source3/auth/auth_ntlmssp.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 3.0
   4    handle NLTMSSP, server side
   5
   6    Copyright (C) Andrew Tridgell      2001
   7    Copyright (C) Andrew Bartlett 2001-2003
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 2 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program; if not, write to the Free Software
  21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  22 */
  23
  24 #include "includes.h"
  25
  26 static const uint8 *auth_ntlmssp_get_challenge(struct ntlmssp_state *ntlmssp_state)
  27 {
  28         AUTH_NTLMSSP_STATE *auth_ntlmssp_state = ntlmssp_state->auth_context;
  29         return auth_ntlmssp_state->auth_context->get_ntlm_challenge(auth_ntlmssp_state->auth_context);
  30 }
  31
  32 static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state)
  33 {
  34         AUTH_NTLMSSP_STATE *auth_ntlmssp_state = ntlmssp_state->auth_context;
  35         uint32 auth_flags = AUTH_FLAG_NONE;
  36         auth_usersupplied_info *user_info = NULL;
  37         DATA_BLOB plaintext_password = data_blob(NULL, 0);
  38         NTSTATUS nt_status;
  39
  40         if (auth_ntlmssp_state->ntlmssp_state->lm_resp.length) {
  41                 auth_flags |= AUTH_FLAG_LM_RESP;
  42         }
  43
  44         if (auth_ntlmssp_state->ntlmssp_state->nt_resp.length == 24) {
  45                 auth_flags |= AUTH_FLAG_NTLM_RESP;
  46         } else  if (auth_ntlmssp_state->ntlmssp_state->nt_resp.length > 24) {
  47                 auth_flags |= AUTH_FLAG_NTLMv2_RESP;
  48         };
  49
  50         /* the client has given us its machine name (which we otherwise would not get on port 445).
  51            we need to possibly reload smb.conf if smb.conf includes depend on the machine name */
  52
  53         set_remote_machine_name(auth_ntlmssp_state->ntlmssp_state->workstation);
  54
  55         /* setup the string used by %U */
  56         /* sub_set_smb_name checks for weird internally */
  57         sub_set_smb_name(auth_ntlmssp_state->ntlmssp_state->user);
  58
  59         reload_services(True);
  60
  61         nt_status = make_user_info_map(&user_info,
  62                                        auth_ntlmssp_state->ntlmssp_state->user,
  63                                        auth_ntlmssp_state->ntlmssp_state->domain,
  64                                        auth_ntlmssp_state->ntlmssp_state->workstation,
  65                                        auth_ntlmssp_state->ntlmssp_state->lm_resp,
  66                                        auth_ntlmssp_state->ntlmssp_state->nt_resp,
  67                                        plaintext_password,
  68                                        auth_flags, True);
  69
  70         if (!NT_STATUS_IS_OK(nt_status)) {
  71                 return nt_status;
  72         }
  73
  74         nt_status = auth_ntlmssp_state->auth_context->check_ntlm_password(auth_ntlmssp_state->auth_context, user_info, &auth_ntlmssp_state->server_info);
  75
  76         free_user_info(&user_info);
  77
  78         return nt_status;
  79 }
  80
  81 NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
  82 {
  83         NTSTATUS nt_status;
  84         TALLOC_CTX *mem_ctx;
  85
  86         mem_ctx = talloc_init("AUTH NTLMSSP context");
  87
  88         *auth_ntlmssp_state = talloc_zero(mem_ctx, sizeof(**auth_ntlmssp_state));
  89         if (!*auth_ntlmssp_state) {
  90                 DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
  91                 talloc_destroy(mem_ctx);
  92                 return NT_STATUS_NO_MEMORY;
  93         }
  94
  95         ZERO_STRUCTP(*auth_ntlmssp_state);
  96
  97         (*auth_ntlmssp_state)->mem_ctx = mem_ctx;
  98
  99         if (!NT_STATUS_IS_OK(nt_status = ntlmssp_server_start(&(*auth_ntlmssp_state)->ntlmssp_state))) {
 100                 return nt_status;
 101         }
 102
 103         if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&(*auth_ntlmssp_state)->auth_context))) {
 104                 return nt_status;
 105         }
 106
 107         (*auth_ntlmssp_state)->ntlmssp_state->auth_context = (*auth_ntlmssp_state);
 108         (*auth_ntlmssp_state)->ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
 109         (*auth_ntlmssp_state)->ntlmssp_state->check_password = auth_ntlmssp_check_password;
 110         (*auth_ntlmssp_state)->ntlmssp_state->server_role = lp_server_role();
 111
 112         return NT_STATUS_OK;
 113 }
 114
 115 NTSTATUS auth_ntlmssp_end(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
 116 {
 117         TALLOC_CTX *mem_ctx = (*auth_ntlmssp_state)->mem_ctx;
 118
 119         if ((*auth_ntlmssp_state)->ntlmssp_state) {
 120                 ntlmssp_server_end(&(*auth_ntlmssp_state)->ntlmssp_state);
 121         }
 122         if ((*auth_ntlmssp_state)->auth_context) {
 123                 ((*auth_ntlmssp_state)->auth_context->free)(&(*auth_ntlmssp_state)->auth_context);
 124         }
 125         if ((*auth_ntlmssp_state)->server_info) {
 126                 free_server_info(&(*auth_ntlmssp_state)->server_info);
 127         }
 128         talloc_destroy(mem_ctx);
 129         *auth_ntlmssp_state = NULL;
 130         return NT_STATUS_OK;
 131 }
 132
 133 NTSTATUS auth_ntlmssp_update(AUTH_NTLMSSP_STATE *auth_ntlmssp_state,
 134                              const DATA_BLOB request, DATA_BLOB *reply)
 135 {
 136         return ntlmssp_server_update(auth_ntlmssp_state->ntlmssp_state, request, reply);
 137 }
 138