auth/ntlmssp: introduce ntlmssp_server_auth_send/recv
authorStefan Metzmacher <metze@samba.org>
Fri, 16 Jun 2017 14:16:15 +0000 (16:16 +0200)
committerAndreas Schneider <asn@cryptomilk.org>
Mon, 7 Aug 2017 13:20:03 +0000 (15:20 +0200)
We still use the sync ntlmssp_server_check_password().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
auth/ntlmssp/ntlmssp.c
auth/ntlmssp/ntlmssp_private.h
auth/ntlmssp/ntlmssp_server.c

index e5a243e..36e7052 100644 (file)
@@ -71,7 +71,8 @@ static const struct ntlmssp_callbacks {
        },{
                .role           = NTLMSSP_SERVER,
                .command        = NTLMSSP_AUTH,
-               .sync_fn        = gensec_ntlmssp_server_auth,
+               .send_fn        = ntlmssp_server_auth_send,
+               .recv_fn        = ntlmssp_server_auth_recv,
        }
 };
 
index eed48ed..95ec637 100644 (file)
@@ -117,18 +117,14 @@ NTSTATUS gensec_ntlmssp_server_negotiate(struct gensec_security *gensec_security
                                         TALLOC_CTX *out_mem_ctx,
                                         const DATA_BLOB request, DATA_BLOB *reply);
 
-/**
- * Next state function for the Authenticate packet (GENSEC wrapper)
- *
- * @param gensec_security GENSEC state
- * @param out_mem_ctx Memory context for *out
- * @param in The request, as a DATA_BLOB.  reply.data must be NULL
- * @param out The reply, as an allocated DATA_BLOB, caller to free.
- * @return Errors or NT_STATUS_OK if authentication sucessful
- */
-NTSTATUS gensec_ntlmssp_server_auth(struct gensec_security *gensec_security,
-                                   TALLOC_CTX *out_mem_ctx,
-                                   const DATA_BLOB in, DATA_BLOB *out);
+struct tevent_req *ntlmssp_server_auth_send(TALLOC_CTX *mem_ctx,
+                                           struct tevent_context *ev,
+                                           struct gensec_security *gensec_security,
+                                           const DATA_BLOB in);
+NTSTATUS ntlmssp_server_auth_recv(struct tevent_req *req,
+                                 TALLOC_CTX *out_mem_ctx,
+                                 DATA_BLOB *out);
+
 
 /**
  * Start NTLMSSP on the server side
index e17074e..b7d74e6 100644 (file)
@@ -21,6 +21,8 @@
 */
 
 #include "includes.h"
+#include <tevent.h>
+#include "lib/util/tevent_ntstatus.h"
 #include "lib/util/time_basic.h"
 #include "auth/ntlmssp/ntlmssp.h"
 #include "auth/ntlmssp/ntlmssp_private.h"
@@ -304,6 +306,66 @@ struct ntlmssp_server_auth_state {
        uint8_t session_nonce[16];
 };
 
+static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
+                                      struct gensec_ntlmssp_context *gensec_ntlmssp,
+                                      struct ntlmssp_server_auth_state *state,
+                                      const DATA_BLOB request);
+static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_security,
+                                             struct gensec_ntlmssp_context *gensec_ntlmssp,
+                                             const struct auth_usersupplied_info *user_info,
+                                             TALLOC_CTX *mem_ctx,
+                                             DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key);
+static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
+                                       struct gensec_ntlmssp_context *gensec_ntlmssp,
+                                       struct ntlmssp_server_auth_state *state,
+                                       DATA_BLOB request);
+
+struct tevent_req *ntlmssp_server_auth_send(TALLOC_CTX *mem_ctx,
+                                           struct tevent_context *ev,
+                                           struct gensec_security *gensec_security,
+                                           const DATA_BLOB in)
+{
+       struct gensec_ntlmssp_context *gensec_ntlmssp =
+               talloc_get_type_abort(gensec_security->private_data,
+                                     struct gensec_ntlmssp_context);
+       struct tevent_req *req = NULL;
+       struct ntlmssp_server_auth_state *state = NULL;
+       NTSTATUS status;
+
+       req = tevent_req_create(mem_ctx, &state,
+                               struct ntlmssp_server_auth_state);
+       if (req == NULL) {
+               return NULL;
+       }
+
+       status = ntlmssp_server_preauth(gensec_security,
+                                       gensec_ntlmssp,
+                                       state, in);
+       if (tevent_req_nterror(req, status)) {
+               return tevent_req_post(req, ev);
+       }
+
+       status = ntlmssp_server_check_password(gensec_security,
+                                              gensec_ntlmssp,
+                                              state->user_info,
+                                              state,
+                                              &state->user_session_key,
+                                              &state->lm_session_key);
+       if (tevent_req_nterror(req, status)) {
+               return tevent_req_post(req, ev);
+       }
+
+       status = ntlmssp_server_postauth(gensec_security,
+                                        gensec_ntlmssp,
+                                        state, in);
+       if (tevent_req_nterror(req, status)) {
+               return tevent_req_post(req, ev);
+       }
+
+       tevent_req_done(req);
+       return tevent_req_post(req, ev);
+}
+
 /**
  * Next state function for the Authenticate packet
  *
@@ -989,63 +1051,19 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
        return nt_status;
 }
 
-
-/**
- * Next state function for the NTLMSSP Authenticate packet
- *
- * @param gensec_security GENSEC state
- * @param out_mem_ctx Memory context for *out
- * @param in The request, as a DATA_BLOB.  reply.data must be NULL
- * @param out The reply, as an allocated DATA_BLOB, caller to free.
- * @return Errors or NT_STATUS_OK if authentication sucessful
- */
-
-NTSTATUS gensec_ntlmssp_server_auth(struct gensec_security *gensec_security,
-                                   TALLOC_CTX *out_mem_ctx,
-                                   const DATA_BLOB in, DATA_BLOB *out)
+NTSTATUS ntlmssp_server_auth_recv(struct tevent_req *req,
+                                 TALLOC_CTX *out_mem_ctx,
+                                 DATA_BLOB *out)
 {
-       struct gensec_ntlmssp_context *gensec_ntlmssp =
-               talloc_get_type_abort(gensec_security->private_data,
-                                     struct gensec_ntlmssp_context);
-       struct ntlmssp_server_auth_state *state;
-       NTSTATUS nt_status;
+       NTSTATUS status;
 
-       /* zero the outbound NTLMSSP packet */
        *out = data_blob_null;
 
-       state = talloc_zero(gensec_ntlmssp, struct ntlmssp_server_auth_state);
-       if (state == NULL) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       nt_status = ntlmssp_server_preauth(gensec_security, gensec_ntlmssp, state, in);
-       if (!NT_STATUS_IS_OK(nt_status)) {
-               TALLOC_FREE(state);
-               return nt_status;
-       }
-
-       /*
-        * Note we don't check here for NTLMv2 auth settings. If NTLMv2 auth
-        * is required (by "ntlm auth = no" and "lm auth = no" being set in the
-        * smb.conf file) and no NTLMv2 response was sent then the password check
-        * will fail here. JRA.
-        */
-
-       /* Finally, actually ask if the password is OK */
-       nt_status = ntlmssp_server_check_password(gensec_security, gensec_ntlmssp,
-                                                 state->user_info, state,
-                                                 &state->user_session_key,
-                                                 &state->lm_session_key);
-       if (!NT_STATUS_IS_OK(nt_status)) {
-               TALLOC_FREE(state);
-               return nt_status;
+       if (tevent_req_is_nterror(req, &status)) {
+               tevent_req_received(req);
+               return status;
        }
 
-       /* When we get more async in the auth code behind
-          ntlmssp_state->check_password, the ntlmssp_server_postpath
-          can be done in a callback */
-
-       nt_status = ntlmssp_server_postauth(gensec_security, gensec_ntlmssp, state, in);
-       TALLOC_FREE(state);
-       return nt_status;
+       tevent_req_received(req);
+       return NT_STATUS_OK;
 }