summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-02-11 11:50:37 +1100
committerAndrew Bartlett <abartlet@samba.org>2011-04-05 06:32:07 +1000
commit17d8f0ad30847bb940f645ee1817d782ddaaee74 (patch)
tree1f1547798f45e3da1f0fecece628b4b07a95c0ff /source3/rpc_server
parent2ec48260ee377e499fe7f0fc2ca18b8a078c6aaa (diff)
downloadsamba-17d8f0ad30847bb940f645ee1817d782ddaaee74.tar.gz
samba-17d8f0ad30847bb940f645ee1817d782ddaaee74.tar.bz2
samba-17d8f0ad30847bb940f645ee1817d782ddaaee74.zip
s3-auth use create_local_token() to transform server_info -> session_info
Before a auth_serversupplied_info struct can be used for authorization, the local groups and privileges must be calculated. create_local_token() now copies the server_info, and then sets the calulated token and unix groups. Soon, it will also transform the result into an expanded struct auth_session_info. Until then, the variable name (server_info vs session_info provides a clue to the developer about what information has been entered in the structure). By moving the calls to create_local_token within the codebase, we remove duplication, and ensure that the session key (where modified) is consistently copied into the new structure. Andrew Bartlett
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/dcesrv_gssapi.c5
-rw-r--r--source3/rpc_server/rpc_server.c10
2 files changed, 7 insertions, 8 deletions
diff --git a/source3/rpc_server/dcesrv_gssapi.c b/source3/rpc_server/dcesrv_gssapi.c
index a3007e4044..c8a015e066 100644
--- a/source3/rpc_server/dcesrv_gssapi.c
+++ b/source3/rpc_server/dcesrv_gssapi.c
@@ -228,9 +228,10 @@ NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx,
/* TODO: save PAC data in netsamlogon cache ? */
- status = make_server_info_krb5(mem_ctx,
+ status = make_session_info_krb5(mem_ctx,
ntuser, ntdomain, username, pw,
- logon_info, is_guest, is_mapped, server_info);
+ logon_info, is_guest, is_mapped, NULL /* No session key for now */,
+ server_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n",
nt_errstr(status)));
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index b9e5f9f946..9934e196cc 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -88,6 +88,7 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
struct netr_SamInfo3 *info3;
struct auth_user_info_dc *auth_user_info_dc;
struct pipes_struct *p;
+ struct auth_serversupplied_info *server_info;
NTSTATUS status;
bool ok;
@@ -148,7 +149,7 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
status = make_server_info_info3(p,
info3->base.account_name.string,
info3->base.domain.string,
- &p->session_info, info3);
+ &server_info, info3);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to init server info\n"));
TALLOC_FREE(p);
@@ -160,7 +161,8 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
* Some internal functions need a local token to determine access to
* resoutrces.
*/
- status = create_local_token(p->session_info);
+ status = create_local_token(p, server_info, &session_info->session_key, &p->session_info);
+ talloc_free(server_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to init local auth token\n"));
TALLOC_FREE(p);
@@ -173,10 +175,6 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
* regardless of what we just calculated */
p->session_info->security_token = talloc_move(p->session_info, &session_info->security_token);
- /* Also set the session key to the correct value */
- p->session_info->user_session_key = session_info->session_key;
- p->session_info->user_session_key.data = talloc_move(p->session_info, &session_info->session_key.data);
-
p->client_id = talloc_zero(p, struct client_address);
if (!p->client_id) {
TALLOC_FREE(p);