summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2011-06-15 11:15:06 +0200
committerAndrew Bartlett <abartlet@samba.org>2011-07-04 18:28:00 +1000
commit45f70db01070cfb0cdfb6ae0e8ee64da2bf42fc0 (patch)
treeced1c978daa490107838a440c1fe4a475e0c36d0 /source3/smbd
parent541f3cf639699d23b9a96e6c615027a5be4581a9 (diff)
downloadsamba-45f70db01070cfb0cdfb6ae0e8ee64da2bf42fc0.tar.gz
samba-45f70db01070cfb0cdfb6ae0e8ee64da2bf42fc0.tar.bz2
samba-45f70db01070cfb0cdfb6ae0e8ee64da2bf42fc0.zip
s3-auth: Added remote_address to ntlmssp server.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/seal.c50
-rw-r--r--source3/smbd/sesssetup.c9
-rw-r--r--source3/smbd/smb2_sesssetup.c9
3 files changed, 51 insertions, 17 deletions
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index 26185062a6..f1c0f9cf3b 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -27,6 +27,7 @@
#include "../lib/util/asn1.h"
#include "auth.h"
#include "libsmb/libsmb.h"
+#include "../lib/tsocket/tsocket.h"
/******************************************************************************
Server side encryption.
@@ -82,9 +83,11 @@ bool is_encrypted_packet(const uint8_t *inbuf)
Create an auth_ntlmssp_state and ensure pointer copy is correct.
******************************************************************************/
-static NTSTATUS make_auth_ntlmssp(struct smb_srv_trans_enc_ctx *ec)
+static NTSTATUS make_auth_ntlmssp(const struct tsocket_address *remote_address,
+ struct smb_srv_trans_enc_ctx *ec)
{
- NTSTATUS status = auth_ntlmssp_start(&ec->auth_ntlmssp_state);
+ NTSTATUS status = auth_ntlmssp_start(remote_address,
+ &ec->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
return nt_status_squash(status);
}
@@ -256,7 +259,9 @@ static void srv_free_encryption_context(struct smb_srv_trans_enc_ctx **pp_ec)
Create a server encryption context.
******************************************************************************/
-static NTSTATUS make_srv_encryption_context(enum smb_trans_enc_type smb_enc_type, struct smb_srv_trans_enc_ctx **pp_ec)
+static NTSTATUS make_srv_encryption_context(const struct tsocket_address *remote_address,
+ enum smb_trans_enc_type smb_enc_type,
+ struct smb_srv_trans_enc_ctx **pp_ec)
{
struct smb_srv_trans_enc_ctx *ec;
@@ -277,7 +282,8 @@ static NTSTATUS make_srv_encryption_context(enum smb_trans_enc_type smb_enc_type
switch (smb_enc_type) {
case SMB_TRANS_ENC_NTLM:
{
- NTSTATUS status = make_auth_ntlmssp(ec);
+ NTSTATUS status = make_auth_ntlmssp(remote_address,
+ ec);
if (!NT_STATUS_IS_OK(status)) {
srv_free_encryption_context(&ec);
return status;
@@ -368,7 +374,10 @@ NTSTATUS srv_encrypt_buffer(char *buf, char **buf_out)
******************************************************************************/
#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
-static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_data_size, DATA_BLOB secblob)
+static NTSTATUS srv_enc_spnego_gss_negotiate(const struct tsocket_address *remote_address,
+ unsigned char **ppdata,
+ size_t *p_data_size,
+ DATA_BLOB secblob)
{
OM_uint32 ret;
OM_uint32 min;
@@ -380,7 +389,9 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d
NTSTATUS status;
if (!partial_srv_trans_enc_ctx) {
- status = make_srv_encryption_context(SMB_TRANS_ENC_GSS, &partial_srv_trans_enc_ctx);
+ status = make_srv_encryption_context(remote_address,
+ SMB_TRANS_ENC_GSS,
+ &partial_srv_trans_enc_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -450,13 +461,19 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d
Until success we do everything on the partial enc ctx.
******************************************************************************/
-static NTSTATUS srv_enc_ntlm_negotiate(unsigned char **ppdata, size_t *p_data_size, DATA_BLOB secblob, bool spnego_wrap)
+static NTSTATUS srv_enc_ntlm_negotiate(const struct tsocket_address *remote_address,
+ unsigned char **ppdata,
+ size_t *p_data_size,
+ DATA_BLOB secblob,
+ bool spnego_wrap)
{
NTSTATUS status;
DATA_BLOB chal = data_blob_null;
DATA_BLOB response = data_blob_null;
- status = make_srv_encryption_context(SMB_TRANS_ENC_NTLM, &partial_srv_trans_enc_ctx);
+ status = make_srv_encryption_context(remote_address,
+ SMB_TRANS_ENC_NTLM,
+ &partial_srv_trans_enc_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -517,14 +534,21 @@ static NTSTATUS srv_enc_spnego_negotiate(connection_struct *conn,
TALLOC_FREE(kerb_mech);
#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
- status = srv_enc_spnego_gss_negotiate(ppdata, p_data_size, secblob);
+ status = srv_enc_spnego_gss_negotiate(conn->sconn->remote_address,
+ ppdata,
+ p_data_size,
+ secblob);
#else
/* Currently we don't SPNEGO negotiate
* back to NTLMSSP as we do in sessionsetupX. We should... */
return NT_STATUS_LOGON_FAILURE;
#endif
} else {
- status = srv_enc_ntlm_negotiate(ppdata, p_data_size, secblob, true);
+ status = srv_enc_ntlm_negotiate(conn->sconn->remote_address,
+ ppdata,
+ p_data_size,
+ secblob,
+ true);
}
data_blob_free(&secblob);
@@ -628,7 +652,11 @@ static NTSTATUS srv_enc_raw_ntlm_auth(connection_struct *conn,
if (!partial_srv_trans_enc_ctx) {
/* This is the initial step. */
- status = srv_enc_ntlm_negotiate(ppdata, p_data_size, blob, false);
+ status = srv_enc_ntlm_negotiate(conn->sconn->remote_address,
+ ppdata,
+ p_data_size,
+ blob,
+ false);
if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) {
srv_free_encryption_context(&partial_srv_trans_enc_ctx);
return nt_status_squash(status);
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index dda4ef296e..7d111e3219 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -662,7 +662,8 @@ static void reply_spnego_negotiate(struct smb_request *req,
return;
}
- status = auth_ntlmssp_start(auth_ntlmssp_state);
+ status = auth_ntlmssp_start(sconn->remote_address,
+ auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
@@ -763,7 +764,8 @@ static void reply_spnego_auth(struct smb_request *req,
data_blob_free(&secblob);
if (!*auth_ntlmssp_state) {
- status = auth_ntlmssp_start(auth_ntlmssp_state);
+ status = auth_ntlmssp_start(sconn->remote_address,
+ auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
@@ -1175,7 +1177,8 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
DATA_BLOB chal;
if (!vuser->auth_ntlmssp_state) {
- status = auth_ntlmssp_start(&vuser->auth_ntlmssp_state);
+ status = auth_ntlmssp_start(sconn->remote_address,
+ &vuser->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index c33d1c61be..13dfff0853 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -404,7 +404,8 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
status = NT_STATUS_MORE_PROCESSING_REQUIRED;
} else {
/* Fall back to NTLMSSP. */
- status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
+ status = auth_ntlmssp_start(session->sconn->remote_address,
+ &session->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
@@ -591,7 +592,8 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
}
if (session->auth_ntlmssp_state == NULL) {
- status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
+ status = auth_ntlmssp_start(session->sconn->remote_address,
+ &session->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&auth);
TALLOC_FREE(session);
@@ -655,7 +657,8 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
DATA_BLOB secblob_out = data_blob_null;
if (session->auth_ntlmssp_state == NULL) {
- status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
+ status = auth_ntlmssp_start(session->sconn->remote_address,
+ &session->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
return status;