s4:rpc_server: only pass dcesrv_auth to auth_state.session_key_fn()
[samba.git] / source4 / rpc_server / dcerpc_server.c
index b900623b62771069a540cff3daafa3df1a80b664..7ceaf03c673eaa3ad1e3c14e9eba1f771afa4f20 100644 (file)
@@ -459,14 +459,57 @@ _PUBLIC_ NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
        return NT_STATUS_OK;
 }
 
+static NTSTATUS dcesrv_session_info_session_key(struct dcesrv_auth *auth,
+                                               DATA_BLOB *session_key)
+{
+       if (auth->session_info == NULL) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
+       if (auth->session_info->session_key.length == 0) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
+       *session_key = auth->session_info->session_key;
+       return NT_STATUS_OK;
+}
+
+static NTSTATUS dcesrv_remote_session_key(struct dcesrv_auth *auth,
+                                         DATA_BLOB *session_key)
+{
+       if (auth->auth_type != DCERPC_AUTH_TYPE_NONE) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
+       return dcesrv_session_info_session_key(auth, session_key);
+}
+
+static NTSTATUS dcesrv_local_fixed_session_key(struct dcesrv_auth *auth,
+                                              DATA_BLOB *session_key)
+{
+       return dcerpc_generic_session_key(NULL, session_key);
+}
+
 NTSTATUS dcesrv_inherited_session_key(struct dcesrv_connection *p,
                                      DATA_BLOB *session_key)
 {
-       if (p->auth_state.session_info->session_key.length) {
-               *session_key = p->auth_state.session_info->session_key;
-               return NT_STATUS_OK;
-       }
-       return NT_STATUS_NO_USER_SESSION_KEY;
+       struct dcesrv_auth *auth = &p->auth_state;
+
+       return dcesrv_remote_session_key(auth, session_key);
+}
+
+/*
+ * Fetch the authentication session key if available.
+ *
+ * This is the key generated by a gensec authentication.
+ *
+ */
+_PUBLIC_ NTSTATUS dcesrv_auth_session_key(struct dcesrv_call_state *call,
+                                         DATA_BLOB *session_key)
+{
+       struct dcesrv_auth *auth = &call->conn->auth_state;
+
+       return dcesrv_session_info_session_key(auth, session_key);
 }
 
 /*
@@ -477,7 +520,14 @@ NTSTATUS dcesrv_inherited_session_key(struct dcesrv_connection *p,
 _PUBLIC_ NTSTATUS dcesrv_fetch_session_key(struct dcesrv_connection *p,
                                  DATA_BLOB *session_key)
 {
-       NTSTATUS status = p->auth_state.session_key(p, session_key);
+       struct dcesrv_auth *auth = &p->auth_state;
+       NTSTATUS status;
+
+       if (auth->session_key_fn == NULL) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
+       }
+
+       status = auth->session_key_fn(auth, session_key);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -487,10 +537,23 @@ _PUBLIC_ NTSTATUS dcesrv_fetch_session_key(struct dcesrv_connection *p,
        return NT_STATUS_OK;
 }
 
+/*
+ * Fetch the transport session key if available.
+ * Typically this is the SMB session key
+ * or a fixed key for local transports.
+ *
+ * The key is always truncated to 16 bytes.
+*/
+_PUBLIC_ NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call,
+                                              DATA_BLOB *session_key)
+{
+       return dcesrv_fetch_session_key(call->conn, session_key);
+}
+
 /*
   connect to a dcerpc endpoint
 */
-_PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
+static NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
                                 TALLOC_CTX *mem_ctx,
                                 const struct dcesrv_endpoint *ep,
                                 struct auth_session_info *session_info,
@@ -500,6 +563,8 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
                                 uint32_t state_flags,
                                 struct dcesrv_connection **_p)
 {
+       enum dcerpc_transport_t transport =
+               dcerpc_binding_get_transport(ep->ep_description);
        struct dcesrv_connection *p;
 
        if (!session_info) {
@@ -517,8 +582,6 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
        p->dce_ctx = dce_ctx;
        p->endpoint = ep;
        p->packet_log_dir = lpcfg_lock_directory(dce_ctx->lp_ctx);
-       p->auth_state.session_info = session_info;
-       p->auth_state.session_key = dcesrv_generic_session_key;
        p->event_ctx = event_ctx;
        p->msg_ctx = msg_ctx;
        p->server_id = server_id;
@@ -528,6 +591,23 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
        p->max_xmit_frag = 5840;
        p->max_total_request_size = DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE;
 
+       p->auth_state.session_info = session_info;
+       switch (transport) {
+       case NCACN_NP:
+               p->auth_state.session_key_fn = dcesrv_remote_session_key;
+               break;
+       case NCALRPC:
+       case NCACN_UNIX_STREAM:
+               p->auth_state.session_key_fn = dcesrv_local_fixed_session_key;
+               break;
+       default:
+               /*
+                * All other's get a NULL pointer, which
+                * results in NT_STATUS_NO_USER_SESSION_KEY
+                */
+               break;
+       }
+
        /*
         * For now we only support NDR32.
         */
@@ -2661,7 +2741,6 @@ static void dcesrv_sock_accept(struct stream_connection *srv_conn)
        }
 
        if (transport == NCACN_NP) {
-               dcesrv_conn->auth_state.session_key = dcesrv_inherited_session_key;
                dcesrv_conn->stream = talloc_move(dcesrv_conn,
                                                  &srv_conn->tstream);
        } else {
@@ -2723,8 +2802,6 @@ static void dcesrv_sock_accept(struct stream_connection *srv_conn)
 
        srv_conn->private_data = dcesrv_conn;
 
-       irpc_add_name(srv_conn->msg_ctx, "rpc_server");
-
        subreq = dcerpc_read_ncacn_packet_send(dcesrv_conn,
                                               dcesrv_conn->event_ctx,
                                               dcesrv_conn->stream);
@@ -3167,3 +3244,11 @@ _PUBLIC_ const char *dcesrv_call_account_name(struct dcesrv_call_state *dce_call
 {
        return dce_call->context->conn->auth_state.session_info->info->account_name;
 }
+
+/**
+ * retrieve session_info from a dce_call
+ */
+_PUBLIC_ struct auth_session_info *dcesrv_call_session_info(struct dcesrv_call_state *dce_call)
+{
+       return dce_call->context->conn->auth_state.session_info;
+}