s3-auth Add struct auth3_session_info to aid transition to auth_session info

This will allow a gradual conversion of the required elements from the current struct auth_serversupplied_info. This commit adds the structure definition and some helper functions to copy between the two structures. At this stage these structures and functions are IDENTICAL to the existing code, and so show the past history of that code. The plan is to slowly modify them over the course of the patch series, so that the changes being made a clear. By using a seperate structure to auth_serversupplied_info we can remove elements that are not needed after the authentication, and we can choose a layout that best reflects the needs of runtime users, rather than the internals of the authentication subsystem. By eventually using the auth_session_info from auth.idl, we will gain a single session authorization structure across the whole codebase, allowing more code to be shared, and a much more transparent process for forwarding authorization credentials over the named pipe proxy. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2011-07-15 11:38:49 +1000
committer: Andrew Bartlett <abartlet@samba.org> 2011-07-20 09:17:10 +1000
commit: d7d8a5ed94a2b572b6818008a858f8c6b529dd03 (patch)
tree: 11193077b44dc73c6c245b63592eef5cdc331add /source3/auth
parent: e2443195992c33d69073bcae320779041215339a (diff)
download: samba-d7d8a5ed94a2b572b6818008a858f8c6b529dd03.tar.gz
samba-d7d8a5ed94a2b572b6818008a858f8c6b529dd03.tar.bz2
samba-d7d8a5ed94a2b572b6818008a858f8c6b529dd03.zip
3 files changed, 217 insertions, 0 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 5553300ad1..a8c737dd88 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -34,6 +34,9 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
+static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_ctx,
+							       const struct auth_serversupplied_info *src);
+
 /****************************************************************************
  Create a UNIX user on demand.
 ****************************************************************************/
@@ -965,6 +968,183 @@ struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
 	return dst;
 }
 
+static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX *mem_ctx,
+							      const struct auth3_session_info *src)
+{
+	struct auth_serversupplied_info *dst;
+
+	dst = make_server_info(mem_ctx);
+	if (dst == NULL) {
+		return NULL;
+	}
+
+	dst->guest = src->guest;
+	dst->system = src->system;
+	dst->utok.uid = src->utok.uid;
+	dst->utok.gid = src->utok.gid;
+	dst->utok.ngroups = src->utok.ngroups;
+	if (src->utok.ngroups != 0) {
+		dst->utok.groups = (gid_t *)talloc_memdup(
+			dst, src->utok.groups,
+			sizeof(gid_t)*dst->utok.ngroups);
+	} else {
+		dst->utok.groups = NULL;
+	}
+
+	if (src->security_token) {
+		dst->security_token = dup_nt_token(dst, src->security_token);
+		if (!dst->security_token) {
+			TALLOC_FREE(dst);
+			return NULL;
+		}
+	}
+
+	dst->session_key = data_blob_talloc( dst, src->session_key.data,
+						src->session_key.length);
+
+	dst->lm_session_key = data_blob_talloc(dst, src->lm_session_key.data,
+						src->lm_session_key.length);
+
+	dst->info3 = copy_netr_SamInfo3(dst, src->info3);
+	if (!dst->info3) {
+		TALLOC_FREE(dst);
+		return NULL;
+	}
+	dst->extra = src->extra;
+
+	dst->unix_name = talloc_strdup(dst, src->unix_name);
+	if (!dst->unix_name) {
+		TALLOC_FREE(dst);
+		return NULL;
+	}
+
+	dst->sanitized_username = talloc_strdup(dst, src->sanitized_username);
+	if (!dst->sanitized_username) {
+		TALLOC_FREE(dst);
+		return NULL;
+	}
+
+	return dst;
+}
+
+static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_ctx,
+							const struct auth_serversupplied_info *src)
+{
+	struct auth3_session_info *dst;
+
+	dst = make_auth3_session_info(mem_ctx);
+	if (dst == NULL) {
+		return NULL;
+	}
+
+	dst->guest = src->guest;
+	dst->system = src->system;
+	dst->utok.uid = src->utok.uid;
+	dst->utok.gid = src->utok.gid;
+	dst->utok.ngroups = src->utok.ngroups;
+	if (src->utok.ngroups != 0) {
+		dst->utok.groups = (gid_t *)talloc_memdup(
+			dst, src->utok.groups,
+			sizeof(gid_t)*dst->utok.ngroups);
+	} else {
+		dst->utok.groups = NULL;
+	}
+
+	if (src->security_token) {
+		dst->security_token = dup_nt_token(dst, src->security_token);
+		if (!dst->security_token) {
+			TALLOC_FREE(dst);
+			return NULL;
+		}
+	}
+
+	dst->session_key = data_blob_talloc( dst, src->session_key.data,
+						src->session_key.length);
+
+	dst->lm_session_key = data_blob_talloc(dst, src->lm_session_key.data,
+						src->lm_session_key.length);
+
+	dst->info3 = copy_netr_SamInfo3(dst, src->info3);
+	if (!dst->info3) {
+		TALLOC_FREE(dst);
+		return NULL;
+	}
+	dst->extra = src->extra;
+
+	dst->unix_name = talloc_strdup(dst, src->unix_name);
+	if (!dst->unix_name) {
+		TALLOC_FREE(dst);
+		return NULL;
+	}
+
+	dst->sanitized_username = talloc_strdup(dst, src->sanitized_username);
+	if (!dst->sanitized_username) {
+		TALLOC_FREE(dst);
+		return NULL;
+	}
+
+	return dst;
+}
+
+struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
+					     const struct auth3_session_info *src)
+{
+	struct auth3_session_info *dst;
+
+	dst = make_auth3_session_info(mem_ctx);
+	if (dst == NULL) {
+		return NULL;
+	}
+
+	dst->guest = src->guest;
+	dst->system = src->system;
+	dst->utok.uid = src->utok.uid;
+	dst->utok.gid = src->utok.gid;
+	dst->utok.ngroups = src->utok.ngroups;
+	if (src->utok.ngroups != 0) {
+		dst->utok.groups = (gid_t *)talloc_memdup(
+			dst, src->utok.groups,
+			sizeof(gid_t)*dst->utok.ngroups);
+	} else {
+		dst->utok.groups = NULL;
+	}
+
+	if (src->security_token) {
+		dst->security_token = dup_nt_token(dst, src->security_token);
+		if (!dst->security_token) {
+			TALLOC_FREE(dst);
+			return NULL;
+		}
+	}
+
+	dst->session_key = data_blob_talloc( dst, src->session_key.data,
+						src->session_key.length);
+
+	dst->lm_session_key = data_blob_talloc(dst, src->lm_session_key.data,
+						src->lm_session_key.length);
+
+	dst->info3 = copy_netr_SamInfo3(dst, src->info3);
+	if (!dst->info3) {
+		TALLOC_FREE(dst);
+		return NULL;
+	}
+	dst->extra = src->extra;
+
+	dst->unix_name = talloc_strdup(dst, src->unix_name);
+	if (!dst->unix_name) {
+		TALLOC_FREE(dst);
+		return NULL;
+	}
+
+	dst->sanitized_username = talloc_strdup(dst, src->sanitized_username);
+	if (!dst->sanitized_username) {
+		TALLOC_FREE(dst);
+		return NULL;
+	}
+
+	return dst;
+}
+
 /*
  * Set a new session key. Used in the rpc server where we have to override the
  * SMB level session key with SystemLibraryDTC
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 8ff9fa9b99..8bc2c6e458 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -168,6 +168,8 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
 					 struct auth_serversupplied_info **session_info);
 struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
 						 const struct auth_serversupplied_info *src);
+struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
+					     const struct auth3_session_info *src);
 bool init_guest_info(void);
 NTSTATUS init_system_info(void);
 bool session_info_set_session_key(struct auth_serversupplied_info *info,
@@ -223,6 +225,7 @@ struct netr_SamInfo3;
 struct netr_SamInfo6;
 
 struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx);
+struct auth3_session_info *make_auth3_session_info(TALLOC_CTX *mem_ctx);
 NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
 				uint8_t *pipe_session_key,
 				size_t pipe_session_key_len,
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index a53e556d28..12026060bd 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -63,6 +63,40 @@ struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
 	return result;
 }
 
+/* FIXME: do we really still need this ? */
+static int auth3_session_info_dtor(struct auth3_session_info *session_info)
+{
+	TALLOC_FREE(session_info->info3);
+	ZERO_STRUCTP(session_info);
+	return 0;
+}
+
+/***************************************************************************
+ Make a server_info struct. Free with TALLOC_FREE().
+***************************************************************************/
+
+struct auth3_session_info *make_auth3_session_info(TALLOC_CTX *mem_ctx)
+{
+	struct auth3_session_info *result;
+
+	result = talloc_zero(mem_ctx, struct auth3_session_info);
+	if (result == NULL) {
+		DEBUG(0, ("talloc failed\n"));
+		return NULL;
+	}
+
+	talloc_set_destructor(result, auth3_session_info_dtor);
+
+	/* Initialise the uid and gid values to something non-zero
+	   which may save us from giving away root access if there
+	   is a bug in allocating these fields. */
+
+	result->utok.uid = -1;
+	result->utok.gid = -1;
+
+	return result;
+}
+
 /****************************************************************************
  inits a netr_SamInfo2 structure from an auth_serversupplied_info. sam2 must
  already be initialized and is used as the talloc parent for its members.
author	Andrew Bartlett <abartlet@samba.org>	2011-07-15 11:38:49 +1000
committer	Andrew Bartlett <abartlet@samba.org>	2011-07-20 09:17:10 +1000
commit	d7d8a5ed94a2b572b6818008a858f8c6b529dd03 (patch)
tree	11193077b44dc73c6c245b63592eef5cdc331add /source3/auth
parent	e2443195992c33d69073bcae320779041215339a (diff)
download	samba-d7d8a5ed94a2b572b6818008a858f8c6b529dd03.tar.gz samba-d7d8a5ed94a2b572b6818008a858f8c6b529dd03.tar.bz2 samba-d7d8a5ed94a2b572b6818008a858f8c6b529dd03.zip