s4:rpc_server: Hide gensec prepare behind function pointer

This function will be different for s3 and s4

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 3b432f7484ca1a534d44da302de62cf5982c1e02..fc8979deaa43e5911ec466da39b780d47ead2650 100644 (file)
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -23,6 +23,7 @@
 #include "includes.h"
 #include "auth/auth.h"
 #include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
 #include "lib/util/dlinklist.h"
 #include "rpc_server/dcerpc_server.h"
 #include "rpc_server/dcerpc_server_proto.h"
@@ -3436,3 +3437,38 @@ void log_successful_dcesrv_authz_event(struct dcesrv_call_state *call)
 
        auth->auth_audited = true;
 }
+
+NTSTATUS dcesrv_gensec_prepare(TALLOC_CTX *mem_ctx,
+                              struct dcesrv_call_state *call,
+                              struct gensec_security **out)
+{
+       struct cli_credentials *server_creds = NULL;
+       struct imessaging_context *imsg_ctx =
+               dcesrv_imessaging_context(call->conn);
+       NTSTATUS status;
+
+       server_creds = cli_credentials_init(call->auth_state);
+       if (!server_creds) {
+               DEBUG(1, ("Failed to init server credentials\n"));
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       cli_credentials_set_conf(server_creds, call->conn->dce_ctx->lp_ctx);
+
+       status = cli_credentials_set_machine_account(server_creds,
+                                               call->conn->dce_ctx->lp_ctx);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(1, ("Failed to obtain server credentials: %s\n",
+                         nt_errstr(status)));
+               talloc_free(server_creds);
+               return status;
+       }
+
+       return samba_server_gensec_start(mem_ctx,
+                                        call->event_ctx,
+                                        imsg_ctx,
+                                        call->conn->dce_ctx->lp_ctx,
+                                        server_creds,
+                                        NULL,
+                                        out);
+}

diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index 614c93bf50e0813d7290aa04d105cc2f2a6e1e83..18956524f6fb78e398e78afb80df3c4378fc4ab7 100644 (file)
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -38,6 +38,7 @@ struct dcesrv_call_state;
 struct dcesrv_auth;
 struct dcesrv_connection_context;
 struct dcesrv_iface_state;
+struct cli_credentials;
 
 struct dcesrv_interface {
        const char *name;
@@ -367,6 +368,11 @@ struct dcesrv_context_callbacks {
        struct {
                void (*successful_authz)(struct dcesrv_call_state *);
        } log;
+       struct {
+               NTSTATUS (*gensec_prepare)(TALLOC_CTX *mem_ctx,
+                                       struct dcesrv_call_state *call,
+                                       struct gensec_security **out);
+       } auth;
 };
 
 /* server-wide context information for the dcerpc server */

diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 73576dc45d0988b80e85fff27267d3ad37fc690a..87bc76d2780a377175d55c51d3ce87330a405eaf 100644 (file)
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -78,11 +78,8 @@ static NTSTATUS dcesrv_auth_negotiate_hdr_signing(struct dcesrv_call_state *call
 
 static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call)
 {
-       struct cli_credentials *server_credentials = NULL;
        struct dcesrv_connection *dce_conn = call->conn;
        struct dcesrv_auth *auth = call->auth_state;
-       struct imessaging_context *imsg_ctx =
-               dcesrv_imessaging_context(call->conn);
        NTSTATUS status;
 
        if (auth->auth_started) {
@@ -131,28 +128,9 @@ static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call)
        auth->auth_level = call->in_auth_info.auth_level;
        auth->auth_context_id = call->in_auth_info.auth_context_id;
 
-       server_credentials 
-               = cli_credentials_init(auth);
-       if (!server_credentials) {
-               DEBUG(1, ("Failed to init server credentials\n"));
-               return false;
-       }
-       
-       cli_credentials_set_conf(server_credentials, call->conn->dce_ctx->lp_ctx);
-       status = cli_credentials_set_machine_account(server_credentials, call->conn->dce_ctx->lp_ctx);
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(1, ("Failed to obtain server credentials: %s\n",
-                         nt_errstr(status)));
-               return false;
-       }
-
-       status = samba_server_gensec_start(auth,
-                                          call->event_ctx,
-                                          imsg_ctx,
-                                          call->conn->dce_ctx->lp_ctx,
-                                          server_credentials,
-                                          NULL,
-                                          &auth->gensec_security);
+       status = call->conn->dce_ctx->callbacks.auth.gensec_prepare(auth,
+                                               call,
+                                               &auth->gensec_security);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(1, ("Failed to call samba_server_gensec_start %s\n",
                          nt_errstr(status)));

diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c
index efb3feabcdd17c5d56a3c5993fa1a53b67ea8fb2..778d7b964a9c5f478712f6389e215671508c48f0 100644 (file)
--- a/source4/rpc_server/service_rpc.c
+++ b/source4/rpc_server/service_rpc.c
@@ -42,6 +42,7 @@
 
 struct dcesrv_context_callbacks srv_callbacks = {
        .log.successful_authz = log_successful_dcesrv_authz_event,
+       .auth.gensec_prepare = dcesrv_gensec_prepare,
 };
 
 /*

diff --git a/source4/torture/rpc/spoolss_notify.c b/source4/torture/rpc/spoolss_notify.c
index bed049bca86b36c8a2032189e66d9ac38bccc1f4..91f9f92b7d8f90756241b809a660c98cacd66a40 100644 (file)
--- a/source4/torture/rpc/spoolss_notify.c
+++ b/source4/torture/rpc/spoolss_notify.c
@@ -36,6 +36,7 @@
 
 struct dcesrv_context_callbacks srv_cb = {
        .log.successful_authz = log_successful_dcesrv_authz_event,
+       .auth.gensec_prepare = dcesrv_gensec_prepare,
 };
 
 static NTSTATUS spoolss__op_bind(struct dcesrv_connection_context *context,