From: Andrew Bartlett Date: Tue, 23 Sep 2014 06:19:46 +0000 (-0700) Subject: librpc: Remove user/domain from struct pipe_auth_data X-Git-Tag: samba-4.2.0rc1~81 X-Git-Url: http://git.samba.org/samba.git/?p=bbaumbach%2Fsamba-autobuild%2F.git;a=commitdiff_plain;h=f8643b9f5fcb4854e2e6ba17941df24862f0504b librpc: Remove user/domain from struct pipe_auth_data This does require that we always fill in the gensec pointer, but the simplification is worth the extra allocations. Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher --- diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h index 9d0f86156e7..f75dd8417b5 100644 --- a/source3/librpc/rpc/dcerpc.h +++ b/source3/librpc/rpc/dcerpc.h @@ -45,9 +45,7 @@ struct pipe_auth_data { void *auth_ctx; - /* Only the client code uses these 3 for now */ - char *domain; - char *user_name; + /* Only the client code uses this for now */ DATA_BLOB transport_session_key; }; diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index ce247ff537e..d3a075f28d3 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2289,6 +2289,8 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, struct pipe_auth_data **presult) { struct pipe_auth_data *result; + struct auth_generic_state *auth_generic_ctx; + NTSTATUS status; result = talloc_zero(mem_ctx, struct pipe_auth_data); if (result == NULL) { @@ -2298,13 +2300,38 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, result->auth_type = DCERPC_AUTH_TYPE_NONE; result->auth_level = DCERPC_AUTH_LEVEL_NONE; - result->user_name = talloc_strdup(result, ""); - result->domain = talloc_strdup(result, ""); - if ((result->user_name == NULL) || (result->domain == NULL)) { - TALLOC_FREE(result); - return NT_STATUS_NO_MEMORY; + status = auth_generic_client_prepare(result, + &auth_generic_ctx); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to create auth_generic context: %s\n", + nt_errstr(status))); + } + + status = auth_generic_set_username(auth_generic_ctx, ""); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to set username: %s\n", + nt_errstr(status))); + } + + status = auth_generic_set_domain(auth_generic_ctx, ""); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to set domain: %s\n", + nt_errstr(status))); + return status; } + status = gensec_set_credentials(auth_generic_ctx->gensec_security, + auth_generic_ctx->credentials); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to set GENSEC credentials: %s\n", + nt_errstr(status))); + return status; + } + talloc_unlink(auth_generic_ctx, auth_generic_ctx->credentials); + auth_generic_ctx->credentials = NULL; + + result->auth_ctx = talloc_move(result, &auth_generic_ctx->gensec_security); + talloc_free(auth_generic_ctx); *presult = result; return NT_STATUS_OK; } @@ -2333,13 +2360,6 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx, result->auth_type = auth_type; result->auth_level = auth_level; - result->user_name = talloc_strdup(result, username); - result->domain = talloc_strdup(result, domain); - if ((result->user_name == NULL) || (result->domain == NULL)) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } - status = auth_generic_client_prepare(result, &auth_generic_ctx); if (!NT_STATUS_IS_OK(status)) { @@ -2867,18 +2887,6 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, * from the enclosing SMB creds */ - TALLOC_FREE(auth->user_name); - TALLOC_FREE(auth->domain); - - auth->user_name = talloc_strdup(auth, cli->user_name); - auth->domain = talloc_strdup(auth, cli->domain); - - if ((cli->user_name != NULL && auth->user_name == NULL) - || (cli->domain != NULL && auth->domain == NULL)) { - TALLOC_FREE(result); - return NT_STATUS_NO_MEMORY; - } - if (transport == NCACN_NP) { struct smbXcli_session *session; diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c index 1a8903d82a1..f262d888d12 100644 --- a/source3/rpc_client/cli_spoolss.c +++ b/source3/rpc_client/cli_spoolss.c @@ -26,6 +26,8 @@ #include "rpc_client/rpc_client.h" #include "../librpc/gen_ndr/ndr_spoolss_c.h" #include "rpc_client/cli_spoolss.h" +#include "auth/gensec/gensec.h" +#include "auth/credentials/credentials.h" /********************************************************************** convencience wrapper around rpccli_spoolss_OpenPrinterEx @@ -43,13 +45,14 @@ WERROR rpccli_spoolss_openprinter_ex(struct rpc_pipe_client *cli, struct spoolss_UserLevelCtr userlevel_ctr; struct spoolss_UserLevel1 level1; struct dcerpc_binding_handle *b = cli->binding_handle; + struct cli_credentials *creds = gensec_get_credentials(cli->auth->auth_ctx); ZERO_STRUCT(devmode_ctr); level1.size = 28; level1.client = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name()); W_ERROR_HAVE_NO_MEMORY(level1.client); - level1.user = cli->auth->user_name; + level1.user = cli_credentials_get_username(creds); level1.build = 1381; level1.major = 2; level1.minor = 0; @@ -221,6 +224,7 @@ WERROR rpccli_spoolss_addprinterex(struct rpc_pipe_client *cli, struct spoolss_UserLevel1 level1; struct policy_handle handle; struct dcerpc_binding_handle *b = cli->binding_handle; + struct cli_credentials *creds = gensec_get_credentials(cli->auth->auth_ctx); ZERO_STRUCT(devmode_ctr); ZERO_STRUCT(secdesc_ctr); @@ -232,7 +236,7 @@ WERROR rpccli_spoolss_addprinterex(struct rpc_pipe_client *cli, level1.processor = 0; level1.client = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name()); W_ERROR_HAVE_NO_MEMORY(level1.client); - level1.user = cli->auth->user_name; + level1.user = cli_credentials_get_username(creds); userlevel_ctr.level = 1; userlevel_ctr.user_info.level1 = &level1; diff --git a/source3/utils/net_rpc_printer.c b/source3/utils/net_rpc_printer.c index f5247b29352..8b5ea617a28 100644 --- a/source3/utils/net_rpc_printer.c +++ b/source3/utils/net_rpc_printer.c @@ -29,6 +29,8 @@ #include "../libcli/registry/util_reg.h" #include "libsmb/libsmb.h" #include "../libcli/smb/smbXcli_base.h" +#include "auth/gensec/gensec.h" +#include "auth/credentials/credentials.h" /* support itanium as well */ static const struct print_architecture_table_node archi_table[]= { @@ -1120,6 +1122,7 @@ static bool get_printer_info(struct rpc_pipe_client *pipe_hnd, { struct dcerpc_binding_handle *b = pipe_hnd->binding_handle; struct policy_handle hnd; + struct cli_credentials *creds = gensec_get_credentials(pipe_hnd->auth->auth_ctx); WERROR werr; /* no arguments given, enumerate all printers */ @@ -1136,7 +1139,7 @@ static bool get_printer_info(struct rpc_pipe_client *pipe_hnd, /* argument given, get a single printer by name */ if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, argv[0], MAXIMUM_ALLOWED_ACCESS, - pipe_hnd->auth->user_name, + cli_credentials_get_username(creds), &hnd)) return false; @@ -1315,6 +1318,8 @@ static NTSTATUS rpc_printer_publish_internals_args(struct rpc_pipe_client *pipe_ struct policy_handle hnd = { 0, }; WERROR result; const char *action_str; + struct cli_credentials *creds = gensec_get_credentials(pipe_hnd->auth->auth_ctx); + const char *username = cli_credentials_get_username(creds); if (!get_printer_info(pipe_hnd, mem_ctx, 2, argc, argv, &num_printers, &info_enum)) return nt_status; @@ -1330,7 +1335,7 @@ static NTSTATUS rpc_printer_publish_internals_args(struct rpc_pipe_client *pipe_ /* open printer handle */ if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename, - PRINTER_ALL_ACCESS, pipe_hnd->auth->user_name, &hnd)) + PRINTER_ALL_ACCESS, username, &hnd)) goto done; /* check for existing dst printer */ @@ -1912,6 +1917,8 @@ NTSTATUS rpc_printer_migrate_drivers_internals(struct net_context *c, struct cli_state *cli_share_src = NULL; struct cli_state *cli_share_dst = NULL; const char *drivername = NULL; + struct cli_credentials *creds = gensec_get_credentials(pipe_hnd->auth->auth_ctx); + const char *username = cli_credentials_get_username(creds); WERROR werr; DEBUG(3,("copying printer-drivers\n")); @@ -1990,7 +1997,7 @@ NTSTATUS rpc_printer_migrate_drivers_internals(struct net_context *c, /* open src printer handle */ if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename, MAXIMUM_ALLOWED_ACCESS, - pipe_hnd->auth->user_name, + username, &hnd_src)) goto done;