From 128ae06a619b2c50cc9379053abb18277e814747 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Jul 2011 12:58:25 +1000 Subject: s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_info This makes auth3_session_info identical to auth_session_info The logic to convert the info3 to a struct auth_user_info is essentially moved up the stack from the named pipe proxy in source3/rpc_server to create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell --- source3/rpc_server/lsa/srv_lsa_nt.c | 2 +- source3/rpc_server/netlogon/srv_netlog_nt.c | 2 +- source3/rpc_server/rpc_ncacn_np.c | 17 +------ source3/rpc_server/rpc_server.c | 71 ++++++++++++----------------- source3/rpc_server/spoolss/srv_spoolss_nt.c | 12 ++--- 5 files changed, 37 insertions(+), 67 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index 309e2aa5f6..8aea353679 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -2412,7 +2412,7 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p, } } else { username = p->session_info->unix_info->sanitized_username; - domname = p->session_info->info3->base.domain.string; + domname = p->session_info->info->domain_name; } account_name = talloc(p->mem_ctx, struct lsa_String); diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index 82f8331995..4ff6f909d6 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -209,7 +209,7 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p, return WERR_INVALID_PARAM; } - acct_ctrl = p->session_info->info3->base.acct_flags; + acct_ctrl = p->session_info->info->acct_flags; switch (r->in.function_code) { case NETLOGON_CONTROL_TC_VERIFY: diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c index f43d0b81bc..25435b8ea4 100644 --- a/source3/rpc_server/rpc_ncacn_np.c +++ b/source3/rpc_server/rpc_ncacn_np.c @@ -629,8 +629,6 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, struct tevent_req *subreq; struct auth_session_info_transport *session_info_t; struct auth_session_info *session_info_npa; - struct auth_user_info_dc *user_info_dc; - union netr_Validation val; NTSTATUS status; bool ok; int ret; @@ -685,20 +683,7 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, session_info_npa->unix_token = session_info->unix_token; session_info_npa->unix_info = session_info->unix_info; - val.sam3 = session_info->info3; - - /* Convert into something we can build a struct - * auth_session_info from. Most of the work here - * will be to convert the SIDS, which we will then ignore, but - * this is the easier way to handle it */ - status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("conversion of info3 into user_info_dc failed!\n")); - goto fail; - } - - session_info_npa->info = talloc_move(session_info_npa, &user_info_dc->info); - talloc_free(user_info_dc); + session_info_npa->info = session_info->info; session_info_t = talloc_zero(talloc_tos(), struct auth_session_info_transport); if (session_info_npa == NULL) { diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c index 7e383e84c1..eb9def9a9a 100644 --- a/source3/rpc_server/rpc_server.c +++ b/source3/rpc_server/rpc_server.c @@ -40,8 +40,6 @@ static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx, { struct auth_session_info *i; struct auth3_session_info *s; - struct auth_user_info_dc *u; - union netr_Validation val; NTSTATUS status; i = talloc_zero(mem_ctx, struct auth_session_info); @@ -56,20 +54,7 @@ static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx, i->security_token = s->security_token; i->session_key = s->session_key; - - val.sam3 = s->info3; - - status = make_user_info_dc_netlogon_validation(mem_ctx, - "", - 3, - &val, - &u); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("conversion of info3 into user_info_dc failed!\n")); - return status; - } - i->info = talloc_move(i, &u->info); - talloc_free(u); + i->info = s->info; *session_info = i; @@ -88,8 +73,6 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, struct pipes_struct **_p, int *perrno) { - struct netr_SamInfo3 *info3; - struct auth_user_info_dc *auth_user_info_dc; struct pipes_struct *p; NTSTATUS status; @@ -114,30 +97,6 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, p->endian = RPC_LITTLE_ENDIAN; - /* Fake up an auth_user_info_dc for now, to make an info3, to make the session_info structure */ - auth_user_info_dc = talloc_zero(p, struct auth_user_info_dc); - if (!auth_user_info_dc) { - TALLOC_FREE(p); - *perrno = ENOMEM; - return -1; - } - - auth_user_info_dc->num_sids = session_info->security_token->num_sids; - auth_user_info_dc->sids = session_info->security_token->sids; - auth_user_info_dc->info = session_info->info; - auth_user_info_dc->user_session_key = session_info->session_key; - - /* This creates the input structure that make_server_info_info3 is looking for */ - status = auth_convert_user_info_dc_saminfo3(p, auth_user_info_dc, - &info3); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to convert auth_user_info_dc into netr_SamInfo3\n")); - TALLOC_FREE(p); - *perrno = EINVAL; - return -1; - } - if (session_info->unix_token && session_info->unix_info && session_info->security_token) { /* Don't call create_local_token(), we already have the full details here */ p->session_info = talloc_zero(p, struct auth3_session_info); @@ -149,12 +108,38 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, p->session_info->security_token = talloc_move(p->session_info, &session_info->security_token); p->session_info->unix_token = talloc_move(p->session_info, &session_info->unix_token); p->session_info->unix_info = talloc_move(p->session_info, &session_info->unix_info); - p->session_info->info3 = talloc_move(p->session_info, &info3); + p->session_info->info = talloc_move(p->session_info, &session_info->info); p->session_info->session_key = session_info->session_key; p->session_info->session_key.data = talloc_move(p->session_info, &session_info->session_key.data); } else { + struct auth_user_info_dc *auth_user_info_dc; struct auth_serversupplied_info *server_info; + struct netr_SamInfo3 *info3; + + /* Fake up an auth_user_info_dc for now, to make an info3, to make the session_info structure */ + auth_user_info_dc = talloc_zero(p, struct auth_user_info_dc); + if (!auth_user_info_dc) { + TALLOC_FREE(p); + *perrno = ENOMEM; + return -1; + } + + auth_user_info_dc->num_sids = session_info->security_token->num_sids; + auth_user_info_dc->sids = session_info->security_token->sids; + auth_user_info_dc->info = session_info->info; + auth_user_info_dc->user_session_key = session_info->session_key; + + /* This creates the input structure that make_server_info_info3 is looking for */ + status = auth_convert_user_info_dc_saminfo3(p, auth_user_info_dc, + &info3); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to convert auth_user_info_dc into netr_SamInfo3\n")); + TALLOC_FREE(p); + *perrno = EINVAL; + return -1; + } status = make_server_info_info3(p, info3->base.account_name.string, diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 12dcc27615..71ae93766a 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -1832,7 +1832,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->session_info->security_token) && !token_contains_name_in_list( uidtoname(p->session_info->unix_token->uid), - p->session_info->info3->base.domain.string, + p->session_info->info->domain_name, NULL, p->session_info->security_token, lp_printer_admin(snum))) { @@ -2095,7 +2095,7 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p, && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list( uidtoname(p->session_info->unix_token->uid), - p->session_info->info3->base.domain.string, + p->session_info->info->domain_name, NULL, p->session_info->security_token, lp_printer_admin(-1)) ) @@ -2199,7 +2199,7 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p, && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list( uidtoname(p->session_info->unix_token->uid), - p->session_info->info3->base.domain.string, + p->session_info->info->domain_name, NULL, p->session_info->security_token, lp_printer_admin(-1)) ) { @@ -8553,7 +8553,7 @@ WERROR _spoolss_AddForm(struct pipes_struct *p, if ((p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid), - p->session_info->info3->base.domain.string, + p->session_info->info->domain_name, NULL, p->session_info->security_token, lp_printer_admin(snum))) { @@ -8626,7 +8626,7 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p, if ((p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid), - p->session_info->info3->base.domain.string, + p->session_info->info->domain_name, NULL, p->session_info->security_token, lp_printer_admin(snum))) { @@ -8695,7 +8695,7 @@ WERROR _spoolss_SetForm(struct pipes_struct *p, if ((p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid), - p->session_info->info3->base.domain.string, + p->session_info->info->domain_name, NULL, p->session_info->security_token, lp_printer_admin(snum))) { -- cgit