#include "ntlmssp_wrap.h"
#include "../librpc/gen_ndr/netlogon.h"
#include "smbd/smbd.h"
+#include "../lib/tsocket/tsocket.h"
NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
struct auth_ntlmssp_state *auth_ntlmssp_state,
static int auth_ntlmssp_state_destructor(void *ptr);
-NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state)
+NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
+ struct auth_ntlmssp_state **auth_ntlmssp_state)
{
NTSTATUS nt_status;
bool is_standalone;
return NT_STATUS_NO_MEMORY;
}
+ ans->remote_address = tsocket_address_copy(remote_address, ans);
+ if (ans->remote_address == NULL) {
+ DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
nt_status = ntlmssp_server_start(ans,
is_standalone,
netbios_name,
ans = talloc_get_type(ptr, struct auth_ntlmssp_state);
+ TALLOC_FREE(ans->remote_address);
TALLOC_FREE(ans->server_info);
TALLOC_FREE(ans->ntlmssp_state);
return 0;
NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
struct auth_ntlmssp_state *auth_ntlmssp_state,
struct auth_serversupplied_info **session_info);
-NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state);
+NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
+ struct auth_ntlmssp_state **auth_ntlmssp_state);
/* The following definitions come from auth/auth_sam.c */
/* used only by server implementation */
struct auth_context *auth_context;
struct auth_serversupplied_info *server_info;
+ struct tsocket_address *remote_address;
/* used by both client and server implementation */
struct ntlmssp_state *ntlmssp_state;
bool do_sign;
bool do_seal;
bool is_dcerpc;
+
+ struct tsocket_address *remote_address;
};
NTSTATUS spnego_gssapi_init_client(TALLOC_CTX *mem_ctx,
bool is_dcerpc,
DATA_BLOB *token_in,
DATA_BLOB *token_out,
+ const struct tsocket_address *remote_address,
struct auth_ntlmssp_state **ctx)
{
struct auth_ntlmssp_state *a = NULL;
NTSTATUS status;
- status = auth_ntlmssp_start(&a);
+ status = auth_ntlmssp_start(remote_address, &a);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, (__location__ ": auth_ntlmssp_start failed: %s\n",
nt_errstr(status)));
bool is_dcerpc,
DATA_BLOB *token_in,
DATA_BLOB *token_out,
+ const struct tsocket_address *remote_address,
struct auth_ntlmssp_state **ctx);
NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx,
TALLOC_CTX *mem_ctx,
#include "includes.h"
#include "../libcli/auth/spnego.h"
+#include "../lib/tsocket/tsocket.h"
#include "dcesrv_ntlmssp.h"
#include "dcesrv_gssapi.h"
#include "dcesrv_spnego.h"
static NTSTATUS spnego_init_server(TALLOC_CTX *mem_ctx,
bool do_sign, bool do_seal,
bool is_dcerpc,
+ const struct tsocket_address *remote_address,
struct spnego_context **spnego_ctx)
{
struct spnego_context *sp_ctx = NULL;
return NT_STATUS_NO_MEMORY;
}
+ sp_ctx->remote_address = tsocket_address_copy(remote_address, sp_ctx);
+ if (sp_ctx->remote_address == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
sp_ctx->do_sign = do_sign;
sp_ctx->do_seal = do_seal;
sp_ctx->is_dcerpc = is_dcerpc;
sp_ctx->is_dcerpc,
token_in,
token_out,
+ sp_ctx->remote_address,
&ntlmssp_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to init ntlmssp server "
bool is_dcerpc,
DATA_BLOB *spnego_in,
DATA_BLOB *spnego_out,
+ const struct tsocket_address *remote_address,
struct spnego_context **spnego_ctx)
{
struct spnego_context *sp_ctx;
return NT_STATUS_INVALID_PARAMETER;
}
- status = spnego_init_server(mem_ctx, do_sign, do_seal, is_dcerpc, &sp_ctx);
+ status = spnego_init_server(mem_ctx,
+ do_sign,
+ do_seal,
+ is_dcerpc,
+ remote_address,
+ &sp_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
bool is_dcerpc,
DATA_BLOB *spnego_in,
DATA_BLOB *spnego_out,
+ const struct tsocket_address *remote_address,
struct spnego_context **spnego_ctx);
NTSTATUS spnego_server_step(struct spnego_context *sp_ctx,
TALLOC_CTX *mem_ctx,
true,
&auth_info->credentials,
response,
+ p->remote_address,
&spnego_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed SPNEGO negotiate (%s)\n",
true,
&auth_info->credentials,
response,
+ p->remote_address,
&ntlmssp_state);
if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
DEBUG(0, (__location__ ": auth_ntlmssp_start failed: %s\n",
#include "../lib/util/asn1.h"
#include "auth.h"
#include "libsmb/libsmb.h"
+#include "../lib/tsocket/tsocket.h"
/******************************************************************************
Server side encryption.
Create an auth_ntlmssp_state and ensure pointer copy is correct.
******************************************************************************/
-static NTSTATUS make_auth_ntlmssp(struct smb_srv_trans_enc_ctx *ec)
+static NTSTATUS make_auth_ntlmssp(const struct tsocket_address *remote_address,
+ struct smb_srv_trans_enc_ctx *ec)
{
- NTSTATUS status = auth_ntlmssp_start(&ec->auth_ntlmssp_state);
+ NTSTATUS status = auth_ntlmssp_start(remote_address,
+ &ec->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
return nt_status_squash(status);
}
Create a server encryption context.
******************************************************************************/
-static NTSTATUS make_srv_encryption_context(enum smb_trans_enc_type smb_enc_type, struct smb_srv_trans_enc_ctx **pp_ec)
+static NTSTATUS make_srv_encryption_context(const struct tsocket_address *remote_address,
+ enum smb_trans_enc_type smb_enc_type,
+ struct smb_srv_trans_enc_ctx **pp_ec)
{
struct smb_srv_trans_enc_ctx *ec;
switch (smb_enc_type) {
case SMB_TRANS_ENC_NTLM:
{
- NTSTATUS status = make_auth_ntlmssp(ec);
+ NTSTATUS status = make_auth_ntlmssp(remote_address,
+ ec);
if (!NT_STATUS_IS_OK(status)) {
srv_free_encryption_context(&ec);
return status;
******************************************************************************/
#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
-static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_data_size, DATA_BLOB secblob)
+static NTSTATUS srv_enc_spnego_gss_negotiate(const struct tsocket_address *remote_address,
+ unsigned char **ppdata,
+ size_t *p_data_size,
+ DATA_BLOB secblob)
{
OM_uint32 ret;
OM_uint32 min;
NTSTATUS status;
if (!partial_srv_trans_enc_ctx) {
- status = make_srv_encryption_context(SMB_TRANS_ENC_GSS, &partial_srv_trans_enc_ctx);
+ status = make_srv_encryption_context(remote_address,
+ SMB_TRANS_ENC_GSS,
+ &partial_srv_trans_enc_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
Until success we do everything on the partial enc ctx.
******************************************************************************/
-static NTSTATUS srv_enc_ntlm_negotiate(unsigned char **ppdata, size_t *p_data_size, DATA_BLOB secblob, bool spnego_wrap)
+static NTSTATUS srv_enc_ntlm_negotiate(const struct tsocket_address *remote_address,
+ unsigned char **ppdata,
+ size_t *p_data_size,
+ DATA_BLOB secblob,
+ bool spnego_wrap)
{
NTSTATUS status;
DATA_BLOB chal = data_blob_null;
DATA_BLOB response = data_blob_null;
- status = make_srv_encryption_context(SMB_TRANS_ENC_NTLM, &partial_srv_trans_enc_ctx);
+ status = make_srv_encryption_context(remote_address,
+ SMB_TRANS_ENC_NTLM,
+ &partial_srv_trans_enc_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
TALLOC_FREE(kerb_mech);
#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
- status = srv_enc_spnego_gss_negotiate(ppdata, p_data_size, secblob);
+ status = srv_enc_spnego_gss_negotiate(conn->sconn->remote_address,
+ ppdata,
+ p_data_size,
+ secblob);
#else
/* Currently we don't SPNEGO negotiate
* back to NTLMSSP as we do in sessionsetupX. We should... */
return NT_STATUS_LOGON_FAILURE;
#endif
} else {
- status = srv_enc_ntlm_negotiate(ppdata, p_data_size, secblob, true);
+ status = srv_enc_ntlm_negotiate(conn->sconn->remote_address,
+ ppdata,
+ p_data_size,
+ secblob,
+ true);
}
data_blob_free(&secblob);
if (!partial_srv_trans_enc_ctx) {
/* This is the initial step. */
- status = srv_enc_ntlm_negotiate(ppdata, p_data_size, blob, false);
+ status = srv_enc_ntlm_negotiate(conn->sconn->remote_address,
+ ppdata,
+ p_data_size,
+ blob,
+ false);
if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) {
srv_free_encryption_context(&partial_srv_trans_enc_ctx);
return nt_status_squash(status);
return;
}
- status = auth_ntlmssp_start(auth_ntlmssp_state);
+ status = auth_ntlmssp_start(sconn->remote_address,
+ auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
data_blob_free(&secblob);
if (!*auth_ntlmssp_state) {
- status = auth_ntlmssp_start(auth_ntlmssp_state);
+ status = auth_ntlmssp_start(sconn->remote_address,
+ auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
DATA_BLOB chal;
if (!vuser->auth_ntlmssp_state) {
- status = auth_ntlmssp_start(&vuser->auth_ntlmssp_state);
+ status = auth_ntlmssp_start(sconn->remote_address,
+ &vuser->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
status = NT_STATUS_MORE_PROCESSING_REQUIRED;
} else {
/* Fall back to NTLMSSP. */
- status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
+ status = auth_ntlmssp_start(session->sconn->remote_address,
+ &session->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
}
if (session->auth_ntlmssp_state == NULL) {
- status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
+ status = auth_ntlmssp_start(session->sconn->remote_address,
+ &session->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&auth);
TALLOC_FREE(session);
DATA_BLOB secblob_out = data_blob_null;
if (session->auth_ntlmssp_state == NULL) {
- status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
+ status = auth_ntlmssp_start(session->sconn->remote_address,
+ &session->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
return status;