summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm6
-rw-r--r--source3/rpc_server/lsa/srv_lsa_nt.c18
-rw-r--r--source3/rpc_server/netlogon/srv_netlog_nt.c18
-rw-r--r--source3/rpc_server/rpc_pipes.h2
-rw-r--r--source3/rpc_server/samr/srv_samr_nt.c6
-rw-r--r--source3/rpc_server/spoolss/srv_iremotewinspool.c6
6 files changed, 33 insertions, 23 deletions
diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm
index 89dc0617839..be275cc9109 100644
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm
@@ -292,9 +292,6 @@ sub boilerplate_iface($)
$self->pidl("p = dcesrv_get_pipes_struct(dce_call->conn);");
$self->pidl("p->dce_call = dce_call;");
$self->pidl("p->mem_ctx = mem_ctx;");
- $self->pidl("p->auth.auth_type = dce_call->auth_state->auth_type;");
- $self->pidl("p->auth.auth_level = dce_call->auth_state->auth_level;");
- $self->pidl("p->auth.auth_context_id = dce_call->auth_state->auth_context_id;");
$self->pidl("/* Reset pipes struct fault state */");
$self->pidl("p->fault_state = 0;");
$self->pidl("");
@@ -335,9 +332,6 @@ sub boilerplate_iface($)
$self->pidl("p->dce_call = NULL;");
$self->pidl("p->mem_ctx = NULL;");
- $self->pidl("p->auth.auth_type = 0;");
- $self->pidl("p->auth.auth_level = 0;");
- $self->pidl("p->auth.auth_context_id = 0;");
$self->pidl("/* Check pipes struct fault state */");
$self->pidl("if (p->fault_state != 0) {");
$self->indent();
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index bf4ddd22ee7..4cb9dae639e 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -1090,6 +1090,9 @@ NTSTATUS _lsa_LookupSids2(struct pipes_struct *p,
NTSTATUS _lsa_LookupSids3(struct pipes_struct *p,
struct lsa_LookupSids3 *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+ enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
struct lsa_LookupSids2 q;
if (p->transport != NCACN_IP_TCP) {
@@ -1097,9 +1100,11 @@ NTSTATUS _lsa_LookupSids3(struct pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
+ dcesrv_call_auth_info(dce_call, &auth_type, &auth_level);
+
/* No policy handle on this call. Restrict to crypto connections. */
- if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
- p->auth.auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+ if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
+ auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
DEBUG(1, ("_lsa_LookupSids3: The client %s is not using "
"a secure connection over netlogon\n",
get_remote_machine_name() ));
@@ -1402,6 +1407,9 @@ NTSTATUS _lsa_LookupNames3(struct pipes_struct *p,
NTSTATUS _lsa_LookupNames4(struct pipes_struct *p,
struct lsa_LookupNames4 *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+ enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
struct lsa_LookupNames3 q;
if (p->transport != NCACN_IP_TCP) {
@@ -1409,9 +1417,11 @@ NTSTATUS _lsa_LookupNames4(struct pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
+ dcesrv_call_auth_info(dce_call, &auth_type, &auth_level);
+
/* No policy handle on this call. Restrict to crypto connections. */
- if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
- p->auth.auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+ if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL ||
+ auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
DEBUG(1, ("_lsa_LookupNames4: The client %s is not using "
"a secure connection over netlogon\n",
get_remote_machine_name()));
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 05a51bef37c..f3c56a6bef1 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1091,7 +1091,7 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
opname = ndr_table_netlogon.calls[opnum].name;
}
- auth_type = p->auth.auth_type;
+ dcesrv_call_auth_info(dce_call, &auth_type, NULL);
lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers());
if (lp_ctx == NULL) {
@@ -2014,9 +2014,13 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
status = serverinfo_to_SamInfo3(server_info,
r->out.validation->sam3);
break;
- case 6:
+ case 6: {
+ enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+ dcesrv_call_auth_info(dce_call, NULL, &auth_level);
+
/* Only allow this if the pipe is protected. */
- if (p->auth.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) {
+ if (auth_level < DCERPC_AUTH_LEVEL_PRIVACY) {
DEBUG(0,("netr_Validation6: client %s not using privacy for netlogon\n",
get_remote_machine_name()));
status = NT_STATUS_INVALID_PARAMETER;
@@ -2027,6 +2031,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
r->out.validation->sam6);
break;
}
+ }
TALLOC_FREE(server_info);
@@ -2125,6 +2130,8 @@ NTSTATUS _netr_LogonSamLogon(struct pipes_struct *p,
NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
struct netr_LogonSamLogonEx *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
NTSTATUS status;
struct netlogon_creds_CredentialState *creds = NULL;
struct loadparm_context *lp_ctx;
@@ -2137,7 +2144,10 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
}
/* Only allow this if the pipe is protected. */
- if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
+
+ dcesrv_call_auth_info(dce_call, &auth_type, NULL);
+
+ if (auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
DEBUG(0,("_netr_LogonSamLogonEx: client %s not using schannel for netlogon\n",
get_remote_machine_name() ));
return NT_STATUS_INVALID_PARAMETER;
diff --git a/source3/rpc_server/rpc_pipes.h b/source3/rpc_server/rpc_pipes.h
index cb34e83b927..1f9325ed229 100644
--- a/source3/rpc_server/rpc_pipes.h
+++ b/source3/rpc_server/rpc_pipes.h
@@ -41,8 +41,6 @@ struct pipes_struct {
struct messaging_context *msg_ctx;
- struct pipe_auth_data auth;
-
/*
* Set the DCERPC_FAULT to return.
*/
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index dc8bdb95857..7f2c0a861f5 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -7242,6 +7242,8 @@ static enum samr_ValidationStatus samr_ValidatePassword_Reset(TALLOC_CTX *mem_ct
NTSTATUS _samr_ValidatePassword(struct pipes_struct *p,
struct samr_ValidatePassword *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
union samr_ValidatePasswordRep *rep;
NTSTATUS status;
struct samr_GetDomPwInfo pw;
@@ -7252,7 +7254,9 @@ NTSTATUS _samr_ValidatePassword(struct pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
+ dcesrv_call_auth_info(dce_call, NULL, &auth_level);
+
+ if (auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/rpc_server/spoolss/srv_iremotewinspool.c b/source3/rpc_server/spoolss/srv_iremotewinspool.c
index 90fd997cadd..2fc7e74d546 100644
--- a/source3/rpc_server/spoolss/srv_iremotewinspool.c
+++ b/source3/rpc_server/spoolss/srv_iremotewinspool.c
@@ -93,9 +93,6 @@ static NTSTATUS iremotewinspool__op_dispatch_internal(struct dcesrv_call_state *
p = dcesrv_get_pipes_struct(dce_call->conn);
p->dce_call = dce_call;
p->mem_ctx = mem_ctx;
- p->auth.auth_type = dce_call->auth_state->auth_type;
- p->auth.auth_level = dce_call->auth_state->auth_level;
- p->auth.auth_context_id = dce_call->auth_state->auth_context_id;
/* Reset pipes struct fault state */
p->fault_state = 0;
@@ -1230,9 +1227,6 @@ fail:
p->dce_call = NULL;
p->mem_ctx = NULL;
- p->auth.auth_type = 0;
- p->auth.auth_level = 0;
- p->auth.auth_context_id = 0;
/* Check pipes struct fault state */
if (p->fault_state != 0) {
dce_call->fault_code = p->fault_state;
View Lorry Controller Status