diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-04-13 12:00:06 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-04-14 10:30:51 +1000 |
| commit | 589a42e2da7d7cd382deb94c57b0c6dbca269e55 (patch) | |
| tree | 843f90acec386e763b37a3dda77d986cb4ead6de /source4/smbd | |
| parent | 4e2384e2426745023553afb21270165872c61b02 (diff) | |
| download | samba-589a42e2da7d7cd382deb94c57b0c6dbca269e55.tar.gz samba-589a42e2da7d7cd382deb94c57b0c6dbca269e55.tar.bz2 samba-589a42e2da7d7cd382deb94c57b0c6dbca269e55.zip | |
s4:auth Change auth_generate_session_info to take an auth context
The auth context was in the past only for NTLM authentication, but we
need a SAM, an event context and and loadparm context for calculating
the local groups too, so re-use that infrustructure we already have in
place.
However, to avoid problems where we may not have an auth_context (in
torture tests, for example), allow a simpler 'session_info' to be
generated, by passing this via an indirection in gensec and an
generate_session_info() function pointer in the struct auth_context.
In the smb_server (for old-style session setups) we need to change the
async context to a new 'struct sesssetup_context'. This allows us to
use the auth_context in processing the authentication reply .
Andrew Bartlett
Diffstat (limited to 'source4/smbd')
| -rw-r--r-- | source4/smbd/service_named_pipe.c | 62 |
1 files changed, 48 insertions, 14 deletions
diff --git a/source4/smbd/service_named_pipe.c b/source4/smbd/service_named_pipe.c index ec833d0c5a..6409a0099e 100644 --- a/source4/smbd/service_named_pipe.c +++ b/source4/smbd/service_named_pipe.c @@ -23,6 +23,7 @@ #include <tevent.h> #include "smbd/service.h" #include "param/param.h" +#include "auth/auth.h" #include "auth/session.h" #include "auth/auth_sam_reply.h" #include "lib/socket/socket.h" @@ -162,6 +163,7 @@ static void named_pipe_auth_request(struct tevent_req *subreq) struct auth_serversupplied_info *server_info; struct named_pipe_auth_req pipe_request; struct named_pipe_auth_rep pipe_reply; + struct auth_context *auth_context; NTSTATUS status; call = talloc(pipe_conn, struct named_pipe_call); @@ -252,12 +254,23 @@ static void named_pipe_auth_request(struct tevent_req *subreq) goto reply; } + pipe_reply.status = auth_context_create(conn, + conn->event.ctx, conn->msg_ctx, + conn->lp_ctx, + &auth_context); + if (!NT_STATUS_IS_OK(pipe_reply.status)) { + DEBUG(2, ("auth_context_create returned " + "%s\n", nt_errstr(pipe_reply.status))); + goto reply; + } + + /* setup the session_info on the connection */ - pipe_reply.status = auth_generate_session_info(conn, - conn->event.ctx, - conn->lp_ctx, - server_info, - &conn->session_info); + pipe_reply.status = auth_context->generate_session_info(conn, + auth_context, + server_info, + &conn->session_info); + talloc_free(auth_context); if (!NT_STATUS_IS_OK(pipe_reply.status)) { DEBUG(2, ("auth_generate_session_info failed: %s\n", nt_errstr(pipe_reply.status))); @@ -292,11 +305,21 @@ static void named_pipe_auth_request(struct tevent_req *subreq) } /* setup the session_info on the connection */ - pipe_reply.status = auth_generate_session_info(conn, - conn->event.ctx, + pipe_reply.status = auth_context_create(conn, + conn->event.ctx, conn->msg_ctx, conn->lp_ctx, - server_info, - &conn->session_info); + &auth_context); + if (!NT_STATUS_IS_OK(pipe_reply.status)) { + DEBUG(2, ("auth_context_create returned " + "%s\n", nt_errstr(pipe_reply.status))); + goto reply; + } + + pipe_reply.status = auth_context->generate_session_info(conn, + auth_context, + server_info, + &conn->session_info); + talloc_free(auth_context); if (!NT_STATUS_IS_OK(pipe_reply.status)) { DEBUG(2, ("auth_generate_session_info failed: %s\n", nt_errstr(pipe_reply.status))); @@ -335,11 +358,22 @@ static void named_pipe_auth_request(struct tevent_req *subreq) } /* setup the session_info on the connection */ - pipe_reply.status = auth_generate_session_info(conn, - conn->event.ctx, - conn->lp_ctx, - server_info, - &conn->session_info); + pipe_reply.status = auth_context_create(conn, + conn->event.ctx, conn->msg_ctx, + conn->lp_ctx, + &auth_context); + if (!NT_STATUS_IS_OK(pipe_reply.status)) { + DEBUG(2, ("auth_context_create returned " + "%s\n", nt_errstr(pipe_reply.status))); + goto reply; + } + + /* setup the session_info on the connection */ + pipe_reply.status = auth_context->generate_session_info(conn, + auth_context, + server_info, + &conn->session_info); + talloc_free(auth_context); if (!NT_STATUS_IS_OK(pipe_reply.status)) { DEBUG(2, ("auth_generate_session_info failed: %s\n", nt_errstr(pipe_reply.status))); |