From 645711c602313940dcf80ec786557920ecfbf884 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 22 Mar 2005 08:00:45 +0000 Subject: r5941: Commit this patch much earlier than I would normally prefer, but metze needs a working tree... The main volume of this patch was what I started working on today: - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context. - Uses sepereate inner loops for some of the DCE/RPC tests The other and more important part of this patch fixes issues surrounding the new credentials framwork: This makes the struct cli_credentials always a talloc() structure, rather than on the stack. Parts of the cli_credentials code already assumed this. There were other issues, particularly in the DCERPC over SMB handling, as well as little things that had to be tidied up before test_w2k3.sh would start to pass. Andrew Bartlett (This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778) --- source4/librpc/rpc/dcerpc_schannel.c | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) (limited to 'source4/librpc/rpc/dcerpc_schannel.c') diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index bcdd1a923c..77453cf476 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -294,8 +294,9 @@ static NTSTATUS dcerpc_schannel_client_start(struct gensec_security *gensec_secu /* get a schannel key using a netlogon challenge on a secondary pipe */ -static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, - struct cli_credentials *credentials, +static NTSTATUS dcerpc_schannel_key(TALLOC_CTX *tmp_ctx, + struct dcerpc_pipe *p, + struct cli_credentials *credentials, int chan_type, struct creds_CredentialState *creds) { @@ -308,7 +309,6 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, struct samr_Password mach_pwd; const char *workgroup; uint32_t negotiate_flags; - TALLOC_CTX *tmp_ctx; if (p->conn->flags & DCERPC_SCHANNEL_128) { negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; @@ -318,8 +318,6 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, workgroup = cli_credentials_get_domain(credentials); - tmp_ctx = talloc_new(NULL); - /* step 1 - establish a netlogon connection, with no authentication */ @@ -328,7 +326,6 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, status = dcerpc_parse_binding(tmp_ctx, p->conn->binding_string, &b); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Failed to parse dcerpc binding '%s'\n", p->conn->binding_string)); - talloc_free(tmp_ctx); return status; } @@ -337,18 +334,14 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Failed to map DCERPC/TCP NCACN_NP pipe for '%s' - %s\n", DCERPC_NETLOGON_UUID, nt_errstr(status))); - talloc_free(p); return status; } status = dcerpc_secondary_connection(p, &p2, b); if (!NT_STATUS_IS_OK(status)) { - talloc_free(tmp_ctx); return status; } - talloc_free(tmp_ctx); - status = dcerpc_bind_auth_none(p2, DCERPC_NETLOGON_UUID, DCERPC_NETLOGON_VERSION); if (!NT_STATUS_IS_OK(status)) { @@ -359,14 +352,14 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, /* step 2 - request a netlogon challenge */ - r.in.server_name = talloc_asprintf(p, "\\\\%s", dcerpc_server_name(p)); + r.in.server_name = talloc_asprintf(tmp_ctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.credentials = &credentials1; r.out.credentials = &credentials2; generate_random_buffer(credentials1.data, sizeof(credentials1.data)); - status = dcerpc_netr_ServerReqChallenge(p2, p, &r); + status = dcerpc_netr_ServerReqChallenge(p2, tmp_ctx, &r); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -391,7 +384,7 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, a.in.credentials = &credentials3; a.out.credentials = &credentials3; - status = dcerpc_netr_ServerAuthenticate2(p2, p, &a); + status = dcerpc_netr_ServerAuthenticate2(p2, tmp_ctx, &a); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -405,7 +398,7 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, we no longer need the netlogon pipe open */ - dcerpc_pipe_close(p2); + talloc_free(p2); return NT_STATUS_OK; } @@ -480,14 +473,15 @@ NTSTATUS dcerpc_bind_auth_schannel_withkey(struct dcerpc_pipe *p, return NT_STATUS_OK; } -NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, +NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx, + struct dcerpc_pipe *p, const char *uuid, uint_t version, struct cli_credentials *credentials) { NTSTATUS status; int chan_type = 0; struct creds_CredentialState *creds; - creds = talloc(p, struct creds_CredentialState); + creds = talloc(tmp_ctx, struct creds_CredentialState); if (!creds) { return NT_STATUS_NO_MEMORY; } @@ -500,7 +494,8 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, chan_type = SEC_CHAN_DOMAIN; } - status = dcerpc_schannel_key(p, credentials, + status = dcerpc_schannel_key(tmp_ctx, + p, credentials, chan_type, creds); @@ -514,7 +509,7 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, } static BOOL dcerpc_schannel_have_feature(struct gensec_security *gensec_security, - uint32_t feature) + uint32_t feature) { if (feature & (GENSEC_FEATURE_SESSION_KEY | GENSEC_FEATURE_SIGN | -- cgit