s3-ntlmssp Split calls to gensec plugin into prepare and start

[amitay/samba.git] / source3 / auth / auth_ntlmssp.c

diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 1fecc0988ea2e662b03b114a8ea8df8ffff532ff..c078416aad0fa456b2dedf203756dc47d2d8c368 100644 (file)
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -25,16 +25,26 @@
 #include "../libcli/auth/ntlmssp.h"
 #include "ntlmssp_wrap.h"
 #include "../librpc/gen_ndr/netlogon.h"
-#include "smbd/smbd.h"
+#include "../lib/tsocket/tsocket.h"
+#include "auth/gensec/gensec.h"
 
 NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
                                        struct auth_ntlmssp_state *auth_ntlmssp_state,
-                                       struct auth_serversupplied_info **session_info)
+                                       struct auth_session_info **session_info)
 {
-       NTSTATUS nt_status = create_local_token(mem_ctx,
-                                               auth_ntlmssp_state->server_info,
-                                               &auth_ntlmssp_state->ntlmssp_state->session_key,
+       NTSTATUS nt_status;
+       if (auth_ntlmssp_state->gensec_security) {
+
+               nt_status = gensec_session_info(auth_ntlmssp_state->gensec_security,
+                                               mem_ctx,
                                                session_info);
+               return nt_status;
+       }
+
+       nt_status = create_local_token(mem_ctx,
+                                      auth_ntlmssp_state->server_info,
+                                      &auth_ntlmssp_state->ntlmssp_state->session_key,
+                                      session_info);
 
        if (!NT_STATUS_IS_OK(nt_status)) {
                DEBUG(10, ("create_local_token failed: %s\n",
@@ -119,12 +129,13 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
        /* sub_set_smb_name checks for weird internally */
        sub_set_smb_name(auth_ntlmssp_state->ntlmssp_state->user);
 
-       reload_services(smbd_messaging_context(), -1, True);
+       lp_load(get_dyn_CONFIGFILE(), false, false, true, true);
 
-       nt_status = make_user_info_map(&user_info, 
+       nt_status = make_user_info_map(&user_info,
                                       auth_ntlmssp_state->ntlmssp_state->user, 
                                       auth_ntlmssp_state->ntlmssp_state->domain, 
                                       auth_ntlmssp_state->ntlmssp_state->client.netbios_name,
+                                      auth_ntlmssp_state->remote_address,
                                       auth_ntlmssp_state->ntlmssp_state->lm_resp.data ? &auth_ntlmssp_state->ntlmssp_state->lm_resp : NULL, 
                                       auth_ntlmssp_state->ntlmssp_state->nt_resp.data ? &auth_ntlmssp_state->ntlmssp_state->nt_resp : NULL, 
                                       NULL, NULL, NULL,
@@ -144,6 +155,10 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
        free_user_info(&user_info);
 
        if (!NT_STATUS_IS_OK(nt_status)) {
+               nt_status = do_map_to_guest_server_info(nt_status,
+                                                       &auth_ntlmssp_state->server_info,
+                                                       auth_ntlmssp_state->ntlmssp_state->user,
+                                                       auth_ntlmssp_state->ntlmssp_state->domain);
                return nt_status;
        }
 
@@ -173,7 +188,8 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 
 static int auth_ntlmssp_state_destructor(void *ptr);
 
-NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state)
+NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
+                           struct auth_ntlmssp_state **auth_ntlmssp_state)
 {
        NTSTATUS nt_status;
        bool is_standalone;
@@ -184,6 +200,35 @@ NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state)
        struct auth_ntlmssp_state *ans;
        struct auth_context *auth_context;
 
+       ans = talloc_zero(NULL, struct auth_ntlmssp_state);
+       if (!ans) {
+               DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       nt_status = make_auth_context_subsystem(talloc_tos(), &auth_context);
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               TALLOC_FREE(ans);
+               return nt_status;
+       }
+
+       if (auth_context->prepare_gensec) {
+               nt_status = auth_context->prepare_gensec(ans, &ans->gensec_security);
+               if (!NT_STATUS_IS_OK(nt_status)) {
+                       TALLOC_FREE(ans);
+                       return nt_status;
+               } else {
+                       nt_status = auth_context->gensec_start_mech_by_oid(ans->gensec_security, GENSEC_OID_NTLMSSP);
+                       if (!NT_STATUS_IS_OK(nt_status)) {
+                               TALLOC_FREE(ans);
+                               return nt_status;
+                       } else {
+                               *auth_ntlmssp_state = ans;
+                               return NT_STATUS_OK;
+                       }
+               }
+       }
+
        if ((enum server_role)lp_server_role() == ROLE_STANDALONE) {
                is_standalone = true;
        } else {
@@ -199,8 +244,8 @@ NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state)
        }
        dns_name = get_mydnsfullname();
 
-       ans = talloc_zero(NULL, struct auth_ntlmssp_state);
-       if (!ans) {
+       ans->remote_address = tsocket_address_copy(remote_address, ans);
+       if (ans->remote_address == NULL) {
                DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
                return NT_STATUS_NO_MEMORY;
        }
@@ -216,10 +261,6 @@ NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state)
                return nt_status;
        }
 
-       nt_status = make_auth_context_subsystem(talloc_tos(), &auth_context);
-       if (!NT_STATUS_IS_OK(nt_status)) {
-               return nt_status;
-       }
        ans->auth_context = talloc_steal(ans, auth_context);
 
        ans->ntlmssp_state->callback_private = ans;
@@ -240,6 +281,7 @@ static int auth_ntlmssp_state_destructor(void *ptr)
 
        ans = talloc_get_type(ptr, struct auth_ntlmssp_state);
 
+       TALLOC_FREE(ans->remote_address);
        TALLOC_FREE(ans->server_info);
        TALLOC_FREE(ans->ntlmssp_state);
        return 0;