s3:ntlmssp: pass names to ntlmssp_server_start() and store them in ntlmssp_state
authorStefan Metzmacher <metze@samba.org>
Wed, 30 Dec 2009 10:55:23 +0000 (11:55 +0100)
committerGünther Deschner <gd@samba.org>
Wed, 24 Mar 2010 16:34:54 +0000 (17:34 +0100)
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
source3/auth/auth_ntlmssp.c
source3/include/ntlmssp.h
source3/include/proto.h
source3/libsmb/ntlmssp.c
source3/utils/ntlm_auth.c

index 9eccebc564f7529ec790b29cc6d9893d2c202f6e..3431d79a3f9839969b0fd43f8bdd7637d57579af 100644 (file)
@@ -157,6 +157,26 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
 {
        NTSTATUS nt_status;
        TALLOC_CTX *mem_ctx;
+       bool is_standalone;
+       const char *netbios_name;
+       const char *netbios_domain;
+       const char *dns_name;
+       char *dns_domain;
+
+       if ((enum server_types)lp_server_role() == ROLE_STANDALONE) {
+               is_standalone = true;
+       } else {
+               is_standalone = false;
+       }
+
+       netbios_name = global_myname();
+       netbios_domain = lp_workgroup();
+       /* This should be a 'netbios domain -> DNS domain' mapping */
+       dns_domain = get_mydnsdomname(talloc_tos());
+       if (dns_domain) {
+               strlower_m(dns_domain);
+       }
+       dns_name = get_mydnsfullname();
 
        mem_ctx = talloc_init("AUTH NTLMSSP context");
        
@@ -171,7 +191,14 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
 
        (*auth_ntlmssp_state)->mem_ctx = mem_ctx;
 
-       if (!NT_STATUS_IS_OK(nt_status = ntlmssp_server_start(&(*auth_ntlmssp_state)->ntlmssp_state))) {
+       nt_status = ntlmssp_server_start(NULL,
+                                        is_standalone,
+                                        netbios_name,
+                                        netbios_domain,
+                                        dns_name,
+                                        dns_domain,
+                                        &(*auth_ntlmssp_state)->ntlmssp_state);
+       if (!NT_STATUS_IS_OK(nt_status)) {
                return nt_status;
        }
 
@@ -184,11 +211,6 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
        (*auth_ntlmssp_state)->ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
        (*auth_ntlmssp_state)->ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
        (*auth_ntlmssp_state)->ntlmssp_state->check_password = auth_ntlmssp_check_password;
-       if ((enum server_types)lp_server_role() == ROLE_STANDALONE) {
-               (*auth_ntlmssp_state)->ntlmssp_state->server.is_standalone = true;
-       } else {
-               (*auth_ntlmssp_state)->ntlmssp_state->server.is_standalone = false;
-       }
 
        return NT_STATUS_OK;
 }
index 636a0e7d5de191e1abea27078d3d8dd7ac39f3d1..9c9b1fc951876f5a7f19a510f12546b142c3a21f 100644 (file)
@@ -59,6 +59,10 @@ struct ntlmssp_state
 
        struct {
                bool is_standalone;
+               const char *netbios_name;
+               const char *netbios_domain;
+               const char *dns_name;
+               const char *dns_domain;
        } server;
 
        DATA_BLOB internal_chal; /* Random challenge as supplied to the client for NTLM authentication */
index b3f22edba422552d934121368bd391255938378d..de2923938b7978732ad027fc36e2be3fc90c8157 100644 (file)
@@ -3210,7 +3210,13 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
                        const DATA_BLOB in, DATA_BLOB *out) ;
 void ntlmssp_end(struct ntlmssp_state **ntlmssp_state);
 DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx);
-NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state);
+NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx,
+                             bool is_standalone,
+                             const char *netbios_name,
+                             const char *netbios_domain,
+                             const char *dns_name,
+                             const char *dns_domain,
+                             struct ntlmssp_state **ntlmssp_state);
 NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state);
 
 /* The following definitions come from libsmb/ntlmssp_sign.c  */
index c5b445d44366c01ef4e2ce29d702ffdf5013a7c7..ac856bc489eabb795234b7da70866bf990b52026 100644 (file)
@@ -369,10 +369,10 @@ static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
                *chal_flags |= NTLMSSP_REQUEST_TARGET;
                if (ntlmssp_state->server.is_standalone) {
                        *chal_flags |= NTLMSSP_TARGET_TYPE_SERVER;
-                       return ntlmssp_state->get_global_myname();
+                       return ntlmssp_state->server.netbios_name;
                } else {
                        *chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN;
-                       return ntlmssp_state->get_domain();
+                       return ntlmssp_state->server.netbios_domain;
                };
        } else {
                return "";
@@ -492,8 +492,6 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
                                         const DATA_BLOB request, DATA_BLOB *reply)
 {
        DATA_BLOB struct_blob;
-       const char *dnsname;
-       char *dnsdomname = NULL;
        uint32 neg_flags = 0;
        uint32 ntlmssp_command, chal_flags;
        uint8_t cryptkey[8];
@@ -560,29 +558,14 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
        ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state,
                                                        cryptkey, 8);
 
-       /* This should be a 'netbios domain -> DNS domain' mapping */
-       dnsdomname = get_mydnsdomname(ntlmssp_state);
-       if (!dnsdomname) {
-               dnsdomname = talloc_strdup(ntlmssp_state, "");
-       }
-       if (!dnsdomname) {
-               return NT_STATUS_NO_MEMORY;
-       }
-       strlower_m(dnsdomname);
-
-       dnsname = get_mydnsfullname();
-       if (!dnsname) {
-               dnsname = "";
-       }
-
        /* This creates the 'blob' of names that appears at the end of the packet */
        if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
        {
                msrpc_gen(ntlmssp_state, &struct_blob, "aaaaa",
                          MsvAvNbDomainName, target_name,
-                         MsvAvNbComputerName, ntlmssp_state->get_global_myname(),
-                         MsvAvDnsDomainName, dnsdomname,
-                         MsvAvDnsComputerName, dnsname,
+                         MsvAvNbComputerName, ntlmssp_state->server.netbios_name,
+                         MsvAvDnsDomainName, ntlmssp_state->server.dns_domain,
+                         MsvAvDnsComputerName, ntlmssp_state->server.dns_name,
                          MsvAvEOL, "");
        } else {
                struct_blob = data_blob_null;
@@ -885,28 +868,48 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
  * @param ntlmssp_state NTLMSSP State, allocated by this function
  */
 
-NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state)
+NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx,
+                             bool is_standalone,
+                             const char *netbios_name,
+                             const char *netbios_domain,
+                             const char *dns_name,
+                             const char *dns_domain,
+                             struct ntlmssp_state **_ntlmssp_state)
 {
-       *ntlmssp_state = TALLOC_ZERO_P(NULL, struct ntlmssp_state);
-       if (!*ntlmssp_state) {
-               DEBUG(0,("ntlmssp_server_start: talloc failed!\n"));
-               talloc_destroy(*ntlmssp_state);
+       struct ntlmssp_state *ntlmssp_state;
+
+       if (!netbios_name) {
+               netbios_name = "";
+       }
+
+       if (!netbios_domain) {
+               netbios_domain = "";
+       }
+
+       if (!dns_domain) {
+               dns_domain = "";
+       }
+
+       if (!dns_name) {
+               dns_name = "";
+       }
+
+       ntlmssp_state = talloc_zero(mem_ctx, struct ntlmssp_state);
+       if (!ntlmssp_state) {
                return NT_STATUS_NO_MEMORY;
        }
 
-       (*ntlmssp_state)->role = NTLMSSP_SERVER;
+       ntlmssp_state->role = NTLMSSP_SERVER;
 
-       (*ntlmssp_state)->get_challenge = get_challenge;
-       (*ntlmssp_state)->set_challenge = set_challenge;
-       (*ntlmssp_state)->may_set_challenge = may_set_challenge;
+       ntlmssp_state->get_challenge = get_challenge;
+       ntlmssp_state->set_challenge = set_challenge;
+       ntlmssp_state->may_set_challenge = may_set_challenge;
 
-       (*ntlmssp_state)->get_global_myname = global_myname;
-       (*ntlmssp_state)->get_domain = lp_workgroup;
-       (*ntlmssp_state)->server.is_standalone = false; /* a good default */
+       ntlmssp_state->server.is_standalone = is_standalone;
 
-       (*ntlmssp_state)->expected_state = NTLMSSP_NEGOTIATE;
+       ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
 
-       (*ntlmssp_state)->neg_flags =
+       ntlmssp_state->neg_flags =
                NTLMSSP_NEGOTIATE_128 |
                NTLMSSP_NEGOTIATE_56 |
                NTLMSSP_NEGOTIATE_VERSION |
@@ -917,6 +920,32 @@ NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state)
                NTLMSSP_NEGOTIATE_SIGN |
                NTLMSSP_NEGOTIATE_SEAL;
 
+       ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name);
+       if (!ntlmssp_state->server.netbios_name) {
+               talloc_free(ntlmssp_state);
+               return NT_STATUS_NO_MEMORY;
+       }
+       ntlmssp_state->server.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain);
+       if (!ntlmssp_state->server.netbios_domain) {
+               talloc_free(ntlmssp_state);
+               return NT_STATUS_NO_MEMORY;
+       }
+       ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
+       if (!ntlmssp_state->server.dns_name) {
+               talloc_free(ntlmssp_state);
+               return NT_STATUS_NO_MEMORY;
+       }
+       ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain);
+       if (!ntlmssp_state->server.dns_domain) {
+               talloc_free(ntlmssp_state);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       /* TODO: remove this */
+       ntlmssp_state->get_global_myname = global_myname;
+       ntlmssp_state->get_domain = lp_workgroup;
+
+       *_ntlmssp_state = ntlmssp_state;
        return NT_STATUS_OK;
 }
 
index e018c28c30d1fdd449d6ad63bb503a82228c5c91..487401b66210398c471aa2bd4336c3648302e2da 100644 (file)
@@ -688,8 +688,34 @@ static NTSTATUS ntlm_auth_start_ntlmssp_client(struct ntlmssp_state **client_ntl
 
 static NTSTATUS ntlm_auth_start_ntlmssp_server(struct ntlmssp_state **ntlmssp_state)
 {
-       NTSTATUS status = ntlmssp_server_start(ntlmssp_state);
+       NTSTATUS status;
+       const char *netbios_name;
+       const char *netbios_domain;
+       const char *dns_name;
+       char *dns_domain;
+       bool is_standalone = false;
 
+       if (opt_password) {
+               netbios_name = global_myname();
+               netbios_domain = lp_workgroup();
+       } else {
+               netbios_name = get_winbind_netbios_name();
+               netbios_domain = get_winbind_domain();
+       }
+       /* This should be a 'netbios domain -> DNS domain' mapping */
+       dns_domain = get_mydnsdomname(talloc_tos());
+       if (dns_domain) {
+               strlower_m(dns_domain);
+       }
+       dns_name = get_mydnsfullname();
+
+       status = ntlmssp_server_start(NULL,
+                                     is_standalone,
+                                     netbios_name,
+                                     netbios_domain,
+                                     dns_name,
+                                     dns_domain,
+                                     ntlmssp_state);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(1, ("Could not start NTLMSSP server: %s\n",
                          nt_errstr(status)));