81,11 @@ static NTSTATUS dcesrv_crypto_schannel_start(struct dcesrv_auth *auth, DATA_BLOB return NT_STATUS_INVALID_HANDLE; } + /* TODO: here we need to set the session_info + * what should happen when te session_info is already set + */ + auth->session_info = NULL; + auth->crypto_ctx.private_data = schannel; ack.unknown1 = 1; @@ -107,14 +112,6 @@ static NTSTATUS dcesrv_crypto_schannel_update(struct dcesrv_auth *auth, TALLOC_C } /* - get auth_session_info state -*/ -static NTSTATUS dcesrv_crypto_schannel_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -/* seal a packet */ static NTSTATUS dcesrv_crypto_schannel_seal(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx, @@ -181,7 +178,6 @@ static const struct dcesrv_crypto_ops dcesrv_crypto_schannel_ops = { .auth_type = DCERPC_AUTH_TYPE_SCHANNEL, .start = dcesrv_crypto_schannel_start, .update = dcesrv_crypto_schannel_update, - .session_info = dcesrv_crypto_schannel_session_info, .seal = dcesrv_crypto_schannel_seal, .sign = dcesrv_crypto_schannel_sign, .check_sig = dcesrv_crypto_schannel_check_sig, diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index d5f995feb8..988c52e4ee 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -693,7 +693,13 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, { char new_pass[512]; uint32_t new_pass_len; - DATA_BLOB session_key = dce_call->conn->session_key; + DATA_BLOB session_key; + + session_key = data_blob(NULL,0); + + if (dce_call->conn->auth_state.session_info) { + session_key = dce_call->conn->auth_state.session_info->session_key; + } if (session_key.length == 0) { DEBUG(3,("Bad session key in samr_set_password\n")); @@ -734,9 +740,15 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, char new_pass[512]; uint32_t new_pass_len; DATA_BLOB co_session_key; - DATA_BLOB session_key = dce_call->conn->session_key; + DATA_BLOB session_key; struct MD5Context ctx; + session_key = data_blob(NULL,0); + + if (dce_call->conn->auth_state.session_info) { + session_key = dce_call->conn->auth_state.session_info->session_key; + } + co_session_key = data_blob_talloc(mem_ctx, NULL, 16); if (!co_session_key.data) { return NT_STATUS_NO_MEMORY; |