From b717b40235b2433b26b20ced36142c250f9c411e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 7 Jun 2004 21:34:32 +0000 Subject: r1078: the dxesrv_crypto_* implementations should now explicit set the dce_conn->auth_state.session_info ( the ntlmssp one works fine, but the schannel one isn't implemented yet) this is also set by the ntvfs_ipc backend on the endpoint connect. metze (This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051) --- source4/rpc_server/dcerpc_server.c | 13 ++++--------- source4/rpc_server/dcerpc_server.h | 5 +---- source4/rpc_server/dcesrv_crypto.c | 8 -------- source4/rpc_server/dcesrv_crypto_ntlmssp.c | 18 +++++++----------- source4/rpc_server/dcesrv_crypto_schannel.c | 14 +++++--------- source4/rpc_server/samr/samr_password.c | 16 ++++++++++++++-- 6 files changed, 31 insertions(+), 43 deletions(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index a084477b36..20ed50d128 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -271,24 +271,17 @@ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx, (*p)->auth_state.auth_info = NULL; (*p)->auth_state.crypto_ctx.private_data = NULL; (*p)->auth_state.crypto_ctx.ops = NULL; - (*p)->session_key = data_blob(NULL, 0); + (*p)->auth_state.session_info = NULL; return NT_STATUS_OK; } -/* - set the transport level session key -*/ -void dcesrv_set_session_key(struct dcesrv_connection *p, DATA_BLOB key) -{ - p->session_key = data_blob_talloc(p->mem_ctx, key.data, key.length); -} - /* search and connect to a dcerpc endpoint */ NTSTATUS dcesrv_endpoint_search_connect(struct dcesrv_context *dce_ctx, const struct dcesrv_ep_description *ep_description, + struct auth_session_info *session_info, struct dcesrv_connection **dce_conn_p) { NTSTATUS status; @@ -305,6 +298,8 @@ NTSTATUS dcesrv_endpoint_search_connect(struct dcesrv_context *dce_ctx, return status; } + (*dce_conn_p)->auth_state.session_info = session_info; + /* TODO: check security descriptor of the endpoint here * if it's a smb named pipe * if it's failed free dce_conn_p diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index f73dbaf4cb..918b68f511 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -100,7 +100,6 @@ struct dcesrv_crypto_ops { NTSTATUS (*start)(struct dcesrv_auth *auth, DATA_BLOB *auth_blob); NTSTATUS (*update)(struct dcesrv_auth *auth, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out); - NTSTATUS (*session_info)(struct dcesrv_auth *auth, struct auth_session_info **session_info); NTSTATUS (*seal)(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx, uint8_t *data, size_t length, DATA_BLOB *sig); NTSTATUS (*sign)(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx, @@ -119,6 +118,7 @@ struct dcesrv_auth { void *private_data; const struct dcesrv_crypto_ops *ops; } crypto_ctx; + struct auth_session_info *session_info; }; @@ -152,9 +152,6 @@ struct dcesrv_connection { /* the current authentication state */ struct dcesrv_auth auth_state; - - /* the transport level session key, if any */ - DATA_BLOB session_key; }; diff --git a/source4/rpc_server/dcesrv_crypto.c b/source4/rpc_server/dcesrv_crypto.c index 31039510ab..de1976ff91 100644 --- a/source4/rpc_server/dcesrv_crypto.c +++ b/source4/rpc_server/dcesrv_crypto.c @@ -83,14 +83,6 @@ NTSTATUS dcesrv_crypto_update(struct dcesrv_auth *auth, return auth->crypto_ctx.ops->update(auth, out_mem_ctx, in, out); } -/* - get auth_session_info state -*/ -NTSTATUS dcesrv_crypto_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info) -{ - return auth->crypto_ctx.ops->session_info(auth, session_info); -} - /* seal a packet */ diff --git a/source4/rpc_server/dcesrv_crypto_ntlmssp.c b/source4/rpc_server/dcesrv_crypto_ntlmssp.c index e23f136308..67242c3cc0 100644 --- a/source4/rpc_server/dcesrv_crypto_ntlmssp.c +++ b/source4/rpc_server/dcesrv_crypto_ntlmssp.c @@ -53,18 +53,15 @@ static NTSTATUS dcesrv_crypto_ntlmssp_update(struct dcesrv_auth *auth, TALLOC_CT const DATA_BLOB in, DATA_BLOB *out) { struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data; + NTSTATUS status; - return auth_ntlmssp_update(auth_ntlmssp_state, out_mem_ctx, in, out); -} - -/* - get auth_session_info state -*/ -static NTSTATUS dcesrv_crypto_ntlmssp_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info) -{ - struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data; + status = auth_ntlmssp_update(auth_ntlmssp_state, out_mem_ctx, in, out); + if (NT_STATUS_IS_OK(status)) { + /* TODO: what is when the session_info is already set */ + return auth_ntlmssp_get_session_info(auth_ntlmssp_state, &auth->session_info); + } - return auth_ntlmssp_get_session_info(auth_ntlmssp_state, session_info); + return status; } /* @@ -130,7 +127,6 @@ static const struct dcesrv_crypto_ops dcesrv_crypto_ntlmssp_ops = { .auth_type = DCERPC_AUTH_TYPE_NTLMSSP, .start = dcesrv_crypto_ntlmssp_start, .update = dcesrv_crypto_ntlmssp_update, - .session_info = dcesrv_crypto_ntlmssp_session_info, .seal = dcesrv_crypto_ntlmssp_seal, .sign = dcesrv_crypto_ntlmssp_sign, .check_sig = dcesrv_crypto_ntlmssp_check_sig, diff --git a/source4/rpc_server/dcesrv_crypto_schannel.c b/source4/rpc_server/dcesrv_crypto_schannel.c index c7466d43a8..fba882e2a4 100644 --- a/source4/rpc_server/dcesrv_crypto_schannel.c +++ b/source4/rpc_server/dcesrv_crypto_schannel.c @@ -81,6 +81,11 @@ static NTSTATUS dcesrv_crypto_schannel_start(struct dcesrv_auth *auth, DATA_BLOB return NT_STATUS_INVALID_HANDLE; } + /* TODO: here we need to set the session_info + * what should happen when te session_info is already set + */ + auth->session_info = NULL; + auth->crypto_ctx.private_data = schannel; ack.unknown1 = 1; @@ -106,14 +111,6 @@ static NTSTATUS dcesrv_crypto_schannel_update(struct dcesrv_auth *auth, TALLOC_C return NT_STATUS_OK; } -/* - get auth_session_info state -*/ -static NTSTATUS dcesrv_crypto_schannel_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - /* seal a packet */ @@ -181,7 +178,6 @@ static const struct dcesrv_crypto_ops dcesrv_crypto_schannel_ops = { .auth_type = DCERPC_AUTH_TYPE_SCHANNEL, .start = dcesrv_crypto_schannel_start, .update = dcesrv_crypto_schannel_update, - .session_info = dcesrv_crypto_schannel_session_info, .seal = dcesrv_crypto_schannel_seal, .sign = dcesrv_crypto_schannel_sign, .check_sig = dcesrv_crypto_schannel_check_sig, diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index d5f995feb8..988c52e4ee 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -693,7 +693,13 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, { char new_pass[512]; uint32_t new_pass_len; - DATA_BLOB session_key = dce_call->conn->session_key; + DATA_BLOB session_key; + + session_key = data_blob(NULL,0); + + if (dce_call->conn->auth_state.session_info) { + session_key = dce_call->conn->auth_state.session_info->session_key; + } if (session_key.length == 0) { DEBUG(3,("Bad session key in samr_set_password\n")); @@ -734,9 +740,15 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, char new_pass[512]; uint32_t new_pass_len; DATA_BLOB co_session_key; - DATA_BLOB session_key = dce_call->conn->session_key; + DATA_BLOB session_key; struct MD5Context ctx; + session_key = data_blob(NULL,0); + + if (dce_call->conn->auth_state.session_info) { + session_key = dce_call->conn->auth_state.session_info->session_key; + } + co_session_key = data_blob_talloc(mem_ctx, NULL, 16); if (!co_session_key.data) { return NT_STATUS_NO_MEMORY; -- cgit