auth: Provide a way to specify the NTLMSSP server name to GENSEC

This avoids us needing to assume lp_netbios_name().lp_dnsdomain() if the caller
knows better.  This will allow preservation of current s3 behaviour.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>

2 files changed, 40 insertions, 17 deletions

diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index c52eecb8d0..aba1018a92 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -83,6 +83,10 @@ struct gensec_settings {
 	 * should be used, rather than those loaded by the plugin
 	 * mechanism */
 	struct gensec_security_ops **backends;
+
+	/* To fill in our own name in the NTLMSSP server */
+	const char *server_dns_domain;
+	const char *server_dns_name;
 };
 
 struct gensec_security_ops {
diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c
index 1f1f5b3f7b..de86dd509e 100644
--- a/auth/ntlmssp/gensec_ntlmssp_server.c
+++ b/auth/ntlmssp/gensec_ntlmssp_server.c
@@ -266,6 +266,10 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
 	NTSTATUS nt_status;
 	struct ntlmssp_state *ntlmssp_state;
 	struct gensec_ntlmssp_context *gensec_ntlmssp;
+	const char *netbios_name;
+	const char *netbios_domain;
+	const char *dns_name;
+	const char *dns_domain;
 
 	nt_status = gensec_ntlmssp_start(gensec_security);
 	NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -339,33 +343,48 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
 		ntlmssp_state->server.is_standalone = false;
 	}
 
-	ntlmssp_state->server.netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx);
+	netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx);
+	netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
 
-	ntlmssp_state->server.netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
-
-	{
+	if (gensec_security->settings->server_dns_name) {
+		dns_name = gensec_security->settings->server_dns_name;
+	} else {
 		const char *dnsdomain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
-		char *dnsname, *lower_netbiosname;
-		lower_netbiosname = strlower_talloc(ntlmssp_state, ntlmssp_state->server.netbios_name);
+		char *lower_netbiosname;
+
+		lower_netbiosname = strlower_talloc(ntlmssp_state, netbios_name);
+		NT_STATUS_HAVE_NO_MEMORY(lower_netbiosname);
 
 		/* Find out the DNS host name */
 		if (dnsdomain && dnsdomain[0] != '\0') {
-			dnsname = talloc_asprintf(ntlmssp_state, "%s.%s",
-						  lower_netbiosname,
-						  dnsdomain);
+			dns_name = talloc_asprintf(ntlmssp_state, "%s.%s",
+						   lower_netbiosname,
+						   dnsdomain);
 			talloc_free(lower_netbiosname);
-			ntlmssp_state->server.dns_name = dnsname;
+			NT_STATUS_HAVE_NO_MEMORY(dns_name);
 		} else {
-			ntlmssp_state->server.dns_name = lower_netbiosname;
+			dns_name = lower_netbiosname;
 		}
+	}
 
-		NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name);
-
-		ntlmssp_state->server.dns_domain
-			= talloc_strdup(ntlmssp_state,
-					lpcfg_dnsdomain(gensec_security->settings->lp_ctx));
-		NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain);
+	if (gensec_security->settings->server_dns_domain) {
+		dns_domain = gensec_security->settings->server_dns_domain;
+	} else {
+		dns_domain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
 	}
 
+	ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name);
+	NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_name);
+
+	ntlmssp_state->server.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain);
+	NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_domain);
+
+	ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
+	NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name);
+
+	ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain);
+	NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain);
+
 	return NT_STATUS_OK;
 }
+