summaryrefslogtreecommitdiff
path: root/libcli/auth
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2010-08-23 16:02:23 +0200
committerGünther Deschner <gd@samba.org>2010-08-24 02:04:27 +0200
commit898c6123355a3a11ec17f0396c4cb3018c75c184 (patch)
treea0cf5275e05501c10f6e204de990118bcc731d87 /libcli/auth
parent33060f67be100836d381a74bced351c6579cc58d (diff)
downloadsamba-898c6123355a3a11ec17f0396c4cb3018c75c184.tar.gz
samba-898c6123355a3a11ec17f0396c4cb3018c75c184.tar.bz2
samba-898c6123355a3a11ec17f0396c4cb3018c75c184.zip
s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().
Initially, the schannel creds were talloc memduped, then, during the netlogon creds client merge (baf7274fed2f1ae7a9e3a57160bf5471566e636c) they were first talloc_referenced and then later (53765c81f726a8c056cc4e57004592dd489975c9) talloc_moved. The issue with using talloc_move here is that users of that function in winbind will only be able to have two schanneled connections, as the cached schannel credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy of the struct instead. Guenther
Diffstat (limited to 'libcli/auth')
-rw-r--r--libcli/auth/credentials.c46
-rw-r--r--libcli/auth/proto.h2
2 files changed, 47 insertions, 1 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 667a2fac2d..81304764a8 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -24,6 +24,7 @@
#include "system/time.h"
#include "../lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h"
+#include "../libcli/security/dom_sid.h"
static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
const struct netr_Credential *in,
@@ -202,7 +203,7 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me
struct netr_Credential *initial_credential,
uint32_t negotiate_flags)
{
- struct netlogon_creds_CredentialState *creds = talloc(mem_ctx, struct netlogon_creds_CredentialState);
+ struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
if (!creds) {
return NULL;
@@ -454,3 +455,46 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred
}
}
+/*
+ copy a netlogon_creds_CredentialState struct
+*/
+
+struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_CredentialState *creds_in)
+{
+ struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
+
+ if (!creds) {
+ return NULL;
+ }
+
+ creds->sequence = creds_in->sequence;
+ creds->negotiate_flags = creds_in->negotiate_flags;
+ creds->secure_channel_type = creds_in->secure_channel_type;
+
+ creds->computer_name = talloc_strdup(creds, creds_in->computer_name);
+ if (!creds->computer_name) {
+ talloc_free(creds);
+ return NULL;
+ }
+ creds->account_name = talloc_strdup(creds, creds_in->account_name);
+ if (!creds->account_name) {
+ talloc_free(creds);
+ return NULL;
+ }
+
+ if (creds_in->sid) {
+ creds->sid = dom_sid_dup(creds, creds_in->sid);
+ if (!creds->sid) {
+ talloc_free(creds);
+ return NULL;
+ }
+ }
+
+ memcpy(creds->session_key, creds_in->session_key, sizeof(creds->session_key));
+ memcpy(creds->seed.data, creds_in->seed.data, sizeof(creds->seed.data));
+ memcpy(creds->client.data, creds_in->client.data, sizeof(creds->client.data));
+ memcpy(creds->server.data, creds_in->server.data, sizeof(creds->server.data));
+
+ return creds;
+}
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 2734db0616..34a0052f7a 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -35,6 +35,8 @@ void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *
struct netr_Authenticator *next);
bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
const struct netr_Credential *received_credentials);
+struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_CredentialState *creds_in);
/*****************************************************************
The above functions are common to the client and server interface