summaryrefslogtreecommitdiff
path: root/source4/smbd
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-04-13 12:00:06 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-04-14 10:30:51 +1000
commit589a42e2da7d7cd382deb94c57b0c6dbca269e55 (patch)
tree843f90acec386e763b37a3dda77d986cb4ead6de /source4/smbd
parent4e2384e2426745023553afb21270165872c61b02 (diff)
downloadsamba-589a42e2da7d7cd382deb94c57b0c6dbca269e55.tar.gz
samba-589a42e2da7d7cd382deb94c57b0c6dbca269e55.tar.bz2
samba-589a42e2da7d7cd382deb94c57b0c6dbca269e55.zip
s4:auth Change auth_generate_session_info to take an auth context
The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
Diffstat (limited to 'source4/smbd')
-rw-r--r--source4/smbd/service_named_pipe.c62
1 files changed, 48 insertions, 14 deletions
diff --git a/source4/smbd/service_named_pipe.c b/source4/smbd/service_named_pipe.c
index ec833d0c5a..6409a0099e 100644
--- a/source4/smbd/service_named_pipe.c
+++ b/source4/smbd/service_named_pipe.c
@@ -23,6 +23,7 @@
#include <tevent.h>
#include "smbd/service.h"
#include "param/param.h"
+#include "auth/auth.h"
#include "auth/session.h"
#include "auth/auth_sam_reply.h"
#include "lib/socket/socket.h"
@@ -162,6 +163,7 @@ static void named_pipe_auth_request(struct tevent_req *subreq)
struct auth_serversupplied_info *server_info;
struct named_pipe_auth_req pipe_request;
struct named_pipe_auth_rep pipe_reply;
+ struct auth_context *auth_context;
NTSTATUS status;
call = talloc(pipe_conn, struct named_pipe_call);
@@ -252,12 +254,23 @@ static void named_pipe_auth_request(struct tevent_req *subreq)
goto reply;
}
+ pipe_reply.status = auth_context_create(conn,
+ conn->event.ctx, conn->msg_ctx,
+ conn->lp_ctx,
+ &auth_context);
+ if (!NT_STATUS_IS_OK(pipe_reply.status)) {
+ DEBUG(2, ("auth_context_create returned "
+ "%s\n", nt_errstr(pipe_reply.status)));
+ goto reply;
+ }
+
+
/* setup the session_info on the connection */
- pipe_reply.status = auth_generate_session_info(conn,
- conn->event.ctx,
- conn->lp_ctx,
- server_info,
- &conn->session_info);
+ pipe_reply.status = auth_context->generate_session_info(conn,
+ auth_context,
+ server_info,
+ &conn->session_info);
+ talloc_free(auth_context);
if (!NT_STATUS_IS_OK(pipe_reply.status)) {
DEBUG(2, ("auth_generate_session_info failed: %s\n",
nt_errstr(pipe_reply.status)));
@@ -292,11 +305,21 @@ static void named_pipe_auth_request(struct tevent_req *subreq)
}
/* setup the session_info on the connection */
- pipe_reply.status = auth_generate_session_info(conn,
- conn->event.ctx,
+ pipe_reply.status = auth_context_create(conn,
+ conn->event.ctx, conn->msg_ctx,
conn->lp_ctx,
- server_info,
- &conn->session_info);
+ &auth_context);
+ if (!NT_STATUS_IS_OK(pipe_reply.status)) {
+ DEBUG(2, ("auth_context_create returned "
+ "%s\n", nt_errstr(pipe_reply.status)));
+ goto reply;
+ }
+
+ pipe_reply.status = auth_context->generate_session_info(conn,
+ auth_context,
+ server_info,
+ &conn->session_info);
+ talloc_free(auth_context);
if (!NT_STATUS_IS_OK(pipe_reply.status)) {
DEBUG(2, ("auth_generate_session_info failed: %s\n",
nt_errstr(pipe_reply.status)));
@@ -335,11 +358,22 @@ static void named_pipe_auth_request(struct tevent_req *subreq)
}
/* setup the session_info on the connection */
- pipe_reply.status = auth_generate_session_info(conn,
- conn->event.ctx,
- conn->lp_ctx,
- server_info,
- &conn->session_info);
+ pipe_reply.status = auth_context_create(conn,
+ conn->event.ctx, conn->msg_ctx,
+ conn->lp_ctx,
+ &auth_context);
+ if (!NT_STATUS_IS_OK(pipe_reply.status)) {
+ DEBUG(2, ("auth_context_create returned "
+ "%s\n", nt_errstr(pipe_reply.status)));
+ goto reply;
+ }
+
+ /* setup the session_info on the connection */
+ pipe_reply.status = auth_context->generate_session_info(conn,
+ auth_context,
+ server_info,
+ &conn->session_info);
+ talloc_free(auth_context);
if (!NT_STATUS_IS_OK(pipe_reply.status)) {
DEBUG(2, ("auth_generate_session_info failed: %s\n",
nt_errstr(pipe_reply.status)));