r5667: Move schannel state into libcli/auth (as it belongs with schannel,

which will move in with the rest of GENSEC shortly).

Add the RID as another element in the schannel state.

Andrew Bartlett
(This used to be commit 69114b4a8e1c937ab5ff12ca91dd22bd83fd9a3b)

diff --git a/source4/libcli/auth/credentials.h b/source4/libcli/auth/credentials.h
index 7c3c4379d12e2066825abd1df706619cd33001b7..d1417bf83e78e35b1b5bacd9f497f47b143664bc 100644 (file)
--- a/source4/libcli/auth/credentials.h
+++ b/source4/libcli/auth/credentials.h
@@ -32,6 +32,7 @@ struct creds_CredentialState {
        uint16_t secure_channel_type;
        const char *computer_name;
        const char *account_name;
+       uint32_t rid;
 };
 
 /* for the timebeing, use the same neg flags as Samba3. */

diff --git a/source4/libcli/auth/gensec.mk b/source4/libcli/auth/gensec.mk
index e4559bb9729e2f5432adc5771b3427435b797c12..7e2e34081d3a8629f8820a04ec81bd8666a75fd4 100644 (file)
--- a/source4/libcli/auth/gensec.mk
+++ b/source4/libcli/auth/gensec.mk
@@ -67,3 +67,13 @@ ADD_OBJ_FILES = \
 REQUIRED_SUBSYSTEMS = AUTH
 # End MODULE gensec_ntlmssp
 ################################################
+
+################################################
+# Start SUBSYSTEM SCHANNELDB
+[SUBSYSTEM::SCHANNELDB]
+INIT_OBJ_FILES = \
+               libcli/auth/schannel_state.o
+#
+# End SUBSYSTEM SCHANNELDB
+################################################
+

diff --git a/source4/rpc_server/netlogon/schannel_state.c b/source4/libcli/auth/schannel_state.c
similarity index 95%
rename from source4/rpc_server/netlogon/schannel_state.c
rename to source4/libcli/auth/schannel_state.c
index e7c9c133145030bd1d2da641d2555fabd43f7b06..2a9e0a3ec397459d951300f6dc82f99103296cb9 100644 (file)
--- a/source4/rpc_server/netlogon/schannel_state.c
+++ b/source4/libcli/auth/schannel_state.c
@@ -64,6 +64,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
        char *s;
        char *f;
        char *sct;
+       char *rid;
        time_t expiry = time(NULL) + SCHANNEL_CREDENTIALS_EXPIRY;
        int ret;
 
@@ -93,6 +94,13 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
                return NT_STATUS_NO_MEMORY;
        }
 
+       rid = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->rid);
+
+       if (rid == NULL) {
+               talloc_free(ldb);
+               return NT_STATUS_NO_MEMORY;
+       }
+
        msg = ldb_msg_new(mem_ctx);
        if (msg == NULL) {
                talloc_free(ldb);
@@ -119,6 +127,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
        ldb_msg_add_string(ldb, msg, "secureChannelType", sct);
        ldb_msg_add_string(ldb, msg, "accountName", creds->account_name);
        ldb_msg_add_string(ldb, msg, "computerName", creds->computer_name);
+       ldb_msg_add_string(ldb, msg, "rid", rid);
 
        ldb_delete(ldb, msg->dn);
 
@@ -208,6 +217,8 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
 
        (*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_string(res[0], "computerName", NULL));
 
+       (*creds)->rid = ldb_msg_find_uint(res[0], "rid", 0);
+
        talloc_free(ldb);
 
        return NT_STATUS_OK;

diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index a6262d85f0e5a56a3e594ee5bffc5078e2d8f1d9..d99d43ad5875a276c2c15a3f72e5bc5d6a97bf80 100644 (file)
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -36,13 +36,6 @@ struct dcerpc_schannel_state {
        char *account_name;
 };
 
-static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
-                                   const char *domain,
-                                   const char *username,
-                                   const char *password,
-                                   int chan_type,
-                                   struct creds_CredentialState *creds);
-
 /*
   wrappers for the schannel_*() functions
 

diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk
index e50aa58c3591baaead98c59c4442d8e46371cd6d..765f2237bca3627296b0de8dfeaea8cdc908e10e 100644 (file)
--- a/source4/rpc_server/config.mk
+++ b/source4/rpc_server/config.mk
@@ -31,15 +31,6 @@ REQUIRED_SUBSYSTEMS = \
 # End MODULE dcerpc_dcom
 ################################################
 
-################################################
-# Start SUBSYSTEM SCHANNELDB
-[SUBSYSTEM::SCHANNELDB]
-INIT_OBJ_FILES = \
-               rpc_server/netlogon/schannel_state.o
-#
-# End SUBSYSTEM SCHANNELDB
-################################################
-
 ################################################
 # Start MODULE dcerpc_rpcecho
 [MODULE::dcerpc_rpcecho]

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index bb16ed54c6b4fc7a05143c253e7712b8eb29bbab..fd93d495e2a242201f7a67cccb814b0e8b721fed 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -45,17 +45,11 @@ static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call)
        struct server_pipe_state *state;
        NTSTATUS status;
 
-       state = talloc(dce_call->conn, struct server_pipe_state);
+       /* We want the client and server challenge zero */
+       state = talloc_zero(dce_call->conn, struct server_pipe_state);
        if (state == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
-       ZERO_STRUCTP(state);
-       
-       if (dce_call->conn->auth_state.session_info == NULL) {
-               talloc_free(state);
-               smb_panic("No session info provided by schannel level setup!");
-               return NT_STATUS_NO_USER_SESSION_KEY;
-       }
        
        status = dcerpc_schannel_creds(dce_call->conn->auth_state.gensec_security, 
                                       state, 
@@ -235,6 +229,7 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL
 
        pipe_state->creds->secure_channel_type = r->in.secure_channel_type;
 
+       pipe_state->creds->rid = *r->out.rid;
        /* remember this session key state */
        nt_status = schannel_store_session_key(mem_ctx, pipe_state->creds);