summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2009-12-29 17:56:56 +0100
committerGünther Deschner <gd@samba.org>2010-03-24 17:34:50 +0100
commit32d822af813b74c33bc618b4130dc50a3b79c7af (patch)
treed34e4f496c6bd290c4ab2bde77bc7195e57633b4
parent83cc137d5eef9d50af9b458c5c64fa9abc20adde (diff)
downloadsamba-32d822af813b74c33bc618b4130dc50a3b79c7af.tar.gz
samba-32d822af813b74c33bc618b4130dc50a3b79c7af.tar.bz2
samba-32d822af813b74c33bc618b4130dc50a3b79c7af.zip
s4:ntlmssp: remove backend specifix stuff from (gensec_)ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
-rw-r--r--source4/auth/ntlmssp/ntlmssp.h3
-rw-r--r--source4/auth/ntlmssp/ntlmssp_server.c65
2 files changed, 46 insertions, 22 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index 2d8ec2db43..ddb2632927 100644
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -149,9 +149,6 @@ struct gensec_ntlmssp_state
uint8_t session_nonce[16];
} ntlm2;
} crypt;
-
- struct auth_context *auth_context;
- struct auth_serversupplied_info *server_info;
};
struct gensec_ntlmssp_context {
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index c49bf2fea7..120ce3271c 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -594,9 +594,13 @@ NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security,
static NTSTATUS auth_ntlmssp_get_challenge(const struct gensec_ntlmssp_state *gensec_ntlmssp_state,
uint8_t chal[8])
{
+ struct gensec_ntlmssp_context *gensec_ntlmssp =
+ talloc_get_type_abort(gensec_ntlmssp_state->callback_private,
+ struct gensec_ntlmssp_context);
+ struct auth_context *auth_context = gensec_ntlmssp->auth_context;
NTSTATUS status;
- status = gensec_ntlmssp_state->auth_context->get_challenge(gensec_ntlmssp_state->auth_context, chal);
+ status = auth_context->get_challenge(auth_context, chal);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("auth_ntlmssp_get_challenge: failed to get challenge: %s\n",
nt_errstr(status)));
@@ -613,7 +617,12 @@ static NTSTATUS auth_ntlmssp_get_challenge(const struct gensec_ntlmssp_state *ge
*/
static bool auth_ntlmssp_may_set_challenge(const struct gensec_ntlmssp_state *gensec_ntlmssp_state)
{
- return gensec_ntlmssp_state->auth_context->challenge_may_be_modified(gensec_ntlmssp_state->auth_context);
+ struct gensec_ntlmssp_context *gensec_ntlmssp =
+ talloc_get_type_abort(gensec_ntlmssp_state->callback_private,
+ struct gensec_ntlmssp_context);
+ struct auth_context *auth_context = gensec_ntlmssp->auth_context;
+
+ return auth_context->challenge_may_be_modified(auth_context);
}
/**
@@ -622,8 +631,11 @@ static bool auth_ntlmssp_may_set_challenge(const struct gensec_ntlmssp_state *ge
*/
static NTSTATUS auth_ntlmssp_set_challenge(struct gensec_ntlmssp_state *gensec_ntlmssp_state, DATA_BLOB *challenge)
{
+ struct gensec_ntlmssp_context *gensec_ntlmssp =
+ talloc_get_type_abort(gensec_ntlmssp_state->callback_private,
+ struct gensec_ntlmssp_context);
+ struct auth_context *auth_context = gensec_ntlmssp->auth_context;
NTSTATUS nt_status;
- struct auth_context *auth_context = gensec_ntlmssp_state->auth_context;
const uint8_t *chal;
if (challenge->length != 8) {
@@ -632,9 +644,9 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct gensec_ntlmssp_state *gensec_n
chal = challenge->data;
- nt_status = gensec_ntlmssp_state->auth_context->set_challenge(auth_context,
- chal,
- "NTLMSSP callback (NTLM2)");
+ nt_status = auth_context->set_challenge(auth_context,
+ chal,
+ "NTLMSSP callback (NTLM2)");
return nt_status;
}
@@ -648,6 +660,10 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct gensec_ntlmssp_state *gensec_n
static NTSTATUS auth_ntlmssp_check_password(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
{
+ struct gensec_ntlmssp_context *gensec_ntlmssp =
+ talloc_get_type_abort(gensec_ntlmssp_state->callback_private,
+ struct gensec_ntlmssp_context);
+ struct auth_context *auth_context = gensec_ntlmssp->auth_context;
NTSTATUS nt_status;
struct auth_usersupplied_info *user_info;
@@ -670,22 +686,22 @@ static NTSTATUS auth_ntlmssp_check_password(struct gensec_ntlmssp_state *gensec_
user_info->password.response.nt = gensec_ntlmssp_state->nt_resp;
user_info->password.response.nt.data = talloc_steal(user_info, gensec_ntlmssp_state->nt_resp.data);
- nt_status = gensec_ntlmssp_state->auth_context->check_password(gensec_ntlmssp_state->auth_context,
- gensec_ntlmssp_state,
- user_info,
- &gensec_ntlmssp_state->server_info);
+ nt_status = auth_context->check_password(auth_context,
+ gensec_ntlmssp,
+ user_info,
+ &gensec_ntlmssp->server_info);
talloc_free(user_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
- if (gensec_ntlmssp_state->server_info->user_session_key.length) {
+ if (gensec_ntlmssp->server_info->user_session_key.length) {
DEBUG(10, ("Got NT session key of length %u\n",
- (unsigned)gensec_ntlmssp_state->server_info->user_session_key.length));
- *user_session_key = gensec_ntlmssp_state->server_info->user_session_key;
+ (unsigned)gensec_ntlmssp->server_info->user_session_key.length));
+ *user_session_key = gensec_ntlmssp->server_info->user_session_key;
}
- if (gensec_ntlmssp_state->server_info->lm_session_key.length) {
+ if (gensec_ntlmssp->server_info->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n",
- (unsigned)gensec_ntlmssp_state->server_info->lm_session_key.length));
- *lm_session_key = gensec_ntlmssp_state->server_info->lm_session_key;
+ (unsigned)gensec_ntlmssp->server_info->lm_session_key.length));
+ *lm_session_key = gensec_ntlmssp->server_info->lm_session_key;
}
return nt_status;
}
@@ -705,8 +721,15 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
{
NTSTATUS nt_status;
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
-
- nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->settings->lp_ctx, gensec_ntlmssp_state->server_info, session_info);
+ struct gensec_ntlmssp_context *gensec_ntlmssp =
+ talloc_get_type_abort(gensec_ntlmssp_state->callback_private,
+ struct gensec_ntlmssp_context);
+
+ nt_status = auth_generate_session_info(gensec_ntlmssp_state,
+ gensec_security->event_ctx,
+ gensec_security->settings->lp_ctx,
+ gensec_ntlmssp->server_info,
+ session_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
(*session_info)->session_key = data_blob_talloc(*session_info,
@@ -724,12 +747,16 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
{
NTSTATUS nt_status;
struct gensec_ntlmssp_state *gensec_ntlmssp_state;
+ struct gensec_ntlmssp_context *gensec_ntlmssp;
nt_status = gensec_ntlmssp_start(gensec_security);
NT_STATUS_NOT_OK_RETURN(nt_status);
gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
+ gensec_ntlmssp = talloc_get_type_abort(gensec_ntlmssp_state->callback_private,
+ struct gensec_ntlmssp_context);
+
gensec_ntlmssp_state->role = NTLMSSP_SERVER;
gensec_ntlmssp_state->workstation = NULL;
@@ -778,7 +805,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
- gensec_ntlmssp_state->auth_context = gensec_security->auth_context;
+ gensec_ntlmssp->auth_context = gensec_security->auth_context;
gensec_ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
gensec_ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;