From a2ce53c1f5301ffcf990dbab837c328ea22739b6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 8 Feb 2011 16:53:13 +1100 Subject: s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett --- source4/ntvfs/ipc/vfs_ipc.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'source4/ntvfs') diff --git a/source4/ntvfs/ipc/vfs_ipc.c b/source4/ntvfs/ipc/vfs_ipc.c index 972de2723c..19127a29bc 100644 --- a/source4/ntvfs/ipc/vfs_ipc.c +++ b/source4/ntvfs/ipc/vfs_ipc.c @@ -255,6 +255,7 @@ static NTSTATUS ipc_open(struct ntvfs_module_context *ntvfs, const struct tsocket_address *server_addr; int ret; DATA_BLOB delegated_creds = data_blob_null; + struct auth_user_info_dc user_info_dc; switch (oi->generic.level) { case RAW_OPEN_NTCREATEX: @@ -309,9 +310,16 @@ static NTSTATUS ipc_open(struct ntvfs_module_context *ntvfs, state->req = req; state->oi = oi; - status = auth_convert_server_info_saminfo3(state, - req->session_info->server_info, - &state->info3); + /* Disgusting hack to recreate the user_info_dc that should + * not be used that this layer in this way */ + ZERO_STRUCT(user_info_dc); + user_info_dc.info = req->session_info->info; + user_info_dc.num_sids = req->session_info->torture->num_dc_sids; + user_info_dc.sids = req->session_info->torture->dc_sids; + + status = auth_convert_user_info_dc_saminfo3(state, + &user_info_dc, + &state->info3); NT_STATUS_NOT_OK_RETURN(status); client_addr = ntvfs_get_local_address(ipriv->ntvfs); -- cgit