src/external.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

/* Copyright (C) 2014 GSS-NTLMSSP contributors, see COPYING for License */

#include "config.h"
#include <errno.h>
#include "gss_ntlmssp.h"

#if HAVE_WBCLIENT
#include "gss_ntlmssp_winbind.h"
#endif

uint32_t external_netbios_get_names(char **computer, char **domain)
{
#if HAVE_WBCLIENT
    return winbind_get_names(computer, domain);
#else
    return ERR_NOTAVAIL;
#endif
}

uint32_t external_get_creds(struct gssntlm_name *name,
                            struct gssntlm_cred *cred)
{
#if HAVE_WBCLIENT
    return winbind_get_creds(name, cred);
#else
    return ERR_NOTAVAIL;
#endif
}

uint32_t external_cli_auth(struct gssntlm_ctx *ctx,
                           struct gssntlm_cred *cred,
                           uint32_t in_flags,
                           gss_channel_bindings_t input_chan_bindings)
{
#if HAVE_WBCLIENT
    return winbind_cli_auth(cred->cred.external.user.data.user.name,
                            cred->cred.external.user.data.user.domain,
                            input_chan_bindings,
                            in_flags, &ctx->neg_flags,
                            &ctx->nego_msg, &ctx->chal_msg, &ctx->auth_msg,
                            &ctx->exported_session_key);
#else
    return ERR_NOTAVAIL;
#endif
}

uint32_t external_srv_auth(struct gssntlm_ctx *ctx,
                           struct gssntlm_cred *cred,
                           struct ntlm_buffer *nt_chal_resp,
                           struct ntlm_buffer *lm_chal_resp,
                           struct ntlm_key *session_base_key)
{
#if HAVE_WBCLIENT
    uint8_t challenge[8];
    uint8_t *chal_ptr;

    /* NOTE: in the ntlmv1 extended security case, winbindd wants a
     * pre-digested challenge, this is arguably a bug as it has all
     * the data needed to compute it by itself ... just cope */
    if (is_ntlm_v1(nt_chal_resp) &&
        (ctx->neg_flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) ) {
        int ret;

        ret = ntlm_compute_ext_sec_challenge(ctx->server_chal,
                                             lm_chal_resp->data,
                                             challenge);
        if (ret) return ret;
        chal_ptr = challenge;
    } else {
        chal_ptr = ctx->server_chal;
    }

    return winbind_srv_auth(cred->cred.external.user.data.user.name,
                            cred->cred.external.user.data.user.domain,
                            ctx->workstation, chal_ptr,
                            nt_chal_resp, lm_chal_resp, session_base_key);
#else
    return ERR_NOTAVAIL;
#endif
}