auth/gensec: use auth_ctx->generate_session_info() for schannel

This way we generate a correct session info for the s3 rpc_server,
including a unix token.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 3d30e83b3a476af33cf0945b45ce5eaf41c06f09..ee23e77ace417745b2b7ba336818b6ac45f781f6 100644 (file)
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -38,6 +38,7 @@ struct schannel_state {
        uint64_t seq_num;
        bool initiator;
        struct netlogon_creds_CredentialState *creds;
+       struct auth_user_info_dc *user_info_dc;
 };
 
 #define SETUP_SEQNUM(state, buf, initiator) do { \
@@ -58,14 +59,13 @@ static struct schannel_state *netsec_create_state(
 {
        struct schannel_state *state;
 
-       state = talloc(gensec, struct schannel_state);
+       state = talloc_zero(gensec, struct schannel_state);
        if (state == NULL) {
                return NULL;
        }
 
        state->gensec = gensec;
        state->initiator = initiator;
-       state->seq_num = 0;
        state->creds = netlogon_creds_copy(state, creds);
        if (state->creds == NULL) {
                talloc_free(state);
@@ -580,6 +580,13 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
                        return NT_STATUS_NO_MEMORY;
                }
 
+               status = auth_anonymous_user_info_dc(state,
+                               lpcfg_netbios_name(gensec_security->settings->lp_ctx),
+                               &state->user_info_dc);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
+
                bind_schannel_ack.MessageType = NL_NEGOTIATE_RESPONSE;
                bind_schannel_ack.Flags = 0;
                bind_schannel_ack.Buffer.dummy = 0x6c0000; /* actually I think
@@ -610,7 +617,43 @@ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security,
                                      TALLOC_CTX *mem_ctx,
                                      struct auth_session_info **_session_info)
 {
-       return auth_anonymous_session_info(mem_ctx, gensec_security->settings->lp_ctx, _session_info);
+       struct schannel_state *state =
+               talloc_get_type(gensec_security->private_data,
+               struct schannel_state);
+       struct auth4_context *auth_ctx = gensec_security->auth_context;
+       struct auth_session_info *session_info = NULL;
+       uint32_t session_info_flags = 0;
+       NTSTATUS status;
+
+       if (auth_ctx == NULL) {
+               DEBUG(0, ("Cannot generate a session_info without the auth_context\n"));
+               return NT_STATUS_INTERNAL_ERROR;
+       }
+
+       if (auth_ctx->generate_session_info == NULL) {
+               DEBUG(0, ("Cannot generate a session_info without the generate_session_info hook\n"));
+               return NT_STATUS_INTERNAL_ERROR;
+       }
+
+       if (gensec_security->want_features & GENSEC_FEATURE_UNIX_TOKEN) {
+               session_info_flags |= AUTH_SESSION_INFO_UNIX_TOKEN;
+       }
+
+       session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
+
+       status = auth_ctx->generate_session_info(
+                               auth_ctx,
+                               mem_ctx,
+                               state->user_info_dc,
+                               state->user_info_dc->info->account_name,
+                               session_info_flags,
+                               &session_info);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
+       *_session_info = session_info;
+       return NT_STATUS_OK;
 }
 
 static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)