diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-02-11 11:50:37 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-04-05 06:32:07 +1000 |
commit | 17d8f0ad30847bb940f645ee1817d782ddaaee74 (patch) | |
tree | 1f1547798f45e3da1f0fecece628b4b07a95c0ff /source3/auth/auth_ntlmssp.c | |
parent | 2ec48260ee377e499fe7f0fc2ca18b8a078c6aaa (diff) | |
download | samba-17d8f0ad30847bb940f645ee1817d782ddaaee74.tar.gz samba-17d8f0ad30847bb940f645ee1817d782ddaaee74.tar.bz2 samba-17d8f0ad30847bb940f645ee1817d782ddaaee74.zip |
s3-auth use create_local_token() to transform server_info -> session_info
Before a auth_serversupplied_info struct can be used for
authorization, the local groups and privileges must be calculated.
create_local_token() now copies the server_info, and then sets the
calulated token and unix groups.
Soon, it will also transform the result into an expanded struct
auth_session_info. Until then, the variable name (server_info vs
session_info provides a clue to the developer about what information
has been entered in the structure).
By moving the calls to create_local_token within the codebase, we
remove duplication, and ensure that the session key (where modified)
is consistently copied into the new structure.
Andrew Bartlett
Diffstat (limited to 'source3/auth/auth_ntlmssp.c')
-rw-r--r-- | source3/auth/auth_ntlmssp.c | 33 |
1 files changed, 9 insertions, 24 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index ae29c30570..99f4564cdf 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -31,23 +31,16 @@ NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx, struct auth_ntlmssp_state *auth_ntlmssp_state, struct auth_serversupplied_info **session_info) { - /* Free the current server_info user_session_key and reset it from the - * current ntlmssp_state session_key */ - data_blob_free(&auth_ntlmssp_state->server_info->user_session_key); - /* Set up the final session key for the connection */ - auth_ntlmssp_state->server_info->user_session_key = - data_blob_talloc( - auth_ntlmssp_state->server_info, - auth_ntlmssp_state->ntlmssp_state->session_key.data, - auth_ntlmssp_state->ntlmssp_state->session_key.length); - if (auth_ntlmssp_state->ntlmssp_state->session_key.length && - !auth_ntlmssp_state->server_info->user_session_key.data) { - *session_info = NULL; - return NT_STATUS_NO_MEMORY; + NTSTATUS nt_status = create_local_token(mem_ctx, + auth_ntlmssp_state->server_info, + &auth_ntlmssp_state->ntlmssp_state->session_key, + session_info); + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(10, ("create_local_token failed: %s\n", + nt_errstr(nt_status))); } - /* Steal session_info away from auth_ntlmssp_state */ - *session_info = talloc_move(mem_ctx, &auth_ntlmssp_state->server_info); - return NT_STATUS_OK; + return nt_status; } /** @@ -156,14 +149,6 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, auth_ntlmssp_state->server_info->nss_token |= username_was_mapped; - nt_status = create_local_token(auth_ntlmssp_state->server_info); - - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(10, ("create_local_token failed: %s\n", - nt_errstr(nt_status))); - return nt_status; - } - /* Clear out the session keys, and pass them to the caller. * They will not be used in this form again - instead the * NTLMSSP code will decide on the final correct session key, |