s3-auth: Use the gensec-supplied DNS domain name and hostname.
authorAndrew Bartlett <abartlet@samba.org>
Tue, 31 Jan 2012 05:17:48 +0000 (16:17 +1100)
committerStefan Metzmacher <metze@samba.org>
Fri, 17 Feb 2012 09:48:09 +0000 (10:48 +0100)
Also have a reasonable fallback for when it is not set.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
source3/auth/auth_generic.c
source3/auth/auth_ntlmssp.c

index b76dcd7..559dce1 100644 (file)
@@ -183,6 +183,8 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
                struct loadparm_context *lp_ctx;
                size_t idx = 0;
                struct cli_credentials *server_credentials;
+               const char *dns_name;
+               const char *dns_domain;
                struct auth4_context *auth4_context = talloc_zero(tmp_ctx, struct auth4_context);
                if (auth4_context == NULL) {
                        DEBUG(10, ("failed to allocate auth4_context failed\n"));
@@ -211,6 +213,36 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
                        return NT_STATUS_NO_MEMORY;
                }
 
+               /*
+                * This should be a 'netbios domain -> DNS domain'
+                * mapping, and can currently validly return NULL on
+                * poorly configured systems.
+                *
+                * This is used for the NTLMSSP server
+                *
+                */
+               dns_name = get_mydnsfullname();
+               if (dns_name == NULL) {
+                       dns_name = "";
+               }
+
+               dns_domain = get_mydnsdomname(tmp_ctx);
+               if (dns_domain == NULL) {
+                       dns_domain = "";
+               }
+
+               gensec_settings->server_dns_name = strlower_talloc(gensec_settings, dns_name);
+               if (gensec_settings->server_dns_name == NULL) {
+                       TALLOC_FREE(tmp_ctx);
+                       return NT_STATUS_NO_MEMORY;
+               }
+
+               gensec_settings->server_dns_domain = strlower_talloc(gensec_settings, dns_domain);
+               if (gensec_settings->server_dns_domain == NULL) {
+                       TALLOC_FREE(tmp_ctx);
+                       return NT_STATUS_NO_MEMORY;
+               }
+
                gensec_settings->backends = talloc_zero_array(gensec_settings,
                                                struct gensec_security_ops *, 4);
                if (gensec_settings->backends == NULL) {
index 2f6e8ad..5f94358 100644 (file)
@@ -205,17 +205,12 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
 static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_security)
 {
        NTSTATUS nt_status;
-       const char *dns_name;
-       char *dns_domain;
        struct gensec_ntlmssp_context *gensec_ntlmssp;
        struct ntlmssp_state *ntlmssp_state;
-
-       /* This should be a 'netbios domain -> DNS domain' mapping */
-       dns_domain = get_mydnsdomname(talloc_tos());
-       if (dns_domain) {
-               strlower_m(dns_domain);
-       }
-       dns_name = get_mydnsfullname();
+       const char *netbios_name;
+       const char *netbios_domain;
+       const char *dns_name;
+       const char *dns_domain;
 
        nt_status = gensec_ntlmssp_start(gensec_security);
        NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -224,14 +219,6 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
                talloc_get_type_abort(gensec_security->private_data,
                                      struct gensec_ntlmssp_context);
 
-       if (!dns_domain) {
-               dns_domain = "";
-       }
-
-       if (!dns_name) {
-               dns_name = "";
-       }
-
        ntlmssp_state = talloc_zero(gensec_ntlmssp, struct ntlmssp_state);
        if (!ntlmssp_state) {
                return NT_STATUS_NO_MEMORY;
@@ -251,15 +238,6 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
                ntlmssp_state->allow_lm_key = true;
        }
 
-       ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
-       if (!ntlmssp_state->server.dns_name) {
-               return NT_STATUS_NO_MEMORY;
-       }
-       ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain);
-       if (!ntlmssp_state->server.dns_domain) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
        ntlmssp_state->neg_flags =
                NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION;
 
@@ -305,9 +283,47 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
                ntlmssp_state->server.is_standalone = false;
        }
 
-       ntlmssp_state->server.netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx);
+       netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx);
+       netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
 
-       ntlmssp_state->server.netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
+       if (gensec_security->settings->server_dns_name) {
+               dns_name = gensec_security->settings->server_dns_name;
+       } else {
+               const char *dnsdomain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
+               char *lower_netbiosname;
+
+               lower_netbiosname = strlower_talloc(ntlmssp_state, netbios_name);
+               NT_STATUS_HAVE_NO_MEMORY(lower_netbiosname);
+
+               /* Find out the DNS host name */
+               if (dnsdomain && dnsdomain[0] != '\0') {
+                       dns_name = talloc_asprintf(ntlmssp_state, "%s.%s",
+                                                  lower_netbiosname,
+                                                  dnsdomain);
+                       talloc_free(lower_netbiosname);
+                       NT_STATUS_HAVE_NO_MEMORY(dns_name);
+               } else {
+                       dns_name = lower_netbiosname;
+               }
+       }
+
+       if (gensec_security->settings->server_dns_domain) {
+               dns_domain = gensec_security->settings->server_dns_domain;
+       } else {
+               dns_domain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
+       }
+
+       ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name);
+       NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_name);
+
+       ntlmssp_state->server.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain);
+       NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_domain);
+
+       ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
+       NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name);
+
+       ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain);
+       NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain);
 
        return NT_STATUS_OK;
 }