diff options
author | Andreas Schneider <asn@samba.org> | 2011-06-15 11:15:06 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-07-04 18:28:00 +1000 |
commit | 45f70db01070cfb0cdfb6ae0e8ee64da2bf42fc0 (patch) | |
tree | ced1c978daa490107838a440c1fe4a475e0c36d0 /source3/smbd | |
parent | 541f3cf639699d23b9a96e6c615027a5be4581a9 (diff) | |
download | samba-45f70db01070cfb0cdfb6ae0e8ee64da2bf42fc0.tar.gz samba-45f70db01070cfb0cdfb6ae0e8ee64da2bf42fc0.tar.bz2 samba-45f70db01070cfb0cdfb6ae0e8ee64da2bf42fc0.zip |
s3-auth: Added remote_address to ntlmssp server.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/seal.c | 50 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 9 | ||||
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 9 |
3 files changed, 51 insertions, 17 deletions
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index 26185062a6..f1c0f9cf3b 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -27,6 +27,7 @@ #include "../lib/util/asn1.h" #include "auth.h" #include "libsmb/libsmb.h" +#include "../lib/tsocket/tsocket.h" /****************************************************************************** Server side encryption. @@ -82,9 +83,11 @@ bool is_encrypted_packet(const uint8_t *inbuf) Create an auth_ntlmssp_state and ensure pointer copy is correct. ******************************************************************************/ -static NTSTATUS make_auth_ntlmssp(struct smb_srv_trans_enc_ctx *ec) +static NTSTATUS make_auth_ntlmssp(const struct tsocket_address *remote_address, + struct smb_srv_trans_enc_ctx *ec) { - NTSTATUS status = auth_ntlmssp_start(&ec->auth_ntlmssp_state); + NTSTATUS status = auth_ntlmssp_start(remote_address, + &ec->auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { return nt_status_squash(status); } @@ -256,7 +259,9 @@ static void srv_free_encryption_context(struct smb_srv_trans_enc_ctx **pp_ec) Create a server encryption context. ******************************************************************************/ -static NTSTATUS make_srv_encryption_context(enum smb_trans_enc_type smb_enc_type, struct smb_srv_trans_enc_ctx **pp_ec) +static NTSTATUS make_srv_encryption_context(const struct tsocket_address *remote_address, + enum smb_trans_enc_type smb_enc_type, + struct smb_srv_trans_enc_ctx **pp_ec) { struct smb_srv_trans_enc_ctx *ec; @@ -277,7 +282,8 @@ static NTSTATUS make_srv_encryption_context(enum smb_trans_enc_type smb_enc_type switch (smb_enc_type) { case SMB_TRANS_ENC_NTLM: { - NTSTATUS status = make_auth_ntlmssp(ec); + NTSTATUS status = make_auth_ntlmssp(remote_address, + ec); if (!NT_STATUS_IS_OK(status)) { srv_free_encryption_context(&ec); return status; @@ -368,7 +374,10 @@ NTSTATUS srv_encrypt_buffer(char *buf, char **buf_out) ******************************************************************************/ #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) -static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_data_size, DATA_BLOB secblob) +static NTSTATUS srv_enc_spnego_gss_negotiate(const struct tsocket_address *remote_address, + unsigned char **ppdata, + size_t *p_data_size, + DATA_BLOB secblob) { OM_uint32 ret; OM_uint32 min; @@ -380,7 +389,9 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d NTSTATUS status; if (!partial_srv_trans_enc_ctx) { - status = make_srv_encryption_context(SMB_TRANS_ENC_GSS, &partial_srv_trans_enc_ctx); + status = make_srv_encryption_context(remote_address, + SMB_TRANS_ENC_GSS, + &partial_srv_trans_enc_ctx); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -450,13 +461,19 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d Until success we do everything on the partial enc ctx. ******************************************************************************/ -static NTSTATUS srv_enc_ntlm_negotiate(unsigned char **ppdata, size_t *p_data_size, DATA_BLOB secblob, bool spnego_wrap) +static NTSTATUS srv_enc_ntlm_negotiate(const struct tsocket_address *remote_address, + unsigned char **ppdata, + size_t *p_data_size, + DATA_BLOB secblob, + bool spnego_wrap) { NTSTATUS status; DATA_BLOB chal = data_blob_null; DATA_BLOB response = data_blob_null; - status = make_srv_encryption_context(SMB_TRANS_ENC_NTLM, &partial_srv_trans_enc_ctx); + status = make_srv_encryption_context(remote_address, + SMB_TRANS_ENC_NTLM, + &partial_srv_trans_enc_ctx); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -517,14 +534,21 @@ static NTSTATUS srv_enc_spnego_negotiate(connection_struct *conn, TALLOC_FREE(kerb_mech); #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) - status = srv_enc_spnego_gss_negotiate(ppdata, p_data_size, secblob); + status = srv_enc_spnego_gss_negotiate(conn->sconn->remote_address, + ppdata, + p_data_size, + secblob); #else /* Currently we don't SPNEGO negotiate * back to NTLMSSP as we do in sessionsetupX. We should... */ return NT_STATUS_LOGON_FAILURE; #endif } else { - status = srv_enc_ntlm_negotiate(ppdata, p_data_size, secblob, true); + status = srv_enc_ntlm_negotiate(conn->sconn->remote_address, + ppdata, + p_data_size, + secblob, + true); } data_blob_free(&secblob); @@ -628,7 +652,11 @@ static NTSTATUS srv_enc_raw_ntlm_auth(connection_struct *conn, if (!partial_srv_trans_enc_ctx) { /* This is the initial step. */ - status = srv_enc_ntlm_negotiate(ppdata, p_data_size, blob, false); + status = srv_enc_ntlm_negotiate(conn->sconn->remote_address, + ppdata, + p_data_size, + blob, + false); if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) { srv_free_encryption_context(&partial_srv_trans_enc_ctx); return nt_status_squash(status); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index dda4ef296e..7d111e3219 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -662,7 +662,8 @@ static void reply_spnego_negotiate(struct smb_request *req, return; } - status = auth_ntlmssp_start(auth_ntlmssp_state); + status = auth_ntlmssp_start(sconn->remote_address, + auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { /* Kill the intermediate vuid */ invalidate_vuid(sconn, vuid); @@ -763,7 +764,8 @@ static void reply_spnego_auth(struct smb_request *req, data_blob_free(&secblob); if (!*auth_ntlmssp_state) { - status = auth_ntlmssp_start(auth_ntlmssp_state); + status = auth_ntlmssp_start(sconn->remote_address, + auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { /* Kill the intermediate vuid */ invalidate_vuid(sconn, vuid); @@ -1175,7 +1177,8 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) DATA_BLOB chal; if (!vuser->auth_ntlmssp_state) { - status = auth_ntlmssp_start(&vuser->auth_ntlmssp_state); + status = auth_ntlmssp_start(sconn->remote_address, + &vuser->auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { /* Kill the intermediate vuid */ invalidate_vuid(sconn, vuid); diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index c33d1c61be..13dfff0853 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -404,7 +404,8 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session, status = NT_STATUS_MORE_PROCESSING_REQUIRED; } else { /* Fall back to NTLMSSP. */ - status = auth_ntlmssp_start(&session->auth_ntlmssp_state); + status = auth_ntlmssp_start(session->sconn->remote_address, + &session->auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { goto out; } @@ -591,7 +592,8 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session, } if (session->auth_ntlmssp_state == NULL) { - status = auth_ntlmssp_start(&session->auth_ntlmssp_state); + status = auth_ntlmssp_start(session->sconn->remote_address, + &session->auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { data_blob_free(&auth); TALLOC_FREE(session); @@ -655,7 +657,8 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session, DATA_BLOB secblob_out = data_blob_null; if (session->auth_ntlmssp_state == NULL) { - status = auth_ntlmssp_start(&session->auth_ntlmssp_state); + status = auth_ntlmssp_start(session->sconn->remote_address, + &session->auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(session); return status; |