s4:rpc_server/lsa: make use dcesrv_call_session_info()
authorStefan Metzmacher <metze@samba.org>
Sat, 3 Nov 2018 00:19:51 +0000 (01:19 +0100)
committerJeremy Allison <jra@samba.org>
Sat, 12 Jan 2019 02:13:32 +0000 (03:13 +0100)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source4/rpc_server/lsa/dcesrv_lsa.c
source4/rpc_server/lsa/lsa_init.c

index acf14f9..d6c4c72 100644 (file)
@@ -241,6 +241,8 @@ static NTSTATUS dcesrv_lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX
 static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                       struct lsa_DeleteObject *r)
 {
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
        struct dcesrv_handle *h;
        int ret;
 
@@ -250,7 +252,7 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL
                struct lsa_secret_state *secret_state = h->data;
 
                /* Ensure user is permitted to delete this... */
-               switch (security_session_user_level(dce_call->conn->auth_state.session_info, NULL))
+               switch (security_session_user_level(session_info, NULL))
                {
                case SECURITY_SYSTEM:
                case SECURITY_ADMINISTRATOR:
@@ -397,6 +399,8 @@ static NTSTATUS dcesrv_lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_
 static NTSTATUS dcesrv_lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                         struct lsa_QuerySecurity *r)
 {
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
        struct dcesrv_handle *h;
        const struct security_descriptor *sd = NULL;
        uint32_t access_granted = 0;
@@ -406,7 +410,7 @@ static NTSTATUS dcesrv_lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TAL
 
        DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
 
-       sid = &dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+       sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
 
        if (h->wire_handle.handle_type == LSA_HANDLE_POLICY) {
                struct lsa_policy_state *pstate = h->data;
@@ -2871,6 +2875,8 @@ static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_
                                           struct dom_sid *sid,
                                           const struct lsa_RightSet *rights)
 {
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
        const char *sidstr, *sidndrstr;
        struct ldb_message *msg;
        struct ldb_message_element *el;
@@ -2879,7 +2885,7 @@ static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_
        struct lsa_EnumAccountRights r2;
        char *dnstr;
 
-       if (security_session_user_level(dce_call->conn->auth_state.session_info, NULL) <
+       if (security_session_user_level(session_info, NULL) <
            SECURITY_ADMINISTRATOR) {
                DEBUG(0,("lsa_AddRemoveAccount refused for supplied security token\n"));
                return NT_STATUS_ACCESS_DENIED;
@@ -3173,6 +3179,8 @@ static NTSTATUS dcesrv_lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_
 static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                 struct lsa_CreateSecret *r)
 {
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
        struct dcesrv_handle *policy_handle;
        struct lsa_policy_state *policy_state;
        struct lsa_secret_state *secret_state;
@@ -3190,7 +3198,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL
        DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
        ZERO_STRUCTP(r->out.sec_handle);
 
-       switch (security_session_user_level(dce_call->conn->auth_state.session_info, NULL))
+       switch (security_session_user_level(session_info, NULL))
        {
        case SECURITY_SYSTEM:
        case SECURITY_ADMINISTRATOR:
@@ -3337,8 +3345,9 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL
 static NTSTATUS dcesrv_lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                               struct lsa_OpenSecret *r)
 {
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
        struct dcesrv_handle *policy_handle;
-
        struct lsa_policy_state *policy_state;
        struct lsa_secret_state *secret_state;
        struct dcesrv_handle *handle;
@@ -3347,9 +3356,7 @@ static NTSTATUS dcesrv_lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC
        const char *attrs[] = {
                NULL
        };
-
        const char *name;
-
        int ret;
 
        DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
@@ -3360,7 +3367,7 @@ static NTSTATUS dcesrv_lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       switch (security_session_user_level(dce_call->conn->auth_state.session_info, NULL))
+       switch (security_session_user_level(session_info, NULL))
        {
        case SECURITY_SYSTEM:
        case SECURITY_ADMINISTRATOR:
@@ -3622,6 +3629,8 @@ static NTSTATUS dcesrv_lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_
 static NTSTATUS dcesrv_lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                struct lsa_QuerySecret *r)
 {
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
        struct dcesrv_handle *h;
        struct lsa_secret_state *secret_state;
        struct ldb_message *msg;
@@ -3642,7 +3651,7 @@ static NTSTATUS dcesrv_lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLO
        DCESRV_PULL_HANDLE(h, r->in.sec_handle, LSA_HANDLE_SECRET);
 
        /* Ensure user is permitted to read this... */
-       switch (security_session_user_level(dce_call->conn->auth_state.session_info, NULL))
+       switch (security_session_user_level(session_info, NULL))
        {
        case SECURITY_SYSTEM:
        case SECURITY_ADMINISTRATOR:
@@ -3958,6 +3967,8 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO
 {
        enum dcerpc_transport_t transport =
                dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
        NTSTATUS status = NT_STATUS_OK;
        const char *account_name;
        const char *authority_name;
@@ -3986,8 +3997,8 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->info->account_name);
-       authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->info->domain_name);
+       account_name = talloc_reference(mem_ctx, session_info->info->account_name);
+       authority_name = talloc_reference(mem_ctx, session_info->info->domain_name);
 
        _account_name = talloc(mem_ctx, struct lsa_String);
        NT_STATUS_HAVE_NO_MEMORY(_account_name);
index 5602294..7e493e3 100644 (file)
@@ -50,7 +50,8 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call,
                                     uint32_t access_desired,
                                     struct lsa_policy_state **_state)
 {
-       struct auth_session_info *session_info = dce_call->conn->auth_state.session_info;
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
        enum security_user_level security_level;
        struct lsa_policy_state *state;
        struct ldb_result *dom_res;
@@ -73,7 +74,7 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call,
        state->sam_ldb = samdb_connect(state,
                                       dce_call->event_ctx,
                                       dce_call->conn->dce_ctx->lp_ctx,
-                                      dce_call->conn->auth_state.session_info,
+                                      session_info,
                                       dce_call->conn->remote_address,
                                       0);
        if (state->sam_ldb == NULL) {