s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_info

This makes auth3_session_info identical to auth_session_info

The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

5 files changed, 37 insertions, 67 deletions

diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 309e2aa5f6..8aea353679 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -2412,7 +2412,7 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p,
 		}
 	} else {
 		username = p->session_info->unix_info->sanitized_username;
-		domname = p->session_info->info3->base.domain.string;
+		domname = p->session_info->info->domain_name;
 	}
 
 	account_name = talloc(p->mem_ctx, struct lsa_String);
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 82f8331995..4ff6f909d6 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -209,7 +209,7 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
 		return WERR_INVALID_PARAM;
 	}
 
-	acct_ctrl = p->session_info->info3->base.acct_flags;
+	acct_ctrl = p->session_info->info->acct_flags;
 
 	switch (r->in.function_code) {
 	case NETLOGON_CONTROL_TC_VERIFY:
diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
index f43d0b81bc..25435b8ea4 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -629,8 +629,6 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
 	struct tevent_req *subreq;
 	struct auth_session_info_transport *session_info_t;
 	struct auth_session_info *session_info_npa;
-	struct auth_user_info_dc *user_info_dc;
-	union netr_Validation val;
 	NTSTATUS status;
 	bool ok;
 	int ret;
@@ -685,20 +683,7 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
 	session_info_npa->unix_token = session_info->unix_token;
 	session_info_npa->unix_info = session_info->unix_info;
 
-	val.sam3 = session_info->info3;
-
-	/* Convert into something we can build a struct
-	 * auth_session_info from.  Most of the work here
-	 * will be to convert the SIDS, which we will then ignore, but
-	 * this is the easier way to handle it */
-	status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc);
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, ("conversion of info3 into user_info_dc failed!\n"));
-		goto fail;
-	}
-
-	session_info_npa->info = talloc_move(session_info_npa, &user_info_dc->info);
-	talloc_free(user_info_dc);
+	session_info_npa->info = session_info->info;
 
 	session_info_t = talloc_zero(talloc_tos(), struct auth_session_info_transport);
 	if (session_info_npa == NULL) {
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index 7e383e84c1..eb9def9a9a 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -40,8 +40,6 @@ static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx,
 {
 	struct auth_session_info *i;
 	struct auth3_session_info *s;
-	struct auth_user_info_dc *u;
-	union netr_Validation val;
 	NTSTATUS status;
 
 	i = talloc_zero(mem_ctx, struct auth_session_info);
@@ -56,20 +54,7 @@ static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx,
 
 	i->security_token = s->security_token;
 	i->session_key    = s->session_key;
-
-	val.sam3 = s->info3;
-
-	status = make_user_info_dc_netlogon_validation(mem_ctx,
-						       "",
-						       3,
-						       &val,
-						       &u);
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, ("conversion of info3 into user_info_dc failed!\n"));
-		return status;
-	}
-	i->info = talloc_move(i, &u->info);
-	talloc_free(u);
+	i->info           = s->info;
 
 	*session_info = i;
 
@@ -88,8 +73,6 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
 				    struct pipes_struct **_p,
 				    int *perrno)
 {
-	struct netr_SamInfo3 *info3;
-	struct auth_user_info_dc *auth_user_info_dc;
 	struct pipes_struct *p;
 	NTSTATUS status;
 
@@ -114,30 +97,6 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
 
 	p->endian = RPC_LITTLE_ENDIAN;
 
-	/* Fake up an auth_user_info_dc for now, to make an info3, to make the session_info structure */
-	auth_user_info_dc = talloc_zero(p, struct auth_user_info_dc);
-	if (!auth_user_info_dc) {
-		TALLOC_FREE(p);
-		*perrno = ENOMEM;
-		return -1;
-	}
-
-	auth_user_info_dc->num_sids = session_info->security_token->num_sids;
-	auth_user_info_dc->sids = session_info->security_token->sids;
-	auth_user_info_dc->info = session_info->info;
-	auth_user_info_dc->user_session_key = session_info->session_key;
-
-	/* This creates the input structure that make_server_info_info3 is looking for */
-	status = auth_convert_user_info_dc_saminfo3(p, auth_user_info_dc,
-						    &info3);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(1, ("Failed to convert auth_user_info_dc into netr_SamInfo3\n"));
-		TALLOC_FREE(p);
-		*perrno = EINVAL;
-		return -1;
-	}
-
 	if (session_info->unix_token && session_info->unix_info && session_info->security_token) {
 		/* Don't call create_local_token(), we already have the full details here */
 		p->session_info = talloc_zero(p, struct auth3_session_info);
@@ -149,12 +108,38 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
 		p->session_info->security_token = talloc_move(p->session_info, &session_info->security_token);
 		p->session_info->unix_token = talloc_move(p->session_info, &session_info->unix_token);
 		p->session_info->unix_info = talloc_move(p->session_info, &session_info->unix_info);
-		p->session_info->info3 = talloc_move(p->session_info, &info3);
+		p->session_info->info = talloc_move(p->session_info, &session_info->info);
 		p->session_info->session_key = session_info->session_key;
 		p->session_info->session_key.data = talloc_move(p->session_info, &session_info->session_key.data);
 
 	} else {
+		struct auth_user_info_dc *auth_user_info_dc;
 		struct auth_serversupplied_info *server_info;
+		struct netr_SamInfo3 *info3;
+
+		/* Fake up an auth_user_info_dc for now, to make an info3, to make the session_info structure */
+		auth_user_info_dc = talloc_zero(p, struct auth_user_info_dc);
+		if (!auth_user_info_dc) {
+			TALLOC_FREE(p);
+			*perrno = ENOMEM;
+			return -1;
+		}
+
+		auth_user_info_dc->num_sids = session_info->security_token->num_sids;
+		auth_user_info_dc->sids = session_info->security_token->sids;
+		auth_user_info_dc->info = session_info->info;
+		auth_user_info_dc->user_session_key = session_info->session_key;
+
+		/* This creates the input structure that make_server_info_info3 is looking for */
+		status = auth_convert_user_info_dc_saminfo3(p, auth_user_info_dc,
+							    &info3);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to convert auth_user_info_dc into netr_SamInfo3\n"));
+			TALLOC_FREE(p);
+			*perrno = EINVAL;
+			return -1;
+		}
 
 		status = make_server_info_info3(p,
 						info3->base.account_name.string,
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index 12dcc27615..71ae93766a 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -1832,7 +1832,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
 			    !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->session_info->security_token) &&
 			    !token_contains_name_in_list(
 				    uidtoname(p->session_info->unix_token->uid),
-				    p->session_info->info3->base.domain.string,
+				    p->session_info->info->domain_name,
 				    NULL,
 				    p->session_info->security_token,
 				    lp_printer_admin(snum))) {
@@ -2095,7 +2095,7 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p,
 	     && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR)
 		&& !token_contains_name_in_list(
 			uidtoname(p->session_info->unix_token->uid),
-			p->session_info->info3->base.domain.string,
+			p->session_info->info->domain_name,
 			NULL,
 			p->session_info->security_token,
 			lp_printer_admin(-1)) )
@@ -2199,7 +2199,7 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p,
 		&& !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR)
 		&& !token_contains_name_in_list(
 			uidtoname(p->session_info->unix_token->uid),
-			p->session_info->info3->base.domain.string,
+			p->session_info->info->domain_name,
 			NULL,
 			p->session_info->security_token, lp_printer_admin(-1)) )
 	{
@@ -8553,7 +8553,7 @@ WERROR _spoolss_AddForm(struct pipes_struct *p,
 	if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
 	    !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
 	    !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
-					  p->session_info->info3->base.domain.string,
+					  p->session_info->info->domain_name,
 					  NULL,
 					  p->session_info->security_token,
 					  lp_printer_admin(snum))) {
@@ -8626,7 +8626,7 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p,
 	if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
 	    !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
 	    !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
-					  p->session_info->info3->base.domain.string,
+					  p->session_info->info->domain_name,
 					  NULL,
 					  p->session_info->security_token,
 					  lp_printer_admin(snum))) {
@@ -8695,7 +8695,7 @@ WERROR _spoolss_SetForm(struct pipes_struct *p,
 	if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
 	     !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
 	     !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
-					  p->session_info->info3->base.domain.string,
+					  p->session_info->info->domain_name,
 					  NULL,
 					  p->session_info->security_token,
 					  lp_printer_admin(snum))) {