#include "includes.h"
#include "../libcli/auth/ntlmssp.h"
+#include "ntlmssp_wrap.h"
+#include "../librpc/gen_ndr/netlogon.h"
-struct auth_ntlmssp_state {
- struct auth_context *auth_context;
- struct auth_serversupplied_info *server_info;
- struct ntlmssp_state *ntlmssp_state;
-};
-
-NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *auth_ntlmssp_state,
- TALLOC_CTX *sig_mem_ctx,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig)
-{
- return ntlmssp_sign_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *auth_ntlmssp_state,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig)
-{
- return ntlmssp_check_packet(auth_ntlmssp_state->ntlmssp_state, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *auth_ntlmssp_state,
- TALLOC_CTX *sig_mem_ctx,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig)
-{
- return ntlmssp_seal_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *auth_ntlmssp_state,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig)
-{
- return ntlmssp_unseal_packet(auth_ntlmssp_state->ntlmssp_state, data, length, whole_pdu, pdu_length, sig);
-}
-
-bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN;
-}
-
-bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
-}
-
-void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
-
-}
-
-void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
-
-}
-
-NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
- struct auth_ntlmssp_state *auth_ntlmssp_state,
- struct auth_serversupplied_info **_server_info)
+NTSTATUS auth_ntlmssp_steal_server_info(TALLOC_CTX *mem_ctx,
+ struct auth_ntlmssp_state *auth_ntlmssp_state,
+ struct auth_serversupplied_info **server_info)
{
- struct auth_serversupplied_info *server_info = auth_ntlmssp_state->server_info;
- data_blob_free(&server_info->user_session_key);
- server_info->user_session_key =
+ /* Free the current server_info user_session_key and reset it from the
+ * current ntlmssp_state session_key */
+ data_blob_free(&auth_ntlmssp_state->server_info->user_session_key);
+ /* Set up the final session key for the connection */
+ auth_ntlmssp_state->server_info->user_session_key =
data_blob_talloc(
- server_info,
+ auth_ntlmssp_state->server_info,
auth_ntlmssp_state->ntlmssp_state->session_key.data,
auth_ntlmssp_state->ntlmssp_state->session_key.length);
- if (auth_ntlmssp_state->ntlmssp_state->session_key.length && !server_info->user_session_key.data) {
- *_server_info = NULL;
+ if (auth_ntlmssp_state->ntlmssp_state->session_key.length &&
+ !auth_ntlmssp_state->server_info->user_session_key.data) {
+ *server_info = NULL;
return NT_STATUS_NO_MEMORY;
}
- auth_ntlmssp_state->server_info = NULL;
- *_server_info = talloc_steal(mem_ctx, server_info);
+ /* Steal server_info away from auth_ntlmssp_state */
+ *server_info = talloc_move(mem_ctx, &auth_ntlmssp_state->server_info);
return NT_STATUS_OK;
}
-struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state;
-}
-
-/* Needed for 'map to guest' and 'smb username' processing */
-const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->user;
-}
-
-const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->domain;
-}
-
-const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->client.netbios_name;
-}
-
/**
* Return the challenge as determined by the authentication subsystem
* @return an 8 byte random challenge
* Return the session keys used on the connection.
*/
-static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
+static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx,
+ DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
{
struct auth_ntlmssp_state *auth_ntlmssp_state =
(struct auth_ntlmssp_state *)ntlmssp_state->callback_private;
/* sub_set_smb_name checks for weird internally */
sub_set_smb_name(auth_ntlmssp_state->ntlmssp_state->user);
- reload_services(True);
+ reload_services(smbd_messaging_context(), -1, True);
nt_status = make_user_info_map(&user_info,
auth_ntlmssp_state->ntlmssp_state->user,
auth_ntlmssp_state->ntlmssp_state->lm_resp.data ? &auth_ntlmssp_state->ntlmssp_state->lm_resp : NULL,
auth_ntlmssp_state->ntlmssp_state->nt_resp.data ? &auth_ntlmssp_state->ntlmssp_state->nt_resp : NULL,
NULL, NULL, NULL,
- True);
+ AUTH_PASSWORD_RESPONSE);
user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
return nt_status;
}
+ /* Clear out the session keys, and pass them to the caller.
+ * They will not be used in this form again - instead the
+ * NTLMSSP code will decide on the final correct session key,
+ * and put it back here at the end of
+ * auth_ntlmssp_steal_server_info */
if (auth_ntlmssp_state->server_info->user_session_key.length) {
DEBUG(10, ("Got NT session key of length %u\n",
(unsigned int)auth_ntlmssp_state->server_info->user_session_key.length));
- *user_session_key = data_blob_talloc(auth_ntlmssp_state,
- auth_ntlmssp_state->server_info->user_session_key.data,
- auth_ntlmssp_state->server_info->user_session_key.length);
+ *user_session_key = auth_ntlmssp_state->server_info->user_session_key;
+ talloc_steal(mem_ctx, auth_ntlmssp_state->server_info->user_session_key.data);
+ auth_ntlmssp_state->server_info->user_session_key = data_blob_null;
}
if (auth_ntlmssp_state->server_info->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n",
(unsigned int)auth_ntlmssp_state->server_info->lm_session_key.length));
- *lm_session_key = data_blob_talloc(auth_ntlmssp_state,
- auth_ntlmssp_state->server_info->lm_session_key.data,
- auth_ntlmssp_state->server_info->lm_session_key.length);
+ *lm_session_key = auth_ntlmssp_state->server_info->lm_session_key;
+ talloc_steal(mem_ctx, auth_ntlmssp_state->server_info->lm_session_key.data);
+ auth_ntlmssp_state->server_info->lm_session_key = data_blob_null;
}
return nt_status;
}
const char *dns_name;
char *dns_domain;
struct auth_ntlmssp_state *ans;
- struct ntlmssp_state *ntlmssp_state;
struct auth_context *auth_context;
if ((enum server_types)lp_server_role() == ROLE_STANDALONE) {
ans = talloc_zero(NULL, struct auth_ntlmssp_state);
if (!ans) {
DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
- TALLOC_FREE(ntlmssp_state);
return NT_STATUS_NO_MEMORY;
}
TALLOC_FREE(ans->ntlmssp_state);
return 0;
}
-
-NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *auth_ntlmssp_state,
- const DATA_BLOB request, DATA_BLOB *reply)
-{
- return ntlmssp_update(auth_ntlmssp_state->ntlmssp_state, request, reply);
-}