summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-07-27 13:34:34 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-08-03 18:48:03 +1000
commitd69843c908d2dab9f5296096eccf8650296b79f4 (patch)
treea1881623bac18445011e4a6344568c6dc78cef63 /source3/auth
parentdee845eb70379feae89940e9535541f7957c60d9 (diff)
downloadsamba-d69843c908d2dab9f5296096eccf8650296b79f4.tar.gz
samba-d69843c908d2dab9f5296096eccf8650296b79f4.tar.bz2
samba-d69843c908d2dab9f5296096eccf8650296b79f4.zip
s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmssp
This allows the current behaviour of the NTLMSSP code to be unchanged while adding a way to hook in an alternate implementation via an auth module. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_ntlmssp.c49
1 files changed, 36 insertions, 13 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 2157d355d2..64307bea48 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -26,15 +26,25 @@
#include "ntlmssp_wrap.h"
#include "../librpc/gen_ndr/netlogon.h"
#include "../lib/tsocket/tsocket.h"
+#include "auth/gensec/gensec.h"
NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
struct auth_ntlmssp_state *auth_ntlmssp_state,
struct auth_session_info **session_info)
{
- NTSTATUS nt_status = create_local_token(mem_ctx,
- auth_ntlmssp_state->server_info,
- &auth_ntlmssp_state->ntlmssp_state->session_key,
+ NTSTATUS nt_status;
+ if (auth_ntlmssp_state->gensec_security) {
+
+ nt_status = gensec_session_info(auth_ntlmssp_state->gensec_security,
+ mem_ctx,
session_info);
+ return nt_status;
+ }
+
+ nt_status = create_local_token(mem_ctx,
+ auth_ntlmssp_state->server_info,
+ &auth_ntlmssp_state->ntlmssp_state->session_key,
+ session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("create_local_token failed: %s\n",
@@ -190,6 +200,29 @@ NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
struct auth_ntlmssp_state *ans;
struct auth_context *auth_context;
+ ans = talloc_zero(NULL, struct auth_ntlmssp_state);
+ if (!ans) {
+ DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ nt_status = make_auth_context_subsystem(talloc_tos(), &auth_context);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ }
+
+ if (auth_context->start_gensec) {
+ nt_status = auth_context->start_gensec(ans, GENSEC_OID_NTLMSSP, &ans->gensec_security);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ } else {
+ *auth_ntlmssp_state = ans;
+ return NT_STATUS_OK;
+ }
+ }
+
if ((enum server_role)lp_server_role() == ROLE_STANDALONE) {
is_standalone = true;
} else {
@@ -205,12 +238,6 @@ NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
}
dns_name = get_mydnsfullname();
- ans = talloc_zero(NULL, struct auth_ntlmssp_state);
- if (!ans) {
- DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
ans->remote_address = tsocket_address_copy(remote_address, ans);
if (ans->remote_address == NULL) {
DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
@@ -228,10 +255,6 @@ NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
return nt_status;
}
- nt_status = make_auth_context_subsystem(talloc_tos(), &auth_context);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
ans->auth_context = talloc_steal(ans, auth_context);
ans->ntlmssp_state->callback_private = ans;