1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
/* Copyright (C) 2014 GSS-NTLMSSP contributors, see COPYING for License */
#include "config.h"
#include <errno.h>
#include "gss_ntlmssp.h"
#if HAVE_WBCLIENT
#include "gss_ntlmssp_winbind.h"
#endif
uint32_t external_netbios_get_names(char **computer, char **domain)
{
#if HAVE_WBCLIENT
return winbind_get_names(computer, domain);
#else
return ERR_NOTAVAIL;
#endif
}
uint32_t external_get_creds(struct gssntlm_name *name,
struct gssntlm_cred *cred)
{
#if HAVE_WBCLIENT
return winbind_get_creds(name, cred);
#else
return ERR_NOTAVAIL;
#endif
}
uint32_t external_cli_auth(struct gssntlm_ctx *ctx,
struct gssntlm_cred *cred,
uint32_t in_flags,
gss_channel_bindings_t input_chan_bindings)
{
#if HAVE_WBCLIENT
return winbind_cli_auth(cred->cred.external.user.data.user.name,
cred->cred.external.user.data.user.domain,
input_chan_bindings,
in_flags, &ctx->neg_flags,
&ctx->nego_msg, &ctx->chal_msg, &ctx->auth_msg,
&ctx->exported_session_key);
#else
return ERR_NOTAVAIL;
#endif
}
uint32_t external_srv_auth(struct gssntlm_ctx *ctx,
struct gssntlm_cred *cred,
struct ntlm_buffer *nt_chal_resp,
struct ntlm_buffer *lm_chal_resp,
struct ntlm_key *session_base_key)
{
#if HAVE_WBCLIENT
uint8_t challenge[8];
uint8_t *chal_ptr;
/* NOTE: in the ntlmv1 extended security case, winbindd wants a
* pre-digested challenge, this is arguably a bug as it has all
* the data needed to compute it by itself ... just cope */
if (is_ntlm_v1(nt_chal_resp) &&
(ctx->neg_flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) ) {
int ret;
ret = ntlm_compute_ext_sec_challenge(ctx->server_chal,
lm_chal_resp->data,
challenge);
if (ret) return ret;
chal_ptr = challenge;
} else {
chal_ptr = ctx->server_chal;
}
return winbind_srv_auth(cred->cred.external.user.data.user.name,
cred->cred.external.user.data.user.domain,
ctx->workstation, chal_ptr,
nt_chal_resp, lm_chal_resp, session_base_key);
#else
return ERR_NOTAVAIL;
#endif
}
|