auth: Make check_password and generate_session_info hook generic

gensec_ntlmssp does not need to know the internal form of the
struct user_info_dc or auth_serversupplied_info.  This will allow the
calling logic to be put in common.

Andrew Bartlett

6 files changed, 74 insertions, 41 deletions

diff --git a/auth/common_auth.h b/auth/common_auth.h
index 3991c409ac..453c0c9efb 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -108,7 +108,8 @@ struct auth4_context {
 	NTSTATUS (*check_password)(struct auth4_context *auth_ctx,
 				   TALLOC_CTX *mem_ctx,
 				   const struct auth_usersupplied_info *user_info,
-				   struct auth_user_info_dc **user_info_dc);
+				   void **server_returned_info,
+				   DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
 
 	NTSTATUS (*get_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]);
 
@@ -118,7 +119,7 @@ struct auth4_context {
 
 	NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx,
 					  struct auth4_context *auth_context,
-					  struct auth_user_info_dc *user_info_dc,
+					  void *server_returned_info,
 					  uint32_t session_info_flags,
 					  struct auth_session_info **session_info);
 
diff --git a/auth/ntlmssp/ntlmssp.h b/auth/ntlmssp/ntlmssp.h
index 9801b14ea3..54d3e53526 100644
--- a/auth/ntlmssp/ntlmssp.h
+++ b/auth/ntlmssp/ntlmssp.h
@@ -34,13 +34,10 @@ struct ntlmssp_state;
 struct gensec_ntlmssp_context {
 	/* used only by s3 server implementation */
 	struct auth_context *auth_context;
-	struct auth_serversupplied_info *server_info;
-
-	/* Used by the s4 server implementation */
-	struct auth_user_info_dc *user_info_dc;
 
 	/* For GENSEC users */
 	struct gensec_security *gensec_security;
+	void *server_returned_info;
 
 	/* used by both client and server implementation */
 	struct ntlmssp_state *ntlmssp_state;
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 7a23a927ef..11fbef1376 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -37,10 +37,12 @@ static NTSTATUS gensec_ntlmssp3_server_session_info(struct gensec_security *gens
 	struct gensec_ntlmssp_context *gensec_ntlmssp =
 		talloc_get_type_abort(gensec_security->private_data,
 				      struct gensec_ntlmssp_context);
+	struct auth_serversupplied_info *server_info = talloc_get_type_abort(gensec_ntlmssp->server_returned_info, 
+									     struct auth_serversupplied_info);
 	NTSTATUS nt_status;
 
 	nt_status = create_local_token(mem_ctx,
-				       gensec_ntlmssp->server_info,
+				       server_info,
 				       &gensec_ntlmssp->ntlmssp_state->session_key,
 				       gensec_ntlmssp->ntlmssp_state->user,
 				       session_info);
@@ -137,6 +139,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 	struct gensec_ntlmssp_context *gensec_ntlmssp =
 		(struct gensec_ntlmssp_context *)ntlmssp_state->callback_private;
 	struct auth_usersupplied_info *user_info = NULL;
+	struct auth_serversupplied_info *server_info;
 	NTSTATUS nt_status;
 	bool username_was_mapped;
 
@@ -168,7 +171,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 	user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
 
 	nt_status = gensec_ntlmssp->auth_context->check_ntlm_password(gensec_ntlmssp->auth_context,
-									  user_info, &gensec_ntlmssp->server_info);
+									  user_info, &server_info);
 
 	username_was_mapped = user_info->was_mapped;
 
@@ -176,9 +179,10 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		nt_status = do_map_to_guest_server_info(nt_status,
-							&gensec_ntlmssp->server_info,
+							&server_info,
 							gensec_ntlmssp->ntlmssp_state->user,
 							gensec_ntlmssp->ntlmssp_state->domain);
+		gensec_ntlmssp->server_returned_info = server_info;
 		return nt_status;
 	}
 
@@ -186,26 +190,27 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 		return nt_status;
 	}
 
-	gensec_ntlmssp->server_info->nss_token |= username_was_mapped;
+	server_info->nss_token |= username_was_mapped;
 
 	/* Clear out the session keys, and pass them to the caller.
 	 * They will not be used in this form again - instead the
 	 * NTLMSSP code will decide on the final correct session key,
 	 * and supply it to create_local_token() */
-	if (gensec_ntlmssp->server_info->session_key.length) {
+	if (server_info->session_key.length) {
 		DEBUG(10, ("Got NT session key of length %u\n",
-			(unsigned int)gensec_ntlmssp->server_info->session_key.length));
-		*session_key = gensec_ntlmssp->server_info->session_key;
-		talloc_steal(mem_ctx, gensec_ntlmssp->server_info->session_key.data);
-		gensec_ntlmssp->server_info->session_key = data_blob_null;
+			(unsigned int)server_info->session_key.length));
+		*session_key = server_info->session_key;
+		talloc_steal(mem_ctx, server_info->session_key.data);
+		server_info->session_key = data_blob_null;
 	}
-	if (gensec_ntlmssp->server_info->lm_session_key.length) {
+	if (server_info->lm_session_key.length) {
 		DEBUG(10, ("Got LM session key of length %u\n",
-			(unsigned int)gensec_ntlmssp->server_info->lm_session_key.length));
-		*lm_session_key = gensec_ntlmssp->server_info->lm_session_key;
-		talloc_steal(mem_ctx, gensec_ntlmssp->server_info->lm_session_key.data);
-		gensec_ntlmssp->server_info->lm_session_key = data_blob_null;
+			(unsigned int)server_info->lm_session_key.length));
+		*lm_session_key = server_info->lm_session_key;
+		talloc_steal(mem_ctx, server_info->lm_session_key.data);
+		server_info->lm_session_key = data_blob_null;
 	}
+	gensec_ntlmssp->server_returned_info = server_info;
 	return nt_status;
 }
 
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index a7fc413ecc..1b22701499 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -152,9 +152,15 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
 			     struct loadparm_context *lp_ctx,
 			     struct auth4_context **auth_ctx);
 
+NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,
+			     TALLOC_CTX *mem_ctx,
+			     const struct auth_usersupplied_info *user_info, 
+			     void **server_returned_info,
+			     DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key);
+
 NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
 			     TALLOC_CTX *mem_ctx,
-			     const struct auth_usersupplied_info *user_info,
+			     const struct auth_usersupplied_info *user_info, 
 			     struct auth_user_info_dc **user_info_dc);
 NTSTATUS auth4_init(void);
 NTSTATUS auth_register(const struct auth_operations *ops);
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 95bdd84837..a654fab096 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -35,7 +35,7 @@
 
 static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
                                                   struct auth4_context *auth_context,
-                                                  struct auth_user_info_dc *user_info_dc,
+						   void *server_returned_info,
                                                   uint32_t session_info_flags,
 						   struct auth_session_info **session_info);
 
@@ -208,6 +208,38 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
 	return status;
 }
 
+_PUBLIC_ NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,
+					      TALLOC_CTX *mem_ctx,
+					      const struct auth_usersupplied_info *user_info, 
+					      void **server_returned_info,
+					      DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
+{
+	struct auth_user_info_dc *user_info_dc;
+	NTSTATUS status = auth_check_password(auth_ctx, mem_ctx, user_info, &user_info_dc);
+
+	if (NT_STATUS_IS_OK(status)) {
+		*server_returned_info = user_info_dc;
+
+		if (user_session_key) {
+			DEBUG(10, ("Got NT session key of length %u\n",
+				   (unsigned)user_info_dc->user_session_key.length));
+			*user_session_key = user_info_dc->user_session_key;
+			talloc_steal(mem_ctx, user_session_key->data);
+			user_info_dc->user_session_key = data_blob_null;
+		}
+
+		if (lm_session_key) {
+			DEBUG(10, ("Got LM session key of length %u\n",
+				   (unsigned)user_info_dc->lm_session_key.length));
+			*lm_session_key = user_info_dc->lm_session_key;
+			talloc_steal(mem_ctx, lm_session_key->data);
+			user_info_dc->lm_session_key = data_blob_null;
+		}
+	}
+
+	return status;
+}
+
 struct auth_check_password_state {
 	struct auth4_context *auth_ctx;
 	const struct auth_usersupplied_info *user_info;
@@ -433,10 +465,11 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
   * generation of unix tokens via IRPC */
 static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
                                                   struct auth4_context *auth_context,
-                                                  struct auth_user_info_dc *user_info_dc,
+						   void *server_returned_info,
                                                   uint32_t session_info_flags,
                                                   struct auth_session_info **session_info)
 {
+	struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(server_returned_info, struct auth_user_info_dc);
 	NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
 						     auth_context->sam_ctx, user_info_dc,
 						     session_info_flags, session_info);
@@ -562,7 +595,7 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **
 		DLIST_ADD_END(ctx->methods, method, struct auth_method_context *);
 	}
 
-	ctx->check_password = auth_check_password;
+	ctx->check_password = auth_check_password_wrapper;
 	ctx->get_challenge = auth_get_challenge;
 	ctx->set_challenge = auth_context_set_challenge;
 	ctx->challenge_may_be_modified = auth_challenge_may_be_modified;
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index dcd6123499..1a876e319f 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -189,25 +189,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 		nt_status = auth_context->check_password(auth_context,
 							 gensec_ntlmssp,
 							 user_info,
-							 &gensec_ntlmssp->user_info_dc);
+							 &gensec_ntlmssp->server_returned_info,
+							 user_session_key, lm_session_key);
 	}
 	talloc_free(user_info);
 	NT_STATUS_NOT_OK_RETURN(nt_status);
 
-	if (gensec_ntlmssp->user_info_dc->user_session_key.length) {
-		DEBUG(10, ("Got NT session key of length %u\n",
-			   (unsigned)gensec_ntlmssp->user_info_dc->user_session_key.length));
-		*user_session_key = gensec_ntlmssp->user_info_dc->user_session_key;
-		talloc_steal(mem_ctx, user_session_key->data);
-		gensec_ntlmssp->user_info_dc->user_session_key = data_blob_null;
-	}
-	if (gensec_ntlmssp->user_info_dc->lm_session_key.length) {
-		DEBUG(10, ("Got LM session key of length %u\n",
-			   (unsigned)gensec_ntlmssp->user_info_dc->lm_session_key.length));
-		*lm_session_key = gensec_ntlmssp->user_info_dc->lm_session_key;
-		talloc_steal(mem_ctx, lm_session_key->data);
-		gensec_ntlmssp->user_info_dc->lm_session_key = data_blob_null;
-	}
+	talloc_steal(mem_ctx, user_session_key->data);
+	talloc_steal(mem_ctx, lm_session_key->data);
+	
 	return nt_status;
 }
 
@@ -229,10 +219,11 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
 	struct gensec_ntlmssp_context *gensec_ntlmssp =
 		talloc_get_type_abort(gensec_security->private_data,
 				      struct gensec_ntlmssp_context);
-
+	struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(gensec_ntlmssp->server_returned_info,
+								       struct auth_user_info_dc);
 	nt_status = gensec_generate_session_info(mem_ctx,
 						 gensec_security,
-						 gensec_ntlmssp->user_info_dc,
+						 user_info_dc,
 						 session_info);
 	NT_STATUS_NOT_OK_RETURN(nt_status);