s4:rpc_server/lsa: make use dcesrv_call_session_info()

author Stefan Metzmacher <metze@samba.org>

Sat, 3 Nov 2018 00:19:51 +0000 (01:19 +0100)

committer Jeremy Allison <jra@samba.org>

Sat, 12 Jan 2019 02:13:32 +0000 (03:13 +0100)
author Stefan Metzmacher <metze@samba.org>
Sat, 3 Nov 2018 00:19:51 +0000 (01:19 +0100)
committer Jeremy Allison <jra@samba.org>
Sat, 12 Jan 2019 02:13:32 +0000 (03:13 +0100)
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c

index acf14f9146a60781d7d3344bef05b2340e400533..d6c4c72c4caf8559e06269ef20e8deb3f1fe4461 100644 (file)
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -241,6 +241,8 @@ static NTSTATUS dcesrv_lsa_Delete(struct dcesrv_call_state *dce_call, TALLOC_CTX
  static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                        struct lsa_DeleteObject *r)
  {
  static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                        struct lsa_DeleteObject *r)
  {
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
         struct dcesrv_handle *h;
         int ret;
  
         struct dcesrv_handle *h;
         int ret;
  
@@ -250,7 +252,7 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL
                 struct lsa_secret_state *secret_state = h->data;
  
                 /* Ensure user is permitted to delete this... */
                 struct lsa_secret_state *secret_state = h->data;
  
                 /* Ensure user is permitted to delete this... */
-               switch (security_session_user_level(dce_call->conn->auth_state.session_info, NULL))
+               switch (security_session_user_level(session_info, NULL))
                 {
                 case SECURITY_SYSTEM:
                 case SECURITY_ADMINISTRATOR:
                 {
                 case SECURITY_SYSTEM:
                 case SECURITY_ADMINISTRATOR:
@@ -397,6 +399,8 @@ static NTSTATUS dcesrv_lsa_EnumPrivs(struct dcesrv_call_state *dce_call, TALLOC_
  static NTSTATUS dcesrv_lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                          struct lsa_QuerySecurity *r)
  {
  static NTSTATUS dcesrv_lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                          struct lsa_QuerySecurity *r)
  {
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
         struct dcesrv_handle *h;
         const struct security_descriptor *sd = NULL;
         uint32_t access_granted = 0;
         struct dcesrv_handle *h;
         const struct security_descriptor *sd = NULL;
         uint32_t access_granted = 0;
@@ -406,7 +410,7 @@ static NTSTATUS dcesrv_lsa_QuerySecurity(struct dcesrv_call_state *dce_call, TAL
  
         DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
  
  
         DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
  
-       sid = &dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+       sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
  
         if (h->wire_handle.handle_type == LSA_HANDLE_POLICY) {
                 struct lsa_policy_state *pstate = h->data;
  
         if (h->wire_handle.handle_type == LSA_HANDLE_POLICY) {
                 struct lsa_policy_state *pstate = h->data;
@@ -2871,6 +2875,8 @@ static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_
                                            struct dom_sid *sid,
                                            const struct lsa_RightSet *rights)
  {
                                            struct dom_sid *sid,
                                            const struct lsa_RightSet *rights)
  {
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
         const char *sidstr, *sidndrstr;
         struct ldb_message *msg;
         struct ldb_message_element *el;
         const char *sidstr, *sidndrstr;
         struct ldb_message *msg;
         struct ldb_message_element *el;
@@ -2879,7 +2885,7 @@ static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_
         struct lsa_EnumAccountRights r2;
         char *dnstr;
  
         struct lsa_EnumAccountRights r2;
         char *dnstr;
  
-       if (security_session_user_level(dce_call->conn->auth_state.session_info, NULL) <
+       if (security_session_user_level(session_info, NULL) <
             SECURITY_ADMINISTRATOR) {
                 DEBUG(0,("lsa_AddRemoveAccount refused for supplied security token\n"));
                 return NT_STATUS_ACCESS_DENIED;
             SECURITY_ADMINISTRATOR) {
                 DEBUG(0,("lsa_AddRemoveAccount refused for supplied security token\n"));
                 return NT_STATUS_ACCESS_DENIED;
@@ -3173,6 +3179,8 @@ static NTSTATUS dcesrv_lsa_SetSystemAccessAccount(struct dcesrv_call_state *dce_
  static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                  struct lsa_CreateSecret *r)
  {
  static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                  struct lsa_CreateSecret *r)
  {
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
         struct dcesrv_handle *policy_handle;
         struct lsa_policy_state *policy_state;
         struct lsa_secret_state *secret_state;
         struct dcesrv_handle *policy_handle;
         struct lsa_policy_state *policy_state;
         struct lsa_secret_state *secret_state;
@@ -3190,7 +3198,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL
         DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
         ZERO_STRUCTP(r->out.sec_handle);
  
         DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
         ZERO_STRUCTP(r->out.sec_handle);
  
-       switch (security_session_user_level(dce_call->conn->auth_state.session_info, NULL))
+       switch (security_session_user_level(session_info, NULL))
         {
         case SECURITY_SYSTEM:
         case SECURITY_ADMINISTRATOR:
         {
         case SECURITY_SYSTEM:
         case SECURITY_ADMINISTRATOR:
@@ -3337,8 +3345,9 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL
  static NTSTATUS dcesrv_lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                struct lsa_OpenSecret *r)
  {
  static NTSTATUS dcesrv_lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                struct lsa_OpenSecret *r)
  {
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
         struct dcesrv_handle *policy_handle;
         struct dcesrv_handle *policy_handle;
-
         struct lsa_policy_state *policy_state;
         struct lsa_secret_state *secret_state;
         struct dcesrv_handle *handle;
         struct lsa_policy_state *policy_state;
         struct lsa_secret_state *secret_state;
         struct dcesrv_handle *handle;
@@ -3347,9 +3356,7 @@ static NTSTATUS dcesrv_lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC
         const char *attrs[] = {
                 NULL
         };
         const char *attrs[] = {
                 NULL
         };
-
         const char *name;
         const char *name;
-
         int ret;
  
         DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
         int ret;
  
         DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
@@ -3360,7 +3367,7 @@ static NTSTATUS dcesrv_lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
-       switch (security_session_user_level(dce_call->conn->auth_state.session_info, NULL))
+       switch (security_session_user_level(session_info, NULL))
         {
         case SECURITY_SYSTEM:
         case SECURITY_ADMINISTRATOR:
         {
         case SECURITY_SYSTEM:
         case SECURITY_ADMINISTRATOR:
@@ -3622,6 +3629,8 @@ static NTSTATUS dcesrv_lsa_SetSecret(struct dcesrv_call_state *dce_call, TALLOC_
  static NTSTATUS dcesrv_lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                 struct lsa_QuerySecret *r)
  {
  static NTSTATUS dcesrv_lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                 struct lsa_QuerySecret *r)
  {
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
         struct dcesrv_handle *h;
         struct lsa_secret_state *secret_state;
         struct ldb_message *msg;
         struct dcesrv_handle *h;
         struct lsa_secret_state *secret_state;
         struct ldb_message *msg;
@@ -3642,7 +3651,7 @@ static NTSTATUS dcesrv_lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLO
         DCESRV_PULL_HANDLE(h, r->in.sec_handle, LSA_HANDLE_SECRET);
  
         /* Ensure user is permitted to read this... */
         DCESRV_PULL_HANDLE(h, r->in.sec_handle, LSA_HANDLE_SECRET);
  
         /* Ensure user is permitted to read this... */
-       switch (security_session_user_level(dce_call->conn->auth_state.session_info, NULL))
+       switch (security_session_user_level(session_info, NULL))
         {
         case SECURITY_SYSTEM:
         case SECURITY_ADMINISTRATOR:
         {
         case SECURITY_SYSTEM:
         case SECURITY_ADMINISTRATOR:
@@ -3958,6 +3967,8 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO
  {
         enum dcerpc_transport_t transport =
                 dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
  {
         enum dcerpc_transport_t transport =
                 dcerpc_binding_get_transport(dce_call->conn->endpoint->ep_description);
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
         NTSTATUS status = NT_STATUS_OK;
         const char *account_name;
         const char *authority_name;
         NTSTATUS status = NT_STATUS_OK;
         const char *account_name;
         const char *authority_name;
@@ -3986,8 +3997,8 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
-       account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->info->account_name);
-       authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->info->domain_name);
+       account_name = talloc_reference(mem_ctx, session_info->info->account_name);
+       authority_name = talloc_reference(mem_ctx, session_info->info->domain_name);
  
         _account_name = talloc(mem_ctx, struct lsa_String);
         NT_STATUS_HAVE_NO_MEMORY(_account_name);
  
         _account_name = talloc(mem_ctx, struct lsa_String);
         NT_STATUS_HAVE_NO_MEMORY(_account_name);
diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c

index 560229494a5afff692130c3d8bfe900beb56320e..7e493e3a313ae86f8a3c67ed255440586b9a262b 100644 (file)
--- a/source4/rpc_server/lsa/lsa_init.c
+++ b/source4/rpc_server/lsa/lsa_init.c
@@ -50,7 +50,8 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call,
                                      uint32_t access_desired,
                                      struct lsa_policy_state **_state)
  {
                                      uint32_t access_desired,
                                      struct lsa_policy_state **_state)
  {
-       struct auth_session_info *session_info = dce_call->conn->auth_state.session_info;
+       struct auth_session_info *session_info =
+               dcesrv_call_session_info(dce_call);
         enum security_user_level security_level;
         struct lsa_policy_state *state;
         struct ldb_result *dom_res;
         enum security_user_level security_level;
         struct lsa_policy_state *state;
         struct ldb_result *dom_res;
@@ -73,7 +74,7 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call,
         state->sam_ldb = samdb_connect(state,
                                        dce_call->event_ctx,
                                        dce_call->conn->dce_ctx->lp_ctx,
         state->sam_ldb = samdb_connect(state,
                                        dce_call->event_ctx,
                                        dce_call->conn->dce_ctx->lp_ctx,
-                                      dce_call->conn->auth_state.session_info,
+                                      session_info,
                                        dce_call->conn->remote_address,
                                        0);
         if (state->sam_ldb == NULL) {
                                        dce_call->conn->remote_address,
                                        0);
         if (state->sam_ldb == NULL) {
author	Stefan Metzmacher <metze@samba.org>
	Sat, 3 Nov 2018 00:19:51 +0000 (01:19 +0100)
committer	Jeremy Allison <jra@samba.org>
	Sat, 12 Jan 2019 02:13:32 +0000 (03:13 +0100)
source4/rpc_server/lsa/dcesrv_lsa.c		patch \| blob \| history
source4/rpc_server/lsa/lsa_init.c		patch \| blob \| history