r26260: Store loadparm context in gensec context.

[jelmer/samba4-debian.git] / source / auth / ntlmssp / ntlmssp_server.c

diff --git a/source/auth/ntlmssp/ntlmssp_server.c b/source/auth/ntlmssp/ntlmssp_server.c
index 0598ff8f1dbbb741b69b4aa05910043067b2cab3..52c027baac4354639ecabed197e629f539da58ab 100644 (file)
--- a/source/auth/ntlmssp/ntlmssp_server.c
+++ b/source/auth/ntlmssp/ntlmssp_server.c
@@ -9,7 +9,7 @@
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    
    This program is distributed in the hope that it will be useful,
@@ -18,18 +18,19 @@
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "includes.h"
-#include "auth/auth.h"
 #include "auth/ntlmssp/ntlmssp.h"
 #include "auth/ntlmssp/msrpc_parse.h"
 #include "lib/crypto/crypto.h"
-#include "pstring.h"
 #include "system/filesys.h"
-#include "libcli/auth/proto.h"
+#include "libcli/auth/libcli_auth.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "auth/auth.h"
+#include "param/param.h"
 
 /** 
  * Set a username on an NTLMSSP context - ensures it is talloc()ed 
@@ -97,66 +98,13 @@ static const char *ntlmssp_target_name(struct gensec_ntlmssp_state *gensec_ntlms
                        return gensec_ntlmssp_state->server_name;
                } else {
                        *chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN;
-                       return gensec_ntlmssp_state->get_domain();
+                       return gensec_ntlmssp_state->domain;
                };
        } else {
                return "";
        }
 }
 
-/*
-  Andrew, please remove these totally bogus calls when you get time
-*/
-static BOOL get_myfullname(char *my_name)
-{
-       pstring hostname;
-
-       *hostname = 0;
-
-       /* get my host name */
-       if (gethostname(hostname, sizeof(hostname)) == -1) {
-               DEBUG(0,("gethostname failed\n"));
-               return False;
-       } 
-
-       /* Ensure null termination. */
-       hostname[sizeof(hostname)-1] = '\0';
-
-       if (my_name)
-               fstrcpy(my_name, hostname);
-       return True;
-}
-
-static BOOL get_mydomname(char *my_domname)
-{
-       pstring hostname;
-       char *p;
-
-       /* arrgh! relies on full name in system */
-
-       *hostname = 0;
-       /* get my host name */
-       if (gethostname(hostname, sizeof(hostname)) == -1) {
-               DEBUG(0,("gethostname failed\n"));
-               return False;
-       } 
-
-       /* Ensure null termination. */
-       hostname[sizeof(hostname)-1] = '\0';
-
-       p = strchr_m(hostname, '.');
-
-       if (!p)
-               return False;
-
-       p++;
-       
-       if (my_domname)
-               fstrcpy(my_domname, p);
-
-       return True;
-}
-
 
 
 /**
@@ -173,9 +121,10 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
                                  TALLOC_CTX *out_mem_ctx, 
                                  const DATA_BLOB in, DATA_BLOB *out) 
 {
-       struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+       struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
        DATA_BLOB struct_blob;
-       fstring dnsname, dnsdomname;
+       char dnsname[MAXHOSTNAMELEN], dnsdomname[MAXHOSTNAMELEN];
+       const char *p;
        uint32_t neg_flags = 0;
        uint32_t ntlmssp_command, chal_flags;
        const uint8_t *cryptkey;
@@ -226,13 +175,20 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
        gensec_ntlmssp_state->chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8);
        gensec_ntlmssp_state->internal_chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8);
 
-       /* This should be a 'netbios domain -> DNS domain' mapping */
-       dnsdomname[0] = '\0';
-       get_mydomname(dnsdomname);
-       strlower_m(dnsdomname);
-       
        dnsname[0] = '\0';
-       get_myfullname(dnsname);
+       if (gethostname(dnsname, sizeof(dnsname)) == -1) {
+               DEBUG(0,("gethostname failed\n"));
+               return NT_STATUS_UNSUCCESSFUL;
+       }
+
+       /* This should be a 'netbios domain -> DNS domain' mapping */
+       p = strchr(dnsname, '.');
+       if (p != NULL) {
+               safe_strcpy(dnsdomname, p+1, sizeof(dnsdomname));
+               strlower_m(dnsdomname);
+       } else {
+               dnsdomname[0] = '\0';
+       }
        
        /* This creates the 'blob' of names that appears at the end of the packet */
        if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) 
@@ -403,7 +359,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_ntlmssp_state *gensec_ntlms
                        SMB_ASSERT(gensec_ntlmssp_state->internal_chal.data 
                                   && gensec_ntlmssp_state->internal_chal.length == 8);
                        
-                       gensec_ntlmssp_state->doing_ntlm2 = True;
+                       gensec_ntlmssp_state->doing_ntlm2 = true;
 
                        memcpy(gensec_ntlmssp_state->crypt.ntlm2.session_nonce, gensec_ntlmssp_state->internal_chal.data, 8);
                        memcpy(&gensec_ntlmssp_state->crypt.ntlm2.session_nonce[8], gensec_ntlmssp_state->lm_resp.data, 8);
@@ -446,7 +402,7 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
                                        DATA_BLOB *user_session_key, 
                                        DATA_BLOB *lm_session_key) 
 {
-       struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+       struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
        NTSTATUS nt_status;
        DATA_BLOB session_key = data_blob(NULL, 0);
 
@@ -593,7 +549,7 @@ NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security,
                             TALLOC_CTX *out_mem_ctx, 
                             const DATA_BLOB in, DATA_BLOB *out) 
 {      
-       struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+       struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
        DATA_BLOB user_session_key = data_blob(NULL, 0);
        DATA_BLOB lm_session_key = data_blob(NULL, 0);
        NTSTATUS nt_status;
@@ -661,7 +617,7 @@ static const uint8_t *auth_ntlmssp_get_challenge(const struct gensec_ntlmssp_sta
  *
  * @return If the effective challenge used by the auth subsystem may be modified
  */
-static BOOL auth_ntlmssp_may_set_challenge(const struct gensec_ntlmssp_state *gensec_ntlmssp_state)
+static bool auth_ntlmssp_may_set_challenge(const struct gensec_ntlmssp_state *gensec_ntlmssp_state)
 {
        return auth_challenge_may_be_modified(gensec_ntlmssp_state->auth_context);
 }
@@ -705,7 +661,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct gensec_ntlmssp_state *gensec_
 
        user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
        user_info->flags = 0;
-       user_info->mapped_state = False;
+       user_info->mapped_state = false;
        user_info->client.account_name = gensec_ntlmssp_state->user;
        user_info->client.domain_name = gensec_ntlmssp_state->domain;
        user_info->workstation_name = gensec_ntlmssp_state->workstation;
@@ -759,7 +715,7 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
                                     struct auth_session_info **session_info) 
 {
        NTSTATUS nt_status;
-       struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+       struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
 
        nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_ntlmssp_state->server_info, session_info);
        NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -783,38 +739,46 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
        nt_status = gensec_ntlmssp_start(gensec_security);
        NT_STATUS_NOT_OK_RETURN(nt_status);
 
-       gensec_ntlmssp_state = gensec_security->private_data;
+       gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
 
        gensec_ntlmssp_state->role = NTLMSSP_SERVER;
 
        gensec_ntlmssp_state->workstation = NULL;
-       gensec_ntlmssp_state->server_name = lp_netbios_name();
+       gensec_ntlmssp_state->server_name = lp_netbios_name(gensec_security->lp_ctx);
 
-       gensec_ntlmssp_state->get_domain = lp_workgroup;
+       gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->lp_ctx);
 
        gensec_ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
 
-       gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth() 
-                                         && lp_parm_bool(-1, "ntlmssp_server", "allow_lm_key", False));
+       gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(gensec_security->lp_ctx) 
+                                         && lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "allow_lm_key", false));
 
-       gensec_ntlmssp_state->server_multiple_authentications = False;
+       gensec_ntlmssp_state->server_multiple_authentications = false;
        
        gensec_ntlmssp_state->neg_flags = 
-               NTLMSSP_NEGOTIATE_NTLM;
+               NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_UNKNOWN_02000000;
 
        gensec_ntlmssp_state->lm_resp = data_blob(NULL, 0);
        gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0);
        gensec_ntlmssp_state->encrypted_session_key = data_blob(NULL, 0);
 
-       if (lp_parm_bool(-1, "ntlmssp_server", "128bit", True)) {
+       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "128bit", true)) {
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;               
        }
 
-       if (lp_parm_bool(-1, "ntlmssp_server", "keyexchange", True)) {
+       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "56bit", true)) {
+               gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;                
+       }
+
+       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "keyexchange", true)) {
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;          
        }
 
-       if (lp_parm_bool(-1, "ntlmssp_server", "ntlm2", True)) {
+       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "alwayssign", true)) {
+               gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;               
+       }
+
+       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "ntlm2", true)) {
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;             
        }
 
@@ -825,16 +789,18 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
                gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
        }
 
-       nt_status = auth_context_create(gensec_ntlmssp_state, lp_auth_methods(), 
-                                       &gensec_ntlmssp_state->auth_context,
-                                       gensec_security->event_ctx);
+       nt_status = auth_context_create(gensec_ntlmssp_state, 
+                                       gensec_security->event_ctx,
+                                       gensec_security->msg_ctx,
+                                       gensec_security->lp_ctx,
+                                       &gensec_ntlmssp_state->auth_context);
        NT_STATUS_NOT_OK_RETURN(nt_status);
 
        gensec_ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
        gensec_ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
        gensec_ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
        gensec_ntlmssp_state->check_password = auth_ntlmssp_check_password;
-       gensec_ntlmssp_state->server_role = lp_server_role();
+       gensec_ntlmssp_state->server_role = lp_server_role(gensec_security->lp_ctx);
 
        return NT_STATUS_OK;
 }