s3-rpc_server: Rework pipe_ntlmssp_auth_bind() to be generic

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c
index 16dfd4a976856950a3a39af2bb0858886e6f93fe..73737c24b7d172549e426fcf29bbd449b2b63468 100644 (file)
--- a/source3/rpc_server/dcesrv_auth_generic.c
+++ b/source3/rpc_server/dcesrv_auth_generic.c
@@ -71,7 +71,49 @@ NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx,
                goto done;
        }
 
-       /* steal ntlmssp context too */
+       /* steal gensec context too */
+       *ctx = talloc_move(mem_ctx, &a->gensec_security);
+
+       status = NT_STATUS_OK;
+
+done:
+       TALLOC_FREE(a);
+
+       return status;
+}
+
+NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
+                                           uint8_t auth_type, uint8_t auth_level,
+                                           DATA_BLOB *token_in,
+                                           DATA_BLOB *token_out,
+                                           const struct tsocket_address *remote_address,
+                                           struct gensec_security **ctx)
+{
+       struct auth_generic_state *a = NULL;
+       NTSTATUS status;
+
+       status = auth_generic_prepare(remote_address, &a);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n",
+                         nt_errstr(status)));
+               return status;
+       }
+
+       status = auth_generic_authtype_start(a, auth_type, auth_level);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0, (__location__ ": auth_generic_start failed: %s\n",
+                         nt_errstr(status)));
+               return status;
+       }
+
+       status = gensec_update(a->gensec_security, mem_ctx, NULL, *token_in, token_out);
+       if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+               DEBUG(2, (__location__ ": gensec_update failed: %s\n",
+                         nt_errstr(status)));
+               goto done;
+       }
+
+       /* steal gensec context too */
        *ctx = talloc_move(mem_ctx, &a->gensec_security);
 
        status = NT_STATUS_OK;

diff --git a/source3/rpc_server/dcesrv_auth_generic.h b/source3/rpc_server/dcesrv_auth_generic.h
index 119e29276af507c8e3b8d7097842bea5452af7b6..07e69af1f77f6f82b467d31d6b10cd276e118555 100644 (file)
--- a/source3/rpc_server/dcesrv_auth_generic.h
+++ b/source3/rpc_server/dcesrv_auth_generic.h
@@ -31,6 +31,14 @@ NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx,
                                   DATA_BLOB *token_out,
                                   const struct tsocket_address *remote_address,
                                   struct gensec_security **ctx);
+
+NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
+                                           uint8_t auth_type, uint8_t auth_level,
+                                           DATA_BLOB *token_in,
+                                           DATA_BLOB *token_out,
+                                           const struct tsocket_address *remote_address,
+                                           struct gensec_security **ctx);
+
 NTSTATUS auth_generic_server_step(struct gensec_security *ctx,
                             TALLOC_CTX *mem_ctx,
                             DATA_BLOB *token_in,

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index fa95c20f5fc999aef82dfbe469b58ebec6273d78..61e306c1996bce331f67eb9acae828a23fbeefb1 100644 (file)
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -584,7 +584,7 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p,
  Handle an NTLMSSP bind auth.
 *******************************************************************/
 
-static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
+static bool pipe_auth_generic_bind(struct pipes_struct *p,
                                   TALLOC_CTX *mem_ctx,
                                   struct dcerpc_auth *auth_info,
                                   DATA_BLOB *response)
@@ -592,25 +592,15 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
        struct gensec_security *gensec_security = NULL;
         NTSTATUS status;
 
-       if (strncmp((char *)auth_info->credentials.data, "NTLMSSP", 7) != 0) {
-               DEBUG(0, ("Failed to read NTLMSSP in blob\n"));
-                return false;
-        }
-
-       /* We have an NTLMSSP blob. */
-       status = auth_generic_server_start(p,
-                                          OID_NTLMSSP,
-                                          (auth_info->auth_level ==
-                                               DCERPC_AUTH_LEVEL_INTEGRITY),
-                                          (auth_info->auth_level ==
-                                               DCERPC_AUTH_LEVEL_PRIVACY),
-                                          true,
-                                          &auth_info->credentials,
-                                          response,
-                                          p->remote_address,
-                                          &gensec_security);
+       status = auth_generic_server_authtype_start(p,
+                                                   auth_info->auth_type,
+                                                   auth_info->auth_level,
+                                                   &auth_info->credentials,
+                                                   response,
+                                                   p->remote_address,
+                                                   &gensec_security);
        if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
-               DEBUG(0, (__location__ ": auth_ntlmssp_start failed: %s\n",
+               DEBUG(0, (__location__ ": auth_generic_server_authtype_start failed: %s\n",
                          nt_errstr(status)));
                return false;
        }
@@ -619,9 +609,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
        talloc_steal(mem_ctx, response->data);
 
        p->auth.auth_ctx = gensec_security;
-       p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
-
-       DEBUG(10, (__location__ ": NTLMSSP auth started\n"));
+       p->auth.auth_type = auth_info->auth_type;
 
        return true;
 }
@@ -1000,8 +988,8 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
 
                switch (auth_type) {
                case DCERPC_AUTH_TYPE_NTLMSSP:
-                       if (!pipe_ntlmssp_auth_bind(p, pkt,
-                                               &auth_info, &auth_resp)) {
+                       if (!pipe_auth_generic_bind(p, pkt,
+                                                   &auth_info, &auth_resp)) {
                                goto err_exit;
                        }
                        assoc_gid = 0x7a77;