auth: Make check_password and generate_session_info hook generic
authorAndrew Bartlett <abartlet@samba.org>
Mon, 30 Jan 2012 00:17:44 +0000 (11:17 +1100)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 30 Jan 2012 07:05:14 +0000 (08:05 +0100)
gensec_ntlmssp does not need to know the internal form of the
struct user_info_dc or auth_serversupplied_info.  This will allow the
calling logic to be put in common.

Andrew Bartlett

auth/common_auth.h
auth/ntlmssp/ntlmssp.h
source3/auth/auth_ntlmssp.c
source4/auth/auth.h
source4/auth/ntlm/auth.c
source4/auth/ntlmssp/ntlmssp_server.c

index 3991c40..453c0c9 100644 (file)
@@ -108,7 +108,8 @@ struct auth4_context {
        NTSTATUS (*check_password)(struct auth4_context *auth_ctx,
                                   TALLOC_CTX *mem_ctx,
                                   const struct auth_usersupplied_info *user_info,
-                                  struct auth_user_info_dc **user_info_dc);
+                                  void **server_returned_info,
+                                  DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
 
        NTSTATUS (*get_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]);
 
@@ -118,7 +119,7 @@ struct auth4_context {
 
        NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx,
                                          struct auth4_context *auth_context,
-                                         struct auth_user_info_dc *user_info_dc,
+                                         void *server_returned_info,
                                          uint32_t session_info_flags,
                                          struct auth_session_info **session_info);
 
index 9801b14..54d3e53 100644 (file)
@@ -34,13 +34,10 @@ struct ntlmssp_state;
 struct gensec_ntlmssp_context {
        /* used only by s3 server implementation */
        struct auth_context *auth_context;
-       struct auth_serversupplied_info *server_info;
-
-       /* Used by the s4 server implementation */
-       struct auth_user_info_dc *user_info_dc;
 
        /* For GENSEC users */
        struct gensec_security *gensec_security;
+       void *server_returned_info;
 
        /* used by both client and server implementation */
        struct ntlmssp_state *ntlmssp_state;
index 7a23a92..11fbef1 100644 (file)
@@ -37,10 +37,12 @@ static NTSTATUS gensec_ntlmssp3_server_session_info(struct gensec_security *gens
        struct gensec_ntlmssp_context *gensec_ntlmssp =
                talloc_get_type_abort(gensec_security->private_data,
                                      struct gensec_ntlmssp_context);
+       struct auth_serversupplied_info *server_info = talloc_get_type_abort(gensec_ntlmssp->server_returned_info, 
+                                                                            struct auth_serversupplied_info);
        NTSTATUS nt_status;
 
        nt_status = create_local_token(mem_ctx,
-                                      gensec_ntlmssp->server_info,
+                                      server_info,
                                       &gensec_ntlmssp->ntlmssp_state->session_key,
                                       gensec_ntlmssp->ntlmssp_state->user,
                                       session_info);
@@ -137,6 +139,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
        struct gensec_ntlmssp_context *gensec_ntlmssp =
                (struct gensec_ntlmssp_context *)ntlmssp_state->callback_private;
        struct auth_usersupplied_info *user_info = NULL;
+       struct auth_serversupplied_info *server_info;
        NTSTATUS nt_status;
        bool username_was_mapped;
 
@@ -168,7 +171,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
        user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
 
        nt_status = gensec_ntlmssp->auth_context->check_ntlm_password(gensec_ntlmssp->auth_context,
-                                                                         user_info, &gensec_ntlmssp->server_info);
+                                                                         user_info, &server_info);
 
        username_was_mapped = user_info->was_mapped;
 
@@ -176,9 +179,10 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 
        if (!NT_STATUS_IS_OK(nt_status)) {
                nt_status = do_map_to_guest_server_info(nt_status,
-                                                       &gensec_ntlmssp->server_info,
+                                                       &server_info,
                                                        gensec_ntlmssp->ntlmssp_state->user,
                                                        gensec_ntlmssp->ntlmssp_state->domain);
+               gensec_ntlmssp->server_returned_info = server_info;
                return nt_status;
        }
 
@@ -186,26 +190,27 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
                return nt_status;
        }
 
-       gensec_ntlmssp->server_info->nss_token |= username_was_mapped;
+       server_info->nss_token |= username_was_mapped;
 
        /* Clear out the session keys, and pass them to the caller.
         * They will not be used in this form again - instead the
         * NTLMSSP code will decide on the final correct session key,
         * and supply it to create_local_token() */
-       if (gensec_ntlmssp->server_info->session_key.length) {
+       if (server_info->session_key.length) {
                DEBUG(10, ("Got NT session key of length %u\n",
-                       (unsigned int)gensec_ntlmssp->server_info->session_key.length));
-               *session_key = gensec_ntlmssp->server_info->session_key;
-               talloc_steal(mem_ctx, gensec_ntlmssp->server_info->session_key.data);
-               gensec_ntlmssp->server_info->session_key = data_blob_null;
+                       (unsigned int)server_info->session_key.length));
+               *session_key = server_info->session_key;
+               talloc_steal(mem_ctx, server_info->session_key.data);
+               server_info->session_key = data_blob_null;
        }
-       if (gensec_ntlmssp->server_info->lm_session_key.length) {
+       if (server_info->lm_session_key.length) {
                DEBUG(10, ("Got LM session key of length %u\n",
-                       (unsigned int)gensec_ntlmssp->server_info->lm_session_key.length));
-               *lm_session_key = gensec_ntlmssp->server_info->lm_session_key;
-               talloc_steal(mem_ctx, gensec_ntlmssp->server_info->lm_session_key.data);
-               gensec_ntlmssp->server_info->lm_session_key = data_blob_null;
+                       (unsigned int)server_info->lm_session_key.length));
+               *lm_session_key = server_info->lm_session_key;
+               talloc_steal(mem_ctx, server_info->lm_session_key.data);
+               server_info->lm_session_key = data_blob_null;
        }
+       gensec_ntlmssp->server_returned_info = server_info;
        return nt_status;
 }
 
index a7fc413..1b22701 100644 (file)
@@ -152,9 +152,15 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
                             struct loadparm_context *lp_ctx,
                             struct auth4_context **auth_ctx);
 
+NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,
+                            TALLOC_CTX *mem_ctx,
+                            const struct auth_usersupplied_info *user_info, 
+                            void **server_returned_info,
+                            DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key);
+
 NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
                             TALLOC_CTX *mem_ctx,
-                            const struct auth_usersupplied_info *user_info,
+                            const struct auth_usersupplied_info *user_info, 
                             struct auth_user_info_dc **user_info_dc);
 NTSTATUS auth4_init(void);
 NTSTATUS auth_register(const struct auth_operations *ops);
index 95bdd84..a654fab 100644 (file)
@@ -35,7 +35,7 @@
 
 static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
                                                   struct auth4_context *auth_context,
-                                                  struct auth_user_info_dc *user_info_dc,
+                                                  void *server_returned_info,
                                                   uint32_t session_info_flags,
                                                   struct auth_session_info **session_info);
 
@@ -208,6 +208,38 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
        return status;
 }
 
+_PUBLIC_ NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,
+                                             TALLOC_CTX *mem_ctx,
+                                             const struct auth_usersupplied_info *user_info, 
+                                             void **server_returned_info,
+                                             DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
+{
+       struct auth_user_info_dc *user_info_dc;
+       NTSTATUS status = auth_check_password(auth_ctx, mem_ctx, user_info, &user_info_dc);
+
+       if (NT_STATUS_IS_OK(status)) {
+               *server_returned_info = user_info_dc;
+
+               if (user_session_key) {
+                       DEBUG(10, ("Got NT session key of length %u\n",
+                                  (unsigned)user_info_dc->user_session_key.length));
+                       *user_session_key = user_info_dc->user_session_key;
+                       talloc_steal(mem_ctx, user_session_key->data);
+                       user_info_dc->user_session_key = data_blob_null;
+               }
+
+               if (lm_session_key) {
+                       DEBUG(10, ("Got LM session key of length %u\n",
+                                  (unsigned)user_info_dc->lm_session_key.length));
+                       *lm_session_key = user_info_dc->lm_session_key;
+                       talloc_steal(mem_ctx, lm_session_key->data);
+                       user_info_dc->lm_session_key = data_blob_null;
+               }
+       }
+
+       return status;
+}
+
 struct auth_check_password_state {
        struct auth4_context *auth_ctx;
        const struct auth_usersupplied_info *user_info;
@@ -433,10 +465,11 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
   * generation of unix tokens via IRPC */
 static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
                                                   struct auth4_context *auth_context,
-                                                  struct auth_user_info_dc *user_info_dc,
+                                                  void *server_returned_info,
                                                   uint32_t session_info_flags,
                                                   struct auth_session_info **session_info)
 {
+       struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(server_returned_info, struct auth_user_info_dc);
        NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
                                                     auth_context->sam_ctx, user_info_dc,
                                                     session_info_flags, session_info);
@@ -562,7 +595,7 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **
                DLIST_ADD_END(ctx->methods, method, struct auth_method_context *);
        }
 
-       ctx->check_password = auth_check_password;
+       ctx->check_password = auth_check_password_wrapper;
        ctx->get_challenge = auth_get_challenge;
        ctx->set_challenge = auth_context_set_challenge;
        ctx->challenge_may_be_modified = auth_challenge_may_be_modified;
index dcd6123..1a876e3 100644 (file)
@@ -189,25 +189,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
                nt_status = auth_context->check_password(auth_context,
                                                         gensec_ntlmssp,
                                                         user_info,
-                                                        &gensec_ntlmssp->user_info_dc);
+                                                        &gensec_ntlmssp->server_returned_info,
+                                                        user_session_key, lm_session_key);
        }
        talloc_free(user_info);
        NT_STATUS_NOT_OK_RETURN(nt_status);
 
-       if (gensec_ntlmssp->user_info_dc->user_session_key.length) {
-               DEBUG(10, ("Got NT session key of length %u\n",
-                          (unsigned)gensec_ntlmssp->user_info_dc->user_session_key.length));
-               *user_session_key = gensec_ntlmssp->user_info_dc->user_session_key;
-               talloc_steal(mem_ctx, user_session_key->data);
-               gensec_ntlmssp->user_info_dc->user_session_key = data_blob_null;
-       }
-       if (gensec_ntlmssp->user_info_dc->lm_session_key.length) {
-               DEBUG(10, ("Got LM session key of length %u\n",
-                          (unsigned)gensec_ntlmssp->user_info_dc->lm_session_key.length));
-               *lm_session_key = gensec_ntlmssp->user_info_dc->lm_session_key;
-               talloc_steal(mem_ctx, lm_session_key->data);
-               gensec_ntlmssp->user_info_dc->lm_session_key = data_blob_null;
-       }
+       talloc_steal(mem_ctx, user_session_key->data);
+       talloc_steal(mem_ctx, lm_session_key->data);
+       
        return nt_status;
 }
 
@@ -229,10 +219,11 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
        struct gensec_ntlmssp_context *gensec_ntlmssp =
                talloc_get_type_abort(gensec_security->private_data,
                                      struct gensec_ntlmssp_context);
-
+       struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(gensec_ntlmssp->server_returned_info,
+                                                                      struct auth_user_info_dc);
        nt_status = gensec_generate_session_info(mem_ctx,
                                                 gensec_security,
-                                                gensec_ntlmssp->user_info_dc,
+                                                user_info_dc,
                                                 session_info);
        NT_STATUS_NOT_OK_RETURN(nt_status);