From e3821f2c40691cc747d887bac14d4e3d37f0763b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 10 Feb 2011 20:21:11 +1100
Subject: s4-auth Move libcli/security/session.c to the top level

This code is now useful in common, as the elements of the
auth_session_info structure have now been defined in common IDL.

Andrew Bartlett
---
 libcli/security/security.h                      |  1 +
 libcli/security/session.c                       | 64 ++++++++++++++++++++++++
 libcli/security/session.h                       | 50 +++++++++++++++++++
 libcli/security/wscript_build                   |  2 +-
 source4/auth/auth.h                             |  1 +
 source4/auth/session.h                          |  9 +---
 source4/dsdb/repl/drepl_out_helpers.c           |  1 +
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c |  1 -
 source4/dsdb/samdb/ldb_modules/rootdse.c        |  1 -
 source4/dsdb/samdb/ldb_modules/util.c           |  1 -
 source4/dsdb/samdb/ldb_modules/wscript_build    |  6 +--
 source4/libcli/security/session.c               | 65 -------------------------
 source4/libcli/security/session.h               | 33 -------------
 source4/libcli/security/wscript_build           |  9 ----
 source4/libcli/wscript_build                    |  1 -
 source4/rpc_server/wscript_build                |  6 +--
 16 files changed, 125 insertions(+), 126 deletions(-)
 create mode 100644 libcli/security/session.c
 create mode 100644 libcli/security/session.h
 delete mode 100644 source4/libcli/security/session.c
 delete mode 100644 source4/libcli/security/session.h
 delete mode 100644 source4/libcli/security/wscript_build

diff --git a/libcli/security/security.h b/libcli/security/security.h
index 39ae3ec6cc..bb7bc7208a 100644
--- a/libcli/security/security.h
+++ b/libcli/security/security.h
@@ -105,5 +105,6 @@ struct object_tree {
 #include "libcli/security/sddl.h"
 #include "libcli/security/privileges.h"
 #include "libcli/security/access_check.h"
+#include "libcli/security/session.h"
 
 #endif
diff --git a/libcli/security/session.c b/libcli/security/session.c
new file mode 100644
index 0000000000..0c32556fa4
--- /dev/null
+++ b/libcli/security/session.c
@@ -0,0 +1,64 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   session_info utility functions
+
+   Copyright (C) Andrew Bartlett 2008-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/auth.h"
+
+enum security_user_level security_session_user_level(struct auth_session_info *session_info,
+						     const struct dom_sid *domain_sid)
+{
+	if (!session_info) {
+		return SECURITY_ANONYMOUS;
+	}
+
+	if (security_token_is_system(session_info->security_token)) {
+		return SECURITY_SYSTEM;
+	}
+
+	if (security_token_is_anonymous(session_info->security_token)) {
+		return SECURITY_ANONYMOUS;
+	}
+
+	if (security_token_has_builtin_administrators(session_info->security_token)) {
+		return SECURITY_ADMINISTRATOR;
+	}
+
+	if (domain_sid) {
+		struct dom_sid *rodc_dcs;
+		rodc_dcs = dom_sid_add_rid(session_info, domain_sid, DOMAIN_RID_READONLY_DCS);
+		if (security_token_has_sid(session_info->security_token, rodc_dcs)) {
+			talloc_free(rodc_dcs);
+			return SECURITY_RO_DOMAIN_CONTROLLER;
+		}
+		talloc_free(rodc_dcs);
+	}
+
+	if (security_token_has_enterprise_dcs(session_info->security_token)) {
+		return SECURITY_DOMAIN_CONTROLLER;
+	}
+
+	if (security_token_has_nt_authenticated_users(session_info->security_token)) {
+		return SECURITY_USER;
+	}
+
+	return SECURITY_ANONYMOUS;
+}
diff --git a/libcli/security/session.h b/libcli/security/session.h
new file mode 100644
index 0000000000..36da09b8df
--- /dev/null
+++ b/libcli/security/session.h
@@ -0,0 +1,50 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   session_info utility functions
+
+   Copyright (C) Andrew Bartlett 2008-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBCLI_SECURITY_SESSION_H_
+#define _LIBCLI_SECURITY_SESSION_H_
+
+enum security_user_level {
+	SECURITY_ANONYMOUS            = 0,
+	SECURITY_USER                 = 10,
+	SECURITY_RO_DOMAIN_CONTROLLER = 20,
+	SECURITY_DOMAIN_CONTROLLER    = 30,
+	SECURITY_ADMINISTRATOR        = 40,
+	SECURITY_SYSTEM               = 50
+};
+
+struct cli_credentials;
+struct security_token;
+struct auth_user_info;
+struct auth_user_info_torture;
+
+struct auth_session_info {
+	struct security_token *security_token;
+	struct auth_user_info *info;
+	struct auth_user_info_torture *torture;
+	DATA_BLOB session_key;
+	struct cli_credentials *credentials;
+};
+
+enum security_user_level security_session_user_level(struct auth_session_info *session_info,
+						     const struct dom_sid *domain_sid);
+
+#endif
diff --git a/libcli/security/wscript_build b/libcli/security/wscript_build
index 3526e66aa2..3f2e06a908 100644
--- a/libcli/security/wscript_build
+++ b/libcli/security/wscript_build
@@ -2,7 +2,7 @@
 
 
 bld.SAMBA_LIBRARY('security',
-                  source='dom_sid.c display_sec.c secace.c secacl.c security_descriptor.c sddl.c privileges.c security_token.c access_check.c object_tree.c create_descriptor.c util_sid.c',
+                  source='dom_sid.c display_sec.c secace.c secacl.c security_descriptor.c sddl.c privileges.c security_token.c access_check.c object_tree.c create_descriptor.c util_sid.c session.c',
                   private_library=True,
                   deps='talloc ndr NDR_SECURITY'
                   )
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index ccc5695a2e..70df694b1e 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -162,6 +162,7 @@ struct auth_critical_sizes {
 struct ldb_message;
 struct ldb_context;
 struct gensec_security;
+struct cli_credentials;
 
 NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, uint8_t chal[8]);
 NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
diff --git a/source4/auth/session.h b/source4/auth/session.h
index 795497ea8f..8ab6288d64 100644
--- a/source4/auth/session.h
+++ b/source4/auth/session.h
@@ -21,14 +21,7 @@
 #ifndef _SAMBA_AUTH_SESSION_H
 #define _SAMBA_AUTH_SESSION_H
 
-struct auth_session_info {
-	struct security_token *security_token;
-	struct auth_user_info *info;
-	struct auth_user_info_torture *torture;
-	DATA_BLOB session_key;
-	struct cli_credentials *credentials;
-};
-
+#include "libcli/security/security.h"
 #include "librpc/gen_ndr/netlogon.h"
 #include "librpc/gen_ndr/auth.h"
 
diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c
index 893eb3bbcd..ebf2f77708 100644
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -34,6 +34,7 @@
 #include "auth/gensec/gensec.h"
 #include "param/param.h"
 #include "../lib/util/tevent_ntstatus.h"
+#include "libcli/security/security.h"
 
 struct dreplsrv_out_drsuapi_state {
 	struct tevent_context *ev;
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 53d53d9021..6fd6d7fa14 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -48,7 +48,6 @@
 #include "lib/util/dlinklist.h"
 #include "dsdb/samdb/ldb_modules/util.h"
 #include "lib/util/binsearch.h"
-#include "libcli/security/session.h"
 #include "lib/util/tsort.h"
 
 struct replmd_private {
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 98889125f3..be60d89638 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -28,7 +28,6 @@
 #include "version.h"
 #include "dsdb/samdb/ldb_modules/util.h"
 #include "libcli/security/security.h"
-#include "libcli/security/session.h"
 #include "librpc/ndr/libndr.h"
 #include "auth/auth.h"
 #include "param/param.h"
diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c
index 37ab4707f3..49939e2ff4 100644
--- a/source4/dsdb/samdb/ldb_modules/util.c
+++ b/source4/dsdb/samdb/ldb_modules/util.c
@@ -27,7 +27,6 @@
 #include "dsdb/samdb/samdb.h"
 #include "util.h"
 #include "libcli/security/security.h"
-#include "libcli/security/session.h"
 
 /*
   search for attrs on one DN, in the modules below
diff --git a/source4/dsdb/samdb/ldb_modules/wscript_build b/source4/dsdb/samdb/ldb_modules/wscript_build
index 5925165afd..4ff5bdfda9 100644
--- a/source4/dsdb/samdb/ldb_modules/wscript_build
+++ b/source4/dsdb/samdb/ldb_modules/wscript_build
@@ -9,7 +9,7 @@ bld.SAMBA_LIBRARY('dsdb-module',
 bld.SAMBA_SUBSYSTEM('DSDB_MODULE_HELPERS',
 	source='util.c acl_util.c schema_util.c',
 	autoproto='util_proto.h',
-	deps='ldb ndr samdb-common security-session'
+	deps='ldb ndr samdb-common security'
 	)
 
 bld.SAMBA_SUBSYSTEM('DSDB_MODULE_HELPER_RIDALLOC',
@@ -60,7 +60,7 @@ bld.SAMBA_MODULE('ldb_repl_meta_data',
 	init_function='ldb_repl_meta_data_module_init',
 	module_init_name='ldb_init_module',
 	internal_module=False,
-	deps='samdb talloc events ndr NDR_DRSUAPI NDR_DRSBLOBS ndr DSDB_MODULE_HELPERS security-session'
+	deps='samdb talloc events ndr NDR_DRSUAPI NDR_DRSBLOBS ndr DSDB_MODULE_HELPERS security'
 	)
 
 
@@ -150,7 +150,7 @@ bld.SAMBA_MODULE('ldb_rootdse',
 	init_function='ldb_rootdse_module_init',
 	module_init_name='ldb_init_module',
 	internal_module=False,
-	deps='talloc events samdb MESSAGING security-session DSDB_MODULE_HELPERS'
+	deps='talloc events samdb MESSAGING security DSDB_MODULE_HELPERS'
 	)
 
 
diff --git a/source4/libcli/security/session.c b/source4/libcli/security/session.c
deleted file mode 100644
index 401e11c489..0000000000
--- a/source4/libcli/security/session.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
-   Unix SMB/CIFS implementation.
-
-   session_info utility functions
-
-   Copyright (C) Andrew Bartlett 2008-2010
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "auth/session.h"
-#include "libcli/security/session.h"
-#include "libcli/security/security.h"
-
-enum security_user_level security_session_user_level(struct auth_session_info *session_info,
-						     const struct dom_sid *domain_sid)
-{
-	if (!session_info) {
-		return SECURITY_ANONYMOUS;
-	}
-
-	if (security_token_is_system(session_info->security_token)) {
-		return SECURITY_SYSTEM;
-	}
-
-	if (security_token_is_anonymous(session_info->security_token)) {
-		return SECURITY_ANONYMOUS;
-	}
-
-	if (security_token_has_builtin_administrators(session_info->security_token)) {
-		return SECURITY_ADMINISTRATOR;
-	}
-
-	if (domain_sid) {
-		struct dom_sid *rodc_dcs;
-		rodc_dcs = dom_sid_add_rid(session_info, domain_sid, DOMAIN_RID_READONLY_DCS);
-		if (security_token_has_sid(session_info->security_token, rodc_dcs)) {
-			talloc_free(rodc_dcs);
-			return SECURITY_RO_DOMAIN_CONTROLLER;
-		}
-		talloc_free(rodc_dcs);
-	}
-
-	if (security_token_has_enterprise_dcs(session_info->security_token)) {
-		return SECURITY_DOMAIN_CONTROLLER;
-	}
-
-	if (security_token_has_nt_authenticated_users(session_info->security_token)) {
-		return SECURITY_USER;
-	}
-
-	return SECURITY_ANONYMOUS;
-}
diff --git a/source4/libcli/security/session.h b/source4/libcli/security/session.h
deleted file mode 100644
index cf69665497..0000000000
--- a/source4/libcli/security/session.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-   Unix SMB/CIFS implementation.
-
-   session_info utility functions
-
-   Copyright (C) Andrew Bartlett 2008-2010
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-enum security_user_level {
-	SECURITY_ANONYMOUS            = 0,
-	SECURITY_USER                 = 10,
-	SECURITY_RO_DOMAIN_CONTROLLER = 20,
-	SECURITY_DOMAIN_CONTROLLER    = 30,
-	SECURITY_ADMINISTRATOR        = 40,
-	SECURITY_SYSTEM               = 50
-};
-
-#include "libcli/security/session_proto.h"
-
-struct auth_session_info;
diff --git a/source4/libcli/security/wscript_build b/source4/libcli/security/wscript_build
deleted file mode 100644
index 9c277236c4..0000000000
--- a/source4/libcli/security/wscript_build
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/env python
-
-bld.SAMBA_LIBRARY('security-session',
-	source='session.c',
-	autoproto='session_proto.h',
-	public_deps='security',
-	private_library=True
-	)
-
diff --git a/source4/libcli/wscript_build b/source4/libcli/wscript_build
index 950c179d7e..f91900d371 100644
--- a/source4/libcli/wscript_build
+++ b/source4/libcli/wscript_build
@@ -1,7 +1,6 @@
 #!/usr/bin/env python
 
 bld.RECURSE('ldap')
-bld.RECURSE('security')
 bld.RECURSE('wbclient')
 
 bld.SAMBA_LIBRARY('errors',
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
index b796728dad..815459baaf 100644
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -77,7 +77,7 @@ bld.SAMBA_MODULE('dcerpc_winreg',
 	source='winreg/rpc_winreg.c',
 	subsystem='dcerpc_server',
 	init_function='dcerpc_server_winreg_init',
-	deps='registry ndr-standard security-session',
+	deps='registry ndr-standard',
 	internal_module=True
 	)
 
@@ -95,7 +95,7 @@ bld.SAMBA_MODULE('dcerpc_lsarpc',
 	autoproto='lsa/proto.h',
 	subsystem='dcerpc_server',
 	init_function='dcerpc_server_lsa_init',
-	deps='samdb DCERPC_COMMON ndr-standard LIBCLI_AUTH NDR_DSSETUP com_err security-session kdc-policy'
+	deps='samdb DCERPC_COMMON ndr-standard LIBCLI_AUTH NDR_DSSETUP com_err security kdc-policy'
 	)
 
 
@@ -121,7 +121,7 @@ bld.SAMBA_MODULE('dcerpc_drsuapi',
 	source='drsuapi/dcesrv_drsuapi.c drsuapi/updaterefs.c drsuapi/getncchanges.c drsuapi/addentry.c drsuapi/writespn.c drsuapi/drsutil.c',
 	subsystem='dcerpc_server',
 	init_function='dcerpc_server_drsuapi_init',
-	deps='samdb DCERPC_COMMON NDR_DRSUAPI security-session'
+	deps='samdb DCERPC_COMMON NDR_DRSUAPI security'
 	)
 
 
-- 
cgit