svn commit: samba r9488 - in trunk/source: include rpc_server

jra at samba.org jra at samba.org
Mon Aug 22 20:30:17 GMT 2005 

Author: jra
Date: 2005-08-22 20:30:16 +0000 (Mon, 22 Aug 2005)
New Revision: 9488

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9488

Log:
Move the auth_level field into the pipe auth struct. Refactoring similar
to what I'm intending on the client side.
Jeremy.

Modified:
   trunk/source/include/ntdomain.h
   trunk/source/rpc_server/srv_pipe.c
   trunk/source/rpc_server/srv_samr_nt.c


Changeset:
Modified: trunk/source/include/ntdomain.h
===================================================================
--- trunk/source/include/ntdomain.h	2005-08-22 19:48:20 UTC (rev 9487)
+++ trunk/source/include/ntdomain.h	2005-08-22 20:30:16 UTC (rev 9488)
@@ -184,7 +184,8 @@
 /* auth state for all bind types. */
 
 struct pipe_auth_data {
-	enum pipe_auth_type auth_type;
+	enum pipe_auth_type auth_type; /* switch for union below. */
+	enum pipe_auth_level auth_level;
 	union {
 		struct schannel_auth_struct *schannel_auth;
 		AUTH_NTLMSSP_STATE *auth_ntlmssp_state;
@@ -218,9 +219,8 @@
 	TALLOC_CTX *pipe_state_mem_ctx;
 
 	struct pipe_auth_data auth;
-	enum pipe_auth_level auth_level;
 
-	struct dcinfo dc; /* Keeps the creds data. */
+	struct dcinfo dc; /* Keeps the creds data from netlogon. */
 
 	/*
 	 * Windows user info.

Modified: trunk/source/rpc_server/srv_pipe.c
===================================================================
--- trunk/source/rpc_server/srv_pipe.c	2005-08-22 19:48:20 UTC (rev 9487)
+++ trunk/source/rpc_server/srv_pipe.c	2005-08-22 20:30:16 UTC (rev 9488)
@@ -200,7 +200,7 @@
 	} else {
 		auth_type = RPC_SPNEGO_AUTH_TYPE;
 	}
-	if (p->auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+	if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
 		auth_level = RPC_AUTH_LEVEL_PRIVACY;
 	} else {
 		auth_level = RPC_AUTH_LEVEL_INTEGRITY;
@@ -215,7 +215,7 @@
 
 	/* Generate the sign blob. */
 
-	switch (p->auth_level) {
+	switch (p->auth.auth_level) {
 		case PIPE_AUTH_LEVEL_PRIVACY:
 			/* Data portion is encrypted. */
 			status = ntlmssp_seal_packet(a->ntlmssp_state,
@@ -417,7 +417,7 @@
 
 		init_rpc_hdr_auth(&auth_info,
 				RPC_SCHANNEL_AUTH_TYPE,
-				p->auth_level == PIPE_AUTH_LEVEL_PRIVACY ?
+				p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY ?
 					RPC_AUTH_LEVEL_PRIVACY : RPC_AUTH_LEVEL_INTEGRITY,
 				ss_padding_len, 1);
 
@@ -431,7 +431,7 @@
 		prs_init(&rauth, 0, p->mem_ctx, MARSHALL);
 
 		schannel_encode(p->auth.a_u.schannel_auth, 
-			      p->auth_level,
+			      p->auth.auth_level,
 			      SENDER_IS_ACCEPTOR,
 			      &verf, data, data_len + ss_padding_len);
 
@@ -581,7 +581,7 @@
 
 BOOL create_next_pdu(pipes_struct *p)
 {
-	switch(p->auth_level) {
+	switch(p->auth.auth_level) {
 		case PIPE_AUTH_LEVEL_NONE:
 		case PIPE_AUTH_LEVEL_CONNECT:
 			/* This is incorrect for auth level connect. Fixme. JRA */
@@ -600,7 +600,7 @@
 	}
 
 	DEBUG(0,("create_next_pdu: invalid internal auth level %u / type %u",
-			(unsigned int)p->auth_level,
+			(unsigned int)p->auth.auth_level,
 			(unsigned int)p->auth.auth_type));
 	return False;
 }
@@ -821,7 +821,7 @@
 	if (p->auth.auth_data_free_func) {
 		(*p->auth.auth_data_free_func)(&p->auth);
 	}
-	p->auth_level = PIPE_AUTH_LEVEL_NONE;
+	p->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
 	p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
 	p->pipe_bound = False;
 
@@ -1481,10 +1481,10 @@
 		/* Work out if we have to sign or seal etc. */
 		switch (auth_info.auth_level) {
 			case RPC_AUTH_LEVEL_INTEGRITY:
-				p->auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
+				p->auth.auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
 				break;
 			case RPC_AUTH_LEVEL_PRIVACY:
-				p->auth_level = PIPE_AUTH_LEVEL_PRIVACY;
+				p->auth.auth_level = PIPE_AUTH_LEVEL_PRIVACY;
 				break;
 			default:
 				DEBUG(0,("api_pipe_bind_req: unexpected auth level (%u).\n",
@@ -1522,7 +1522,7 @@
 			/* We're finished - no more packets. */
 			p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
 			/* We must set the pipe auth_level here also. */
-			p->auth_level = PIPE_AUTH_LEVEL_NONE;
+			p->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
 			p->pipe_bound = True;
 			break;
 
@@ -1837,7 +1837,7 @@
 	
 	*pstatus = NT_STATUS_OK;
 
-	if (p->auth_level == PIPE_AUTH_LEVEL_NONE || p->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+	if (p->auth.auth_level == PIPE_AUTH_LEVEL_NONE || p->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) {
 		return True;
 	}
 
@@ -1885,7 +1885,7 @@
 	auth_blob.data = prs_data_p(rpc_in) + prs_offset(rpc_in);
 	auth_blob.length = auth_len;
 	
-	switch (p->auth_level) {
+	switch (p->auth.auth_level) {
 		case PIPE_AUTH_LEVEL_PRIVACY:
 			/* Data is encrypted. */
 			*pstatus = ntlmssp_unseal_packet(a->ntlmssp_state,
@@ -1985,7 +1985,7 @@
 	}
 
 	if (!schannel_decode(p->auth.a_u.schannel_auth,
-			   p->auth_level,
+			   p->auth.auth_level,
 			   SENDER_IS_INITIATOR,
 			   &schannel_chk,
 			   prs_data_p(rpc_in)+old_offset, data_len)) {

Modified: trunk/source/rpc_server/srv_samr_nt.c
===================================================================
--- trunk/source/rpc_server/srv_samr_nt.c	2005-08-22 19:48:20 UTC (rev 9487)
+++ trunk/source/rpc_server/srv_samr_nt.c	2005-08-22 20:30:16 UTC (rev 9488)
@@ -1459,7 +1459,7 @@
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	if (p->auth_level != PIPE_AUTH_LEVEL_PRIVACY) {
+	if (p->auth.auth_level != PIPE_AUTH_LEVEL_PRIVACY) {
 		return NT_STATUS_ACCESS_DENIED;
 	}

More information about the samba-cvs mailing list