summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-01-31 16:17:48 +1100
committerStefan Metzmacher <metze@samba.org>2012-02-17 10:48:09 +0100
commit3767fd42556d2f6bdee07d2ba20e7a78065e0346 (patch)
tree947252193d13169e5310f3c4984e07f6ebae220a /source3
parent55c630404a999180e3bd9dd697d526fc3e21cd3b (diff)
downloadsamba-3767fd42556d2f6bdee07d2ba20e7a78065e0346.tar.gz
samba-3767fd42556d2f6bdee07d2ba20e7a78065e0346.tar.bz2
samba-3767fd42556d2f6bdee07d2ba20e7a78065e0346.zip
s3-auth: Use the gensec-supplied DNS domain name and hostname.
Also have a reasonable fallback for when it is not set. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_generic.c32
-rw-r--r--source3/auth/auth_ntlmssp.c72
2 files changed, 76 insertions, 28 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index b76dcd7e8f..559dce19f9 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -183,6 +183,8 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx;
size_t idx = 0;
struct cli_credentials *server_credentials;
+ const char *dns_name;
+ const char *dns_domain;
struct auth4_context *auth4_context = talloc_zero(tmp_ctx, struct auth4_context);
if (auth4_context == NULL) {
DEBUG(10, ("failed to allocate auth4_context failed\n"));
@@ -211,6 +213,36 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
+ /*
+ * This should be a 'netbios domain -> DNS domain'
+ * mapping, and can currently validly return NULL on
+ * poorly configured systems.
+ *
+ * This is used for the NTLMSSP server
+ *
+ */
+ dns_name = get_mydnsfullname();
+ if (dns_name == NULL) {
+ dns_name = "";
+ }
+
+ dns_domain = get_mydnsdomname(tmp_ctx);
+ if (dns_domain == NULL) {
+ dns_domain = "";
+ }
+
+ gensec_settings->server_dns_name = strlower_talloc(gensec_settings, dns_name);
+ if (gensec_settings->server_dns_name == NULL) {
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ gensec_settings->server_dns_domain = strlower_talloc(gensec_settings, dns_domain);
+ if (gensec_settings->server_dns_domain == NULL) {
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
gensec_settings->backends = talloc_zero_array(gensec_settings,
struct gensec_security_ops *, 4);
if (gensec_settings->backends == NULL) {
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 2f6e8ade71..5f94358dbd 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -205,17 +205,12 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_security)
{
NTSTATUS nt_status;
- const char *dns_name;
- char *dns_domain;
struct gensec_ntlmssp_context *gensec_ntlmssp;
struct ntlmssp_state *ntlmssp_state;
-
- /* This should be a 'netbios domain -> DNS domain' mapping */
- dns_domain = get_mydnsdomname(talloc_tos());
- if (dns_domain) {
- strlower_m(dns_domain);
- }
- dns_name = get_mydnsfullname();
+ const char *netbios_name;
+ const char *netbios_domain;
+ const char *dns_name;
+ const char *dns_domain;
nt_status = gensec_ntlmssp_start(gensec_security);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -224,14 +219,6 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
- if (!dns_domain) {
- dns_domain = "";
- }
-
- if (!dns_name) {
- dns_name = "";
- }
-
ntlmssp_state = talloc_zero(gensec_ntlmssp, struct ntlmssp_state);
if (!ntlmssp_state) {
return NT_STATUS_NO_MEMORY;
@@ -251,15 +238,6 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
ntlmssp_state->allow_lm_key = true;
}
- ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
- if (!ntlmssp_state->server.dns_name) {
- return NT_STATUS_NO_MEMORY;
- }
- ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain);
- if (!ntlmssp_state->server.dns_domain) {
- return NT_STATUS_NO_MEMORY;
- }
-
ntlmssp_state->neg_flags =
NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION;
@@ -305,9 +283,47 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
ntlmssp_state->server.is_standalone = false;
}
- ntlmssp_state->server.netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx);
+ netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx);
+ netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
- ntlmssp_state->server.netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
+ if (gensec_security->settings->server_dns_name) {
+ dns_name = gensec_security->settings->server_dns_name;
+ } else {
+ const char *dnsdomain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
+ char *lower_netbiosname;
+
+ lower_netbiosname = strlower_talloc(ntlmssp_state, netbios_name);
+ NT_STATUS_HAVE_NO_MEMORY(lower_netbiosname);
+
+ /* Find out the DNS host name */
+ if (dnsdomain && dnsdomain[0] != '\0') {
+ dns_name = talloc_asprintf(ntlmssp_state, "%s.%s",
+ lower_netbiosname,
+ dnsdomain);
+ talloc_free(lower_netbiosname);
+ NT_STATUS_HAVE_NO_MEMORY(dns_name);
+ } else {
+ dns_name = lower_netbiosname;
+ }
+ }
+
+ if (gensec_security->settings->server_dns_domain) {
+ dns_domain = gensec_security->settings->server_dns_domain;
+ } else {
+ dns_domain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
+ }
+
+ ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name);
+ NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_name);
+
+ ntlmssp_state->server.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain);
+ NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_domain);
+
+ ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
+ NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name);
+
+ ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain);
+ NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain);
return NT_STATUS_OK;
}