summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/auth/auth_util.c16
-rw-r--r--source4/ntvfs/ipc/vfs_ipc.c21
-rw-r--r--source4/rpc_server/dcerpc_server.c13
-rw-r--r--source4/rpc_server/dcerpc_server.h5
-rw-r--r--source4/rpc_server/dcesrv_crypto.c8
-rw-r--r--source4/rpc_server/dcesrv_crypto_ntlmssp.c18
-rw-r--r--source4/rpc_server/dcesrv_crypto_schannel.c14
-rw-r--r--source4/rpc_server/samr/samr_password.c16
8 files changed, 59 insertions, 52 deletions
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index c505d4a88e..24a419586d 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -330,7 +330,7 @@ BOOL make_user_info_guest(struct auth_usersupplied_info **user_info)
prints a NT_USER_TOKEN to debug output.
****************************************************************************/
-void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
+void debug_nt_user_token(int dbg_class, int dbg_lev, const NT_USER_TOKEN *token)
{
TALLOC_CTX *mem_ctx;
@@ -357,6 +357,20 @@ void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
}
/****************************************************************************
+ prints a NT_USER_TOKEN to debug output.
+****************************************************************************/
+
+void debug_session_info(int dbg_class, int dbg_lev, const struct auth_session_info *session_info)
+{
+ if (!session_info) {
+ DEBUGC(dbg_class, dbg_lev, ("Session Info: (NULL)\n"));
+ return;
+ }
+
+ debug_nt_user_token(dbg_class, dbg_lev, session_info->nt_user_token);
+}
+
+/****************************************************************************
Create the SID list for this user.
****************************************************************************/
diff --git a/source4/ntvfs/ipc/vfs_ipc.c b/source4/ntvfs/ipc/vfs_ipc.c
index 7ebf35d5cb..9279e0e85a 100644
--- a/source4/ntvfs/ipc/vfs_ipc.c
+++ b/source4/ntvfs/ipc/vfs_ipc.c
@@ -195,6 +195,7 @@ static NTSTATUS ipc_open_generic(struct request_context *req, const char *fname,
TALLOC_CTX *mem_ctx;
NTSTATUS status;
struct dcesrv_ep_description ep_description;
+ struct auth_session_info *session_info = NULL;
struct ipc_private *private = req->conn->ntvfs_private;
mem_ctx = talloc_init("ipc_open '%s'", fname);
@@ -240,7 +241,18 @@ static NTSTATUS ipc_open_generic(struct request_context *req, const char *fname,
ep_description.type = ENDPOINT_SMB;
ep_description.info.smb_pipe = p->pipe_name;
- status = dcesrv_endpoint_search_connect(&req->smb->dcesrv, &ep_description, &p->dce_conn);
+ /* tell the RPC layer the session_info */
+ if (req->user_ctx->vuser) {
+ /*
+ * TODO: we need to reference count the entire session_info
+ */
+ session_info = req->user_ctx->vuser->session_info;
+ }
+
+ status = dcesrv_endpoint_search_connect(&req->smb->dcesrv,
+ &ep_description,
+ session_info,
+ &p->dce_conn);
if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
return status;
@@ -252,13 +264,6 @@ static NTSTATUS ipc_open_generic(struct request_context *req, const char *fname,
*ps = p;
- /* tell the RPC layer the transport session key */
- if (req->user_ctx->vuser) {
- /* TODO: Fix this to push more than just a session key
- * down - we need the entire session_info, reference counted... */
- dcesrv_set_session_key(p->dce_conn, req->user_ctx->vuser->session_info->session_key);
- }
-
return NT_STATUS_OK;
}
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index a084477b36..20ed50d128 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -271,24 +271,17 @@ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
(*p)->auth_state.auth_info = NULL;
(*p)->auth_state.crypto_ctx.private_data = NULL;
(*p)->auth_state.crypto_ctx.ops = NULL;
- (*p)->session_key = data_blob(NULL, 0);
+ (*p)->auth_state.session_info = NULL;
return NT_STATUS_OK;
}
/*
- set the transport level session key
-*/
-void dcesrv_set_session_key(struct dcesrv_connection *p, DATA_BLOB key)
-{
- p->session_key = data_blob_talloc(p->mem_ctx, key.data, key.length);
-}
-
-/*
search and connect to a dcerpc endpoint
*/
NTSTATUS dcesrv_endpoint_search_connect(struct dcesrv_context *dce_ctx,
const struct dcesrv_ep_description *ep_description,
+ struct auth_session_info *session_info,
struct dcesrv_connection **dce_conn_p)
{
NTSTATUS status;
@@ -305,6 +298,8 @@ NTSTATUS dcesrv_endpoint_search_connect(struct dcesrv_context *dce_ctx,
return status;
}
+ (*dce_conn_p)->auth_state.session_info = session_info;
+
/* TODO: check security descriptor of the endpoint here
* if it's a smb named pipe
* if it's failed free dce_conn_p
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index f73dbaf4cb..918b68f511 100644
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -100,7 +100,6 @@ struct dcesrv_crypto_ops {
NTSTATUS (*start)(struct dcesrv_auth *auth, DATA_BLOB *auth_blob);
NTSTATUS (*update)(struct dcesrv_auth *auth, TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out);
- NTSTATUS (*session_info)(struct dcesrv_auth *auth, struct auth_session_info **session_info);
NTSTATUS (*seal)(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
uint8_t *data, size_t length, DATA_BLOB *sig);
NTSTATUS (*sign)(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
@@ -119,6 +118,7 @@ struct dcesrv_auth {
void *private_data;
const struct dcesrv_crypto_ops *ops;
} crypto_ctx;
+ struct auth_session_info *session_info;
};
@@ -152,9 +152,6 @@ struct dcesrv_connection {
/* the current authentication state */
struct dcesrv_auth auth_state;
-
- /* the transport level session key, if any */
- DATA_BLOB session_key;
};
diff --git a/source4/rpc_server/dcesrv_crypto.c b/source4/rpc_server/dcesrv_crypto.c
index 31039510ab..de1976ff91 100644
--- a/source4/rpc_server/dcesrv_crypto.c
+++ b/source4/rpc_server/dcesrv_crypto.c
@@ -84,14 +84,6 @@ NTSTATUS dcesrv_crypto_update(struct dcesrv_auth *auth,
}
/*
- get auth_session_info state
-*/
-NTSTATUS dcesrv_crypto_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info)
-{
- return auth->crypto_ctx.ops->session_info(auth, session_info);
-}
-
-/*
seal a packet
*/
NTSTATUS dcesrv_crypto_seal(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
diff --git a/source4/rpc_server/dcesrv_crypto_ntlmssp.c b/source4/rpc_server/dcesrv_crypto_ntlmssp.c
index e23f136308..67242c3cc0 100644
--- a/source4/rpc_server/dcesrv_crypto_ntlmssp.c
+++ b/source4/rpc_server/dcesrv_crypto_ntlmssp.c
@@ -53,18 +53,15 @@ static NTSTATUS dcesrv_crypto_ntlmssp_update(struct dcesrv_auth *auth, TALLOC_CT
const DATA_BLOB in, DATA_BLOB *out)
{
struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data;
+ NTSTATUS status;
- return auth_ntlmssp_update(auth_ntlmssp_state, out_mem_ctx, in, out);
-}
-
-/*
- get auth_session_info state
-*/
-static NTSTATUS dcesrv_crypto_ntlmssp_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info)
-{
- struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data;
+ status = auth_ntlmssp_update(auth_ntlmssp_state, out_mem_ctx, in, out);
+ if (NT_STATUS_IS_OK(status)) {
+ /* TODO: what is when the session_info is already set */
+ return auth_ntlmssp_get_session_info(auth_ntlmssp_state, &auth->session_info);
+ }
- return auth_ntlmssp_get_session_info(auth_ntlmssp_state, session_info);
+ return status;
}
/*
@@ -130,7 +127,6 @@ static const struct dcesrv_crypto_ops dcesrv_crypto_ntlmssp_ops = {
.auth_type = DCERPC_AUTH_TYPE_NTLMSSP,
.start = dcesrv_crypto_ntlmssp_start,
.update = dcesrv_crypto_ntlmssp_update,
- .session_info = dcesrv_crypto_ntlmssp_session_info,
.seal = dcesrv_crypto_ntlmssp_seal,
.sign = dcesrv_crypto_ntlmssp_sign,
.check_sig = dcesrv_crypto_ntlmssp_check_sig,
diff --git a/source4/rpc_server/dcesrv_crypto_schannel.c b/source4/rpc_server/dcesrv_crypto_schannel.c
index c7466d43a8..fba882e2a4 100644
--- a/source4/rpc_server/dcesrv_crypto_schannel.c
+++ b/source4/rpc_server/dcesrv_crypto_schannel.c
@@ -81,6 +81,11 @@ static NTSTATUS dcesrv_crypto_schannel_start(struct dcesrv_auth *auth, DATA_BLOB
return NT_STATUS_INVALID_HANDLE;
}
+ /* TODO: here we need to set the session_info
+ * what should happen when te session_info is already set
+ */
+ auth->session_info = NULL;
+
auth->crypto_ctx.private_data = schannel;
ack.unknown1 = 1;
@@ -107,14 +112,6 @@ static NTSTATUS dcesrv_crypto_schannel_update(struct dcesrv_auth *auth, TALLOC_C
}
/*
- get auth_session_info state
-*/
-static NTSTATUS dcesrv_crypto_schannel_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/*
seal a packet
*/
static NTSTATUS dcesrv_crypto_schannel_seal(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
@@ -181,7 +178,6 @@ static const struct dcesrv_crypto_ops dcesrv_crypto_schannel_ops = {
.auth_type = DCERPC_AUTH_TYPE_SCHANNEL,
.start = dcesrv_crypto_schannel_start,
.update = dcesrv_crypto_schannel_update,
- .session_info = dcesrv_crypto_schannel_session_info,
.seal = dcesrv_crypto_schannel_seal,
.sign = dcesrv_crypto_schannel_sign,
.check_sig = dcesrv_crypto_schannel_check_sig,
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index d5f995feb8..988c52e4ee 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -693,7 +693,13 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
{
char new_pass[512];
uint32_t new_pass_len;
- DATA_BLOB session_key = dce_call->conn->session_key;
+ DATA_BLOB session_key;
+
+ session_key = data_blob(NULL,0);
+
+ if (dce_call->conn->auth_state.session_info) {
+ session_key = dce_call->conn->auth_state.session_info->session_key;
+ }
if (session_key.length == 0) {
DEBUG(3,("Bad session key in samr_set_password\n"));
@@ -734,9 +740,15 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
char new_pass[512];
uint32_t new_pass_len;
DATA_BLOB co_session_key;
- DATA_BLOB session_key = dce_call->conn->session_key;
+ DATA_BLOB session_key;
struct MD5Context ctx;
+ session_key = data_blob(NULL,0);
+
+ if (dce_call->conn->auth_state.session_info) {
+ session_key = dce_call->conn->auth_state.session_info->session_key;
+ }
+
co_session_key = data_blob_talloc(mem_ctx, NULL, 16);
if (!co_session_key.data) {
return NT_STATUS_NO_MEMORY;