auth: Move auth_session_info into IDL

This changes auth_session_info_transport to just be a wrapper, rather
than a copy that has to be kept in sync.

As auth_session_info was already wrapped in python, this required
changes to the existing pyauth wrapper and it's users.

Andrew Bartlett

3 files changed, 33 insertions, 20 deletions

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 108bfefe06..f70eb63a70 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -711,7 +711,7 @@ RPC_EVENTLOG_OBJ = rpc_server/eventlog/srv_eventlog_nt.o \
 
 NPA_TSTREAM_OBJ = ../libcli/named_pipe_auth/npa_tstream.o \
 		  librpc/gen_ndr/ndr_named_pipe_auth.o \
-		  ../auth/auth_sam_reply.o librpc/gen_ndr/ndr_auth.o
+		  ../auth/auth_sam_reply.o librpc/gen_ndr/ndr_auth.o ../librpc/ndr/ndr_auth.o
 
 RPC_NCACN_NP = rpc_server/srv_pipe_register.o rpc_server/rpc_ncacn_np.o \
 	       rpc_server/rpc_handles.o rpc_server/srv_access_check.o
diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
index f000b64f71..e89a366f9e 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -607,6 +607,7 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
 	struct tevent_context *ev;
 	struct tevent_req *subreq;
 	struct auth_session_info_transport *session_info_t;
+	struct auth_session_info *session_info_npa;
 	struct auth_user_info_dc *user_info_dc;
 	union netr_Validation val;
 	NTSTATUS status;
@@ -651,20 +652,20 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
 		goto fail;
 	}
 
-	session_info_t = talloc_zero(talloc_tos(), struct auth_session_info_transport);
-	if (session_info_t == NULL) {
+	session_info_npa = talloc_zero(talloc_tos(), struct auth_session_info);
+	if (session_info_npa == NULL) {
 		DEBUG(0, ("talloc failed\n"));
 		goto fail;
 	}
 
 	/* Send the named_pipe_auth server the user's full token */
-	session_info_t->security_token = session_info->security_token;
-	session_info_t->session_key = session_info->session_key;
+	session_info_npa->security_token = session_info->security_token;
+	session_info_npa->session_key = session_info->session_key;
 
 	val.sam3 = session_info->info3;
 
 	/* Convert into something we can build a struct
-	 * auth_session_info_transport from.  Most of the work here
+	 * auth_session_info from.  Most of the work here
 	 * will be to convert the SIDS, which we will then ignore, but
 	 * this is the easier way to handle it */
 	status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc);
@@ -673,9 +674,17 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
 		goto fail;
 	}
 
-	session_info_t->info = talloc_move(session_info_t, &user_info_dc->info);
+	session_info_npa->info = talloc_move(session_info_npa, &user_info_dc->info);
 	talloc_free(user_info_dc);
 
+	session_info_t = talloc_zero(talloc_tos(), struct auth_session_info_transport);
+	if (session_info_npa == NULL) {
+		DEBUG(0, ("talloc failed\n"));
+		goto fail;
+	}
+
+	session_info_t->session_info = talloc_steal(session_info_t, session_info_npa);
+
 	become_root();
 	subreq = tstream_npa_connect_send(talloc_tos(), ev,
 					  socket_np_dir,
@@ -689,8 +698,8 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
 		unbecome_root();
 		DEBUG(0, ("tstream_npa_connect_send to %s for pipe %s and "
 			  "user %s\\%s failed\n",
-			  socket_np_dir, pipe_name, session_info_t->info->domain_name,
-			  session_info_t->info->account_name));
+			  socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
+			  session_info_t->session_info->info->account_name));
 		goto fail;
 	}
 	ok = tevent_req_poll(subreq, ev);
@@ -698,8 +707,8 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
 	if (!ok) {
 		DEBUG(0, ("tevent_req_poll to %s for pipe %s and user %s\\%s "
 			  "failed for tstream_npa_connect: %s\n",
-			  socket_np_dir, pipe_name, session_info_t->info->domain_name,
-			  session_info_t->info->account_name,
+			  socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
+			  session_info_t->session_info->info->account_name,
 			  strerror(errno)));
 		goto fail;
 
@@ -714,8 +723,8 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
 	if (ret != 0) {
 		DEBUG(0, ("tstream_npa_connect_recv  to %s for pipe %s and "
 			  "user %s\\%s failed: %s\n",
-			  socket_np_dir, pipe_name, session_info_t->info->domain_name,
-			  session_info_t->info->account_name,
+			  socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
+			  session_info_t->session_info->info->account_name,
 			  strerror(sys_errno)));
 		goto fail;
 	}
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index 2fa2a77112..c7c77f0375 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -32,15 +32,15 @@
 #define SERVER_TCP_HIGH_PORT 1300
 
 static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx,
-					    struct auth_session_info_transport **session_info)
+					    struct auth_session_info **session_info)
 {
-	struct auth_session_info_transport *i;
+	struct auth_session_info *i;
 	struct auth_serversupplied_info *s;
 	struct auth_user_info_dc *u;
 	union netr_Validation val;
 	NTSTATUS status;
 
-	i = talloc_zero(mem_ctx, struct auth_session_info_transport);
+	i = talloc_zero(mem_ctx, struct auth_session_info);
 	if (i == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -81,7 +81,7 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
 				    bool ncalrpc_as_system,
 				    const char *client_address,
 				    const char *server_address,
-				    struct auth_session_info_transport *session_info,
+				    struct auth_session_info *session_info,
 				    struct pipes_struct **_p,
 				    int *perrno)
 {
@@ -355,7 +355,7 @@ struct named_pipe_client {
 	char *client_name;
 	struct tsocket_address *server;
 	char *server_name;
-	struct auth_session_info_transport *session_info;
+	struct auth_session_info *session_info;
 
 	struct pipes_struct *p;
 
@@ -433,6 +433,7 @@ static void named_pipe_packet_done(struct tevent_req *subreq);
 
 static void named_pipe_accept_done(struct tevent_req *subreq)
 {
+	struct auth_session_info_transport *session_info_transport;
 	struct named_pipe_client *npc =
 		tevent_req_callback_data(subreq, struct named_pipe_client);
 	const char *cli_addr;
@@ -445,7 +446,10 @@ static void named_pipe_accept_done(struct tevent_req *subreq)
 						&npc->client_name,
 						&npc->server,
 						&npc->server_name,
-						&npc->session_info);
+						&session_info_transport);
+
+	npc->session_info = talloc_move(npc, &session_info_transport->session_info);
+
 	TALLOC_FREE(subreq);
 	if (ret != 0) {
 		DEBUG(2, ("Failed to accept named pipe connection! (%s)\n",
@@ -996,7 +1000,7 @@ struct dcerpc_ncacn_conn {
 	char *client_name;
 	struct tsocket_address *server;
 	char *server_name;
-	struct auth_session_info_transport *session_info;
+	struct auth_session_info *session_info;
 
 	struct iovec *iov;
 	size_t count;