From 17d8f0ad30847bb940f645ee1817d782ddaaee74 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Feb 2011 11:50:37 +1100 Subject: s3-auth use create_local_token() to transform server_info -> session_info Before a auth_serversupplied_info struct can be used for authorization, the local groups and privileges must be calculated. create_local_token() now copies the server_info, and then sets the calulated token and unix groups. Soon, it will also transform the result into an expanded struct auth_session_info. Until then, the variable name (server_info vs session_info provides a clue to the developer about what information has been entered in the structure). By moving the calls to create_local_token within the codebase, we remove duplication, and ensure that the session key (where modified) is consistently copied into the new structure. Andrew Bartlett --- source3/rpc_server/dcesrv_gssapi.c | 5 +++-- source3/rpc_server/rpc_server.c | 10 ++++------ 2 files changed, 7 insertions(+), 8 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/dcesrv_gssapi.c b/source3/rpc_server/dcesrv_gssapi.c index a3007e4044..c8a015e066 100644 --- a/source3/rpc_server/dcesrv_gssapi.c +++ b/source3/rpc_server/dcesrv_gssapi.c @@ -228,9 +228,10 @@ NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx, /* TODO: save PAC data in netsamlogon cache ? */ - status = make_server_info_krb5(mem_ctx, + status = make_session_info_krb5(mem_ctx, ntuser, ntdomain, username, pw, - logon_info, is_guest, is_mapped, server_info); + logon_info, is_guest, is_mapped, NULL /* No session key for now */, + server_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n", nt_errstr(status))); diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c index b9e5f9f946..9934e196cc 100644 --- a/source3/rpc_server/rpc_server.c +++ b/source3/rpc_server/rpc_server.c @@ -88,6 +88,7 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, struct netr_SamInfo3 *info3; struct auth_user_info_dc *auth_user_info_dc; struct pipes_struct *p; + struct auth_serversupplied_info *server_info; NTSTATUS status; bool ok; @@ -148,7 +149,7 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, status = make_server_info_info3(p, info3->base.account_name.string, info3->base.domain.string, - &p->session_info, info3); + &server_info, info3); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to init server info\n")); TALLOC_FREE(p); @@ -160,7 +161,8 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, * Some internal functions need a local token to determine access to * resoutrces. */ - status = create_local_token(p->session_info); + status = create_local_token(p, server_info, &session_info->session_key, &p->session_info); + talloc_free(server_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to init local auth token\n")); TALLOC_FREE(p); @@ -173,10 +175,6 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, * regardless of what we just calculated */ p->session_info->security_token = talloc_move(p->session_info, &session_info->security_token); - /* Also set the session key to the correct value */ - p->session_info->user_session_key = session_info->session_key; - p->session_info->user_session_key.data = talloc_move(p->session_info, &session_info->session_key.data); - p->client_id = talloc_zero(p, struct client_address); if (!p->client_id) { TALLOC_FREE(p); -- cgit