diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-01-31 14:39:34 +1100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2012-02-17 10:48:09 +0100 |
| commit | 9c5b26f8647bd31dec9864d8c42959f81e686619 (patch) | |
| tree | ca7cbc7f3a645a9fa16ebd68d9053cdffee829e0 /auth/ntlmssp | |
| parent | 2f74f2f18056e83c396b196939bc8f89bd4d0702 (diff) | |
| download | samba-9c5b26f8647bd31dec9864d8c42959f81e686619.tar.gz samba-9c5b26f8647bd31dec9864d8c42959f81e686619.tar.bz2 samba-9c5b26f8647bd31dec9864d8c42959f81e686619.zip | |
s3-auth: Use common gensec_ntlmssp server functions for more of gensec_ntlmssp3_server
This is possible because we now supply the auth4_context abstraction that this
code is looking for.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'auth/ntlmssp')
| -rw-r--r-- | auth/ntlmssp/gensec_ntlmssp_server.c | 23 | ||||
| -rw-r--r-- | auth/ntlmssp/ntlmssp_private.h | 31 |
2 files changed, 47 insertions, 7 deletions
diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c index f37f2e716e..841e6a67f0 100644 --- a/auth/ntlmssp/gensec_ntlmssp_server.c +++ b/auth/ntlmssp/gensec_ntlmssp_server.c @@ -81,8 +81,8 @@ NTSTATUS gensec_ntlmssp_server_auth(struct gensec_security *gensec_security, * @return an 8 byte random challenge */ -static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state, - uint8_t chal[8]) +NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state, + uint8_t chal[8]) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(ntlmssp_state->callback_private, @@ -107,7 +107,7 @@ static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_s * * @return If the effective challenge used by the auth subsystem may be modified */ -static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state) +bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(ntlmssp_state->callback_private, @@ -124,7 +124,7 @@ static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_s * NTLM2 authentication modifies the effective challenge, * @param challenge The new challenge value */ -static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge) +NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(ntlmssp_state->callback_private, @@ -153,9 +153,9 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, * Return the session keys used on the connection. */ -static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, - TALLOC_CTX *mem_ctx, - DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) +NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, + TALLOC_CTX *mem_ctx, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(ntlmssp_state->callback_private, @@ -191,6 +191,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, user_session_key, lm_session_key); } talloc_free(user_info); + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(5,("%s: Checking NTLMSSP password for %s\\%s failed: %s\n", + __location__, + user_info->client.domain_name, + user_info->client.account_name, + nt_errstr(nt_status))); + } + NT_STATUS_NOT_OK_RETURN(nt_status); talloc_steal(mem_ctx, user_session_key->data); diff --git a/auth/ntlmssp/ntlmssp_private.h b/auth/ntlmssp/ntlmssp_private.h index 431626c34d..e7fa3d5539 100644 --- a/auth/ntlmssp/ntlmssp_private.h +++ b/auth/ntlmssp/ntlmssp_private.h @@ -134,3 +134,34 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security, * */ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security); + +/** + * Return the challenge as determined by the authentication subsystem + * @return an 8 byte random challenge + */ + +NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state, + uint8_t chal[8]); + +/** + * Some authentication methods 'fix' the challenge, so we may not be able to set it + * + * @return If the effective challenge used by the auth subsystem may be modified + */ +bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state); + +/** + * NTLM2 authentication modifies the effective challenge, + * @param challenge The new challenge value + */ +NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge); + +/** + * Check the password on an NTLMSSP login. + * + * Return the session keys used on the connection. + */ + +NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, + TALLOC_CTX *mem_ctx, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key); |