diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-01-31 16:17:48 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-02-17 10:48:09 +0100 |
commit | 3767fd42556d2f6bdee07d2ba20e7a78065e0346 (patch) | |
tree | 947252193d13169e5310f3c4984e07f6ebae220a /source3 | |
parent | 55c630404a999180e3bd9dd697d526fc3e21cd3b (diff) | |
download | samba-3767fd42556d2f6bdee07d2ba20e7a78065e0346.tar.gz samba-3767fd42556d2f6bdee07d2ba20e7a78065e0346.tar.bz2 samba-3767fd42556d2f6bdee07d2ba20e7a78065e0346.zip |
s3-auth: Use the gensec-supplied DNS domain name and hostname.
Also have a reasonable fallback for when it is not set.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3')
-rw-r--r-- | source3/auth/auth_generic.c | 32 | ||||
-rw-r--r-- | source3/auth/auth_ntlmssp.c | 72 |
2 files changed, 76 insertions, 28 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c index b76dcd7e8f..559dce19f9 100644 --- a/source3/auth/auth_generic.c +++ b/source3/auth/auth_generic.c @@ -183,6 +183,8 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx; size_t idx = 0; struct cli_credentials *server_credentials; + const char *dns_name; + const char *dns_domain; struct auth4_context *auth4_context = talloc_zero(tmp_ctx, struct auth4_context); if (auth4_context == NULL) { DEBUG(10, ("failed to allocate auth4_context failed\n")); @@ -211,6 +213,36 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } + /* + * This should be a 'netbios domain -> DNS domain' + * mapping, and can currently validly return NULL on + * poorly configured systems. + * + * This is used for the NTLMSSP server + * + */ + dns_name = get_mydnsfullname(); + if (dns_name == NULL) { + dns_name = ""; + } + + dns_domain = get_mydnsdomname(tmp_ctx); + if (dns_domain == NULL) { + dns_domain = ""; + } + + gensec_settings->server_dns_name = strlower_talloc(gensec_settings, dns_name); + if (gensec_settings->server_dns_name == NULL) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } + + gensec_settings->server_dns_domain = strlower_talloc(gensec_settings, dns_domain); + if (gensec_settings->server_dns_domain == NULL) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } + gensec_settings->backends = talloc_zero_array(gensec_settings, struct gensec_security_ops *, 4); if (gensec_settings->backends == NULL) { diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 2f6e8ade71..5f94358dbd 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -205,17 +205,12 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context, static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_security) { NTSTATUS nt_status; - const char *dns_name; - char *dns_domain; struct gensec_ntlmssp_context *gensec_ntlmssp; struct ntlmssp_state *ntlmssp_state; - - /* This should be a 'netbios domain -> DNS domain' mapping */ - dns_domain = get_mydnsdomname(talloc_tos()); - if (dns_domain) { - strlower_m(dns_domain); - } - dns_name = get_mydnsfullname(); + const char *netbios_name; + const char *netbios_domain; + const char *dns_name; + const char *dns_domain; nt_status = gensec_ntlmssp_start(gensec_security); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -224,14 +219,6 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); - if (!dns_domain) { - dns_domain = ""; - } - - if (!dns_name) { - dns_name = ""; - } - ntlmssp_state = talloc_zero(gensec_ntlmssp, struct ntlmssp_state); if (!ntlmssp_state) { return NT_STATUS_NO_MEMORY; @@ -251,15 +238,6 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu ntlmssp_state->allow_lm_key = true; } - ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name); - if (!ntlmssp_state->server.dns_name) { - return NT_STATUS_NO_MEMORY; - } - ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain); - if (!ntlmssp_state->server.dns_domain) { - return NT_STATUS_NO_MEMORY; - } - ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION; @@ -305,9 +283,47 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu ntlmssp_state->server.is_standalone = false; } - ntlmssp_state->server.netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx); + netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx); + netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx); - ntlmssp_state->server.netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx); + if (gensec_security->settings->server_dns_name) { + dns_name = gensec_security->settings->server_dns_name; + } else { + const char *dnsdomain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx); + char *lower_netbiosname; + + lower_netbiosname = strlower_talloc(ntlmssp_state, netbios_name); + NT_STATUS_HAVE_NO_MEMORY(lower_netbiosname); + + /* Find out the DNS host name */ + if (dnsdomain && dnsdomain[0] != '\0') { + dns_name = talloc_asprintf(ntlmssp_state, "%s.%s", + lower_netbiosname, + dnsdomain); + talloc_free(lower_netbiosname); + NT_STATUS_HAVE_NO_MEMORY(dns_name); + } else { + dns_name = lower_netbiosname; + } + } + + if (gensec_security->settings->server_dns_domain) { + dns_domain = gensec_security->settings->server_dns_domain; + } else { + dns_domain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx); + } + + ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_name); + + ntlmssp_state->server.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_domain); + + ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name); + + ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain); return NT_STATUS_OK; } |