svn commit: samba r10764 - in branches/SAMBA_4_0/source: auth/gensec rpc_server/lsa torture/rpc

abartlet at samba.org abartlet at samba.org
Thu Oct 6 11:15:24 GMT 2005


Author: abartlet
Date: 2005-10-06 11:15:20 +0000 (Thu, 06 Oct 2005)
New Revision: 10764

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10764

Log:
To match Win2k3 SP1, we need to set an anonymous user token for
schannel connections.

Test for Win2k3 SP1 behaviour in RPC-SCHANNEL.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/auth/gensec/schannel.c
   branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
   branches/SAMBA_4_0/source/torture/rpc/schannel.c


Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/schannel.c
===================================================================
--- branches/SAMBA_4_0/source/auth/gensec/schannel.c	2005-10-06 10:29:28 UTC (rev 10763)
+++ branches/SAMBA_4_0/source/auth/gensec/schannel.c	2005-10-06 11:15:20 UTC (rev 10764)
@@ -160,23 +160,34 @@
 		
 
 /** 
- * Return the credentials of a logged on user, including session keys
- * etc.
+ * Returns anonymous credentials for schannel, matching Win2k3.
  *
- * Only valid after a successful authentication
- *
- * May only be called once per authentication.
- *
  */
 
 static NTSTATUS schannel_session_info(struct gensec_security *gensec_security,
-				      struct auth_session_info **session_info)
+					 struct auth_session_info **_session_info) 
 {
-	(*session_info) = talloc(gensec_security, struct auth_session_info);
-	NT_STATUS_HAVE_NO_MEMORY(*session_info);
+	NTSTATUS nt_status;
+	struct schannel_state *state = gensec_security->private_data;
+	struct auth_serversupplied_info *server_info = NULL;
+	struct auth_session_info *session_info = NULL;
+	TALLOC_CTX *mem_ctx = talloc_new(state);
+	
+	nt_status = auth_anonymous_server_info(mem_ctx,
+					       &server_info);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		talloc_free(mem_ctx);
+		return nt_status;
+	}
 
-	ZERO_STRUCTP(*session_info);
+	/* references the server_info into the session_info */
+	nt_status = auth_generate_session_info(state, server_info, &session_info);
+	talloc_free(mem_ctx);
 
+	NT_STATUS_NOT_OK_RETURN(nt_status);
+
+	*_session_info = session_info;
+
 	return NT_STATUS_OK;
 }
 

Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2005-10-06 10:29:28 UTC (rev 10763)
+++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2005-10-06 11:15:20 UTC (rev 10764)
@@ -2404,7 +2404,7 @@
   lsa_GetUserName
 */
 static NTSTATUS lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-		       struct lsa_GetUserName *r)
+				struct lsa_GetUserName *r)
 {
 	NTSTATUS status = NT_STATUS_OK;
 	const char *account_name;

Modified: branches/SAMBA_4_0/source/torture/rpc/schannel.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/schannel.c	2005-10-06 10:29:28 UTC (rev 10763)
+++ branches/SAMBA_4_0/source/torture/rpc/schannel.c	2005-10-06 11:15:20 UTC (rev 10764)
@@ -112,9 +112,9 @@
 				return False;
 			}
 
-			if (strcmp(r.out.account_name->string, "SYSTEM") != 0) {
+			if (strcmp(r.out.account_name->string, "ANONYMOUS LOGON") != 0) {
 				printf("GetUserName returned wrong user: %s, expected %s\n",
-				       r.out.account_name->string, "SYSTEM");
+				       r.out.account_name->string, "ANONYMOUS LOGON");
 				return False;
 			}
 			if (!r.out.authority_name || !r.out.authority_name->string) {



More information about the samba-cvs mailing list