diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-01-30 11:17:44 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-01-30 08:05:14 +0100 |
commit | a647df4607cb6d916cd689f92cd27995ca0f9ab4 (patch) | |
tree | a1a8a5ac0455b62fcd427e75ccebe65251686bcb | |
parent | 7c6713e78ff22ebf0aa1caa10697bad9d4cc885e (diff) | |
download | samba-a647df4607cb6d916cd689f92cd27995ca0f9ab4.tar.gz samba-a647df4607cb6d916cd689f92cd27995ca0f9ab4.tar.xz samba-a647df4607cb6d916cd689f92cd27995ca0f9ab4.zip |
auth: Make check_password and generate_session_info hook generic
gensec_ntlmssp does not need to know the internal form of the
struct user_info_dc or auth_serversupplied_info. This will allow the
calling logic to be put in common.
Andrew Bartlett
-rw-r--r-- | auth/common_auth.h | 5 | ||||
-rw-r--r-- | auth/ntlmssp/ntlmssp.h | 5 | ||||
-rw-r--r-- | source3/auth/auth_ntlmssp.c | 33 | ||||
-rw-r--r-- | source4/auth/auth.h | 8 | ||||
-rw-r--r-- | source4/auth/ntlm/auth.c | 39 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_server.c | 25 |
6 files changed, 74 insertions, 41 deletions
diff --git a/auth/common_auth.h b/auth/common_auth.h index 3991c409ac8..453c0c9efbd 100644 --- a/auth/common_auth.h +++ b/auth/common_auth.h @@ -108,7 +108,8 @@ struct auth4_context { NTSTATUS (*check_password)(struct auth4_context *auth_ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - struct auth_user_info_dc **user_info_dc); + void **server_returned_info, + DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key); NTSTATUS (*get_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]); @@ -118,7 +119,7 @@ struct auth4_context { NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context, - struct auth_user_info_dc *user_info_dc, + void *server_returned_info, uint32_t session_info_flags, struct auth_session_info **session_info); diff --git a/auth/ntlmssp/ntlmssp.h b/auth/ntlmssp/ntlmssp.h index 9801b14ea35..54d3e53526a 100644 --- a/auth/ntlmssp/ntlmssp.h +++ b/auth/ntlmssp/ntlmssp.h @@ -34,13 +34,10 @@ struct ntlmssp_state; struct gensec_ntlmssp_context { /* used only by s3 server implementation */ struct auth_context *auth_context; - struct auth_serversupplied_info *server_info; - - /* Used by the s4 server implementation */ - struct auth_user_info_dc *user_info_dc; /* For GENSEC users */ struct gensec_security *gensec_security; + void *server_returned_info; /* used by both client and server implementation */ struct ntlmssp_state *ntlmssp_state; diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 7a23a927ef0..11fbef13769 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -37,10 +37,12 @@ static NTSTATUS gensec_ntlmssp3_server_session_info(struct gensec_security *gens struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); + struct auth_serversupplied_info *server_info = talloc_get_type_abort(gensec_ntlmssp->server_returned_info, + struct auth_serversupplied_info); NTSTATUS nt_status; nt_status = create_local_token(mem_ctx, - gensec_ntlmssp->server_info, + server_info, &gensec_ntlmssp->ntlmssp_state->session_key, gensec_ntlmssp->ntlmssp_state->user, session_info); @@ -137,6 +139,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, struct gensec_ntlmssp_context *gensec_ntlmssp = (struct gensec_ntlmssp_context *)ntlmssp_state->callback_private; struct auth_usersupplied_info *user_info = NULL; + struct auth_serversupplied_info *server_info; NTSTATUS nt_status; bool username_was_mapped; @@ -168,7 +171,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT; nt_status = gensec_ntlmssp->auth_context->check_ntlm_password(gensec_ntlmssp->auth_context, - user_info, &gensec_ntlmssp->server_info); + user_info, &server_info); username_was_mapped = user_info->was_mapped; @@ -176,9 +179,10 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, if (!NT_STATUS_IS_OK(nt_status)) { nt_status = do_map_to_guest_server_info(nt_status, - &gensec_ntlmssp->server_info, + &server_info, gensec_ntlmssp->ntlmssp_state->user, gensec_ntlmssp->ntlmssp_state->domain); + gensec_ntlmssp->server_returned_info = server_info; return nt_status; } @@ -186,26 +190,27 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, return nt_status; } - gensec_ntlmssp->server_info->nss_token |= username_was_mapped; + server_info->nss_token |= username_was_mapped; /* Clear out the session keys, and pass them to the caller. * They will not be used in this form again - instead the * NTLMSSP code will decide on the final correct session key, * and supply it to create_local_token() */ - if (gensec_ntlmssp->server_info->session_key.length) { + if (server_info->session_key.length) { DEBUG(10, ("Got NT session key of length %u\n", - (unsigned int)gensec_ntlmssp->server_info->session_key.length)); - *session_key = gensec_ntlmssp->server_info->session_key; - talloc_steal(mem_ctx, gensec_ntlmssp->server_info->session_key.data); - gensec_ntlmssp->server_info->session_key = data_blob_null; + (unsigned int)server_info->session_key.length)); + *session_key = server_info->session_key; + talloc_steal(mem_ctx, server_info->session_key.data); + server_info->session_key = data_blob_null; } - if (gensec_ntlmssp->server_info->lm_session_key.length) { + if (server_info->lm_session_key.length) { DEBUG(10, ("Got LM session key of length %u\n", - (unsigned int)gensec_ntlmssp->server_info->lm_session_key.length)); - *lm_session_key = gensec_ntlmssp->server_info->lm_session_key; - talloc_steal(mem_ctx, gensec_ntlmssp->server_info->lm_session_key.data); - gensec_ntlmssp->server_info->lm_session_key = data_blob_null; + (unsigned int)server_info->lm_session_key.length)); + *lm_session_key = server_info->lm_session_key; + talloc_steal(mem_ctx, server_info->lm_session_key.data); + server_info->lm_session_key = data_blob_null; } + gensec_ntlmssp->server_returned_info = server_info; return nt_status; } diff --git a/source4/auth/auth.h b/source4/auth/auth.h index a7fc413ecca..1b22701499f 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -152,9 +152,15 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, struct auth4_context **auth_ctx); +NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx, + TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info, + void **server_returned_info, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key); + NTSTATUS auth_check_password(struct auth4_context *auth_ctx, TALLOC_CTX *mem_ctx, - const struct auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, struct auth_user_info_dc **user_info_dc); NTSTATUS auth4_init(void); NTSTATUS auth_register(const struct auth_operations *ops); diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c index 95bdd84837d..a654fab0968 100644 --- a/source4/auth/ntlm/auth.c +++ b/source4/auth/ntlm/auth.c @@ -35,7 +35,7 @@ static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context, - struct auth_user_info_dc *user_info_dc, + void *server_returned_info, uint32_t session_info_flags, struct auth_session_info **session_info); @@ -208,6 +208,38 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth4_context *auth_ctx, return status; } +_PUBLIC_ NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx, + TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info, + void **server_returned_info, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) +{ + struct auth_user_info_dc *user_info_dc; + NTSTATUS status = auth_check_password(auth_ctx, mem_ctx, user_info, &user_info_dc); + + if (NT_STATUS_IS_OK(status)) { + *server_returned_info = user_info_dc; + + if (user_session_key) { + DEBUG(10, ("Got NT session key of length %u\n", + (unsigned)user_info_dc->user_session_key.length)); + *user_session_key = user_info_dc->user_session_key; + talloc_steal(mem_ctx, user_session_key->data); + user_info_dc->user_session_key = data_blob_null; + } + + if (lm_session_key) { + DEBUG(10, ("Got LM session key of length %u\n", + (unsigned)user_info_dc->lm_session_key.length)); + *lm_session_key = user_info_dc->lm_session_key; + talloc_steal(mem_ctx, lm_session_key->data); + user_info_dc->lm_session_key = data_blob_null; + } + } + + return status; +} + struct auth_check_password_state { struct auth4_context *auth_ctx; const struct auth_usersupplied_info *user_info; @@ -433,10 +465,11 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req, * generation of unix tokens via IRPC */ static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context, - struct auth_user_info_dc *user_info_dc, + void *server_returned_info, uint32_t session_info_flags, struct auth_session_info **session_info) { + struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(server_returned_info, struct auth_user_info_dc); NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx, auth_context->sam_ctx, user_info_dc, session_info_flags, session_info); @@ -562,7 +595,7 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char ** DLIST_ADD_END(ctx->methods, method, struct auth_method_context *); } - ctx->check_password = auth_check_password; + ctx->check_password = auth_check_password_wrapper; ctx->get_challenge = auth_get_challenge; ctx->set_challenge = auth_context_set_challenge; ctx->challenge_may_be_modified = auth_challenge_may_be_modified; diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index dcd61234995..1a876e319f8 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -189,25 +189,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, nt_status = auth_context->check_password(auth_context, gensec_ntlmssp, user_info, - &gensec_ntlmssp->user_info_dc); + &gensec_ntlmssp->server_returned_info, + user_session_key, lm_session_key); } talloc_free(user_info); NT_STATUS_NOT_OK_RETURN(nt_status); - if (gensec_ntlmssp->user_info_dc->user_session_key.length) { - DEBUG(10, ("Got NT session key of length %u\n", - (unsigned)gensec_ntlmssp->user_info_dc->user_session_key.length)); - *user_session_key = gensec_ntlmssp->user_info_dc->user_session_key; - talloc_steal(mem_ctx, user_session_key->data); - gensec_ntlmssp->user_info_dc->user_session_key = data_blob_null; - } - if (gensec_ntlmssp->user_info_dc->lm_session_key.length) { - DEBUG(10, ("Got LM session key of length %u\n", - (unsigned)gensec_ntlmssp->user_info_dc->lm_session_key.length)); - *lm_session_key = gensec_ntlmssp->user_info_dc->lm_session_key; - talloc_steal(mem_ctx, lm_session_key->data); - gensec_ntlmssp->user_info_dc->lm_session_key = data_blob_null; - } + talloc_steal(mem_ctx, user_session_key->data); + talloc_steal(mem_ctx, lm_session_key->data); + return nt_status; } @@ -229,10 +219,11 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security, struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); - + struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(gensec_ntlmssp->server_returned_info, + struct auth_user_info_dc); nt_status = gensec_generate_session_info(mem_ctx, gensec_security, - gensec_ntlmssp->user_info_dc, + user_info_dc, session_info); NT_STATUS_NOT_OK_RETURN(nt_status); |