diff options
| author | Samuel Cabrero <scabrero@suse.de> | 2019-01-24 20:34:03 +0100 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-10-18 16:07:36 +0000 |
| commit | 6fe23fa071d2dc6e348b175b514c99a6ce82b6f4 (patch) | |
| tree | b121a24763a407da9a65b1c4e765922da5503c5a /source4 | |
| parent | bf097719534be55abaab931ca03b8be23ef1fe0a (diff) | |
| download | samba-6fe23fa071d2dc6e348b175b514c99a6ce82b6f4.tar.gz | |
s4:rpc_server: Hide gensec prepare behind function pointer
This function will be different for s3 and s4
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/rpc_server/dcerpc_server.c | 36 | ||||
| -rw-r--r-- | source4/rpc_server/dcerpc_server.h | 6 | ||||
| -rw-r--r-- | source4/rpc_server/dcesrv_auth.c | 28 | ||||
| -rw-r--r-- | source4/rpc_server/service_rpc.c | 1 | ||||
| -rw-r--r-- | source4/torture/rpc/spoolss_notify.c | 1 |
5 files changed, 47 insertions, 25 deletions
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 3b432f7484c..fc8979deaa4 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -23,6 +23,7 @@ #include "includes.h" #include "auth/auth.h" #include "auth/gensec/gensec.h" +#include "auth/credentials/credentials.h" #include "lib/util/dlinklist.h" #include "rpc_server/dcerpc_server.h" #include "rpc_server/dcerpc_server_proto.h" @@ -3436,3 +3437,38 @@ void log_successful_dcesrv_authz_event(struct dcesrv_call_state *call) auth->auth_audited = true; } + +NTSTATUS dcesrv_gensec_prepare(TALLOC_CTX *mem_ctx, + struct dcesrv_call_state *call, + struct gensec_security **out) +{ + struct cli_credentials *server_creds = NULL; + struct imessaging_context *imsg_ctx = + dcesrv_imessaging_context(call->conn); + NTSTATUS status; + + server_creds = cli_credentials_init(call->auth_state); + if (!server_creds) { + DEBUG(1, ("Failed to init server credentials\n")); + return NT_STATUS_NO_MEMORY; + } + + cli_credentials_set_conf(server_creds, call->conn->dce_ctx->lp_ctx); + + status = cli_credentials_set_machine_account(server_creds, + call->conn->dce_ctx->lp_ctx); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to obtain server credentials: %s\n", + nt_errstr(status))); + talloc_free(server_creds); + return status; + } + + return samba_server_gensec_start(mem_ctx, + call->event_ctx, + imsg_ctx, + call->conn->dce_ctx->lp_ctx, + server_creds, + NULL, + out); +} diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index 614c93bf50e..18956524f6f 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -38,6 +38,7 @@ struct dcesrv_call_state; struct dcesrv_auth; struct dcesrv_connection_context; struct dcesrv_iface_state; +struct cli_credentials; struct dcesrv_interface { const char *name; @@ -367,6 +368,11 @@ struct dcesrv_context_callbacks { struct { void (*successful_authz)(struct dcesrv_call_state *); } log; + struct { + NTSTATUS (*gensec_prepare)(TALLOC_CTX *mem_ctx, + struct dcesrv_call_state *call, + struct gensec_security **out); + } auth; }; /* server-wide context information for the dcerpc server */ diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 73576dc45d0..87bc76d2780 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -78,11 +78,8 @@ static NTSTATUS dcesrv_auth_negotiate_hdr_signing(struct dcesrv_call_state *call static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call) { - struct cli_credentials *server_credentials = NULL; struct dcesrv_connection *dce_conn = call->conn; struct dcesrv_auth *auth = call->auth_state; - struct imessaging_context *imsg_ctx = - dcesrv_imessaging_context(call->conn); NTSTATUS status; if (auth->auth_started) { @@ -131,28 +128,9 @@ static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call) auth->auth_level = call->in_auth_info.auth_level; auth->auth_context_id = call->in_auth_info.auth_context_id; - server_credentials - = cli_credentials_init(auth); - if (!server_credentials) { - DEBUG(1, ("Failed to init server credentials\n")); - return false; - } - - cli_credentials_set_conf(server_credentials, call->conn->dce_ctx->lp_ctx); - status = cli_credentials_set_machine_account(server_credentials, call->conn->dce_ctx->lp_ctx); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to obtain server credentials: %s\n", - nt_errstr(status))); - return false; - } - - status = samba_server_gensec_start(auth, - call->event_ctx, - imsg_ctx, - call->conn->dce_ctx->lp_ctx, - server_credentials, - NULL, - &auth->gensec_security); + status = call->conn->dce_ctx->callbacks.auth.gensec_prepare(auth, + call, + &auth->gensec_security); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to call samba_server_gensec_start %s\n", nt_errstr(status))); diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c index efb3feabcdd..778d7b964a9 100644 --- a/source4/rpc_server/service_rpc.c +++ b/source4/rpc_server/service_rpc.c @@ -42,6 +42,7 @@ struct dcesrv_context_callbacks srv_callbacks = { .log.successful_authz = log_successful_dcesrv_authz_event, + .auth.gensec_prepare = dcesrv_gensec_prepare, }; /* diff --git a/source4/torture/rpc/spoolss_notify.c b/source4/torture/rpc/spoolss_notify.c index bed049bca86..91f9f92b7d8 100644 --- a/source4/torture/rpc/spoolss_notify.c +++ b/source4/torture/rpc/spoolss_notify.c @@ -36,6 +36,7 @@ struct dcesrv_context_callbacks srv_cb = { .log.successful_authz = log_successful_dcesrv_authz_event, + .auth.gensec_prepare = dcesrv_gensec_prepare, }; static NTSTATUS spoolss__op_bind(struct dcesrv_connection_context *context, |