summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-05-05 15:23:57 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-05-05 15:23:57 +1000
commit7ee76eeae5b3e9e5f5b226039e7276897f5e6764 (patch)
treed2de6ee6008582b0d521a8b6a446fd2886aa8a37 /source4/auth
parent2c95244f1115c87a8ec3101427680a834d71ceaf (diff)
downloadsamba-7ee76eeae5b3e9e5f5b226039e7276897f5e6764.tar.gz
samba-7ee76eeae5b3e9e5f5b226039e7276897f5e6764.tar.bz2
samba-7ee76eeae5b3e9e5f5b226039e7276897f5e6764.zip
Move NTLM authentication details into auth/ntlm
This should help clarify the role of the various files around here (done on Jelmer's request). Andrew Bartlett (This used to be commit efa399037511ced8978f2e7661a71aac7a384883)
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/config.mk83
-rw-r--r--source4/auth/ntlm/auth.c (renamed from source4/auth/auth.c)0
-rw-r--r--source4/auth/ntlm/auth_anonymous.c (renamed from source4/auth/auth_anonymous.c)0
-rw-r--r--source4/auth/ntlm/auth_developer.c (renamed from source4/auth/auth_developer.c)0
-rw-r--r--source4/auth/ntlm/auth_proto.h50
-rw-r--r--source4/auth/ntlm/auth_sam.c (renamed from source4/auth/auth_sam.c)3
-rw-r--r--source4/auth/ntlm/auth_server.c (renamed from source4/auth/auth_server.c)0
-rw-r--r--source4/auth/ntlm/auth_simple.c (renamed from source4/auth/auth_simple.c)0
-rw-r--r--source4/auth/ntlm/auth_unix.c (renamed from source4/auth/auth_unix.c)0
-rw-r--r--source4/auth/ntlm/auth_util.c (renamed from source4/auth/auth_util.c)0
-rw-r--r--source4/auth/ntlm/auth_winbind.c (renamed from source4/auth/auth_winbind.c)0
-rw-r--r--source4/auth/ntlm/config.mk87
-rw-r--r--source4/auth/ntlm/ntlm_check.c (renamed from source4/auth/ntlm_check.c)1
-rw-r--r--source4/auth/ntlm/ntlm_check.h75
-rw-r--r--source4/auth/ntlm/pam_errors.c (renamed from source4/auth/pam_errors.c)0
-rw-r--r--source4/auth/ntlm/pam_errors.h39
16 files changed, 256 insertions, 82 deletions
diff --git a/source4/auth/config.mk b/source4/auth/config.mk
index 0acb9e30ba..87b796288d 100644
--- a/source4/auth/config.mk
+++ b/source4/auth/config.mk
@@ -2,6 +2,7 @@
mkinclude gensec/config.mk
mkinclude kerberos/config.mk
mkinclude ntlmssp/config.mk
+mkinclude ntlm/config.mk
mkinclude credentials/config.mk
[SUBSYSTEM::auth_session]
@@ -24,93 +25,13 @@ PRIVATE_PROTO_HEADER = auth_sam.h
PUBLIC_DEPENDENCIES = SAMDB UTIL_LDB LIBSECURITY
PRIVATE_DEPENDENCIES = LDAP_ENCODE
-auth_sam_OBJ_FILES = $(addprefix auth/, sam.o ntlm_check.o)
+auth_sam_OBJ_FILES = $(addprefix auth/, sam.o)
[SUBSYSTEM::auth_sam_reply]
PRIVATE_PROTO_HEADER = auth_sam_reply.h
auth_sam_reply_OBJ_FILES = $(addprefix auth/, auth_sam_reply.o)
-#######################
-# Start MODULE auth_sam
-[MODULE::auth_sam_module]
-# gensec_krb5 and gensec_gssapi depend on it
-INIT_FUNCTION = auth_sam_init
-SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = \
- SAMDB auth_sam
-# End MODULE auth_sam
-#######################
-
-auth_sam_module_OBJ_FILES = $(addprefix auth/, auth_sam.o)
-
-#######################
-# Start MODULE auth_anonymous
-[MODULE::auth_anonymous]
-INIT_FUNCTION = auth_anonymous_init
-SUBSYSTEM = auth
-# End MODULE auth_anonymous
-#######################
-
-auth_anonymous_OBJ_FILES = $(addprefix auth/, auth_anonymous.o)
-
-#######################
-# Start MODULE auth_anonymous
-[MODULE::auth_server]
-INIT_FUNCTION = auth_server_init
-SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_SMB
-OUTPUT_TYPE = SHARED_LIBRARY
-# End MODULE auth_server
-#######################
-
-auth_server_OBJ_FILES = $(addprefix auth/, auth_server.o)
-
-#######################
-# Start MODULE auth_winbind
-[MODULE::auth_winbind]
-INIT_FUNCTION = auth_winbind_init
-SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = NDR_WINBIND MESSAGING LIBWINBIND-CLIENT
-# End MODULE auth_winbind
-#######################
-
-auth_winbind_OBJ_FILES = $(addprefix auth/, auth_winbind.o)
-
-#######################
-# Start MODULE auth_developer
-[MODULE::auth_developer]
-INIT_FUNCTION = auth_developer_init
-SUBSYSTEM = auth
-# End MODULE auth_developer
-#######################
-
-auth_developer_OBJ_FILES = $(addprefix auth/, auth_developer.o)
-
-[MODULE::auth_unix]
-INIT_FUNCTION = auth_unix_init
-SUBSYSTEM = auth
-PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER
-
-auth_unix_OBJ_FILES = $(addprefix auth/, auth_unix.o)
-
-[SUBSYSTEM::PAM_ERRORS]
-PRIVATE_PROTO_HEADER = pam_errors.h
-
-#VERSION = 0.0.1
-#SO_VERSION = 0
-PAM_ERRORS_OBJ_FILES = $(addprefix auth/, pam_errors.o)
-
-[MODULE::auth]
-INIT_FUNCTION = server_service_auth_init
-SUBSYSTEM = service
-PRIVATE_PROTO_HEADER = auth_proto.h
-PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS
-
-auth_OBJ_FILES = $(addprefix auth/, auth.o auth_util.o auth_simple.o)
-
-# PUBLIC_HEADERS += auth/auth.h
-
[PYTHON::swig_auth]
PUBLIC_DEPENDENCIES = auth_system_session
PRIVATE_DEPENDENCIES = SAMDB
diff --git a/source4/auth/auth.c b/source4/auth/ntlm/auth.c
index b74a438962..b74a438962 100644
--- a/source4/auth/auth.c
+++ b/source4/auth/ntlm/auth.c
diff --git a/source4/auth/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c
index b93c7c2008..b93c7c2008 100644
--- a/source4/auth/auth_anonymous.c
+++ b/source4/auth/ntlm/auth_anonymous.c
diff --git a/source4/auth/auth_developer.c b/source4/auth/ntlm/auth_developer.c
index a2c9cbc828..a2c9cbc828 100644
--- a/source4/auth/auth_developer.c
+++ b/source4/auth/ntlm/auth_developer.c
diff --git a/source4/auth/ntlm/auth_proto.h b/source4/auth/ntlm/auth_proto.h
new file mode 100644
index 0000000000..572c1a4ca7
--- /dev/null
+++ b/source4/auth/ntlm/auth_proto.h
@@ -0,0 +1,50 @@
+#ifndef __AUTH_NTLM_AUTH_PROTO_H__
+#define __AUTH_NTLM_AUTH_PROTO_H__
+
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
+/* This file was automatically generated by mkproto.pl. DO NOT EDIT */
+
+/* this file contains prototypes for functions that are private
+ * to this subsystem or library. These functions should not be
+ * used outside this particular subsystem! */
+
+
+/* The following definitions come from auth/ntlm/auth.c */
+
+
+/***************************************************************************
+ Set a fixed challenge
+***************************************************************************/
+bool auth_challenge_may_be_modified(struct auth_context *auth_ctx) ;
+const struct auth_operations *auth_backend_byname(const char *name);
+const struct auth_critical_sizes *auth_interface_version(void);
+NTSTATUS server_service_auth_init(void);
+
+/* The following definitions come from auth/ntlm/auth_util.c */
+
+NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge);
+
+/****************************************************************************
+ Create an auth_usersupplied_data structure after appropriate mapping.
+****************************************************************************/
+NTSTATUS map_user_info(TALLOC_CTX *mem_ctx,
+ const char *default_domain,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_usersupplied_info **user_info_mapped);
+
+/****************************************************************************
+ Create an auth_usersupplied_data structure after appropriate mapping.
+****************************************************************************/
+NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context,
+ enum auth_password_state to_state,
+ const struct auth_usersupplied_info *user_info_in,
+ const struct auth_usersupplied_info **user_info_encrypted);
+
+/* The following definitions come from auth/ntlm/auth_simple.c */
+
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2)
+
+#endif /* __AUTH_NTLM_AUTH_PROTO_H__ */
+
diff --git a/source4/auth/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 731e489ba0..2c13cd963d 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -25,7 +25,8 @@
#include "lib/ldb/include/ldb.h"
#include "util/util_ldb.h"
#include "auth/auth.h"
-#include "auth/auth_proto.h"
+#include "auth/ntlm/ntlm_check.h"
+#include "auth/ntlm/auth_proto.h"
#include "auth/auth_sam.h"
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
diff --git a/source4/auth/auth_server.c b/source4/auth/ntlm/auth_server.c
index be5f84fe39..be5f84fe39 100644
--- a/source4/auth/auth_server.c
+++ b/source4/auth/ntlm/auth_server.c
diff --git a/source4/auth/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index e7039c3657..e7039c3657 100644
--- a/source4/auth/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
diff --git a/source4/auth/auth_unix.c b/source4/auth/ntlm/auth_unix.c
index a417107025..a417107025 100644
--- a/source4/auth/auth_unix.c
+++ b/source4/auth/ntlm/auth_unix.c
diff --git a/source4/auth/auth_util.c b/source4/auth/ntlm/auth_util.c
index 1d86b858cf..1d86b858cf 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/ntlm/auth_util.c
diff --git a/source4/auth/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index 149f549afa..149f549afa 100644
--- a/source4/auth/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
diff --git a/source4/auth/ntlm/config.mk b/source4/auth/ntlm/config.mk
new file mode 100644
index 0000000000..319aca7318
--- /dev/null
+++ b/source4/auth/ntlm/config.mk
@@ -0,0 +1,87 @@
+# NTLM auth server subsystem
+
+[SUBSYSTEM::ntlm_check]
+PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL
+
+ntlm_check_OBJ_FILES = $(addprefix auth/ntlm/, ntlm_check.o)
+
+#######################
+# Start MODULE auth_sam
+[MODULE::auth_sam_module]
+# gensec_krb5 and gensec_gssapi depend on it
+INIT_FUNCTION = auth_sam_init
+SUBSYSTEM = auth
+PRIVATE_DEPENDENCIES = \
+ SAMDB auth_sam ntlm_check
+# End MODULE auth_sam
+#######################
+
+auth_sam_module_OBJ_FILES = $(addprefix auth/ntlm/, auth_sam.o)
+
+#######################
+# Start MODULE auth_anonymous
+[MODULE::auth_anonymous]
+INIT_FUNCTION = auth_anonymous_init
+SUBSYSTEM = auth
+# End MODULE auth_anonymous
+#######################
+
+auth_anonymous_OBJ_FILES = $(addprefix auth/ntlm/, auth_anonymous.o)
+
+#######################
+# Start MODULE auth_anonymous
+[MODULE::auth_server]
+INIT_FUNCTION = auth_server_init
+SUBSYSTEM = auth
+PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_SMB
+OUTPUT_TYPE = SHARED_LIBRARY
+# End MODULE auth_server
+#######################
+
+auth_server_OBJ_FILES = $(addprefix auth/ntlm/, auth_server.o)
+
+#######################
+# Start MODULE auth_winbind
+[MODULE::auth_winbind]
+INIT_FUNCTION = auth_winbind_init
+SUBSYSTEM = auth
+PRIVATE_DEPENDENCIES = NDR_WINBIND MESSAGING LIBWINBIND-CLIENT
+# End MODULE auth_winbind
+#######################
+
+auth_winbind_OBJ_FILES = $(addprefix auth/ntlm/, auth_winbind.o)
+
+#######################
+# Start MODULE auth_developer
+[MODULE::auth_developer]
+INIT_FUNCTION = auth_developer_init
+SUBSYSTEM = auth
+# End MODULE auth_developer
+#######################
+
+auth_developer_OBJ_FILES = $(addprefix auth/ntlm/, auth_developer.o)
+
+[MODULE::auth_unix]
+INIT_FUNCTION = auth_unix_init
+SUBSYSTEM = auth
+PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER
+
+auth_unix_OBJ_FILES = $(addprefix auth/ntlm/, auth_unix.o)
+
+[SUBSYSTEM::PAM_ERRORS]
+PRIVATE_PROTO_HEADER = pam_errors.h
+
+#VERSION = 0.0.1
+#SO_VERSION = 0
+PAM_ERRORS_OBJ_FILES = $(addprefix auth/ntlm/, pam_errors.o)
+
+[MODULE::auth]
+INIT_FUNCTION = server_service_auth_init
+SUBSYSTEM = service
+PRIVATE_PROTO_HEADER = auth_proto.h
+PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS
+
+auth_OBJ_FILES = $(addprefix auth/ntlm/, auth.o auth_util.o auth_simple.o)
+
+# PUBLIC_HEADERS += auth/auth.h
+
diff --git a/source4/auth/ntlm_check.c b/source4/auth/ntlm/ntlm_check.c
index 55f2595f44..0dbbce0edc 100644
--- a/source4/auth/ntlm_check.c
+++ b/source4/auth/ntlm/ntlm_check.c
@@ -24,6 +24,7 @@
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/auth/libcli_auth.h"
#include "param/param.h"
+#include "auth/ntlm/ntlm_check.h"
/****************************************************************************
Core of smb password checking routine.
diff --git a/source4/auth/ntlm/ntlm_check.h b/source4/auth/ntlm/ntlm_check.h
new file mode 100644
index 0000000000..eb115b74d6
--- /dev/null
+++ b/source4/auth/ntlm/ntlm_check.h
@@ -0,0 +1,75 @@
+/*
+ Unix SMB/CIFS implementation.
+ Password and authentication handling
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2004
+ Copyright (C) Gerald Carter 2003
+ Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+/**
+ * Compare password hashes against those from the SAM
+ *
+ * @param mem_ctx talloc context
+ * @param client_lanman LANMAN password hash, as supplied by the client
+ * @param client_nt NT (MD4) password hash, as supplied by the client
+ * @param username internal Samba username, for log messages
+ * @param client_username username the client used
+ * @param client_domain domain name the client used (may be mapped)
+ * @param stored_lanman LANMAN password hash, as stored on the SAM
+ * @param stored_nt NT (MD4) password hash, as stored on the SAM
+ * @param user_sess_key User session key
+ * @param lm_sess_key LM session key (first 8 bytes of the LM hash)
+ */
+
+NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
+ const struct samr_Password *client_lanman,
+ const struct samr_Password *client_nt,
+ const char *username,
+ const struct samr_Password *stored_lanman,
+ const struct samr_Password *stored_nt);
+
+/**
+ * Check a challenge-response password against the value of the NT or
+ * LM password hash.
+ *
+ * @param mem_ctx talloc context
+ * @param challenge 8-byte challenge. If all zero, forces plaintext comparison
+ * @param nt_response 'unicode' NT response to the challenge, or unicode password
+ * @param lm_response ASCII or LANMAN response to the challenge, or password in DOS code page
+ * @param username internal Samba username, for log messages
+ * @param client_username username the client used
+ * @param client_domain domain name the client used (may be mapped)
+ * @param stored_lanman LANMAN ASCII password from our passdb or similar
+ * @param stored_nt MD4 unicode password from our passdb or similar
+ * @param user_sess_key User session key
+ * @param lm_sess_key LM session key (first 8 bytes of the LM hash)
+ */
+
+NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
+ uint32_t logon_parameters,
+ const DATA_BLOB *challenge,
+ const DATA_BLOB *lm_response,
+ const DATA_BLOB *nt_response,
+ const char *username,
+ const char *client_username,
+ const char *client_domain,
+ const struct samr_Password *stored_lanman,
+ const struct samr_Password *stored_nt,
+ DATA_BLOB *user_sess_key,
+ DATA_BLOB *lm_sess_key);
diff --git a/source4/auth/pam_errors.c b/source4/auth/ntlm/pam_errors.c
index 9774ad8727..9774ad8727 100644
--- a/source4/auth/pam_errors.c
+++ b/source4/auth/ntlm/pam_errors.c
diff --git a/source4/auth/ntlm/pam_errors.h b/source4/auth/ntlm/pam_errors.h
new file mode 100644
index 0000000000..904950caa6
--- /dev/null
+++ b/source4/auth/ntlm/pam_errors.h
@@ -0,0 +1,39 @@
+#ifndef __AUTH_NTLM_PAM_ERRORS_H__
+#define __AUTH_NTLM_PAM_ERRORS_H__
+
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
+/* This file was automatically generated by mkproto.pl. DO NOT EDIT */
+
+/* this file contains prototypes for functions that are private
+ * to this subsystem or library. These functions should not be
+ * used outside this particular subsystem! */
+
+
+/* The following definitions come from auth/ntlm/pam_errors.c */
+
+
+/*****************************************************************************
+convert a PAM error to a NT status32 code
+ *****************************************************************************/
+NTSTATUS pam_to_nt_status(int pam_error);
+
+/*****************************************************************************
+convert an NT status32 code to a PAM error
+ *****************************************************************************/
+int nt_status_to_pam(NTSTATUS nt_status);
+
+/*****************************************************************************
+convert a PAM error to a NT status32 code
+ *****************************************************************************/
+NTSTATUS pam_to_nt_status(int pam_error);
+
+/*****************************************************************************
+convert an NT status32 code to a PAM error
+ *****************************************************************************/
+int nt_status_to_pam(NTSTATUS nt_status);
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2)
+
+#endif /* __AUTH_NTLM_PAM_ERRORS_H__ */
+