r1078: the dxesrv_crypto_* implementations should now explicit set

the dce_conn->auth_state.session_info
( the ntlmssp one works fine, but the schannel one isn't implemented yet)

this is also set by the ntvfs_ipc backend on the endpoint connect.

metze
(This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051)

source4/auth/auth_util.c

@@ -330,7 +330,7 @@ BOOL make_user_info_guest(struct auth_usersupplied_info **user_info)
  prints a NT_USER_TOKEN to debug output.
 ****************************************************************************/
 
-void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
+void debug_nt_user_token(int dbg_class, int dbg_lev, const NT_USER_TOKEN *token)
 {
 	TALLOC_CTX *mem_ctx;
 
@@ -356,6 +356,20 @@ void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
 	talloc_destroy(mem_ctx);
 }
 
+/****************************************************************************
+ prints a NT_USER_TOKEN to debug output.
+****************************************************************************/
+
+void debug_session_info(int dbg_class, int dbg_lev, const struct auth_session_info *session_info)
+{
+	if (!session_info) {
+		DEBUGC(dbg_class, dbg_lev, ("Session Info: (NULL)\n"));
+		return;	
+	}
+
+	debug_nt_user_token(dbg_class, dbg_lev, session_info->nt_user_token);
+}
+
 /****************************************************************************
  Create the SID list for this user.
 ****************************************************************************/

source4/ntvfs/ipc/vfs_ipc.c

@@ -195,6 +195,7 @@ static NTSTATUS ipc_open_generic(struct request_context *req, const char *fname,
 	TALLOC_CTX *mem_ctx;
 	NTSTATUS status;
 	struct dcesrv_ep_description ep_description;
+	struct auth_session_info *session_info = NULL;
 	struct ipc_private *private = req->conn->ntvfs_private;
 
 	mem_ctx = talloc_init("ipc_open '%s'", fname);
@@ -240,7 +241,18 @@ static NTSTATUS ipc_open_generic(struct request_context *req, const char *fname,
 	ep_description.type = ENDPOINT_SMB;
 	ep_description.info.smb_pipe = p->pipe_name;
 
-	status = dcesrv_endpoint_search_connect(&req->smb->dcesrv, &ep_description, &p->dce_conn);
+	/* tell the RPC layer the session_info */
+	if (req->user_ctx->vuser) {
+		/* 
+		 * TODO:  we need to reference count the entire session_info
+		 */
+		session_info = req->user_ctx->vuser->session_info;
+	}
+
+	status = dcesrv_endpoint_search_connect(&req->smb->dcesrv, 
+						&ep_description, 
+						session_info,
+						&p->dce_conn);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_destroy(mem_ctx);
 		return status;
@@ -252,13 +264,6 @@ static NTSTATUS ipc_open_generic(struct request_context *req, const char *fname,
 
 	*ps = p;
 
-	/* tell the RPC layer the transport session key */
-	if (req->user_ctx->vuser) {
-		/* TODO: Fix this to push more than just a session key
-		 * down - we need the entire session_info, reference counted... */
-		dcesrv_set_session_key(p->dce_conn, req->user_ctx->vuser->session_info->session_key);
-	}
-
 	return NT_STATUS_OK;
 }
 

source4/rpc_server/dcerpc_server.c

@@ -271,24 +271,17 @@ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
 	(*p)->auth_state.auth_info = NULL;
 	(*p)->auth_state.crypto_ctx.private_data = NULL;
 	(*p)->auth_state.crypto_ctx.ops = NULL;
-	(*p)->session_key = data_blob(NULL, 0);
+	(*p)->auth_state.session_info = NULL;
 
 	return NT_STATUS_OK;
 }
 
-/*
-  set the transport level session key
-*/
-void dcesrv_set_session_key(struct dcesrv_connection *p, DATA_BLOB key)
-{
-	p->session_key = data_blob_talloc(p->mem_ctx, key.data, key.length);
-}
-
 /*
   search and connect to a dcerpc endpoint
 */
 NTSTATUS dcesrv_endpoint_search_connect(struct dcesrv_context *dce_ctx,
 					const struct dcesrv_ep_description *ep_description,
+					struct auth_session_info *session_info,
 					struct dcesrv_connection **dce_conn_p)
 {
 	NTSTATUS status;
@@ -305,6 +298,8 @@ NTSTATUS dcesrv_endpoint_search_connect(struct dcesrv_context *dce_ctx,
 		return status;
 	}
 
+	(*dce_conn_p)->auth_state.session_info = session_info;
+
 	/* TODO: check security descriptor of the endpoint here 
 	 *       if it's a smb named pipe
 	 *	 if it's failed free dce_conn_p

source4/rpc_server/dcerpc_server.h

@@ -100,7 +100,6 @@ struct dcesrv_crypto_ops {
 	NTSTATUS (*start)(struct dcesrv_auth *auth, DATA_BLOB *auth_blob);
 	NTSTATUS (*update)(struct dcesrv_auth *auth, TALLOC_CTX *out_mem_ctx,
 				const DATA_BLOB in, DATA_BLOB *out);
-	NTSTATUS (*session_info)(struct dcesrv_auth *auth, struct auth_session_info **session_info);
 	NTSTATUS (*seal)(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
 				uint8_t *data, size_t length, DATA_BLOB *sig);
 	NTSTATUS (*sign)(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
@@ -119,6 +118,7 @@ struct dcesrv_auth {
 		void *private_data;
 		const struct dcesrv_crypto_ops *ops;
 	} crypto_ctx;
+	struct auth_session_info *session_info;
 };
 
 
@@ -152,9 +152,6 @@ struct dcesrv_connection {
 
 	/* the current authentication state */
 	struct dcesrv_auth auth_state;
-
-	/* the transport level session key, if any */
-	DATA_BLOB session_key;
 };
 
 

source4/rpc_server/dcesrv_crypto.c

@@ -83,14 +83,6 @@ NTSTATUS dcesrv_crypto_update(struct dcesrv_auth *auth,
 	return auth->crypto_ctx.ops->update(auth, out_mem_ctx, in, out);
 }
 
-/*
-  get auth_session_info state
-*/
-NTSTATUS dcesrv_crypto_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info) 
-{
-	return auth->crypto_ctx.ops->session_info(auth, session_info);
-}
-
 /*
   seal a packet
 */

source4/rpc_server/dcesrv_crypto_ntlmssp.c

@@ -53,18 +53,15 @@ static NTSTATUS dcesrv_crypto_ntlmssp_update(struct dcesrv_auth *auth, TALLOC_CT
 						const DATA_BLOB in, DATA_BLOB *out) 
 {
 	struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data;
+	NTSTATUS status;
 
-	return auth_ntlmssp_update(auth_ntlmssp_state, out_mem_ctx, in, out);
-}
+	status = auth_ntlmssp_update(auth_ntlmssp_state, out_mem_ctx, in, out);
+	if (NT_STATUS_IS_OK(status)) {
+		/* TODO: what is when the session_info is already set */
+		return auth_ntlmssp_get_session_info(auth_ntlmssp_state, &auth->session_info);
+	}
 
-/*
-  get auth_session_info state
-*/
-static NTSTATUS dcesrv_crypto_ntlmssp_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info) 
-{
-	struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data;
-
-	return auth_ntlmssp_get_session_info(auth_ntlmssp_state, session_info);
+	return status;
 }
 
 /*
@@ -130,7 +127,6 @@ static const struct dcesrv_crypto_ops dcesrv_crypto_ntlmssp_ops = {
 	.auth_type	= DCERPC_AUTH_TYPE_NTLMSSP,
 	.start 		= dcesrv_crypto_ntlmssp_start,
 	.update 	= dcesrv_crypto_ntlmssp_update,
-	.session_info 	= dcesrv_crypto_ntlmssp_session_info,
 	.seal 		= dcesrv_crypto_ntlmssp_seal,
 	.sign		= dcesrv_crypto_ntlmssp_sign,
 	.check_sig	= dcesrv_crypto_ntlmssp_check_sig,

source4/rpc_server/dcesrv_crypto_schannel.c

@@ -81,6 +81,11 @@ static NTSTATUS dcesrv_crypto_schannel_start(struct dcesrv_auth *auth, DATA_BLOB
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
+	/* TODO: here we need to set the session_info
+	 *       what should happen when te session_info is already set
+	 */
+	auth->session_info = NULL;
+
 	auth->crypto_ctx.private_data = schannel;
 
 	ack.unknown1 = 1;
@@ -106,14 +111,6 @@ static NTSTATUS dcesrv_crypto_schannel_update(struct dcesrv_auth *auth, TALLOC_C
 	return NT_STATUS_OK;
 }
 
-/*
-  get auth_session_info state
-*/
-static NTSTATUS dcesrv_crypto_schannel_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info) 
-{
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 /*
   seal a packet
 */
@@ -181,7 +178,6 @@ static const struct dcesrv_crypto_ops dcesrv_crypto_schannel_ops = {
 	.auth_type	= DCERPC_AUTH_TYPE_SCHANNEL,
 	.start 		= dcesrv_crypto_schannel_start,
 	.update 	= dcesrv_crypto_schannel_update,
-	.session_info 	= dcesrv_crypto_schannel_session_info,
 	.seal 		= dcesrv_crypto_schannel_seal,
 	.sign		= dcesrv_crypto_schannel_sign,
 	.check_sig	= dcesrv_crypto_schannel_check_sig,

source4/rpc_server/samr/samr_password.c

@@ -693,7 +693,13 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
 {
 	char new_pass[512];
 	uint32_t new_pass_len;
-	DATA_BLOB session_key = dce_call->conn->session_key;
+	DATA_BLOB session_key; 
+
+	session_key = data_blob(NULL,0);
+
+	if (dce_call->conn->auth_state.session_info) {	
+		session_key = dce_call->conn->auth_state.session_info->session_key;
+	}
 
 	if (session_key.length == 0) {
 		DEBUG(3,("Bad session key in samr_set_password\n"));
@@ -734,9 +740,15 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
 	char new_pass[512];
 	uint32_t new_pass_len;
 	DATA_BLOB co_session_key;
-	DATA_BLOB session_key = dce_call->conn->session_key;
+	DATA_BLOB session_key;
 	struct MD5Context ctx;
 
+	session_key = data_blob(NULL,0);
+
+	if (dce_call->conn->auth_state.session_info) {	
+		session_key = dce_call->conn->auth_state.session_info->session_key;
+	}
+
 	co_session_key = data_blob_talloc(mem_ctx, NULL, 16);
 	if (!co_session_key.data) {
 		return NT_STATUS_NO_MEMORY;