summaryrefslogtreecommitdiff
path: root/auth/ntlmssp
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-01-31 14:39:34 +1100
committerStefan Metzmacher <metze@samba.org>2012-02-17 10:48:09 +0100
commit9c5b26f8647bd31dec9864d8c42959f81e686619 (patch)
treeca7cbc7f3a645a9fa16ebd68d9053cdffee829e0 /auth/ntlmssp
parent2f74f2f18056e83c396b196939bc8f89bd4d0702 (diff)
downloadsamba-9c5b26f8647bd31dec9864d8c42959f81e686619.tar.gz
samba-9c5b26f8647bd31dec9864d8c42959f81e686619.tar.bz2
samba-9c5b26f8647bd31dec9864d8c42959f81e686619.zip
s3-auth: Use common gensec_ntlmssp server functions for more of gensec_ntlmssp3_server
This is possible because we now supply the auth4_context abstraction that this code is looking for. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'auth/ntlmssp')
-rw-r--r--auth/ntlmssp/gensec_ntlmssp_server.c23
-rw-r--r--auth/ntlmssp/ntlmssp_private.h31
2 files changed, 47 insertions, 7 deletions
diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c
index f37f2e716e..841e6a67f0 100644
--- a/auth/ntlmssp/gensec_ntlmssp_server.c
+++ b/auth/ntlmssp/gensec_ntlmssp_server.c
@@ -81,8 +81,8 @@ NTSTATUS gensec_ntlmssp_server_auth(struct gensec_security *gensec_security,
* @return an 8 byte random challenge
*/
-static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
- uint8_t chal[8])
+NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
+ uint8_t chal[8])
{
struct gensec_ntlmssp_context *gensec_ntlmssp =
talloc_get_type_abort(ntlmssp_state->callback_private,
@@ -107,7 +107,7 @@ static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_s
*
* @return If the effective challenge used by the auth subsystem may be modified
*/
-static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state)
+bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state)
{
struct gensec_ntlmssp_context *gensec_ntlmssp =
talloc_get_type_abort(ntlmssp_state->callback_private,
@@ -124,7 +124,7 @@ static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_s
* NTLM2 authentication modifies the effective challenge,
* @param challenge The new challenge value
*/
-static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge)
+NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge)
{
struct gensec_ntlmssp_context *gensec_ntlmssp =
talloc_get_type_abort(ntlmssp_state->callback_private,
@@ -153,9 +153,9 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state,
* Return the session keys used on the connection.
*/
-static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
+NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
{
struct gensec_ntlmssp_context *gensec_ntlmssp =
talloc_get_type_abort(ntlmssp_state->callback_private,
@@ -191,6 +191,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
user_session_key, lm_session_key);
}
talloc_free(user_info);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(5,("%s: Checking NTLMSSP password for %s\\%s failed: %s\n",
+ __location__,
+ user_info->client.domain_name,
+ user_info->client.account_name,
+ nt_errstr(nt_status)));
+ }
+
NT_STATUS_NOT_OK_RETURN(nt_status);
talloc_steal(mem_ctx, user_session_key->data);
diff --git a/auth/ntlmssp/ntlmssp_private.h b/auth/ntlmssp/ntlmssp_private.h
index 431626c34d..e7fa3d5539 100644
--- a/auth/ntlmssp/ntlmssp_private.h
+++ b/auth/ntlmssp/ntlmssp_private.h
@@ -134,3 +134,34 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
*
*/
NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security);
+
+/**
+ * Return the challenge as determined by the authentication subsystem
+ * @return an 8 byte random challenge
+ */
+
+NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
+ uint8_t chal[8]);
+
+/**
+ * Some authentication methods 'fix' the challenge, so we may not be able to set it
+ *
+ * @return If the effective challenge used by the auth subsystem may be modified
+ */
+bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state);
+
+/**
+ * NTLM2 authentication modifies the effective challenge,
+ * @param challenge The new challenge value
+ */
+NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge);
+
+/**
+ * Check the password on an NTLMSSP login.
+ *
+ * Return the session keys used on the connection.
+ */
+
+NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key);