summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-12-27 10:25:55 +1100
committerStefan Metzmacher <metze@samba.org>2012-01-06 08:12:49 +0100
commita00032a92d9c0fcd4fa3f551abb901e5240f780f (patch)
treea946857f13846f35f39895a5024468e24af0576d /source3/libsmb
parent21415568fe335d513545ef5788462551e2f1f1ae (diff)
downloadsamba-a00032a92d9c0fcd4fa3f551abb901e5240f780f.tar.gz
samba-a00032a92d9c0fcd4fa3f551abb901e5240f780f.tar.bz2
samba-a00032a92d9c0fcd4fa3f551abb901e5240f780f.zip
s3-libsmb Make auth_ntlmssp client more generic
As well as renaming, this allows us to start the mech by DCE/RPC auth type or OID. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/clifsinfo.c27
-rw-r--r--source3/libsmb/ntlmssp_wrap.c43
2 files changed, 48 insertions, 22 deletions
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index ff15624c60..5c86c5d288 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -3,6 +3,7 @@
FS info functions
Copyright (C) Stefan (metze) Metzmacher 2003
Copyright (C) Jeremy Allison 2007
+ Copyright (C) Andrew Bartlett 2011
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -26,7 +27,7 @@
#include "async_smb.h"
#include "../libcli/smb/smb_seal.h"
#include "trans2.h"
-#include "ntlmssp_wrap.h"
+#include "auth_generic.h"
#include "auth/gensec/gensec.h"
#include "../libcli/smb/smbXcli_base.h"
@@ -610,37 +611,37 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
DATA_BLOB blob_out = data_blob_null;
DATA_BLOB param_out = data_blob_null;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- struct auth_generic_state *auth_ntlmssp_state;
+ struct auth_generic_state *auth_generic_state;
struct smb_trans_enc_state *es = make_cli_enc_state(SMB_TRANS_ENC_NTLM);
if (!es) {
return NT_STATUS_NO_MEMORY;
}
- status = auth_ntlmssp_client_prepare(NULL,
- &auth_ntlmssp_state);
+ status = auth_generic_client_prepare(NULL,
+ &auth_generic_state);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
- gensec_want_feature(auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SESSION_KEY);
- gensec_want_feature(auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SEAL);
+ gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SESSION_KEY);
+ gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SEAL);
- if (!NT_STATUS_IS_OK(status = auth_ntlmssp_set_username(auth_ntlmssp_state, user))) {
+ if (!NT_STATUS_IS_OK(status = auth_generic_set_username(auth_generic_state, user))) {
goto fail;
}
- if (!NT_STATUS_IS_OK(status = auth_ntlmssp_set_domain(auth_ntlmssp_state, domain))) {
+ if (!NT_STATUS_IS_OK(status = auth_generic_set_domain(auth_generic_state, domain))) {
goto fail;
}
- if (!NT_STATUS_IS_OK(status = auth_ntlmssp_set_password(auth_ntlmssp_state, pass))) {
+ if (!NT_STATUS_IS_OK(status = auth_generic_set_password(auth_generic_state, pass))) {
goto fail;
}
- if (!NT_STATUS_IS_OK(status = auth_ntlmssp_client_start(auth_ntlmssp_state))) {
+ if (!NT_STATUS_IS_OK(status = auth_generic_client_start(auth_generic_state, GENSEC_OID_NTLMSSP))) {
goto fail;
}
do {
- status = gensec_update(auth_ntlmssp_state->gensec_security, auth_ntlmssp_state,
+ status = gensec_update(auth_generic_state->gensec_security, auth_generic_state,
NULL, blob_in, &blob_out);
data_blob_free(&blob_in);
data_blob_free(&param_out);
@@ -671,13 +672,13 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
* es is a malloc()ed pointer, so we cannot make
* gensec_security a talloc child */
es->s.gensec_security = talloc_move(NULL,
- &auth_ntlmssp_state->gensec_security);
+ &auth_generic_state->gensec_security);
smb1cli_conn_set_encryption(cli->conn, es);
es = NULL;
}
fail:
- TALLOC_FREE(auth_ntlmssp_state);
+ TALLOC_FREE(auth_generic_state);
common_free_encryption_state(&es);
return status;
}
diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c
index e2d1bc636f..36508129ae 100644
--- a/source3/libsmb/ntlmssp_wrap.c
+++ b/source3/libsmb/ntlmssp_wrap.c
@@ -20,27 +20,27 @@
#include "includes.h"
#include "auth/ntlmssp/ntlmssp.h"
-#include "ntlmssp_wrap.h"
+#include "auth_generic.h"
#include "auth/gensec/gensec.h"
#include "auth/credentials/credentials.h"
#include "librpc/rpc/dcerpc.h"
#include "lib/param/param.h"
-NTSTATUS auth_ntlmssp_set_username(struct auth_generic_state *ans,
+NTSTATUS auth_generic_set_username(struct auth_generic_state *ans,
const char *user)
{
cli_credentials_set_username(ans->credentials, user, CRED_SPECIFIED);
return NT_STATUS_OK;
}
-NTSTATUS auth_ntlmssp_set_domain(struct auth_generic_state *ans,
+NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans,
const char *domain)
{
cli_credentials_set_domain(ans->credentials, domain, CRED_SPECIFIED);
return NT_STATUS_OK;
}
-NTSTATUS auth_ntlmssp_set_password(struct auth_generic_state *ans,
+NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
const char *password)
{
cli_credentials_set_password(ans->credentials, password, CRED_SPECIFIED);
@@ -153,7 +153,7 @@ static const struct gensec_security_ops gensec_ntlmssp3_client_ops = {
.priority = GENSEC_NTLMSSP
};
-NTSTATUS auth_ntlmssp_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_ntlmssp_state)
+NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_generic_state)
{
struct auth_generic_state *ans;
NTSTATUS nt_status;
@@ -163,7 +163,7 @@ NTSTATUS auth_ntlmssp_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
ans = talloc_zero(mem_ctx, struct auth_generic_state);
if (!ans) {
- DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
+ DEBUG(0,("auth_generic_start: talloc failed!\n"));
return NT_STATUS_NO_MEMORY;
}
@@ -207,11 +207,11 @@ NTSTATUS auth_ntlmssp_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
talloc_unlink(ans, lp_ctx);
talloc_unlink(ans, gensec_settings);
- *auth_ntlmssp_state = ans;
+ *auth_generic_state = ans;
return NT_STATUS_OK;
}
-NTSTATUS auth_ntlmssp_client_start(struct auth_generic_state *ans)
+NTSTATUS auth_generic_client_start(struct auth_generic_state *ans, const char *oid)
{
NTSTATUS status;
@@ -226,7 +226,32 @@ NTSTATUS auth_ntlmssp_client_start(struct auth_generic_state *ans)
ans->credentials = NULL;
status = gensec_start_mech_by_oid(ans->gensec_security,
- GENSEC_OID_NTLMSSP);
+ oid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_client_start_by_authtype(struct auth_generic_state *ans,
+ uint8_t auth_type,
+ uint8_t auth_level)
+{
+ NTSTATUS status;
+
+ /* Transfer the credentials to gensec */
+ status = gensec_set_credentials(ans->gensec_security, ans->credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+ talloc_unlink(ans, ans->credentials);
+ ans->credentials = NULL;
+
+ status = gensec_start_mech_by_authtype(ans->gensec_security,
+ auth_type, auth_level);
if (!NT_STATUS_IS_OK(status)) {
return status;
}