Move source4/lib/crypto to lib/crypto.

[ira/wip.git] / source4 / auth / ntlmssp / ntlmssp_server.c

diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 2734c545d88a60989b605fb5444fa96bd0beeeca..ad1ee8e871b6d045a69db776bbeed6d0d2c6cb46 100644 (file)
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -24,13 +24,14 @@
 #include "includes.h"
 #include "auth/ntlmssp/ntlmssp.h"
 #include "auth/ntlmssp/msrpc_parse.h"
-#include "lib/crypto/crypto.h"
-#include "system/filesys.h"
+#include "../lib/crypto/crypto.h"
 #include "libcli/auth/libcli_auth.h"
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
 #include "auth/auth.h"
+#include "auth/ntlm/auth_proto.h"
 #include "param/param.h"
+#include "auth/session_proto.h"
 
 /** 
  * Set a username on an NTLMSSP context - ensures it is talloc()ed 
@@ -123,8 +124,6 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
 {
        struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
        DATA_BLOB struct_blob;
-       char dnsname[MAXHOSTNAMELEN], dnsdomname[MAXHOSTNAMELEN];
-       const char *p;
        uint32_t neg_flags = 0;
        uint32_t ntlmssp_command, chal_flags;
        const uint8_t *cryptkey;
@@ -136,7 +135,9 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
 #endif
 
        if (in.length) {
-               if ((in.length < 16) || !msrpc_parse(out_mem_ctx, &in, "Cdd",
+               if ((in.length < 16) || !msrpc_parse(out_mem_ctx, 
+                                lp_iconv_convenience(gensec_security->lp_ctx),
+                                                        &in, "Cdd",
                                                         "NTLMSSP",
                                                         &ntlmssp_command,
                                                         &neg_flags)) {
@@ -153,6 +154,10 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
 
        /* Ask our caller what challenge they would like in the packet */
        cryptkey = gensec_ntlmssp_state->get_challenge(gensec_ntlmssp_state);
+       if (!cryptkey) {
+               DEBUG(1, ("ntlmssp_server_negotiate: backend doesn't give a challenge\n"));
+               return NT_STATUS_INTERNAL_ERROR;
+       }
 
        /* Check if we may set the challenge */
        if (!gensec_ntlmssp_state->may_set_challenge(gensec_ntlmssp_state)) {
@@ -175,25 +180,24 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
        gensec_ntlmssp_state->chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8);
        gensec_ntlmssp_state->internal_chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8);
 
-       dnsname[0] = '\0';
-       if (gethostname(dnsname, sizeof(dnsname)) == -1) {
-               DEBUG(0,("gethostname failed\n"));
-               return NT_STATUS_UNSUCCESSFUL;
-       }
-
-       /* This should be a 'netbios domain -> DNS domain' mapping */
-       p = strchr(dnsname, '.');
-       if (p != NULL) {
-               safe_strcpy(dnsdomname, p+1, sizeof(dnsdomname));
-               strlower_m(dnsdomname);
-       } else {
-               dnsdomname[0] = '\0';
-       }
-       
        /* This creates the 'blob' of names that appears at the end of the packet */
-       if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) 
-       {
+       if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+               char dnsdomname[MAXHOSTNAMELEN], dnsname[MAXHOSTNAMELEN];
                const char *target_name_dns = "";
+
+               /* Find out the DNS domain name */
+               dnsdomname[0] = '\0';
+               safe_strcpy(dnsdomname, lp_realm(gensec_security->lp_ctx), sizeof(dnsdomname) - 1);
+               strlower_m(dnsdomname);
+
+               /* Find out the DNS host name */
+               safe_strcpy(dnsname, gensec_ntlmssp_state->server_name, sizeof(dnsname) - 1);
+               if (dnsdomname[0] != '\0') {
+                       safe_strcat(dnsname, ".", sizeof(dnsname) - 1);
+                       safe_strcat(dnsname, dnsdomname, sizeof(dnsname) - 1);
+               }
+               strlower_m(dnsname);
+
                if (chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN) {
                        target_name_dns = dnsdomname;
                } else if (chal_flags |= NTLMSSP_TARGET_TYPE_SERVER) {
@@ -201,6 +205,7 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
                }
 
                msrpc_gen(out_mem_ctx, 
+                         lp_iconv_convenience(gensec_security->lp_ctx),
                          &struct_blob, "aaaaa",
                          NTLMSSP_NAME_TYPE_DOMAIN, target_name,
                          NTLMSSP_NAME_TYPE_SERVER, gensec_ntlmssp_state->server_name,
@@ -212,7 +217,7 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
        }
 
        {
-               /* Marshel the packet in the right format, be it unicode or ASCII */
+               /* Marshal the packet in the right format, be it unicode or ASCII */
                const char *gen_string;
                if (gensec_ntlmssp_state->unicode) {
                        gen_string = "CdUdbddB";
@@ -221,6 +226,7 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
                }
                
                msrpc_gen(out_mem_ctx, 
+                         lp_iconv_convenience(gensec_security->lp_ctx),
                          out, gen_string,
                          "NTLMSSP", 
                          NTLMSSP_CHALLENGE,
@@ -278,6 +284,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_ntlmssp_state *gensec_ntlms
 
        /* now the NTLMSSP encoded auth hashes */
        if (!msrpc_parse(gensec_ntlmssp_state, 
+                        lp_iconv_convenience(gensec_ntlmssp_state->gensec_security->lp_ctx),
                         &request, parse_string,
                         "NTLMSSP", 
                         &ntlmssp_command, 
@@ -304,6 +311,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_ntlmssp_state *gensec_ntlms
 
                /* now the NTLMSSP encoded auth hashes */
                if (!msrpc_parse(gensec_ntlmssp_state, 
+                                lp_iconv_convenience(gensec_ntlmssp_state->gensec_security->lp_ctx),
                                 &request, parse_string,
                                 "NTLMSSP", 
                                 &ntlmssp_command, 
@@ -606,6 +614,8 @@ static const uint8_t *auth_ntlmssp_get_challenge(const struct gensec_ntlmssp_sta
 
        status = auth_get_challenge(gensec_ntlmssp_state->auth_context, &chal);
        if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(1, ("auth_ntlmssp_get_challenge: failed to get challenge: %s\n",
+                       nt_errstr(status)));
                return NULL;
        }
 
@@ -717,7 +727,7 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
        NTSTATUS nt_status;
        struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
 
-       nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_ntlmssp_state->server_info, session_info);
+       nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->lp_ctx, gensec_ntlmssp_state->server_info, session_info);
        NT_STATUS_NOT_OK_RETURN(nt_status);
 
        (*session_info)->session_key = data_blob_talloc(*session_info, 
@@ -744,14 +754,14 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
        gensec_ntlmssp_state->role = NTLMSSP_SERVER;
 
        gensec_ntlmssp_state->workstation = NULL;
-       gensec_ntlmssp_state->server_name = lp_netbios_name(global_loadparm);
+       gensec_ntlmssp_state->server_name = lp_netbios_name(gensec_security->lp_ctx);
 
-       gensec_ntlmssp_state->domain = lp_workgroup(global_loadparm);
+       gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->lp_ctx);
 
        gensec_ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
 
-       gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(global_loadparm) 
-                                         && lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "allow_lm_key", false));
+       gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(gensec_security->lp_ctx) 
+                                         && lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "allow_lm_key", false));
 
        gensec_ntlmssp_state->server_multiple_authentications = false;
        
@@ -762,23 +772,23 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
        gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0);
        gensec_ntlmssp_state->encrypted_session_key = data_blob(NULL, 0);
 
-       if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "128bit", true)) {
+       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "128bit", true)) {
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;               
        }
 
-       if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "56bit", true)) {
+       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "56bit", true)) {
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;                
        }
 
-       if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "keyexchange", true)) {
+       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "keyexchange", true)) {
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;          
        }
 
-       if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "alwayssign", true)) {
+       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "alwayssign", true)) {
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;               
        }
 
-       if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "ntlm2", true)) {
+       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "ntlm2", true)) {
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;             
        }
 
@@ -792,7 +802,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
        nt_status = auth_context_create(gensec_ntlmssp_state, 
                                        gensec_security->event_ctx,
                                        gensec_security->msg_ctx,
-                                       global_loadparm,
+                                       gensec_security->lp_ctx,
                                        &gensec_ntlmssp_state->auth_context);
        NT_STATUS_NOT_OK_RETURN(nt_status);
 
@@ -800,7 +810,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
        gensec_ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
        gensec_ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
        gensec_ntlmssp_state->check_password = auth_ntlmssp_check_password;
-       gensec_ntlmssp_state->server_role = lp_server_role(global_loadparm);
+       gensec_ntlmssp_state->server_role = lp_server_role(gensec_security->lp_ctx);
 
        return NT_STATUS_OK;
 }