diff options
-rw-r--r-- | pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm | 6 | ||||
-rw-r--r-- | source3/rpc_server/lsa/srv_lsa_nt.c | 18 | ||||
-rw-r--r-- | source3/rpc_server/netlogon/srv_netlog_nt.c | 18 | ||||
-rw-r--r-- | source3/rpc_server/rpc_pipes.h | 2 | ||||
-rw-r--r-- | source3/rpc_server/samr/srv_samr_nt.c | 6 | ||||
-rw-r--r-- | source3/rpc_server/spoolss/srv_iremotewinspool.c | 6 |
6 files changed, 33 insertions, 23 deletions
diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm index 89dc0617839..be275cc9109 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm @@ -292,9 +292,6 @@ sub boilerplate_iface($) $self->pidl("p = dcesrv_get_pipes_struct(dce_call->conn);"); $self->pidl("p->dce_call = dce_call;"); $self->pidl("p->mem_ctx = mem_ctx;"); - $self->pidl("p->auth.auth_type = dce_call->auth_state->auth_type;"); - $self->pidl("p->auth.auth_level = dce_call->auth_state->auth_level;"); - $self->pidl("p->auth.auth_context_id = dce_call->auth_state->auth_context_id;"); $self->pidl("/* Reset pipes struct fault state */"); $self->pidl("p->fault_state = 0;"); $self->pidl(""); @@ -335,9 +332,6 @@ sub boilerplate_iface($) $self->pidl("p->dce_call = NULL;"); $self->pidl("p->mem_ctx = NULL;"); - $self->pidl("p->auth.auth_type = 0;"); - $self->pidl("p->auth.auth_level = 0;"); - $self->pidl("p->auth.auth_context_id = 0;"); $self->pidl("/* Check pipes struct fault state */"); $self->pidl("if (p->fault_state != 0) {"); $self->indent(); diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index bf4ddd22ee7..4cb9dae639e 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -1090,6 +1090,9 @@ NTSTATUS _lsa_LookupSids2(struct pipes_struct *p, NTSTATUS _lsa_LookupSids3(struct pipes_struct *p, struct lsa_LookupSids3 *r) { + struct dcesrv_call_state *dce_call = p->dce_call; + enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE; + enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE; struct lsa_LookupSids2 q; if (p->transport != NCACN_IP_TCP) { @@ -1097,9 +1100,11 @@ NTSTATUS _lsa_LookupSids3(struct pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } + dcesrv_call_auth_info(dce_call, &auth_type, &auth_level); + /* No policy handle on this call. Restrict to crypto connections. */ - if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL || - p->auth.auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { + if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL || + auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { DEBUG(1, ("_lsa_LookupSids3: The client %s is not using " "a secure connection over netlogon\n", get_remote_machine_name() )); @@ -1402,6 +1407,9 @@ NTSTATUS _lsa_LookupNames3(struct pipes_struct *p, NTSTATUS _lsa_LookupNames4(struct pipes_struct *p, struct lsa_LookupNames4 *r) { + struct dcesrv_call_state *dce_call = p->dce_call; + enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE; + enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE; struct lsa_LookupNames3 q; if (p->transport != NCACN_IP_TCP) { @@ -1409,9 +1417,11 @@ NTSTATUS _lsa_LookupNames4(struct pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } + dcesrv_call_auth_info(dce_call, &auth_type, &auth_level); + /* No policy handle on this call. Restrict to crypto connections. */ - if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL || - p->auth.auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { + if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL || + auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { DEBUG(1, ("_lsa_LookupNames4: The client %s is not using " "a secure connection over netlogon\n", get_remote_machine_name())); diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index 05a51bef37c..f3c56a6bef1 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1091,7 +1091,7 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p, opname = ndr_table_netlogon.calls[opnum].name; } - auth_type = p->auth.auth_type; + dcesrv_call_auth_info(dce_call, &auth_type, NULL); lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers()); if (lp_ctx == NULL) { @@ -2014,9 +2014,13 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, status = serverinfo_to_SamInfo3(server_info, r->out.validation->sam3); break; - case 6: + case 6: { + enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE; + + dcesrv_call_auth_info(dce_call, NULL, &auth_level); + /* Only allow this if the pipe is protected. */ - if (p->auth.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) { + if (auth_level < DCERPC_AUTH_LEVEL_PRIVACY) { DEBUG(0,("netr_Validation6: client %s not using privacy for netlogon\n", get_remote_machine_name())); status = NT_STATUS_INVALID_PARAMETER; @@ -2027,6 +2031,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, r->out.validation->sam6); break; } + } TALLOC_FREE(server_info); @@ -2125,6 +2130,8 @@ NTSTATUS _netr_LogonSamLogon(struct pipes_struct *p, NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p, struct netr_LogonSamLogonEx *r) { + struct dcesrv_call_state *dce_call = p->dce_call; + enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE; NTSTATUS status; struct netlogon_creds_CredentialState *creds = NULL; struct loadparm_context *lp_ctx; @@ -2137,7 +2144,10 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p, } /* Only allow this if the pipe is protected. */ - if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { + + dcesrv_call_auth_info(dce_call, &auth_type, NULL); + + if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { DEBUG(0,("_netr_LogonSamLogonEx: client %s not using schannel for netlogon\n", get_remote_machine_name() )); return NT_STATUS_INVALID_PARAMETER; diff --git a/source3/rpc_server/rpc_pipes.h b/source3/rpc_server/rpc_pipes.h index cb34e83b927..1f9325ed229 100644 --- a/source3/rpc_server/rpc_pipes.h +++ b/source3/rpc_server/rpc_pipes.h @@ -41,8 +41,6 @@ struct pipes_struct { struct messaging_context *msg_ctx; - struct pipe_auth_data auth; - /* * Set the DCERPC_FAULT to return. */ diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c index dc8bdb95857..7f2c0a861f5 100644 --- a/source3/rpc_server/samr/srv_samr_nt.c +++ b/source3/rpc_server/samr/srv_samr_nt.c @@ -7242,6 +7242,8 @@ static enum samr_ValidationStatus samr_ValidatePassword_Reset(TALLOC_CTX *mem_ct NTSTATUS _samr_ValidatePassword(struct pipes_struct *p, struct samr_ValidatePassword *r) { + struct dcesrv_call_state *dce_call = p->dce_call; + enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE; union samr_ValidatePasswordRep *rep; NTSTATUS status; struct samr_GetDomPwInfo pw; @@ -7252,7 +7254,9 @@ NTSTATUS _samr_ValidatePassword(struct pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { + dcesrv_call_auth_info(dce_call, NULL, &auth_level); + + if (auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { p->fault_state = DCERPC_FAULT_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/rpc_server/spoolss/srv_iremotewinspool.c b/source3/rpc_server/spoolss/srv_iremotewinspool.c index 90fd997cadd..2fc7e74d546 100644 --- a/source3/rpc_server/spoolss/srv_iremotewinspool.c +++ b/source3/rpc_server/spoolss/srv_iremotewinspool.c @@ -93,9 +93,6 @@ static NTSTATUS iremotewinspool__op_dispatch_internal(struct dcesrv_call_state * p = dcesrv_get_pipes_struct(dce_call->conn); p->dce_call = dce_call; p->mem_ctx = mem_ctx; - p->auth.auth_type = dce_call->auth_state->auth_type; - p->auth.auth_level = dce_call->auth_state->auth_level; - p->auth.auth_context_id = dce_call->auth_state->auth_context_id; /* Reset pipes struct fault state */ p->fault_state = 0; @@ -1230,9 +1227,6 @@ fail: p->dce_call = NULL; p->mem_ctx = NULL; - p->auth.auth_type = 0; - p->auth.auth_level = 0; - p->auth.auth_context_id = 0; /* Check pipes struct fault state */ if (p->fault_state != 0) { dce_call->fault_code = p->fault_state; |