diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2011-02-08 16:53:13 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2011-02-09 01:11:06 +0100 |
| commit | a2ce53c1f5301ffcf990dbab837c328ea22739b6 (patch) | |
| tree | 52dde7c4bb16c0d885b8691a4c5c87f8213b0599 /source4/kdc | |
| parent | f1c0e9532d8e3fb0d8942e4d4e1a122429266b16 (diff) | |
| download | samba-a2ce53c1f5301ffcf990dbab837c328ea22739b6.tar.gz samba-a2ce53c1f5301ffcf990dbab837c328ea22739b6.tar.bz2 samba-a2ce53c1f5301ffcf990dbab837c328ea22739b6.zip | |
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
Diffstat (limited to 'source4/kdc')
| -rw-r--r-- | source4/kdc/kpasswdd.c | 10 | ||||
| -rw-r--r-- | source4/kdc/pac-glue.c | 21 |
2 files changed, 16 insertions, 15 deletions
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 800d560b44..117cab095d 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -169,7 +169,7 @@ static bool kpasswdd_change_password(struct kdc_server *kdc, * seem to be the case here. */ ret = gendb_search(kdc->samdb, mem_ctx, NULL, &res, attrs, "(&(objectClass=user)(sAMAccountName=%s))", - session_info->server_info->account_name); + session_info->info->account_name); if (ret != 1) { return kpasswdd_make_error_reply(kdc, mem_ctx, KRB5_KPASSWD_ACCESSDENIED, @@ -197,8 +197,8 @@ static bool kpasswdd_change_password(struct kdc_server *kdc, } DEBUG(3, ("Changing password of %s\\%s (%s)\n", - session_info->server_info->domain_name, - session_info->server_info->account_name, + session_info->info->domain_name, + session_info->info->account_name, dom_sid_string(mem_ctx, &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]))); /* Performs the password change */ @@ -359,8 +359,8 @@ static bool kpasswd_process_request(struct kdc_server *kdc, } DEBUG(3, ("%s\\%s (%s) is changing password of %s\n", - session_info->server_info->domain_name, - session_info->server_info->account_name, + session_info->info->domain_name, + session_info->info->account_name, dom_sid_string(mem_ctx, &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]), set_password_on_princ)); ret = ldb_transaction_start(samdb); diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 6dbeb354e0..18d29a10cb 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -28,10 +28,11 @@ #include "auth/auth_sam_reply.h" #include "kdc/kdc-glue.h" #include "param/param.h" +#include "librpc/gen_ndr/ndr_krb5pac.h" static NTSTATUS samba_get_logon_info_pac_blob(TALLOC_CTX *mem_ctx, - struct auth_serversupplied_info *info, + struct auth_user_info_dc *info, DATA_BLOB *pac_data) { struct netr_SamInfo3 *info3; @@ -41,7 +42,7 @@ NTSTATUS samba_get_logon_info_pac_blob(TALLOC_CTX *mem_ctx, ZERO_STRUCT(pac_info); - nt_status = auth_convert_server_info_saminfo3(mem_ctx, info, &info3); + nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx, info, &info3); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("Getting Samba info failed: %s\n", nt_errstr(nt_status))); @@ -139,7 +140,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx, DATA_BLOB **_pac_blob) { struct samba_kdc_entry *p = talloc_get_type(client->ctx, struct samba_kdc_entry); - struct auth_serversupplied_info *server_info; + struct auth_user_info_dc *user_info_dc; DATA_BLOB *pac_blob; NTSTATUS nt_status; @@ -154,21 +155,21 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - nt_status = authsam_make_server_info(mem_ctx, p->kdc_db_ctx->samdb, + nt_status = authsam_make_user_info_dc(mem_ctx, p->kdc_db_ctx->samdb, lpcfg_netbios_name(p->kdc_db_ctx->lp_ctx), lpcfg_sam_name(p->kdc_db_ctx->lp_ctx), p->realm_dn, p->msg, data_blob(NULL, 0), data_blob(NULL, 0), - &server_info); + &user_info_dc); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Getting user info for PAC failed: %s\n", nt_errstr(nt_status))); return nt_status; } - nt_status = samba_get_logon_info_pac_blob(mem_ctx, server_info, pac_blob); + nt_status = samba_get_logon_info_pac_blob(mem_ctx, user_info_dc, pac_blob); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Building PAC failed: %s\n", nt_errstr(nt_status))); @@ -183,18 +184,18 @@ NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx, krb5_context context, krb5_pac *pac, DATA_BLOB *pac_blob) { - struct auth_serversupplied_info *server_info; + struct auth_user_info_dc *user_info_dc; krb5_error_code ret; NTSTATUS nt_status; - ret = kerberos_pac_to_server_info(mem_ctx, *pac, - context, &server_info); + ret = kerberos_pac_to_user_info_dc(mem_ctx, *pac, + context, &user_info_dc, NULL, NULL); if (ret) { return NT_STATUS_UNSUCCESSFUL; } nt_status = samba_get_logon_info_pac_blob(mem_ctx, - server_info, pac_blob); + user_info_dc, pac_blob); return nt_status; } |