From: Andrew Bartlett Date: Fri, 9 Apr 2010 07:18:53 +0000 (+1000) Subject: s4:auth Remove event context from anonymous_session() X-Git-Tag: samba-3.6.0pre1~3024 X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=2c193fe91af60f29ed4d560496842073097469bb;p=samba.git s4:auth Remove event context from anonymous_session() This should always return a simple structure with no need to consult a DB, so remove the event context, and simplfy to call helper functions that don't look at privilages. Andrew Bartlett --- diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 939a383a04a..7877ea461a8 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -206,7 +206,7 @@ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security, struct auth_session_info **_session_info) { struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); - return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->settings->lp_ctx, _session_info); + return auth_anonymous_session_info(state, gensec_security->settings->lp_ctx, _session_info); } static NTSTATUS schannel_start(struct gensec_security *gensec_security) diff --git a/source4/auth/session.c b/source4/auth/session.c index ef5646fd37e..8efdcd88075 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -2,7 +2,7 @@ Unix SMB/CIFS implementation. Authentication utility functions Copyright (C) Andrew Tridgell 1992-1998 - Copyright (C) Andrew Bartlett 2001 + Copyright (C) Andrew Bartlett 2001-2010 Copyright (C) Jeremy Allison 2000-2001 Copyright (C) Rafal Szczesniak 2002 Copyright (C) Stefan Metzmacher 2005 @@ -31,127 +31,17 @@ #include "auth/session_proto.h" _PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, - struct tevent_context *event_ctx, struct loadparm_context *lp_ctx) { NTSTATUS nt_status; struct auth_session_info *session_info = NULL; - nt_status = auth_anonymous_session_info(mem_ctx, event_ctx, lp_ctx, &session_info); + nt_status = auth_anonymous_session_info(mem_ctx, lp_ctx, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { return NULL; } return session_info; } -_PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, - struct tevent_context *event_ctx, - struct loadparm_context *lp_ctx, - struct auth_session_info **_session_info) -{ - NTSTATUS nt_status; - struct auth_serversupplied_info *server_info = NULL; - struct auth_session_info *session_info = NULL; - TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); - - nt_status = auth_anonymous_server_info(mem_ctx, - lp_netbios_name(lp_ctx), - &server_info); - if (!NT_STATUS_IS_OK(nt_status)) { - talloc_free(mem_ctx); - return nt_status; - } - - /* references the server_info into the session_info */ - nt_status = auth_generate_session_info(parent_ctx, event_ctx, lp_ctx, server_info, &session_info); - talloc_free(mem_ctx); - - NT_STATUS_NOT_OK_RETURN(nt_status); - - session_info->credentials = cli_credentials_init(session_info); - if (!session_info->credentials) { - return NT_STATUS_NO_MEMORY; - } - - cli_credentials_set_conf(session_info->credentials, lp_ctx); - cli_credentials_set_anonymous(session_info->credentials); - - *_session_info = session_info; - - return NT_STATUS_OK; -} - -_PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, - const char *netbios_name, - struct auth_serversupplied_info **_server_info) -{ - struct auth_serversupplied_info *server_info; - server_info = talloc(mem_ctx, struct auth_serversupplied_info); - NT_STATUS_HAVE_NO_MEMORY(server_info); - - server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS); - NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid); - - /* is this correct? */ - server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_GUESTS); - NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid); - - server_info->n_domain_groups = 0; - server_info->domain_groups = NULL; - - /* annoying, but the Anonymous really does have a session key... */ - server_info->user_session_key = data_blob_talloc(server_info, NULL, 16); - NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data); - - server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16); - NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data); - - /* and it is all zeros! */ - data_blob_clear(&server_info->user_session_key); - data_blob_clear(&server_info->lm_session_key); - - server_info->account_name = talloc_strdup(server_info, "ANONYMOUS LOGON"); - NT_STATUS_HAVE_NO_MEMORY(server_info->account_name); - - server_info->domain_name = talloc_strdup(server_info, "NT AUTHORITY"); - NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name); - - server_info->full_name = talloc_strdup(server_info, "Anonymous Logon"); - NT_STATUS_HAVE_NO_MEMORY(server_info->full_name); - - server_info->logon_script = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script); - - server_info->profile_path = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path); - - server_info->home_directory = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory); - - server_info->home_drive = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive); - - server_info->logon_server = talloc_strdup(server_info, netbios_name); - NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server); - - server_info->last_logon = 0; - server_info->last_logoff = 0; - server_info->acct_expiry = 0; - server_info->last_password_change = 0; - server_info->allow_password_change = 0; - server_info->force_password_change = 0; - - server_info->logon_count = 0; - server_info->bad_password_count = 0; - - server_info->acct_flags = ACB_NORMAL; - - server_info->authenticated = false; - - *_server_info = server_info; - - return NT_STATUS_OK; -} - _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, struct tevent_context *event_ctx, struct loadparm_context *lp_ctx, diff --git a/source4/auth/session.h b/source4/auth/session.h index 2a5a8f10986..e988855a155 100644 --- a/source4/auth/session.h +++ b/source4/auth/session.h @@ -54,12 +54,10 @@ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, struct auth_session_info **_session_info) ; NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, - struct tevent_context *ev_ctx, struct loadparm_context *lp_ctx, struct auth_session_info **_session_info); struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, - struct tevent_context *event_ctx, struct loadparm_context *lp_ctx); struct auth_session_info *admin_session(TALLOC_CTX *mem_ctx, diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c index a1b04604a6d..9b9268de957 100644 --- a/source4/auth/system_session.c +++ b/source4/auth/system_session.c @@ -2,7 +2,7 @@ Unix SMB/CIFS implementation. Authentication utility functions Copyright (C) Andrew Tridgell 1992-1998 - Copyright (C) Andrew Bartlett 2001 + Copyright (C) Andrew Bartlett 2001-2010 Copyright (C) Jeremy Allison 2000-2001 Copyright (C) Rafal Szczesniak 2002 Copyright (C) Stefan Metzmacher 2005 @@ -114,9 +114,9 @@ static NTSTATUS create_token(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_ERROR; } -static NTSTATUS generate_session_info(TALLOC_CTX *mem_ctx, - struct auth_serversupplied_info *server_info, - struct auth_session_info **_session_info) +static NTSTATUS generate_simple_session_info(TALLOC_CTX *mem_ctx, + struct auth_serversupplied_info *server_info, + struct auth_session_info **_session_info) { struct auth_session_info *session_info; NTSTATUS nt_status; @@ -197,7 +197,7 @@ static NTSTATUS _auth_system_session_info(TALLOC_CTX *parent_ctx, } /* references the server_info into the session_info */ - nt_status = generate_session_info(parent_ctx, server_info, &session_info); + nt_status = generate_simple_session_info(parent_ctx, server_info, &session_info); talloc_free(mem_ctx); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -509,3 +509,112 @@ _PUBLIC_ struct auth_session_info *admin_session(TALLOC_CTX *mem_ctx, struct loa } return session_info; } + +_PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, + struct loadparm_context *lp_ctx, + struct auth_session_info **_session_info) +{ + NTSTATUS nt_status; + struct auth_serversupplied_info *server_info = NULL; + struct auth_session_info *session_info = NULL; + TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); + + nt_status = auth_anonymous_server_info(mem_ctx, + lp_netbios_name(lp_ctx), + &server_info); + if (!NT_STATUS_IS_OK(nt_status)) { + talloc_free(mem_ctx); + return nt_status; + } + + /* references the server_info into the session_info */ + nt_status = generate_simple_session_info(parent_ctx, server_info, &session_info); + talloc_free(mem_ctx); + + NT_STATUS_NOT_OK_RETURN(nt_status); + + session_info->credentials = cli_credentials_init(session_info); + if (!session_info->credentials) { + return NT_STATUS_NO_MEMORY; + } + + cli_credentials_set_conf(session_info->credentials, lp_ctx); + cli_credentials_set_anonymous(session_info->credentials); + + *_session_info = session_info; + + return NT_STATUS_OK; +} + +_PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, + const char *netbios_name, + struct auth_serversupplied_info **_server_info) +{ + struct auth_serversupplied_info *server_info; + server_info = talloc(mem_ctx, struct auth_serversupplied_info); + NT_STATUS_HAVE_NO_MEMORY(server_info); + + server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS); + NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid); + + /* is this correct? */ + server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_GUESTS); + NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid); + + server_info->n_domain_groups = 0; + server_info->domain_groups = NULL; + + /* annoying, but the Anonymous really does have a session key... */ + server_info->user_session_key = data_blob_talloc(server_info, NULL, 16); + NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data); + + server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16); + NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data); + + /* and it is all zeros! */ + data_blob_clear(&server_info->user_session_key); + data_blob_clear(&server_info->lm_session_key); + + server_info->account_name = talloc_strdup(server_info, "ANONYMOUS LOGON"); + NT_STATUS_HAVE_NO_MEMORY(server_info->account_name); + + server_info->domain_name = talloc_strdup(server_info, "NT AUTHORITY"); + NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name); + + server_info->full_name = talloc_strdup(server_info, "Anonymous Logon"); + NT_STATUS_HAVE_NO_MEMORY(server_info->full_name); + + server_info->logon_script = talloc_strdup(server_info, ""); + NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script); + + server_info->profile_path = talloc_strdup(server_info, ""); + NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path); + + server_info->home_directory = talloc_strdup(server_info, ""); + NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory); + + server_info->home_drive = talloc_strdup(server_info, ""); + NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive); + + server_info->logon_server = talloc_strdup(server_info, netbios_name); + NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server); + + server_info->last_logon = 0; + server_info->last_logoff = 0; + server_info->acct_expiry = 0; + server_info->last_password_change = 0; + server_info->allow_password_change = 0; + server_info->force_password_change = 0; + + server_info->logon_count = 0; + server_info->bad_password_count = 0; + + server_info->acct_flags = ACB_NORMAL; + + server_info->authenticated = false; + + *_server_info = server_info; + + return NT_STATUS_OK; +} + diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 28e6f21f3d9..92c549ecd2a 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -442,7 +442,7 @@ static void ldapsrv_accept_nonpriv(struct stream_connection *c) NTSTATUS status; status = auth_anonymous_session_info( - c, c->event.ctx, ldapsrv_service->task->lp_ctx, &session_info); + c, ldapsrv_service->task->lp_ctx, &session_info); if (!NT_STATUS_IS_OK(status)) { stream_terminate_connection(c, "failed to setup anonymous " "session info"); diff --git a/source4/rpc_server/common/server_info.c b/source4/rpc_server/common/server_info.c index 2906b89ef12..d6e11edd001 100644 --- a/source4/rpc_server/common/server_info.c +++ b/source4/rpc_server/common/server_info.c @@ -95,7 +95,7 @@ uint32_t dcesrv_common_get_server_type(TALLOC_CTX *mem_ctx, struct tevent_contex break; } /* open main ldb */ - samctx = samdb_connect(tmp_ctx, event_ctx, dce_ctx->lp_ctx, anonymous_session(tmp_ctx, event_ctx, dce_ctx->lp_ctx)); + samctx = samdb_connect(tmp_ctx, event_ctx, dce_ctx->lp_ctx, anonymous_session(tmp_ctx, dce_ctx->lp_ctx)); if (samctx == NULL) { DEBUG(2,("Unable to open samdb in determining server announce flags\n")); } else { diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c index ac760fd9a6d..6485d9ef97d 100644 --- a/source4/rpc_server/service_rpc.c +++ b/source4/rpc_server/service_rpc.c @@ -342,7 +342,6 @@ static void dcesrv_sock_accept(struct stream_connection *srv_conn) if (!srv_conn->session_info) { status = auth_anonymous_session_info(srv_conn, - srv_conn->event.ctx, lp_ctx, &srv_conn->session_info); if (!NT_STATUS_IS_OK(status)) {