uint8_t *pauthoritative,
void **server_returned_info,
DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
+ struct tevent_req *(*check_ntlm_password_send)(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct auth4_context *auth_ctx,
+ const struct auth_usersupplied_info *user_info);
+ NTSTATUS (*check_ntlm_password_recv)(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ uint8_t *pauthoritative,
+ void **server_returned_info,
+ DATA_BLOB *nt_session_key,
+ DATA_BLOB *lm_session_key);
NTSTATUS (*get_ntlm_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]);
}
struct ntlmssp_server_auth_state {
+ struct gensec_security *gensec_security;
+ struct gensec_ntlmssp_context *gensec_ntlmssp;
+ DATA_BLOB in;
struct auth_usersupplied_info *user_info;
DATA_BLOB user_session_key;
DATA_BLOB lm_session_key;
struct gensec_ntlmssp_context *gensec_ntlmssp,
struct ntlmssp_server_auth_state *state,
const DATA_BLOB request);
+static void ntlmssp_server_auth_done(struct tevent_req *subreq);
static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
struct gensec_ntlmssp_context *gensec_ntlmssp,
struct ntlmssp_server_auth_state *state,
if (req == NULL) {
return NULL;
}
+ state->gensec_security = gensec_security;
+ state->gensec_ntlmssp = gensec_ntlmssp;
+ state->in = in;
status = ntlmssp_server_preauth(gensec_security,
gensec_ntlmssp,
return tevent_req_post(req, ev);
}
+ if (auth_context->check_ntlm_password_send != NULL) {
+ struct tevent_req *subreq = NULL;
+
+ subreq = auth_context->check_ntlm_password_send(state, ev,
+ auth_context,
+ state->user_info);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq,
+ ntlmssp_server_auth_done,
+ req);
+ return req;
+ }
+
if (auth_context->check_ntlm_password == NULL) {
tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
return tevent_req_post(req, ev);
return NT_STATUS_OK;
}
+static void ntlmssp_server_auth_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct ntlmssp_server_auth_state *state =
+ tevent_req_data(req,
+ struct ntlmssp_server_auth_state);
+ struct gensec_security *gensec_security = state->gensec_security;
+ struct gensec_ntlmssp_context *gensec_ntlmssp = state->gensec_ntlmssp;
+ struct auth4_context *auth_context = gensec_security->auth_context;
+ uint8_t authoritative = 0;
+ NTSTATUS status;
+
+ // TODO mem_ctx
+ status = auth_context->check_ntlm_password_recv(subreq,
+ gensec_ntlmssp,
+ &authoritative,
+ &gensec_ntlmssp->server_returned_info,
+ &state->user_session_key,
+ &state->lm_session_key);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_INFO("Checking NTLMSSP password for %s\\%s failed: %s\n",
+ state->user_info->client.domain_name,
+ state->user_info->client.account_name,
+ nt_errstr(status));
+ }
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ status = ntlmssp_server_postauth(state->gensec_security,
+ state->gensec_ntlmssp,
+ state, state->in);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
/**
* Next state function for the Authenticate packet
* (after authentication - figures out the session keys etc)
git.samba.org / metze / samba / wip.git / commitdiff