summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-12-21 15:34:17 +1100
committerStefan Metzmacher <metze@samba.org>2011-12-22 19:25:11 +0100
commit06498637bb4d71787f6e903e7dc58466b1d660d2 (patch)
tree259a51e2765799a70c64c79703cda1b560957f8e
parentd52e5473ef3c167e2d5707616313f049b406d725 (diff)
downloadsamba-06498637bb4d71787f6e903e7dc58466b1d660d2.tar.gz
samba-06498637bb4d71787f6e903e7dc58466b1d660d2.tar.bz2
samba-06498637bb4d71787f6e903e7dc58466b1d660d2.zip
s3-rpc_server: Rework pipe_ntlmssp_auth_bind() to be generic
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source3/rpc_server/dcesrv_auth_generic.c44
-rw-r--r--source3/rpc_server/dcesrv_auth_generic.h8
-rw-r--r--source3/rpc_server/srv_pipe.c36
3 files changed, 63 insertions, 25 deletions
diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c
index 16dfd4a976..73737c24b7 100644
--- a/source3/rpc_server/dcesrv_auth_generic.c
+++ b/source3/rpc_server/dcesrv_auth_generic.c
@@ -71,7 +71,49 @@ NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx,
goto done;
}
- /* steal ntlmssp context too */
+ /* steal gensec context too */
+ *ctx = talloc_move(mem_ctx, &a->gensec_security);
+
+ status = NT_STATUS_OK;
+
+done:
+ TALLOC_FREE(a);
+
+ return status;
+}
+
+NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
+ uint8_t auth_type, uint8_t auth_level,
+ DATA_BLOB *token_in,
+ DATA_BLOB *token_out,
+ const struct tsocket_address *remote_address,
+ struct gensec_security **ctx)
+{
+ struct auth_generic_state *a = NULL;
+ NTSTATUS status;
+
+ status = auth_generic_prepare(remote_address, &a);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ status = auth_generic_authtype_start(a, auth_type, auth_level);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, (__location__ ": auth_generic_start failed: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ status = gensec_update(a->gensec_security, mem_ctx, NULL, *token_in, token_out);
+ if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ DEBUG(2, (__location__ ": gensec_update failed: %s\n",
+ nt_errstr(status)));
+ goto done;
+ }
+
+ /* steal gensec context too */
*ctx = talloc_move(mem_ctx, &a->gensec_security);
status = NT_STATUS_OK;
diff --git a/source3/rpc_server/dcesrv_auth_generic.h b/source3/rpc_server/dcesrv_auth_generic.h
index 119e29276a..07e69af1f7 100644
--- a/source3/rpc_server/dcesrv_auth_generic.h
+++ b/source3/rpc_server/dcesrv_auth_generic.h
@@ -31,6 +31,14 @@ NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx,
DATA_BLOB *token_out,
const struct tsocket_address *remote_address,
struct gensec_security **ctx);
+
+NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
+ uint8_t auth_type, uint8_t auth_level,
+ DATA_BLOB *token_in,
+ DATA_BLOB *token_out,
+ const struct tsocket_address *remote_address,
+ struct gensec_security **ctx);
+
NTSTATUS auth_generic_server_step(struct gensec_security *ctx,
TALLOC_CTX *mem_ctx,
DATA_BLOB *token_in,
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index fa95c20f5f..61e306c199 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -584,7 +584,7 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p,
Handle an NTLMSSP bind auth.
*******************************************************************/
-static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
+static bool pipe_auth_generic_bind(struct pipes_struct *p,
TALLOC_CTX *mem_ctx,
struct dcerpc_auth *auth_info,
DATA_BLOB *response)
@@ -592,25 +592,15 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
struct gensec_security *gensec_security = NULL;
NTSTATUS status;
- if (strncmp((char *)auth_info->credentials.data, "NTLMSSP", 7) != 0) {
- DEBUG(0, ("Failed to read NTLMSSP in blob\n"));
- return false;
- }
-
- /* We have an NTLMSSP blob. */
- status = auth_generic_server_start(p,
- OID_NTLMSSP,
- (auth_info->auth_level ==
- DCERPC_AUTH_LEVEL_INTEGRITY),
- (auth_info->auth_level ==
- DCERPC_AUTH_LEVEL_PRIVACY),
- true,
- &auth_info->credentials,
- response,
- p->remote_address,
- &gensec_security);
+ status = auth_generic_server_authtype_start(p,
+ auth_info->auth_type,
+ auth_info->auth_level,
+ &auth_info->credentials,
+ response,
+ p->remote_address,
+ &gensec_security);
if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
- DEBUG(0, (__location__ ": auth_ntlmssp_start failed: %s\n",
+ DEBUG(0, (__location__ ": auth_generic_server_authtype_start failed: %s\n",
nt_errstr(status)));
return false;
}
@@ -619,9 +609,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
talloc_steal(mem_ctx, response->data);
p->auth.auth_ctx = gensec_security;
- p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
-
- DEBUG(10, (__location__ ": NTLMSSP auth started\n"));
+ p->auth.auth_type = auth_info->auth_type;
return true;
}
@@ -1000,8 +988,8 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
switch (auth_type) {
case DCERPC_AUTH_TYPE_NTLMSSP:
- if (!pipe_ntlmssp_auth_bind(p, pkt,
- &auth_info, &auth_resp)) {
+ if (!pipe_auth_generic_bind(p, pkt,
+ &auth_info, &auth_resp)) {
goto err_exit;
}
assoc_gid = 0x7a77;