goto done;
}
- /* steal ntlmssp context too */
+ /* steal gensec context too */
+ *ctx = talloc_move(mem_ctx, &a->gensec_security);
+
+ status = NT_STATUS_OK;
+
+done:
+ TALLOC_FREE(a);
+
+ return status;
+}
+
+NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
+ uint8_t auth_type, uint8_t auth_level,
+ DATA_BLOB *token_in,
+ DATA_BLOB *token_out,
+ const struct tsocket_address *remote_address,
+ struct gensec_security **ctx)
+{
+ struct auth_generic_state *a = NULL;
+ NTSTATUS status;
+
+ status = auth_generic_prepare(remote_address, &a);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ status = auth_generic_authtype_start(a, auth_type, auth_level);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, (__location__ ": auth_generic_start failed: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ status = gensec_update(a->gensec_security, mem_ctx, NULL, *token_in, token_out);
+ if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ DEBUG(2, (__location__ ": gensec_update failed: %s\n",
+ nt_errstr(status)));
+ goto done;
+ }
+
+ /* steal gensec context too */
*ctx = talloc_move(mem_ctx, &a->gensec_security);
status = NT_STATUS_OK;
DATA_BLOB *token_out,
const struct tsocket_address *remote_address,
struct gensec_security **ctx);
+
+NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
+ uint8_t auth_type, uint8_t auth_level,
+ DATA_BLOB *token_in,
+ DATA_BLOB *token_out,
+ const struct tsocket_address *remote_address,
+ struct gensec_security **ctx);
+
NTSTATUS auth_generic_server_step(struct gensec_security *ctx,
TALLOC_CTX *mem_ctx,
DATA_BLOB *token_in,
Handle an NTLMSSP bind auth.
*******************************************************************/
-static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
+static bool pipe_auth_generic_bind(struct pipes_struct *p,
TALLOC_CTX *mem_ctx,
struct dcerpc_auth *auth_info,
DATA_BLOB *response)
struct gensec_security *gensec_security = NULL;
NTSTATUS status;
- if (strncmp((char *)auth_info->credentials.data, "NTLMSSP", 7) != 0) {
- DEBUG(0, ("Failed to read NTLMSSP in blob\n"));
- return false;
- }
-
- /* We have an NTLMSSP blob. */
- status = auth_generic_server_start(p,
- OID_NTLMSSP,
- (auth_info->auth_level ==
- DCERPC_AUTH_LEVEL_INTEGRITY),
- (auth_info->auth_level ==
- DCERPC_AUTH_LEVEL_PRIVACY),
- true,
- &auth_info->credentials,
- response,
- p->remote_address,
- &gensec_security);
+ status = auth_generic_server_authtype_start(p,
+ auth_info->auth_type,
+ auth_info->auth_level,
+ &auth_info->credentials,
+ response,
+ p->remote_address,
+ &gensec_security);
if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
- DEBUG(0, (__location__ ": auth_ntlmssp_start failed: %s\n",
+ DEBUG(0, (__location__ ": auth_generic_server_authtype_start failed: %s\n",
nt_errstr(status)));
return false;
}
talloc_steal(mem_ctx, response->data);
p->auth.auth_ctx = gensec_security;
- p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
-
- DEBUG(10, (__location__ ": NTLMSSP auth started\n"));
+ p->auth.auth_type = auth_info->auth_type;
return true;
}
switch (auth_type) {
case DCERPC_AUTH_TYPE_NTLMSSP:
- if (!pipe_ntlmssp_auth_bind(p, pkt,
- &auth_info, &auth_resp)) {
+ if (!pipe_auth_generic_bind(p, pkt,
+ &auth_info, &auth_resp)) {
goto err_exit;
}
assoc_gid = 0x7a77;