From: Volker Lendecke Date: Fri, 25 Apr 2008 14:31:31 +0000 (+0200) Subject: Revert "Refactoring: Make cli_pipe_auth_data a pointer off rpc_pipe_client" X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ec46de7e0550ea94ade60af29734de8891804c87;p=thirdparty%2Fsamba.git Revert "Refactoring: Make cli_pipe_auth_data a pointer off rpc_pipe_client" This reverts commit f665afaaa3eff9ef54112e08ed034a6e1bb30edc. --- diff --git a/source/include/client.h b/source/include/client.h index d866c09cce7..9cbfa51bb1f 100644 --- a/source/include/client.h +++ b/source/include/client.h @@ -77,7 +77,7 @@ struct rpc_pipe_client { uint16 max_xmit_frag; uint16 max_recv_frag; - struct cli_pipe_auth_data *auth; + struct cli_pipe_auth_data auth; /* The following is only non-null on a netlogon pipe. */ struct dcinfo *dc; diff --git a/source/libsmb/trusts_util.c b/source/libsmb/trusts_util.c index 6b3bbaf1d82..20ac0143fd7 100644 --- a/source/libsmb/trusts_util.c +++ b/source/libsmb/trusts_util.c @@ -39,7 +39,7 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX /* Check if the netlogon pipe is open using schannel. If so we already have valid creds. If not we must set them up. */ - if (cli->auth->auth_type != PIPE_AUTH_TYPE_SCHANNEL) { + if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; result = rpccli_netlogon_setup_creds(cli, diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c index 8c540ee6fd2..828307cace8 100644 --- a/source/rpc_client/cli_pipe.c +++ b/source/rpc_client/cli_pipe.c @@ -215,7 +215,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr RPC_HDR_AUTH auth_info; uint32 save_offset = prs_offset(current_pdu); uint32 auth_len = prhdr->auth_len; - NTLMSSP_STATE *ntlmssp_state = cli->auth->a_u.ntlmssp_state; + NTLMSSP_STATE *ntlmssp_state = cli->auth.a_u.ntlmssp_state; unsigned char *data = NULL; size_t data_len; unsigned char *full_packet_data = NULL; @@ -223,8 +223,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr DATA_BLOB auth_blob; NTSTATUS status; - if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE - || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) { + if (cli->auth.auth_level == PIPE_AUTH_LEVEL_NONE || cli->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) { return NT_STATUS_OK; } @@ -268,7 +267,7 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr auth_blob.data = (unsigned char *)prs_data_p(current_pdu) + prs_offset(current_pdu); auth_blob.length = auth_len; - switch (cli->auth->auth_level) { + switch (cli->auth.auth_level) { case PIPE_AUTH_LEVEL_PRIVACY: /* Data is encrypted. */ status = ntlmssp_unseal_packet(ntlmssp_state, @@ -306,8 +305,8 @@ static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *pr } break; default: - DEBUG(0, ("cli_pipe_verify_ntlmssp: unknown internal " - "auth level %d\n", cli->auth->auth_level)); + DEBUG(0,("cli_pipe_verify_ntlmssp: unknown internal auth level %d\n", + cli->auth.auth_level )); return NT_STATUS_INVALID_INFO_CLASS; } @@ -343,12 +342,10 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p RPC_AUTH_SCHANNEL_CHK schannel_chk; uint32 auth_len = prhdr->auth_len; uint32 save_offset = prs_offset(current_pdu); - struct schannel_auth_struct *schannel_auth = - cli->auth->a_u.schannel_auth; + struct schannel_auth_struct *schannel_auth = cli->auth.a_u.schannel_auth; uint32 data_len; - if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE - || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) { + if (cli->auth.auth_level == PIPE_AUTH_LEVEL_NONE || cli->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) { return NT_STATUS_OK; } @@ -395,7 +392,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p } if (!schannel_decode(schannel_auth, - cli->auth->auth_level, + cli->auth.auth_level, SENDER_IS_ACCEPTOR, &schannel_chk, prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN, @@ -459,7 +456,7 @@ static NTSTATUS cli_pipe_validate_rpc_response(struct rpc_pipe_client *cli, RPC_ * Now we have a complete RPC request PDU fragment, try and verify any auth data. */ - switch(cli->auth->auth_type) { + switch(cli->auth.auth_type) { case PIPE_AUTH_TYPE_NONE: if (prhdr->auth_len) { DEBUG(3, ("cli_pipe_validate_rpc_response: Connection to remote machine %s " @@ -490,12 +487,12 @@ static NTSTATUS cli_pipe_validate_rpc_response(struct rpc_pipe_client *cli, RPC_ case PIPE_AUTH_TYPE_KRB5: case PIPE_AUTH_TYPE_SPNEGO_KRB5: default: - DEBUG(3, ("cli_pipe_validate_rpc_response: Connection " - "to remote machine %s pipe %s fnum %x - " - "unknown internal auth type %u.\n", - cli->desthost, cli->pipe_name, - (unsigned int)cli->fnum, - cli->auth->auth_type )); + DEBUG(3, ("cli_pipe_validate_rpc_response: Connection to remote machine %s " + "pipe %s fnum %x - unknown internal auth type %u.\n", + cli->desthost, + cli->pipe_name, + (unsigned int)cli->fnum, + cli->auth.auth_type )); return NT_STATUS_INVALID_INFO_CLASS; } @@ -915,7 +912,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli, { #ifdef HAVE_KRB5 int ret; - struct kerberos_auth_struct *a = cli->auth->a_u.kerberos_auth; + struct kerberos_auth_struct *a = cli->auth.a_u.kerberos_auth; DATA_BLOB tkt = data_blob_null; DATA_BLOB tkt_wrapped = data_blob_null; @@ -981,7 +978,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client init_rpc_hdr_auth(pauth_out, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1); DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n")); - nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, + nt_status = ntlmssp_update(cli->auth.a_u.ntlmssp_state, null_blob, &request); @@ -1027,7 +1024,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, init_rpc_hdr_auth(pauth_out, RPC_NTLMSSP_AUTH_TYPE, (int)auth_level, 0, 1); DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n")); - nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, + nt_status = ntlmssp_update(cli->auth.a_u.ntlmssp_state, null_blob, &request); @@ -1259,15 +1256,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, DATA_BLOB auth_blob = data_blob_null; uint16 data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN; - if (!cli->auth->a_u.ntlmssp_state) { + if (!cli->auth.a_u.ntlmssp_state) { return NT_STATUS_INVALID_PARAMETER; } /* Init and marshall the auth header. */ init_rpc_hdr_auth(&auth_info, - map_pipe_auth_type_to_rpc_auth_type( - cli->auth->auth_type), - cli->auth->auth_level, + map_pipe_auth_type_to_rpc_auth_type(cli->auth.auth_type), + cli->auth.auth_level, ss_padding_len, 1 /* context id. */); @@ -1277,10 +1273,10 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, return NT_STATUS_NO_MEMORY; } - switch (cli->auth->auth_level) { + switch (cli->auth.auth_level) { case PIPE_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ - status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state, + status = ntlmssp_seal_packet(cli->auth.a_u.ntlmssp_state, (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, data_and_pad_len, (unsigned char *)prs_data_p(outgoing_pdu), @@ -1294,7 +1290,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, case PIPE_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ - status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state, + status = ntlmssp_sign_packet(cli->auth.a_u.ntlmssp_state, (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, data_and_pad_len, (unsigned char *)prs_data_p(outgoing_pdu), @@ -1337,7 +1333,7 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, { RPC_HDR_AUTH auth_info; RPC_AUTH_SCHANNEL_CHK verf; - struct schannel_auth_struct *sas = cli->auth->a_u.schannel_auth; + struct schannel_auth_struct *sas = cli->auth.a_u.schannel_auth; char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN; size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN; @@ -1347,8 +1343,8 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, /* Init and marshall the auth header. */ init_rpc_hdr_auth(&auth_info, - map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type), - cli->auth->auth_level, + map_pipe_auth_type_to_rpc_auth_type(cli->auth.auth_type), + cli->auth.auth_level, ss_padding_len, 1 /* context id. */); @@ -1357,14 +1353,14 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, return NT_STATUS_NO_MEMORY; } - switch (cli->auth->auth_level) { + switch (cli->auth.auth_level) { case PIPE_AUTH_LEVEL_PRIVACY: case PIPE_AUTH_LEVEL_INTEGRITY: DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n", sas->seq_num)); schannel_encode(sas, - cli->auth->auth_level, + cli->auth.auth_level, SENDER_IS_INITIATOR, &verf, data_p, @@ -1403,7 +1399,7 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli, { uint32 data_space, data_len; - switch (cli->auth->auth_level) { + switch (cli->auth.auth_level) { case PIPE_AUTH_LEVEL_NONE: case PIPE_AUTH_LEVEL_CONNECT: data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN; @@ -1416,7 +1412,7 @@ static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli, case PIPE_AUTH_LEVEL_INTEGRITY: case PIPE_AUTH_LEVEL_PRIVACY: /* Treat the same for all authenticated rpc requests. */ - switch(cli->auth->auth_type) { + switch(cli->auth.auth_type) { case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: case PIPE_AUTH_TYPE_NTLMSSP: *p_auth_len = NTLMSSP_SIG_SIZE; @@ -1530,7 +1526,7 @@ NTSTATUS rpc_api_pipe_req(struct rpc_pipe_client *cli, /* Generate any auth sign/seal and add the auth footer. */ if (auth_len) { - switch (cli->auth->auth_type) { + switch (cli->auth.auth_type) { case PIPE_AUTH_TYPE_NONE: break; case PIPE_AUTH_TYPE_NTLMSSP: @@ -1766,7 +1762,7 @@ static NTSTATUS rpc_finish_auth3_bind(struct rpc_pipe_client *cli, server_response = data_blob(NULL, phdr->auth_len); prs_copy_data_out((char *)server_response.data, rbuf, phdr->auth_len); - nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, + nt_status = ntlmssp_update(cli->auth.a_u.ntlmssp_state, server_response, &client_reply); @@ -1904,7 +1900,7 @@ static NTSTATUS rpc_finish_spnego_ntlmssp_bind(struct rpc_pipe_client *cli, data_blob_free(&server_spnego_response); data_blob_free(&tmp_blob); - nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, + nt_status = ntlmssp_update(cli->auth.a_u.ntlmssp_state, server_ntlm_response, &client_reply); @@ -2108,14 +2104,14 @@ static NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli, /* For NTLMSSP ensure the server gave us the auth_level we wanted. */ if (auth_type == PIPE_AUTH_TYPE_NTLMSSP || auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) { if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { - if (!(cli->auth->a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) { + if (!(cli->auth.a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) { DEBUG(0,("cli_finish_bind_auth: requested NTLMSSSP signing and server refused.\n")); prs_mem_free(&rbuf); return NT_STATUS_INVALID_PARAMETER; } } if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { - if (!(cli->auth->a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { + if (!(cli->auth.a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { DEBUG(0,("cli_finish_bind_auth: requested NTLMSSSP sealing and server refused.\n")); prs_mem_free(&rbuf); return NT_STATUS_INVALID_PARAMETER; @@ -2125,8 +2121,8 @@ static NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli, /* Pipe is bound - set up auth_type and auth_level data. */ - cli->auth->auth_type = auth_type; - cli->auth->auth_level = auth_level; + cli->auth.auth_type = auth_type; + cli->auth.auth_level = auth_level; prs_mem_free(&rbuf); return NT_STATUS_OK; @@ -2145,13 +2141,13 @@ bool rpccli_is_pipe_idx(struct rpc_pipe_client *cli, int pipe_idx) bool rpccli_get_pwd_hash(struct rpc_pipe_client *cli, uint8_t nt_hash[16]) { - if (!((cli->auth->auth_type == PIPE_AUTH_TYPE_NTLMSSP) - || (cli->auth->auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) { + if (!((cli->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) + || (cli->auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) { E_md4hash(cli->cli->pwd.password, nt_hash); return true; } - memcpy(nt_hash, cli->auth->a_u.ntlmssp_state->nt_hash, 16); + memcpy(nt_hash, cli->auth.a_u.ntlmssp_state->nt_hash, 16); return true; } @@ -2172,8 +2168,8 @@ static int rpc_pipe_destructor(struct rpc_pipe_client *p) p->desthost, cli_errstr(p->cli))); } - if (p->auth->cli_auth_data_free_func) { - (*p->auth->cli_auth_data_free_func)(p->auth); + if (p->auth.cli_auth_data_free_func) { + (*p->auth.cli_auth_data_free_func)(&p->auth); } DEBUG(10, ("rpc_pipe_destructor: closed pipe %s to machine %s\n", @@ -2220,20 +2216,13 @@ static struct rpc_pipe_client *cli_rpc_pipe_open(struct cli_state *cli, int pipe return NULL; } - result->auth = TALLOC_ZERO_P(result, struct cli_pipe_auth_data); - if (result->auth == NULL) { - *perr = NT_STATUS_NO_MEMORY; - TALLOC_FREE(result); - return NULL; - } - result->pipe_name = cli_get_pipe_name(pipe_idx); result->cli = cli; result->abstract_syntax = pipe_names[pipe_idx].abstr_syntax; result->transfer_syntax = pipe_names[pipe_idx].trans_syntax; - result->auth->auth_type = PIPE_AUTH_TYPE_NONE; - result->auth->auth_level = PIPE_AUTH_LEVEL_NONE; + result->auth.auth_type = PIPE_AUTH_TYPE_NONE; + result->auth.auth_level = PIPE_AUTH_LEVEL_NONE; result->domain = talloc_strdup(result, cli->domain); result->user_name = talloc_strdup(result, cli->user_name); @@ -2347,7 +2336,7 @@ static struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_internal(struct cli_sta return NULL; } - result->auth->cli_auth_data_free_func = cli_ntlmssp_auth_free; + result->auth.cli_auth_data_free_func = cli_ntlmssp_auth_free; TALLOC_FREE(result->domain); TALLOC_FREE(result->user_name); @@ -2365,7 +2354,7 @@ static struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_internal(struct cli_sta goto err; } - result->auth->a_u.ntlmssp_state = ntlmssp_state; + result->auth.a_u.ntlmssp_state = ntlmssp_state; *perr = ntlmssp_set_username(ntlmssp_state, username); if (!NT_STATUS_IS_OK(*perr)) { @@ -2562,9 +2551,9 @@ struct rpc_pipe_client *cli_rpc_pipe_open_schannel_with_key(struct cli_state *cl return NULL; } - result->auth->a_u.schannel_auth = TALLOC_ZERO_P( + result->auth.a_u.schannel_auth = TALLOC_ZERO_P( result, struct schannel_auth_struct); - if (!result->auth->a_u.schannel_auth) { + if (!result->auth.a_u.schannel_auth) { TALLOC_FREE(result); *perr = NT_STATUS_NO_MEMORY; return NULL; @@ -2578,7 +2567,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_schannel_with_key(struct cli_state *cl return NULL; } - memcpy(result->auth->a_u.schannel_auth->sess_key, pdc->sess_key, 16); + memcpy(result->auth.a_u.schannel_auth->sess_key, pdc->sess_key, 16); *perr = rpc_pipe_bind(result, PIPE_AUTH_TYPE_SCHANNEL, auth_level); if (!NT_STATUS_IS_OK(*perr)) { @@ -2755,16 +2744,16 @@ struct rpc_pipe_client *cli_rpc_pipe_open_krb5(struct cli_state *cli, } } - result->auth->a_u.kerberos_auth = TALLOC_ZERO_P( + result->auth.a_u.kerberos_auth = TALLOC_ZERO_P( result, struct kerberos_auth_struct); - if (!result->auth->a_u.kerberos_auth) { + if (!result->auth.a_u.kerberos_auth) { TALLOC_FREE(result); *perr = NT_STATUS_NO_MEMORY; return NULL; } - result->auth->a_u.kerberos_auth->service_principal = service_princ; - result->auth->cli_auth_data_free_func = kerberos_auth_struct_free; + result->auth.a_u.kerberos_auth->service_principal = service_princ; + result->auth.cli_auth_data_free_func = kerberos_auth_struct_free; *perr = rpc_pipe_bind(result, PIPE_AUTH_TYPE_KRB5, auth_level); if (!NT_STATUS_IS_OK(*perr)) { diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c index 10a17412070..ebd38044b84 100644 --- a/source/rpcclient/rpcclient.c +++ b/source/rpcclient/rpcclient.c @@ -334,10 +334,8 @@ static NTSTATUS cmd_set_ss_level(void) continue; } - if ((tmp_set->rpc_pipe->auth->auth_type - != pipe_default_auth_type) - || (tmp_set->rpc_pipe->auth->auth_level - != pipe_default_auth_level)) { + if (tmp_set->rpc_pipe->auth.auth_type != pipe_default_auth_type || + tmp_set->rpc_pipe->auth.auth_level != pipe_default_auth_level) { TALLOC_FREE(tmp_set->rpc_pipe); tmp_set->rpc_pipe = NULL; }