auth: Move auth_session_info into IDL

This changes auth_session_info_transport to just be a wrapper, rather
than a copy that has to be kept in sync.

As auth_session_info was already wrapped in python, this required
changes to the existing pyauth wrapper and it's users.

Andrew Bartlett

diff --git a/libcli/security/session.h b/libcli/security/session.h
index 1f0d4861078666bfbc444cf93277591a3680cf6c..ee9187d2c9be870436f102979616bdee0030b4ca 100644 (file)
--- a/libcli/security/session.h
+++ b/libcli/security/session.h
@@ -35,16 +35,7 @@ struct cli_credentials;
 struct security_token;
 struct auth_user_info;
 struct auth_user_info_torture;
 struct security_token;
 struct auth_user_info;
 struct auth_user_info_torture;

-
-struct auth_session_info {
-       struct security_token *security_token;
-       struct security_unix_token *unix_token;
-       struct auth_user_info *info;
-       struct auth_user_info_unix *unix_info;
-       struct auth_user_info_torture *torture;
-       DATA_BLOB session_key;
-       struct cli_credentials *credentials;
-};
+struct auth_session_info;

 
 enum security_user_level security_session_user_level(struct auth_session_info *session_info,
                                                     const struct dom_sid *domain_sid);
 
 enum security_user_level security_session_user_level(struct auth_session_info *session_info,
                                                     const struct dom_sid *domain_sid);

diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl
index 7b4556a6d7293bd2c9c9e9947e6e0a3a8a48f61f..904becac612f4ce1b0c49dfe1eadb3614508c772 100644 (file)
--- a/librpc/idl/auth.idl
+++ b/librpc/idl/auth.idl
@@ -1,10 +1,20 @@
 #include "idl_types.h"
 
 /*
 #include "idl_types.h"
 
 /*

-  security IDL structures
+  Authentication IDL structures
+
+  These are NOT public network structures, but it is helpful to define
+  these things in IDL. They may change without ABI breakage or
+  warning.
+

 */
 
 import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";
 */
 
 import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";

+[
+       pyhelper("librpc/ndr/py_auth.c"),
+       helper("../librpc/ndr/ndr_auth.h"),
+       helpstring("internal Samba authentication structures")
+]

 
 interface auth
 {
 
 interface auth
 {


@@ -79,7 +89,13 @@ interface auth
                security_unix_token *unix_token;
                auth_user_info *info;
                auth_user_info_unix *unix_info;
                security_unix_token *unix_token;
                auth_user_info *info;
                auth_user_info_unix *unix_info;

+               [value(NULL), ignore] auth_user_info_torture *torture;

                DATA_BLOB session_key;
                DATA_BLOB session_key;

+               [value(NULL), ignore] cli_credentials *credentials;
+       } auth_session_info;
+
+       typedef [public] struct {
+               auth_session_info *session_info;

                DATA_BLOB exported_gssapi_credentials;
        } auth_session_info_transport;
 }
                DATA_BLOB exported_gssapi_credentials;
        } auth_session_info_transport;
 }

diff --git a/librpc/ndr/ndr_auth.c b/librpc/ndr/ndr_auth.c
new file mode 100644 (file)
index 0000000..5252d80
--- /dev/null
+++ b/librpc/ndr/ndr_auth.c
@@ -0,0 +1,44 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Helper routines for marshalling the internal 'auth.idl'
+
+   Copyright (C) Andrew Bartlett 2011
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/ndr/ndr_auth.h"
+#include "librpc/ndr/libndr.h"
+
+_PUBLIC_ void ndr_print_cli_credentials(struct ndr_print *ndr, const char *name, struct cli_credentials *v)
+{
+       ndr->print(ndr, "%-25s: NULL", name);
+}
+
+/*
+  cli_credentials does not have a network representation, just pull/push a NULL pointer
+*/
+_PUBLIC_ enum ndr_err_code ndr_pull_cli_credentials(struct ndr_pull *ndr, int ndr_flags, struct cli_credentials *v)
+{
+       return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_cli_credentials(struct ndr_push *ndr, int ndr_flags, struct cli_credentials *v)
+{
+       return ndr_push_pointer(ndr, ndr_flags, NULL);
+}
+
+

diff --git a/librpc/ndr/ndr_auth.h b/librpc/ndr/ndr_auth.h
new file mode 100644 (file)
index 0000000..57f6535
--- /dev/null
+++ b/librpc/ndr/ndr_auth.h
@@ -0,0 +1,32 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Helper routines for marshalling the internal 'auth.idl'
+
+   Copyright (C) Andrew Bartlett 2011
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+  cli_credentials does not have a network representation, just pull/push a NULL pointer
+*/
+
+#include "librpc/gen_ndr/ndr_auth.h"
+
+struct cli_credentials;
+_PUBLIC_ enum ndr_err_code ndr_pull_cli_credentials(struct ndr_pull *ndr, int ndr_flags, struct cli_credentials *v);
+_PUBLIC_ enum ndr_err_code ndr_push_cli_credentials(struct ndr_push *ndr, int ndr_flags, struct cli_credentials *v);
+
+_PUBLIC_ void ndr_print_cli_credentials(struct ndr_print *ndr, const char *name, struct cli_credentials *v);

diff --git a/librpc/wscript_build b/librpc/wscript_build
index ce78cb6767a6ed7d7b4a3cc50f9fc2431a21386d..b71a3ae5d9c7a56fc4bde5a4952f93638c31f34a 100644 (file)
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -9,7 +9,7 @@ bld.SAMBA_SUBSYSTEM('NDR_AUDIOSRV',
        )
 
 bld.SAMBA_SUBSYSTEM('NDR_AUTH',
        )
 
 bld.SAMBA_SUBSYSTEM('NDR_AUTH',

-                    source='gen_ndr/ndr_auth.c',
+                    source='gen_ndr/ndr_auth.c ndr/ndr_auth.c',

                     public_headers='gen_ndr/auth.h',
                     header_path='gen_ndr',
                     public_deps='ndr NDR_SECURITY ndr-krb5pac'
                     public_headers='gen_ndr/auth.h',
                     header_path='gen_ndr',
                     public_deps='ndr NDR_SECURITY ndr-krb5pac'

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 108bfefe06eeba954259a15ea8fc70ae6171dac7..f70eb63a705cc5bf662c8327658f331bd227db05 100644 (file)
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -711,7 +711,7 @@ RPC_EVENTLOG_OBJ = rpc_server/eventlog/srv_eventlog_nt.o \
 
 NPA_TSTREAM_OBJ = ../libcli/named_pipe_auth/npa_tstream.o \
                  librpc/gen_ndr/ndr_named_pipe_auth.o \
 
 NPA_TSTREAM_OBJ = ../libcli/named_pipe_auth/npa_tstream.o \
                  librpc/gen_ndr/ndr_named_pipe_auth.o \

-                 ../auth/auth_sam_reply.o librpc/gen_ndr/ndr_auth.o
+                 ../auth/auth_sam_reply.o librpc/gen_ndr/ndr_auth.o ../librpc/ndr/ndr_auth.o

 
 RPC_NCACN_NP = rpc_server/srv_pipe_register.o rpc_server/rpc_ncacn_np.o \
               rpc_server/rpc_handles.o rpc_server/srv_access_check.o
 
 RPC_NCACN_NP = rpc_server/srv_pipe_register.o rpc_server/rpc_ncacn_np.o \
               rpc_server/rpc_handles.o rpc_server/srv_access_check.o

diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
index f000b64f713a223b4710e118e5c318c17fc1bf45..e89a366f9e91a22047e9cbde07dc904fcc0e7647 100644 (file)
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -607,6 +607,7 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
        struct tevent_context *ev;
        struct tevent_req *subreq;
        struct auth_session_info_transport *session_info_t;
        struct tevent_context *ev;
        struct tevent_req *subreq;
        struct auth_session_info_transport *session_info_t;

+       struct auth_session_info *session_info_npa;

        struct auth_user_info_dc *user_info_dc;
        union netr_Validation val;
        NTSTATUS status;
        struct auth_user_info_dc *user_info_dc;
        union netr_Validation val;
        NTSTATUS status;


@@ -651,20 +652,20 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
                goto fail;
        }
 
                goto fail;
        }
 

-       session_info_t = talloc_zero(talloc_tos(), struct auth_session_info_transport);
-       if (session_info_t == NULL) {
+       session_info_npa = talloc_zero(talloc_tos(), struct auth_session_info);
+       if (session_info_npa == NULL) {

                DEBUG(0, ("talloc failed\n"));
                goto fail;
        }
 
        /* Send the named_pipe_auth server the user's full token */
                DEBUG(0, ("talloc failed\n"));
                goto fail;
        }
 
        /* Send the named_pipe_auth server the user's full token */

-       session_info_t->security_token = session_info->security_token;
-       session_info_t->session_key = session_info->session_key;
+       session_info_npa->security_token = session_info->security_token;
+       session_info_npa->session_key = session_info->session_key;

 
        val.sam3 = session_info->info3;
 
        /* Convert into something we can build a struct
 
        val.sam3 = session_info->info3;
 
        /* Convert into something we can build a struct

-        * auth_session_info_transport from.  Most of the work here
+        * auth_session_info from.  Most of the work here

         * will be to convert the SIDS, which we will then ignore, but
         * this is the easier way to handle it */
        status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc);
         * will be to convert the SIDS, which we will then ignore, but
         * this is the easier way to handle it */
        status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc);


@@ -673,9 +674,17 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
                goto fail;
        }
 
                goto fail;
        }
 

-       session_info_t->info = talloc_move(session_info_t, &user_info_dc->info);
+       session_info_npa->info = talloc_move(session_info_npa, &user_info_dc->info);

        talloc_free(user_info_dc);
 
        talloc_free(user_info_dc);
 

+       session_info_t = talloc_zero(talloc_tos(), struct auth_session_info_transport);
+       if (session_info_npa == NULL) {
+               DEBUG(0, ("talloc failed\n"));
+               goto fail;
+       }
+
+       session_info_t->session_info = talloc_steal(session_info_t, session_info_npa);
+

        become_root();
        subreq = tstream_npa_connect_send(talloc_tos(), ev,
                                          socket_np_dir,
        become_root();
        subreq = tstream_npa_connect_send(talloc_tos(), ev,
                                          socket_np_dir,


@@ -689,8 +698,8 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
                unbecome_root();
                DEBUG(0, ("tstream_npa_connect_send to %s for pipe %s and "
                          "user %s\\%s failed\n",
                unbecome_root();
                DEBUG(0, ("tstream_npa_connect_send to %s for pipe %s and "
                          "user %s\\%s failed\n",

-                         socket_np_dir, pipe_name, session_info_t->info->domain_name,
-                         session_info_t->info->account_name));
+                         socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
+                         session_info_t->session_info->info->account_name));

                goto fail;
        }
        ok = tevent_req_poll(subreq, ev);
                goto fail;
        }
        ok = tevent_req_poll(subreq, ev);


@@ -698,8 +707,8 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
        if (!ok) {
                DEBUG(0, ("tevent_req_poll to %s for pipe %s and user %s\\%s "
                          "failed for tstream_npa_connect: %s\n",
        if (!ok) {
                DEBUG(0, ("tevent_req_poll to %s for pipe %s and user %s\\%s "
                          "failed for tstream_npa_connect: %s\n",

-                         socket_np_dir, pipe_name, session_info_t->info->domain_name,
-                         session_info_t->info->account_name,
+                         socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
+                         session_info_t->session_info->info->account_name,

                          strerror(errno)));
                goto fail;
 
                          strerror(errno)));
                goto fail;
 


@@ -714,8 +723,8 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
        if (ret != 0) {
                DEBUG(0, ("tstream_npa_connect_recv  to %s for pipe %s and "
                          "user %s\\%s failed: %s\n",
        if (ret != 0) {
                DEBUG(0, ("tstream_npa_connect_recv  to %s for pipe %s and "
                          "user %s\\%s failed: %s\n",

-                         socket_np_dir, pipe_name, session_info_t->info->domain_name,
-                         session_info_t->info->account_name,
+                         socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
+                         session_info_t->session_info->info->account_name,

                          strerror(sys_errno)));
                goto fail;
        }
                          strerror(sys_errno)));
                goto fail;
        }

diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index 2fa2a77112d0a6c8a62a86272958912e6678f776..c7c77f037570e71d5942fe543fb16ca8f21a548f 100644 (file)
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -32,15 +32,15 @@
 #define SERVER_TCP_HIGH_PORT 1300
 
 static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx,
 #define SERVER_TCP_HIGH_PORT 1300
 
 static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx,

-                                           struct auth_session_info_transport **session_info)
+                                           struct auth_session_info **session_info)

 {
 {

-       struct auth_session_info_transport *i;
+       struct auth_session_info *i;

        struct auth_serversupplied_info *s;
        struct auth_user_info_dc *u;
        union netr_Validation val;
        NTSTATUS status;
 
        struct auth_serversupplied_info *s;
        struct auth_user_info_dc *u;
        union netr_Validation val;
        NTSTATUS status;
 

-       i = talloc_zero(mem_ctx, struct auth_session_info_transport);
+       i = talloc_zero(mem_ctx, struct auth_session_info);

        if (i == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
        if (i == NULL) {
                return NT_STATUS_NO_MEMORY;
        }


@@ -81,7 +81,7 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
                                    bool ncalrpc_as_system,
                                    const char *client_address,
                                    const char *server_address,
                                    bool ncalrpc_as_system,
                                    const char *client_address,
                                    const char *server_address,

-                                   struct auth_session_info_transport *session_info,
+                                   struct auth_session_info *session_info,

                                    struct pipes_struct **_p,
                                    int *perrno)
 {
                                    struct pipes_struct **_p,
                                    int *perrno)
 {


@@ -355,7 +355,7 @@ struct named_pipe_client {
        char *client_name;
        struct tsocket_address *server;
        char *server_name;
        char *client_name;
        struct tsocket_address *server;
        char *server_name;

-       struct auth_session_info_transport *session_info;
+       struct auth_session_info *session_info;

 
        struct pipes_struct *p;
 
 
        struct pipes_struct *p;
 


@@ -433,6 +433,7 @@ static void named_pipe_packet_done(struct tevent_req *subreq);
 
 static void named_pipe_accept_done(struct tevent_req *subreq)
 {
 
 static void named_pipe_accept_done(struct tevent_req *subreq)
 {

+       struct auth_session_info_transport *session_info_transport;

        struct named_pipe_client *npc =
                tevent_req_callback_data(subreq, struct named_pipe_client);
        const char *cli_addr;
        struct named_pipe_client *npc =
                tevent_req_callback_data(subreq, struct named_pipe_client);
        const char *cli_addr;


@@ -445,7 +446,10 @@ static void named_pipe_accept_done(struct tevent_req *subreq)
                                                &npc->client_name,
                                                &npc->server,
                                                &npc->server_name,
                                                &npc->client_name,
                                                &npc->server,
                                                &npc->server_name,

-                                               &npc->session_info);
+                                               &session_info_transport);
+
+       npc->session_info = talloc_move(npc, &session_info_transport->session_info);
+

        TALLOC_FREE(subreq);
        if (ret != 0) {
                DEBUG(2, ("Failed to accept named pipe connection! (%s)\n",
        TALLOC_FREE(subreq);
        if (ret != 0) {
                DEBUG(2, ("Failed to accept named pipe connection! (%s)\n",


@@ -996,7 +1000,7 @@ struct dcerpc_ncacn_conn {
        char *client_name;
        struct tsocket_address *server;
        char *server_name;
        char *client_name;
        struct tsocket_address *server;
        char *server_name;

-       struct auth_session_info_transport *session_info;
+       struct auth_session_info *session_info;

 
        struct iovec *iov;
        size_t count;
 
        struct iovec *iov;
        size_t count;

diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
index 5fe370313823d79cd66e0edbd2dc10aec6bd87c6..fd9726eb754a06b7e275c72cdf223d49d6b08ee4 100644 (file)
--- a/source4/auth/gensec/pygensec.c
+++ b/source4/auth/gensec/pygensec.c
@@ -271,7 +271,7 @@ static PyObject *py_gensec_session_info(PyObject *self)
                return NULL;
        }
 
                return NULL;
        }
 

-       py_session_info = py_return_ndr_struct("samba.auth", "AuthSession",
+       py_session_info = py_return_ndr_struct("samba.dcerpc.auth", "session_info",

                                                 info, info);
        return py_session_info;
 }
                                                 info, info);
        return py_session_info;
 }

diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c
index 9cb770b798140fcbd4a50ffda28466aa69a2df58..a4ba88c581f80196d45c0ea31a819ce87fb3cc57 100644 (file)
--- a/source4/auth/pyauth.c
+++ b/source4/auth/pyauth.c
@@ -46,72 +46,9 @@ typedef intargfunc ssizeargfunc;
 #define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
 #endif
 
 #define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
 #endif
 

-static PyObject *py_auth_session_get_security_token(PyObject *self, void *closure)
+static PyObject *PyAuthSession_FromSession(struct auth_session_info *session)

 {
 {

-       struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
-       PyObject *py_security_token;
-       py_security_token = py_return_ndr_struct("samba.dcerpc.security", "token",
-                                                session->security_token, session->security_token);
-       return py_security_token;
-}
-
-static int py_auth_session_set_security_token(PyObject *self, PyObject *value, void *closure)
-{
-       struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
-       session->security_token = talloc_reference(session, py_talloc_get_ptr(value));
-       return 0;
-}
-
-static PyObject *py_auth_session_get_session_key(PyObject *self, void *closure)
-{
-       struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
-       return PyString_FromStringAndSize((char *)session->session_key.data, session->session_key.length);
-}
-
-static int py_auth_session_set_session_key(PyObject *self, PyObject *value, void *closure)
-{
-       DATA_BLOB val;
-       struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
-       val.data = (uint8_t *)PyString_AsString(value);
-       val.length = PyString_Size(value);
-
-       session->session_key = data_blob_talloc(session, val.data, val.length);
-       return 0;
-}
-
-static PyObject *py_auth_session_get_credentials(PyObject *self, void *closure)
-{
-       struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
-       PyObject *py_credentials;
-       /* This is evil, as the credentials are not IDL structures */
-       py_credentials = py_return_ndr_struct("samba.credentials", "Credentials", session->credentials, session->credentials);
-       return py_credentials;
-}
-
-static int py_auth_session_set_credentials(PyObject *self, PyObject *value, void *closure)
-{
-       struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
-       session->credentials = talloc_reference(session, PyCredentials_AsCliCredentials(value));
-       return 0;
-}
-
-static PyGetSetDef py_auth_session_getset[] = {
-       { discard_const_p(char, "security_token"), (getter)py_auth_session_get_security_token, (setter)py_auth_session_set_security_token, NULL },
-       { discard_const_p(char, "session_key"), (getter)py_auth_session_get_session_key, (setter)py_auth_session_set_session_key, NULL },
-       { discard_const_p(char, "credentials"), (getter)py_auth_session_get_credentials, (setter)py_auth_session_set_credentials, NULL },
-       { NULL }
-};
-
-static PyTypeObject PyAuthSession = {
-       .tp_name = "AuthSession",
-       .tp_basicsize = sizeof(py_talloc_Object),
-       .tp_flags = Py_TPFLAGS_DEFAULT,
-       .tp_getset = py_auth_session_getset,
-};
-
-PyObject *PyAuthSession_FromSession(struct auth_session_info *session)
-{
-       return py_talloc_reference(&PyAuthSession, session);
+       return py_return_ndr_struct("samba.dcerpc.auth", "session_info", session, session);

 }
 
 static PyObject *py_system_session(PyObject *module, PyObject *args)
 }
 
 static PyObject *py_system_session(PyObject *module, PyObject *args)


@@ -378,13 +315,6 @@ void initauth(void)
 {
        PyObject *m;
 
 {
        PyObject *m;
 

-       PyAuthSession.tp_base = PyTalloc_GetObjectType();
-       if (PyAuthSession.tp_base == NULL)
-               return;
-
-       if (PyType_Ready(&PyAuthSession) < 0)
-               return;
-

        PyAuthContext.tp_base = PyTalloc_GetObjectType();
        if (PyAuthContext.tp_base == NULL)
                return;
        PyAuthContext.tp_base = PyTalloc_GetObjectType();
        if (PyAuthContext.tp_base == NULL)
                return;


@@ -397,8 +327,6 @@ void initauth(void)
        if (m == NULL)
                return;
 
        if (m == NULL)
                return;
 

-       Py_INCREF(&PyAuthSession);
-       PyModule_AddObject(m, "AuthSession", (PyObject *)&PyAuthSession);

        Py_INCREF(&PyAuthContext);
        PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext);
 
        Py_INCREF(&PyAuthContext);
        PyModule_AddObject(m, "AuthContext", (PyObject *)&PyAuthContext);
 

diff --git a/source4/auth/pyauth.h b/source4/auth/pyauth.h
index 38fd2a56a851ad98988598413f1b83e2689db6e6..60fd2e5d140cb52eeb103d3eeecdc2641af48a6d 100644 (file)
--- a/source4/auth/pyauth.h
+++ b/source4/auth/pyauth.h
@@ -24,8 +24,6 @@
 #include "auth/session.h"
 
 #define PyAuthSession_AsSession(obj) py_talloc_get_type(obj, struct auth_session_info)
 #include "auth/session.h"
 
 #define PyAuthSession_AsSession(obj) py_talloc_get_type(obj, struct auth_session_info)

-#define PyAuthSession_Check(obj) PyObject_TypeCheck(obj, &PyAuthSession)

 struct auth_session_info *PyObject_AsSession(PyObject *obj);
 struct auth_session_info *PyObject_AsSession(PyObject *obj);

-PyObject *PyAuthSession_FromSession(struct auth_session_info *session);

 
 #endif /* _PYAUTH_H */
 
 #endif /* _PYAUTH_H */

diff --git a/source4/auth/session.c b/source4/auth/session.c
index 94751045696c5451a5b1dd4c80189474c59b6596..7a4dc5426b0b901ad5fd6c12bb7471a6db077aa1 100644 (file)
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -155,9 +155,8 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
        return NT_STATUS_OK;
 }
 
        return NT_STATUS_OK;
 }
 

-/* Create a session_info structure from the
- * auth_session_info_transport we were forwarded over named pipe
- * forwarding.
+/* Fill out the auth_session_info with a cli_credentials based on the
+ * auth_session_info we were forwarded over named pipe forwarding.

  *
  * NOTE: The stucture members of session_info_transport are stolen
  * with talloc_move() into auth_session_info for long term use
  *
  * NOTE: The stucture members of session_info_transport are stolen
  * with talloc_move() into auth_session_info for long term use


@@ -168,16 +167,7 @@ struct auth_session_info *auth_session_info_from_transport(TALLOC_CTX *mem_ctx,
                                                           const char **reason)
 {
        struct auth_session_info *session_info;
                                                           const char **reason)
 {
        struct auth_session_info *session_info;

-       session_info = talloc_zero(mem_ctx, struct auth_session_info);
-       if (!session_info) {
-               *reason = "failed to allocate session_info";
-               return NULL;
-       }
-
-       session_info->security_token = talloc_move(session_info, &session_info_transport->security_token);
-       session_info->info = talloc_move(session_info, &session_info_transport->info);
-       session_info->session_key = session_info_transport->session_key;
-       session_info->session_key.data = talloc_move(session_info, &session_info_transport->session_key.data);
+       session_info = talloc_steal(mem_ctx, session_info_transport->session_info);

 
        if (session_info_transport->exported_gssapi_credentials.length) {
                struct cli_credentials *creds;
 
        if (session_info_transport->exported_gssapi_credentials.length) {
                struct cli_credentials *creds;


@@ -236,9 +226,8 @@ struct auth_session_info *auth_session_info_from_transport(TALLOC_CTX *mem_ctx,
 
 /* Create a auth_session_info_transport from an auth_session_info.
  *
 
 /* Create a auth_session_info_transport from an auth_session_info.
  *

- * NOTE: Members of the auth_session_info_transport structure are not talloc_referenced, but simply assigned.  They are only valid for the lifetime of the struct auth_session_info
- *
- * This isn't normally an issue, as the auth_session_info has a very long typical life
+ * NOTE: Members of the auth_session_info_transport structure are
+ * talloc_referenced() into this structure, and should not be changed.

  */
 NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx,
                                                  struct auth_session_info *session_info,
  */
 NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx,
                                                  struct auth_session_info *session_info,


@@ -247,18 +236,15 @@ NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx,
                                                  struct auth_session_info_transport **transport_out)
 {
 
                                                  struct auth_session_info_transport **transport_out)
 {
 

-       struct auth_session_info_transport *session_info_transport = talloc_zero(mem_ctx, struct auth_session_info_transport);
-       session_info_transport->security_token = talloc_reference(session_info, session_info->security_token);
-       NT_STATUS_HAVE_NO_MEMORY(session_info_transport->security_token);
-
-       session_info_transport->info = talloc_reference(session_info, session_info->info);
-       NT_STATUS_HAVE_NO_MEMORY(session_info_transport->info);
-
-       session_info_transport->session_key = session_info->session_key;
-       session_info_transport->session_key.data = talloc_reference(session_info, session_info->session_key.data);
-       if (!session_info_transport->session_key.data && session_info->session_key.length) {
+       struct auth_session_info_transport *session_info_transport
+               = talloc_zero(mem_ctx, struct auth_session_info_transport);
+       if (!session_info_transport) {

                return NT_STATUS_NO_MEMORY;
                return NT_STATUS_NO_MEMORY;

-       }
+       };
+       session_info_transport->session_info = talloc_reference(session_info_transport, session_info);
+       if (!session_info_transport->session_info) {
+               return NT_STATUS_NO_MEMORY;
+       };

 
        if (session_info->credentials) {
                struct gssapi_creds_container *gcc;
 
        if (session_info->credentials) {
                struct gssapi_creds_container *gcc;

diff --git a/source4/lib/ldb-samba/pyldb.c b/source4/lib/ldb-samba/pyldb.c
index 472a4664ea16357c8720fd291ea5e2cac9d827cb..ff48a3bb04079f85a34728b474a033613ed64eaa 100644 (file)
--- a/source4/lib/ldb-samba/pyldb.c
+++ b/source4/lib/ldb-samba/pyldb.c
@@ -174,11 +174,11 @@ static PyObject *py_ldb_set_session_info(PyObject *self, PyObject *args)
        PyObject *PyAuthSession_Type;
        bool ret;
 
        PyObject *PyAuthSession_Type;
        bool ret;
 

-       mod_samba_auth = PyImport_ImportModule("samba.auth");
+       mod_samba_auth = PyImport_ImportModule("samba.dcerpc.auth");

        if (mod_samba_auth == NULL)
                return NULL;
 
        if (mod_samba_auth == NULL)
                return NULL;
 

-       PyAuthSession_Type = PyObject_GetAttrString(mod_samba_auth, "AuthSession");
+       PyAuthSession_Type = PyObject_GetAttrString(mod_samba_auth, "session_info");

        if (PyAuthSession_Type == NULL)
                return NULL;
 
        if (PyAuthSession_Type == NULL)
                return NULL;
 

diff --git a/source4/librpc/ndr/py_auth.c b/source4/librpc/ndr/py_auth.c
new file mode 100644 (file)
index 0000000..40164e0
--- /dev/null
+++ b/source4/librpc/ndr/py_auth.c
@@ -0,0 +1,74 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <Python.h>
+#include "includes.h"
+#include "libcli/util/pyerrors.h"
+#include "pyauth.h"
+#include "auth/auth.h"
+#include "auth/credentials/pycredentials.h"
+#include "librpc/rpc/pyrpc_util.h"
+
+#ifndef Py_RETURN_NONE
+#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
+#endif
+
+static void PyType_AddGetSet(PyTypeObject *type, PyGetSetDef *getset)
+{
+       PyObject *dict;
+       int i;
+       if (type->tp_dict == NULL)
+               type->tp_dict = PyDict_New();
+       dict = type->tp_dict;
+       for (i = 0; getset[i].name; i++) {
+               PyObject *descr;
+               descr = PyDescr_NewGetSet(type, &getset[i]);
+               PyDict_SetItemString(dict, getset[i].name, 
+                                    descr);
+       }
+}
+
+static PyObject *py_auth_session_get_credentials(PyObject *self, void *closure)
+{
+       struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
+       PyObject *py_credentials;
+       /* This is evil, as the credentials are not IDL structures */
+       py_credentials = py_return_ndr_struct("samba.credentials", "Credentials", session->credentials, session->credentials);
+       return py_credentials;
+}
+
+static int py_auth_session_set_credentials(PyObject *self, PyObject *value, void *closure)
+{
+       struct auth_session_info *session = py_talloc_get_type(self, struct auth_session_info);
+       session->credentials = talloc_reference(session, PyCredentials_AsCliCredentials(value));
+       return 0;
+}
+
+static PyGetSetDef py_auth_session_extra_getset[] = {
+       { discard_const_p(char, "credentials"), (getter)py_auth_session_get_credentials, (setter)py_auth_session_set_credentials, NULL },
+       { NULL }
+};
+
+static void py_auth_session_info_patch(PyTypeObject *type)
+{
+       PyType_AddGetSet(type, py_auth_session_extra_getset);
+}
+
+#define PY_SESSION_INFO_PATCH py_auth_session_info_patch
+

diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build
index 8d1e9a82206960ce93de82643e8565e0cf073784..ce015ccaa52785763f41fa86401aeb9592827025 100755 (executable)
--- a/source4/librpc/wscript_build
+++ b/source4/librpc/wscript_build
@@ -199,6 +199,17 @@ bld.SAMBA_PYTHON('python_echo',
        realname='samba/dcerpc/echo.so'
        )
 
        realname='samba/dcerpc/echo.so'
        )
 

+bld.SAMBA_PYTHON('python_auth',
+       source='../../librpc/gen_ndr/py_auth.c',
+       deps='NDR_AUTH pytalloc-util pyrpc_util',
+       realname='samba/dcerpc/auth.so'
+       )
+
+bld.SAMBA_PYTHON('python_krb5pac',
+       source='../../librpc/gen_ndr/py_krb5pac.c',
+       deps='ndr-krb5pac pytalloc-util pyrpc_util',
+       realname='samba/dcerpc/krb5pac.so'
+       )

 
 bld.SAMBA_PYTHON('python_winreg',
        source='../../librpc/gen_ndr/py_winreg.c',
 
 bld.SAMBA_PYTHON('python_winreg',
        source='../../librpc/gen_ndr/py_winreg.c',