*/
#include "includes.h"
+#include "auth.h"
#include "../libcli/auth/ntlmssp.h"
-
-struct auth_ntlmssp_state {
- struct auth_context *auth_context;
- struct auth_serversupplied_info *server_info;
- struct ntlmssp_state *ntlmssp_state;
-};
-
-NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *auth_ntlmssp_state,
- TALLOC_CTX *sig_mem_ctx,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig)
-{
- return ntlmssp_sign_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *auth_ntlmssp_state,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig)
-{
- return ntlmssp_check_packet(auth_ntlmssp_state->ntlmssp_state, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *auth_ntlmssp_state,
- TALLOC_CTX *sig_mem_ctx,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig)
-{
- return ntlmssp_seal_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *auth_ntlmssp_state,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig)
-{
- return ntlmssp_unseal_packet(auth_ntlmssp_state->ntlmssp_state, data, length, whole_pdu, pdu_length, sig);
-}
-
-bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN;
-}
-
-bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
-}
-
-void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
-
-}
-
-void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
+#include "ntlmssp_wrap.h"
+#include "../librpc/gen_ndr/netlogon.h"
+#include "../lib/tsocket/tsocket.h"
+#include "auth/gensec/gensec.h"
+
+NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
+ struct auth_ntlmssp_state *auth_ntlmssp_state,
+ struct auth_session_info **session_info)
{
+ NTSTATUS nt_status;
+ if (auth_ntlmssp_state->gensec_security) {
-}
-
-NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
- struct auth_ntlmssp_state *auth_ntlmssp_state,
- struct auth_serversupplied_info **_server_info)
-{
- struct auth_serversupplied_info *server_info = auth_ntlmssp_state->server_info;
- data_blob_free(&server_info->user_session_key);
- server_info->user_session_key =
- data_blob_talloc(
- server_info,
- auth_ntlmssp_state->ntlmssp_state->session_key.data,
- auth_ntlmssp_state->ntlmssp_state->session_key.length);
- if (auth_ntlmssp_state->ntlmssp_state->session_key.length && !server_info->user_session_key.data) {
- *_server_info = NULL;
- return NT_STATUS_NO_MEMORY;
+ nt_status = gensec_session_info(auth_ntlmssp_state->gensec_security,
+ mem_ctx,
+ session_info);
+ return nt_status;
}
- auth_ntlmssp_state->server_info = NULL;
- *_server_info = talloc_steal(mem_ctx, server_info);
- return NT_STATUS_OK;
-}
-struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state;
-}
+ nt_status = create_local_token(mem_ctx,
+ auth_ntlmssp_state->server_info,
+ &auth_ntlmssp_state->ntlmssp_state->session_key,
+ session_info);
-/* Needed for 'map to guest' and 'smb username' processing */
-const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->user;
-}
-
-const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->domain;
-}
-
-const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_ntlmssp_state->ntlmssp_state->client.netbios_name;
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(10, ("create_local_token failed: %s\n",
+ nt_errstr(nt_status)));
+ }
+ return nt_status;
}
/**
* Return the session keys used on the connection.
*/
-static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
+static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx,
+ DATA_BLOB *session_key, DATA_BLOB *lm_session_key)
{
struct auth_ntlmssp_state *auth_ntlmssp_state =
(struct auth_ntlmssp_state *)ntlmssp_state->callback_private;
/* sub_set_smb_name checks for weird internally */
sub_set_smb_name(auth_ntlmssp_state->ntlmssp_state->user);
- reload_services(True);
+ lp_load(get_dyn_CONFIGFILE(), false, false, true, true);
- nt_status = make_user_info_map(&user_info,
+ nt_status = make_user_info_map(&user_info,
auth_ntlmssp_state->ntlmssp_state->user,
auth_ntlmssp_state->ntlmssp_state->domain,
auth_ntlmssp_state->ntlmssp_state->client.netbios_name,
+ auth_ntlmssp_state->remote_address,
auth_ntlmssp_state->ntlmssp_state->lm_resp.data ? &auth_ntlmssp_state->ntlmssp_state->lm_resp : NULL,
auth_ntlmssp_state->ntlmssp_state->nt_resp.data ? &auth_ntlmssp_state->ntlmssp_state->nt_resp : NULL,
NULL, NULL, NULL,
- True);
-
- user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
+ AUTH_PASSWORD_RESPONSE);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
+ user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
+
nt_status = auth_ntlmssp_state->auth_context->check_ntlm_password(auth_ntlmssp_state->auth_context,
user_info, &auth_ntlmssp_state->server_info);
free_user_info(&user_info);
if (!NT_STATUS_IS_OK(nt_status)) {
+ nt_status = do_map_to_guest_server_info(nt_status,
+ &auth_ntlmssp_state->server_info,
+ auth_ntlmssp_state->ntlmssp_state->user,
+ auth_ntlmssp_state->ntlmssp_state->domain);
return nt_status;
}
auth_ntlmssp_state->server_info->nss_token |= username_was_mapped;
- nt_status = create_local_token(auth_ntlmssp_state->server_info);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(10, ("create_local_token failed: %s\n",
- nt_errstr(nt_status)));
- return nt_status;
- }
-
- if (auth_ntlmssp_state->server_info->user_session_key.length) {
+ /* Clear out the session keys, and pass them to the caller.
+ * They will not be used in this form again - instead the
+ * NTLMSSP code will decide on the final correct session key,
+ * and put it back here at the end of
+ * auth_ntlmssp_steal_server_info */
+ if (auth_ntlmssp_state->server_info->session_key.length) {
DEBUG(10, ("Got NT session key of length %u\n",
- (unsigned int)auth_ntlmssp_state->server_info->user_session_key.length));
- *user_session_key = data_blob_talloc(auth_ntlmssp_state,
- auth_ntlmssp_state->server_info->user_session_key.data,
- auth_ntlmssp_state->server_info->user_session_key.length);
+ (unsigned int)auth_ntlmssp_state->server_info->session_key.length));
+ *session_key = auth_ntlmssp_state->server_info->session_key;
+ talloc_steal(mem_ctx, auth_ntlmssp_state->server_info->session_key.data);
+ auth_ntlmssp_state->server_info->session_key = data_blob_null;
}
if (auth_ntlmssp_state->server_info->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n",
(unsigned int)auth_ntlmssp_state->server_info->lm_session_key.length));
- *lm_session_key = data_blob_talloc(auth_ntlmssp_state,
- auth_ntlmssp_state->server_info->lm_session_key.data,
- auth_ntlmssp_state->server_info->lm_session_key.length);
+ *lm_session_key = auth_ntlmssp_state->server_info->lm_session_key;
+ talloc_steal(mem_ctx, auth_ntlmssp_state->server_info->lm_session_key.data);
+ auth_ntlmssp_state->server_info->lm_session_key = data_blob_null;
}
return nt_status;
}
static int auth_ntlmssp_state_destructor(void *ptr);
-NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state)
+NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
+ struct auth_ntlmssp_state **auth_ntlmssp_state)
{
NTSTATUS nt_status;
bool is_standalone;
const char *dns_name;
char *dns_domain;
struct auth_ntlmssp_state *ans;
- struct ntlmssp_state *ntlmssp_state;
struct auth_context *auth_context;
- if ((enum server_types)lp_server_role() == ROLE_STANDALONE) {
+ ans = talloc_zero(NULL, struct auth_ntlmssp_state);
+ if (!ans) {
+ DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ nt_status = make_auth_context_subsystem(talloc_tos(), &auth_context);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ }
+
+ if (auth_context->prepare_gensec) {
+ nt_status = auth_context->prepare_gensec(ans, &ans->gensec_security);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ } else {
+ nt_status = auth_context->gensec_start_mech_by_oid(ans->gensec_security, GENSEC_OID_NTLMSSP);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ } else {
+ *auth_ntlmssp_state = ans;
+ return NT_STATUS_OK;
+ }
+ }
+ }
+
+ if ((enum server_role)lp_server_role() == ROLE_STANDALONE) {
is_standalone = true;
} else {
is_standalone = false;
}
- netbios_name = global_myname();
+ netbios_name = lp_netbios_name();
netbios_domain = lp_workgroup();
/* This should be a 'netbios domain -> DNS domain' mapping */
dns_domain = get_mydnsdomname(talloc_tos());
}
dns_name = get_mydnsfullname();
- ans = talloc_zero(NULL, struct auth_ntlmssp_state);
- if (!ans) {
+ ans->remote_address = tsocket_address_copy(remote_address, ans);
+ if (ans->remote_address == NULL) {
DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
- TALLOC_FREE(ntlmssp_state);
return NT_STATUS_NO_MEMORY;
}
return nt_status;
}
- nt_status = make_auth_context_subsystem(&auth_context);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
ans->auth_context = talloc_steal(ans, auth_context);
ans->ntlmssp_state->callback_private = ans;
ans = talloc_get_type(ptr, struct auth_ntlmssp_state);
+ TALLOC_FREE(ans->remote_address);
TALLOC_FREE(ans->server_info);
TALLOC_FREE(ans->ntlmssp_state);
return 0;
}
-
-NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *auth_ntlmssp_state,
- const DATA_BLOB request, DATA_BLOB *reply)
-{
- return ntlmssp_update(auth_ntlmssp_state->ntlmssp_state, request, reply);
-}