Changeset 745 for trunk/server/source3/auth/auth_ntlmssp.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/auth/auth_ntlmssp.c (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/auth/auth_ntlmssp.c
r596 r745 22 22 23 23 #include "includes.h" 24 #include "auth.h" 25 #include "../libcli/auth/ntlmssp.h" 26 #include "ntlmssp_wrap.h" 27 #include "../librpc/gen_ndr/netlogon.h" 28 #include "smbd/smbd.h" 29 30 NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx, 31 struct auth_ntlmssp_state *auth_ntlmssp_state, 32 struct auth_serversupplied_info **session_info) 33 { 34 /* Free the current server_info user_session_key and reset it from the 35 * current ntlmssp_state session_key */ 36 data_blob_free(&auth_ntlmssp_state->server_info->user_session_key); 37 /* Set up the final session key for the connection */ 38 auth_ntlmssp_state->server_info->user_session_key = 39 data_blob_talloc( 40 auth_ntlmssp_state->server_info, 41 auth_ntlmssp_state->ntlmssp_state->session_key.data, 42 auth_ntlmssp_state->ntlmssp_state->session_key.length); 43 if (auth_ntlmssp_state->ntlmssp_state->session_key.length && 44 !auth_ntlmssp_state->server_info->user_session_key.data) { 45 *session_info = NULL; 46 return NT_STATUS_NO_MEMORY; 47 } 48 /* Steal session_info away from auth_ntlmssp_state */ 49 *session_info = talloc_move(mem_ctx, &auth_ntlmssp_state->server_info); 50 return NT_STATUS_OK; 51 } 24 52 25 53 /** … … 28 56 */ 29 57 30 static voidauth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,31 32 { 33 AUTH_NTLMSSP_STATE*auth_ntlmssp_state =34 ( AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;58 static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state, 59 uint8_t chal[8]) 60 { 61 struct auth_ntlmssp_state *auth_ntlmssp_state = 62 (struct auth_ntlmssp_state *)ntlmssp_state->callback_private; 35 63 auth_ntlmssp_state->auth_context->get_ntlm_challenge( 36 64 auth_ntlmssp_state->auth_context, chal); 65 return NT_STATUS_OK; 37 66 } 38 67 … … 44 73 static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state) 45 74 { 46 AUTH_NTLMSSP_STATE*auth_ntlmssp_state =47 ( AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;75 struct auth_ntlmssp_state *auth_ntlmssp_state = 76 (struct auth_ntlmssp_state *)ntlmssp_state->callback_private; 48 77 struct auth_context *auth_context = auth_ntlmssp_state->auth_context; 49 78 … … 57 86 static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge) 58 87 { 59 AUTH_NTLMSSP_STATE*auth_ntlmssp_state =60 ( AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;88 struct auth_ntlmssp_state *auth_ntlmssp_state = 89 (struct auth_ntlmssp_state *)ntlmssp_state->callback_private; 61 90 struct auth_context *auth_context = auth_ntlmssp_state->auth_context; 62 91 63 92 SMB_ASSERT(challenge->length == 8); 64 93 65 auth_context->challenge = data_blob_talloc(auth_context ->mem_ctx,94 auth_context->challenge = data_blob_talloc(auth_context, 66 95 challenge->data, challenge->length); 67 96 … … 80 109 */ 81 110 82 static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) 83 { 84 AUTH_NTLMSSP_STATE *auth_ntlmssp_state = 85 (AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context; 86 auth_usersupplied_info *user_info = NULL; 111 static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx, 112 DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) 113 { 114 struct auth_ntlmssp_state *auth_ntlmssp_state = 115 (struct auth_ntlmssp_state *)ntlmssp_state->callback_private; 116 struct auth_usersupplied_info *user_info = NULL; 87 117 NTSTATUS nt_status; 88 118 bool username_was_mapped; … … 91 121 we need to possibly reload smb.conf if smb.conf includes depend on the machine name */ 92 122 93 set_remote_machine_name(auth_ntlmssp_state->ntlmssp_state-> workstation, True);123 set_remote_machine_name(auth_ntlmssp_state->ntlmssp_state->client.netbios_name, True); 94 124 95 125 /* setup the string used by %U */ … … 97 127 sub_set_smb_name(auth_ntlmssp_state->ntlmssp_state->user); 98 128 99 reload_services( True);129 reload_services(smbd_messaging_context(), -1, True); 100 130 101 131 nt_status = make_user_info_map(&user_info, 102 132 auth_ntlmssp_state->ntlmssp_state->user, 103 133 auth_ntlmssp_state->ntlmssp_state->domain, 104 auth_ntlmssp_state->ntlmssp_state-> workstation,134 auth_ntlmssp_state->ntlmssp_state->client.netbios_name, 105 135 auth_ntlmssp_state->ntlmssp_state->lm_resp.data ? &auth_ntlmssp_state->ntlmssp_state->lm_resp : NULL, 106 136 auth_ntlmssp_state->ntlmssp_state->nt_resp.data ? &auth_ntlmssp_state->ntlmssp_state->nt_resp : NULL, 107 137 NULL, NULL, NULL, 108 True); 138 AUTH_PASSWORD_RESPONSE); 139 140 if (!NT_STATUS_IS_OK(nt_status)) { 141 return nt_status; 142 } 109 143 110 144 user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT; 111 112 if (!NT_STATUS_IS_OK(nt_status)) {113 return nt_status;114 }115 145 116 146 nt_status = auth_ntlmssp_state->auth_context->check_ntlm_password(auth_ntlmssp_state->auth_context, … … 127 157 auth_ntlmssp_state->server_info->nss_token |= username_was_mapped; 128 158 129 if (auth_ntlmssp_state->server_info->ptok == NULL) { 130 nt_status = create_local_token(auth_ntlmssp_state->server_info); 131 if (!NT_STATUS_IS_OK(nt_status)) { 132 DEBUG(10, ("create_local_token failed: %s\n", 133 nt_errstr(nt_status))); 134 return nt_status; 135 } 136 } 137 159 nt_status = create_local_token(auth_ntlmssp_state->server_info); 160 161 if (!NT_STATUS_IS_OK(nt_status)) { 162 DEBUG(10, ("create_local_token failed: %s\n", 163 nt_errstr(nt_status))); 164 return nt_status; 165 } 166 167 /* Clear out the session keys, and pass them to the caller. 168 * They will not be used in this form again - instead the 169 * NTLMSSP code will decide on the final correct session key, 170 * and put it back here at the end of 171 * auth_ntlmssp_steal_server_info */ 138 172 if (auth_ntlmssp_state->server_info->user_session_key.length) { 139 173 DEBUG(10, ("Got NT session key of length %u\n", 140 174 (unsigned int)auth_ntlmssp_state->server_info->user_session_key.length)); 141 *user_session_key = data_blob_talloc(auth_ntlmssp_state->mem_ctx,142 auth_ntlmssp_state->server_info->user_session_key.data,143 auth_ntlmssp_state->server_info->user_session_key.length);175 *user_session_key = auth_ntlmssp_state->server_info->user_session_key; 176 talloc_steal(mem_ctx, auth_ntlmssp_state->server_info->user_session_key.data); 177 auth_ntlmssp_state->server_info->user_session_key = data_blob_null; 144 178 } 145 179 if (auth_ntlmssp_state->server_info->lm_session_key.length) { 146 180 DEBUG(10, ("Got LM session key of length %u\n", 147 181 (unsigned int)auth_ntlmssp_state->server_info->lm_session_key.length)); 148 *lm_session_key = data_blob_talloc(auth_ntlmssp_state->mem_ctx,149 auth_ntlmssp_state->server_info->lm_session_key.data,150 auth_ntlmssp_state->server_info->lm_session_key.length);182 *lm_session_key = auth_ntlmssp_state->server_info->lm_session_key; 183 talloc_steal(mem_ctx, auth_ntlmssp_state->server_info->lm_session_key.data); 184 auth_ntlmssp_state->server_info->lm_session_key = data_blob_null; 151 185 } 152 186 return nt_status; 153 187 } 154 188 155 NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state) 189 static int auth_ntlmssp_state_destructor(void *ptr); 190 191 NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state) 156 192 { 157 193 NTSTATUS nt_status; 158 TALLOC_CTX *mem_ctx; 159 160 mem_ctx = talloc_init("AUTH NTLMSSP context"); 161 162 *auth_ntlmssp_state = TALLOC_ZERO_P(mem_ctx, AUTH_NTLMSSP_STATE); 163 if (!*auth_ntlmssp_state) { 194 bool is_standalone; 195 const char *netbios_name; 196 const char *netbios_domain; 197 const char *dns_name; 198 char *dns_domain; 199 struct auth_ntlmssp_state *ans; 200 struct auth_context *auth_context; 201 202 if ((enum server_types)lp_server_role() == ROLE_STANDALONE) { 203 is_standalone = true; 204 } else { 205 is_standalone = false; 206 } 207 208 netbios_name = global_myname(); 209 netbios_domain = lp_workgroup(); 210 /* This should be a 'netbios domain -> DNS domain' mapping */ 211 dns_domain = get_mydnsdomname(talloc_tos()); 212 if (dns_domain) { 213 strlower_m(dns_domain); 214 } 215 dns_name = get_mydnsfullname(); 216 217 ans = talloc_zero(NULL, struct auth_ntlmssp_state); 218 if (!ans) { 164 219 DEBUG(0,("auth_ntlmssp_start: talloc failed!\n")); 165 talloc_destroy(mem_ctx);166 220 return NT_STATUS_NO_MEMORY; 167 221 } 168 222 169 ZERO_STRUCTP(*auth_ntlmssp_state); 170 171 (*auth_ntlmssp_state)->mem_ctx = mem_ctx; 172 173 if (!NT_STATUS_IS_OK(nt_status = ntlmssp_server_start(&(*auth_ntlmssp_state)->ntlmssp_state))) { 174 return nt_status; 175 } 176 177 if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&(*auth_ntlmssp_state)->auth_context))) { 178 return nt_status; 179 } 180 181 (*auth_ntlmssp_state)->ntlmssp_state->auth_context = (*auth_ntlmssp_state); 182 (*auth_ntlmssp_state)->ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge; 183 (*auth_ntlmssp_state)->ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge; 184 (*auth_ntlmssp_state)->ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge; 185 (*auth_ntlmssp_state)->ntlmssp_state->check_password = auth_ntlmssp_check_password; 186 (*auth_ntlmssp_state)->ntlmssp_state->server_role = (enum server_types)lp_server_role(); 187 188 return NT_STATUS_OK; 189 } 190 191 void auth_ntlmssp_end(AUTH_NTLMSSP_STATE **auth_ntlmssp_state) 192 { 193 TALLOC_CTX *mem_ctx; 194 195 if (*auth_ntlmssp_state == NULL) { 196 return; 197 } 198 199 mem_ctx = (*auth_ntlmssp_state)->mem_ctx; 200 if ((*auth_ntlmssp_state)->ntlmssp_state) { 201 ntlmssp_end(&(*auth_ntlmssp_state)->ntlmssp_state); 202 } 203 if ((*auth_ntlmssp_state)->auth_context) { 204 ((*auth_ntlmssp_state)->auth_context->free)(&(*auth_ntlmssp_state)->auth_context); 205 } 206 if ((*auth_ntlmssp_state)->server_info) { 207 TALLOC_FREE((*auth_ntlmssp_state)->server_info); 208 } 209 talloc_destroy(mem_ctx); 210 *auth_ntlmssp_state = NULL; 211 } 212 213 NTSTATUS auth_ntlmssp_update(AUTH_NTLMSSP_STATE *auth_ntlmssp_state, 214 const DATA_BLOB request, DATA_BLOB *reply) 215 { 216 return ntlmssp_update(auth_ntlmssp_state->ntlmssp_state, request, reply); 217 } 223 nt_status = ntlmssp_server_start(ans, 224 is_standalone, 225 netbios_name, 226 netbios_domain, 227 dns_name, 228 dns_domain, 229 &ans->ntlmssp_state); 230 if (!NT_STATUS_IS_OK(nt_status)) { 231 return nt_status; 232 } 233 234 nt_status = make_auth_context_subsystem(talloc_tos(), &auth_context); 235 if (!NT_STATUS_IS_OK(nt_status)) { 236 return nt_status; 237 } 238 ans->auth_context = talloc_steal(ans, auth_context); 239 240 ans->ntlmssp_state->callback_private = ans; 241 ans->ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge; 242 ans->ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge; 243 ans->ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge; 244 ans->ntlmssp_state->check_password = auth_ntlmssp_check_password; 245 246 talloc_set_destructor((TALLOC_CTX *)ans, auth_ntlmssp_state_destructor); 247 248 *auth_ntlmssp_state = ans; 249 return NT_STATUS_OK; 250 } 251 252 static int auth_ntlmssp_state_destructor(void *ptr) 253 { 254 struct auth_ntlmssp_state *ans; 255 256 ans = talloc_get_type(ptr, struct auth_ntlmssp_state); 257 258 TALLOC_FREE(ans->server_info); 259 TALLOC_FREE(ans->ntlmssp_state); 260 return 0; 261 }
Note:
See TracChangeset
for help on using the changeset viewer.
