git.samba.org / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
winbindd: Do not use group_list->out.resume_index after free
[samba.git] / source4 / winbind / wb_connect_lsa.c
diff --git a/source4/winbind/wb_connect_lsa.c b/source4/winbind/wb_connect_lsa.c
index d5222a685460dff5bc66821b061f1e35594e5261..3bf02a0ed09766c794117bfa1913fe01719f703c 100644 (file)
--- a/source4/winbind/wb_connect_lsa.c
+++ b/source4/winbind/wb_connect_lsa.c
@@ -5,10 +5,11 @@
    credentials. Try ntlmssp, schannel and anon in that order.
 
    Copyright (C) Volker Lendecke 2005
    credentials. Try ntlmssp, schannel and anon in that order.
 
    Copyright (C) Volker Lendecke 2005
-   
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    
    This program is distributed in the hope that it will be useful,
    (at your option) any later version.
    
    This program is distributed in the hope that it will be useful,
@@ -17,15 +18,15 @@
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "includes.h"
 #include "libcli/composite/composite.h"
 
 */
 
 #include "includes.h"
 #include "libcli/composite/composite.h"
 
-#include "libcli/raw/libcliraw.h"
-#include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "winbind/wb_server.h"
+#include "smbd/service_task.h"
 
 /* Helper to initialize LSA with a specific auth methods. Verify by opening
  * the LSA policy. */
 
 /* Helper to initialize LSA with a specific auth methods. Verify by opening
  * the LSA policy. */
@@ -43,37 +44,30 @@ struct init_lsa_state {
 };
 
 static void init_lsa_recv_pipe(struct composite_context *ctx);
 };
 
 static void init_lsa_recv_pipe(struct composite_context *ctx);
-static void init_lsa_recv_openpol(struct rpc_request *req);
+static void init_lsa_recv_openpol(struct tevent_req *subreq);
 
 struct composite_context *wb_init_lsa_send(TALLOC_CTX *mem_ctx,
 
 struct composite_context *wb_init_lsa_send(TALLOC_CTX *mem_ctx,
-                                          struct smbcli_tree *tree,
-                                          uint8_t auth_type,
-                                          struct cli_credentials *creds)
+                                          struct wbsrv_domain *domain)
 {
        struct composite_context *result, *ctx;
        struct init_lsa_state *state;
 
 {
        struct composite_context *result, *ctx;
        struct init_lsa_state *state;
 
-       result = talloc(mem_ctx, struct composite_context);
+       result = composite_create(mem_ctx, domain->service->task->event_ctx);
        if (result == NULL) goto failed;
        if (result == NULL) goto failed;
-       result->state = COMPOSITE_STATE_IN_PROGRESS;
-       result->async.fn = NULL;
-       result->event_ctx = tree->session->transport->socket->event.ctx;
 
        state = talloc(result, struct init_lsa_state);
        if (state == NULL) goto failed;
        state->ctx = result;
        result->private_data = state;
 
 
        state = talloc(result, struct init_lsa_state);
        if (state == NULL) goto failed;
        state->ctx = result;
        result->private_data = state;
 
-       state->auth_type = auth_type;
-       state->creds = creds;
-
-       state->lsa_pipe = dcerpc_pipe_init(state, result->event_ctx);
-       if (state->lsa_pipe == NULL) goto failed;
-
-       ctx = dcerpc_pipe_open_smb_send(state->lsa_pipe->conn, tree,
-                                       "\\lsarpc");
-       ctx->async.fn = init_lsa_recv_pipe;
-       ctx->async.private_data = state;
+       /* this will make the secondary connection on the same IPC$ share, 
+          secured with SPNEGO or NTLMSSP */
+       ctx = dcerpc_secondary_auth_connection_send(domain->netlogon_pipe,
+                                                   domain->lsa_binding,
+                                                   &ndr_table_lsarpc,
+                                                   domain->libnet_ctx->cred,
+                                                   domain->libnet_ctx->lp_ctx);
+       composite_continue(state->ctx, ctx, init_lsa_recv_pipe, state);
        return result;
        
  failed:
        return result;
        
  failed:
@@ -86,36 +80,11 @@ static void init_lsa_recv_pipe(struct composite_context *ctx)
        struct init_lsa_state *state =
                talloc_get_type(ctx->async.private_data,
                                struct init_lsa_state);
        struct init_lsa_state *state =
                talloc_get_type(ctx->async.private_data,
                                struct init_lsa_state);
-       struct rpc_request *req;
+       struct tevent_req *subreq;
 
 
-       state->ctx->status = dcerpc_pipe_open_smb_recv(ctx);
+       state->ctx->status = dcerpc_secondary_auth_connection_recv(ctx, state,
+                                                                  &state->lsa_pipe);
        if (!composite_is_ok(state->ctx)) return;
        if (!composite_is_ok(state->ctx)) return;
-
-       switch (state->auth_type) {
-       case DCERPC_AUTH_TYPE_NONE:
-               state->ctx->status =
-                       dcerpc_bind_auth_none(state->lsa_pipe,
-                                             DCERPC_LSARPC_UUID,
-                                             DCERPC_LSARPC_VERSION);
-               break;
-       case DCERPC_AUTH_TYPE_NTLMSSP:
-       case DCERPC_AUTH_TYPE_SCHANNEL:
-               if (state->creds == NULL) {
-                       composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR);
-                       return;
-               }
-               state->lsa_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
-               state->ctx->status =
-                       dcerpc_bind_auth(state->lsa_pipe,
-                                        DCERPC_LSARPC_UUID,
-                                        DCERPC_LSARPC_VERSION,
-                                        state->creds, state->auth_type,
-                                        NULL);
-               break;
-       default:
-               state->ctx->status = NT_STATUS_INTERNAL_ERROR;
-               
-       }
                        
        state->handle = talloc(state, struct policy_handle);
        if (composite_nomem(state->handle, state->ctx)) return;
                        
        state->handle = talloc(state, struct policy_handle);
        if (composite_nomem(state->handle, state->ctx)) return;
@@ -128,18 +97,22 @@ static void init_lsa_recv_pipe(struct composite_context *ctx)
        state->openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
        state->openpolicy.out.handle = state->handle;
 
        state->openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
        state->openpolicy.out.handle = state->handle;
 
-       req = dcerpc_lsa_OpenPolicy2_send(state->lsa_pipe, state,
-                                         &state->openpolicy);
-       composite_continue_rpc(state->ctx, req, init_lsa_recv_openpol, state);
+       subreq = dcerpc_lsa_OpenPolicy2_r_send(state,
+                                              state->ctx->event_ctx,
+                                              state->lsa_pipe->binding_handle,
+                                              &state->openpolicy);
+       if (composite_nomem(subreq, state->ctx)) return;
+       tevent_req_set_callback(subreq, init_lsa_recv_openpol, state);
 }
 
 }
 
-static void init_lsa_recv_openpol(struct rpc_request *req)
+static void init_lsa_recv_openpol(struct tevent_req *subreq)
 {
        struct init_lsa_state *state =
 {
        struct init_lsa_state *state =
-               talloc_get_type(req->async.private,
-                               struct init_lsa_state);
+               tevent_req_callback_data(subreq,
+               struct init_lsa_state);
 
 
-       state->ctx->status = dcerpc_ndr_request_recv(req);
+       state->ctx->status = dcerpc_lsa_OpenPolicy2_r_recv(subreq, state);
+       TALLOC_FREE(subreq);
        if (!composite_is_ok(state->ctx)) return;
        state->ctx->status = state->openpolicy.out.result;
        if (!composite_is_ok(state->ctx)) return;
        if (!composite_is_ok(state->ctx)) return;
        state->ctx->status = state->openpolicy.out.result;
        if (!composite_is_ok(state->ctx)) return;
@@ -164,153 +137,3 @@ NTSTATUS wb_init_lsa_recv(struct composite_context *c,
        return status;
 }
 
        return status;
 }
 
-
-/*
- * Connect to LSA using the credentials, try NTLMSSP and SCHANNEL using the
- * given credentials. If both fail or no credentials are available, fall back
- * to an anonymous bind.
- */
-
-struct connect_lsa_state {
-       struct composite_context *ctx;
-       struct smbcli_tree *tree;
-       struct cli_credentials *credentials;
-
-       uint8_t auth_type;
-       struct dcerpc_pipe *lsa_pipe;
-       struct policy_handle *lsa_policy;
-};
-
-static void connect_lsa_recv_ntlmssp(struct composite_context *ctx);
-static void connect_lsa_recv_schannel(struct composite_context *ctx);
-static void connect_lsa_recv_anon(struct composite_context *ctx);
-
-struct composite_context *wb_connect_lsa_send(TALLOC_CTX *mem_ctx,
-                                             struct smbcli_tree *tree,
-                                             struct cli_credentials *credentials)
-{
-       struct composite_context *result, *ctx;
-       struct connect_lsa_state *state;
-
-       result = talloc(mem_ctx, struct composite_context);
-       if (result == NULL) goto failed;
-       result->state = COMPOSITE_STATE_IN_PROGRESS;
-       result->async.fn = NULL;
-       result->event_ctx = tree->session->transport->socket->event.ctx;
-
-       state = talloc(result, struct connect_lsa_state);
-       if (state == NULL) goto failed;
-       state->ctx = result;
-       result->private_data = state;
-
-       state->tree = tree;
-       state->credentials = credentials;
-
-       if (credentials == NULL) {
-               ctx = wb_init_lsa_send(state, tree, DCERPC_AUTH_TYPE_NONE,
-                                      NULL);
-               if (ctx == NULL) goto failed;
-               ctx->async.fn = connect_lsa_recv_anon;
-               ctx->async.private_data = state;
-               return result;
-       }
-
-       ctx = wb_init_lsa_send(state, tree, DCERPC_AUTH_TYPE_NTLMSSP,
-                              credentials);
-       if (ctx == NULL) goto failed;
-       ctx->async.fn = connect_lsa_recv_ntlmssp;
-       ctx->async.private_data = state;
-       return result;
-
- failed:
-       talloc_free(result);
-       return NULL;
-}
-
-static void connect_lsa_recv_ntlmssp(struct composite_context *ctx)
-{
-       struct connect_lsa_state *state =
-               talloc_get_type(ctx->async.private_data,
-                               struct connect_lsa_state);
-
-       state->ctx->status = wb_init_lsa_recv(ctx, state, &state->lsa_pipe,
-                                             &state->lsa_policy);
-
-       if (NT_STATUS_IS_OK(state->ctx->status)) {
-               state->auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
-               composite_done(state->ctx);
-               return;
-       }
-
-       ctx = wb_init_lsa_send(state, state->tree, DCERPC_AUTH_TYPE_SCHANNEL,
-                              state->credentials);
-       composite_continue(state->ctx, ctx,
-                          connect_lsa_recv_schannel, state);
-}
-
-static void connect_lsa_recv_schannel(struct composite_context *ctx)
-{
-       struct connect_lsa_state *state =
-               talloc_get_type(ctx->async.private_data,
-                               struct connect_lsa_state);
-
-       state->ctx->status = wb_init_lsa_recv(ctx, state, &state->lsa_pipe,
-                                             &state->lsa_policy);
-
-       if (NT_STATUS_IS_OK(state->ctx->status)) {
-               state->auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
-               composite_done(state->ctx);
-               return;
-       }
-
-       ctx = wb_init_lsa_send(state, state->tree, DCERPC_AUTH_TYPE_NONE,
-                              state->credentials);
-       composite_continue(state->ctx, ctx,
-                          connect_lsa_recv_anon, state);
-}
-
-static void connect_lsa_recv_anon(struct composite_context *ctx)
-{
-       struct connect_lsa_state *state =
-               talloc_get_type(ctx->async.private_data,
-                               struct connect_lsa_state);
-
-       state->ctx->status = wb_init_lsa_recv(ctx, state, &state->lsa_pipe,
-                                             &state->lsa_policy);
-       if (!composite_is_ok(state->ctx)) return;
-
-       state->auth_type = DCERPC_AUTH_TYPE_NONE;
-       composite_done(state->ctx);
-}
-
-NTSTATUS wb_connect_lsa_recv(struct composite_context *c,
-                            TALLOC_CTX *mem_ctx,
-                            uint8_t *auth_type,
-                            struct dcerpc_pipe **lsa_pipe,
-                            struct policy_handle **lsa_policy)
-{
-       NTSTATUS status = composite_wait(c);
-       if (NT_STATUS_IS_OK(status)) {
-               struct connect_lsa_state *state =
-                       talloc_get_type(c->private_data,
-                                       struct connect_lsa_state);
-               *auth_type = state->auth_type;
-               *lsa_pipe = talloc_steal(mem_ctx, state->lsa_pipe);
-               *lsa_policy = talloc_steal(mem_ctx, state->lsa_policy);
-       }
-       talloc_free(c);
-       return status;
-}
-
-NTSTATUS wb_connect_lsa(TALLOC_CTX *mem_ctx,
-                       struct smbcli_tree *tree,
-                       struct cli_credentials *credentials,
-                       uint8_t *auth_type,
-                       struct dcerpc_pipe **lsa_pipe,
-                       struct policy_handle **lsa_policy)
-{
-       struct composite_context *c;
-       c = wb_connect_lsa_send(mem_ctx, tree, credentials);
-       return wb_connect_lsa_recv(c, mem_ctx, auth_type, lsa_pipe,
-                                  lsa_policy);
-}
Samba Shared Repository