diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-05-05 15:23:57 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-05-05 15:23:57 +1000 |
commit | 7ee76eeae5b3e9e5f5b226039e7276897f5e6764 (patch) | |
tree | d2de6ee6008582b0d521a8b6a446fd2886aa8a37 /source4/auth | |
parent | 2c95244f1115c87a8ec3101427680a834d71ceaf (diff) | |
download | samba-7ee76eeae5b3e9e5f5b226039e7276897f5e6764.tar.gz samba-7ee76eeae5b3e9e5f5b226039e7276897f5e6764.tar.bz2 samba-7ee76eeae5b3e9e5f5b226039e7276897f5e6764.zip |
Move NTLM authentication details into auth/ntlm
This should help clarify the role of the various files around here
(done on Jelmer's request).
Andrew Bartlett
(This used to be commit efa399037511ced8978f2e7661a71aac7a384883)
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/config.mk | 83 | ||||
-rw-r--r-- | source4/auth/ntlm/auth.c (renamed from source4/auth/auth.c) | 0 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_anonymous.c (renamed from source4/auth/auth_anonymous.c) | 0 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_developer.c (renamed from source4/auth/auth_developer.c) | 0 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_proto.h | 50 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_sam.c (renamed from source4/auth/auth_sam.c) | 3 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_server.c (renamed from source4/auth/auth_server.c) | 0 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_simple.c (renamed from source4/auth/auth_simple.c) | 0 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_unix.c (renamed from source4/auth/auth_unix.c) | 0 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_util.c (renamed from source4/auth/auth_util.c) | 0 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_winbind.c (renamed from source4/auth/auth_winbind.c) | 0 | ||||
-rw-r--r-- | source4/auth/ntlm/config.mk | 87 | ||||
-rw-r--r-- | source4/auth/ntlm/ntlm_check.c (renamed from source4/auth/ntlm_check.c) | 1 | ||||
-rw-r--r-- | source4/auth/ntlm/ntlm_check.h | 75 | ||||
-rw-r--r-- | source4/auth/ntlm/pam_errors.c (renamed from source4/auth/pam_errors.c) | 0 | ||||
-rw-r--r-- | source4/auth/ntlm/pam_errors.h | 39 |
16 files changed, 256 insertions, 82 deletions
diff --git a/source4/auth/config.mk b/source4/auth/config.mk index 0acb9e30ba..87b796288d 100644 --- a/source4/auth/config.mk +++ b/source4/auth/config.mk @@ -2,6 +2,7 @@ mkinclude gensec/config.mk mkinclude kerberos/config.mk mkinclude ntlmssp/config.mk +mkinclude ntlm/config.mk mkinclude credentials/config.mk [SUBSYSTEM::auth_session] @@ -24,93 +25,13 @@ PRIVATE_PROTO_HEADER = auth_sam.h PUBLIC_DEPENDENCIES = SAMDB UTIL_LDB LIBSECURITY PRIVATE_DEPENDENCIES = LDAP_ENCODE -auth_sam_OBJ_FILES = $(addprefix auth/, sam.o ntlm_check.o) +auth_sam_OBJ_FILES = $(addprefix auth/, sam.o) [SUBSYSTEM::auth_sam_reply] PRIVATE_PROTO_HEADER = auth_sam_reply.h auth_sam_reply_OBJ_FILES = $(addprefix auth/, auth_sam_reply.o) -####################### -# Start MODULE auth_sam -[MODULE::auth_sam_module] -# gensec_krb5 and gensec_gssapi depend on it -INIT_FUNCTION = auth_sam_init -SUBSYSTEM = auth -PRIVATE_DEPENDENCIES = \ - SAMDB auth_sam -# End MODULE auth_sam -####################### - -auth_sam_module_OBJ_FILES = $(addprefix auth/, auth_sam.o) - -####################### -# Start MODULE auth_anonymous -[MODULE::auth_anonymous] -INIT_FUNCTION = auth_anonymous_init -SUBSYSTEM = auth -# End MODULE auth_anonymous -####################### - -auth_anonymous_OBJ_FILES = $(addprefix auth/, auth_anonymous.o) - -####################### -# Start MODULE auth_anonymous -[MODULE::auth_server] -INIT_FUNCTION = auth_server_init -SUBSYSTEM = auth -PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_SMB -OUTPUT_TYPE = SHARED_LIBRARY -# End MODULE auth_server -####################### - -auth_server_OBJ_FILES = $(addprefix auth/, auth_server.o) - -####################### -# Start MODULE auth_winbind -[MODULE::auth_winbind] -INIT_FUNCTION = auth_winbind_init -SUBSYSTEM = auth -PRIVATE_DEPENDENCIES = NDR_WINBIND MESSAGING LIBWINBIND-CLIENT -# End MODULE auth_winbind -####################### - -auth_winbind_OBJ_FILES = $(addprefix auth/, auth_winbind.o) - -####################### -# Start MODULE auth_developer -[MODULE::auth_developer] -INIT_FUNCTION = auth_developer_init -SUBSYSTEM = auth -# End MODULE auth_developer -####################### - -auth_developer_OBJ_FILES = $(addprefix auth/, auth_developer.o) - -[MODULE::auth_unix] -INIT_FUNCTION = auth_unix_init -SUBSYSTEM = auth -PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER - -auth_unix_OBJ_FILES = $(addprefix auth/, auth_unix.o) - -[SUBSYSTEM::PAM_ERRORS] -PRIVATE_PROTO_HEADER = pam_errors.h - -#VERSION = 0.0.1 -#SO_VERSION = 0 -PAM_ERRORS_OBJ_FILES = $(addprefix auth/, pam_errors.o) - -[MODULE::auth] -INIT_FUNCTION = server_service_auth_init -SUBSYSTEM = service -PRIVATE_PROTO_HEADER = auth_proto.h -PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS - -auth_OBJ_FILES = $(addprefix auth/, auth.o auth_util.o auth_simple.o) - -# PUBLIC_HEADERS += auth/auth.h - [PYTHON::swig_auth] PUBLIC_DEPENDENCIES = auth_system_session PRIVATE_DEPENDENCIES = SAMDB diff --git a/source4/auth/auth.c b/source4/auth/ntlm/auth.c index b74a438962..b74a438962 100644 --- a/source4/auth/auth.c +++ b/source4/auth/ntlm/auth.c diff --git a/source4/auth/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c index b93c7c2008..b93c7c2008 100644 --- a/source4/auth/auth_anonymous.c +++ b/source4/auth/ntlm/auth_anonymous.c diff --git a/source4/auth/auth_developer.c b/source4/auth/ntlm/auth_developer.c index a2c9cbc828..a2c9cbc828 100644 --- a/source4/auth/auth_developer.c +++ b/source4/auth/ntlm/auth_developer.c diff --git a/source4/auth/ntlm/auth_proto.h b/source4/auth/ntlm/auth_proto.h new file mode 100644 index 0000000000..572c1a4ca7 --- /dev/null +++ b/source4/auth/ntlm/auth_proto.h @@ -0,0 +1,50 @@ +#ifndef __AUTH_NTLM_AUTH_PROTO_H__ +#define __AUTH_NTLM_AUTH_PROTO_H__ + +#undef _PRINTF_ATTRIBUTE +#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2) +/* This file was automatically generated by mkproto.pl. DO NOT EDIT */ + +/* this file contains prototypes for functions that are private + * to this subsystem or library. These functions should not be + * used outside this particular subsystem! */ + + +/* The following definitions come from auth/ntlm/auth.c */ + + +/*************************************************************************** + Set a fixed challenge +***************************************************************************/ +bool auth_challenge_may_be_modified(struct auth_context *auth_ctx) ; +const struct auth_operations *auth_backend_byname(const char *name); +const struct auth_critical_sizes *auth_interface_version(void); +NTSTATUS server_service_auth_init(void); + +/* The following definitions come from auth/ntlm/auth_util.c */ + +NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge); + +/**************************************************************************** + Create an auth_usersupplied_data structure after appropriate mapping. +****************************************************************************/ +NTSTATUS map_user_info(TALLOC_CTX *mem_ctx, + const char *default_domain, + const struct auth_usersupplied_info *user_info, + struct auth_usersupplied_info **user_info_mapped); + +/**************************************************************************** + Create an auth_usersupplied_data structure after appropriate mapping. +****************************************************************************/ +NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context, + enum auth_password_state to_state, + const struct auth_usersupplied_info *user_info_in, + const struct auth_usersupplied_info **user_info_encrypted); + +/* The following definitions come from auth/ntlm/auth_simple.c */ + +#undef _PRINTF_ATTRIBUTE +#define _PRINTF_ATTRIBUTE(a1, a2) + +#endif /* __AUTH_NTLM_AUTH_PROTO_H__ */ + diff --git a/source4/auth/auth_sam.c b/source4/auth/ntlm/auth_sam.c index 731e489ba0..2c13cd963d 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -25,7 +25,8 @@ #include "lib/ldb/include/ldb.h" #include "util/util_ldb.h" #include "auth/auth.h" -#include "auth/auth_proto.h" +#include "auth/ntlm/ntlm_check.h" +#include "auth/ntlm/auth_proto.h" #include "auth/auth_sam.h" #include "dsdb/samdb/samdb.h" #include "libcli/security/security.h" diff --git a/source4/auth/auth_server.c b/source4/auth/ntlm/auth_server.c index be5f84fe39..be5f84fe39 100644 --- a/source4/auth/auth_server.c +++ b/source4/auth/ntlm/auth_server.c diff --git a/source4/auth/auth_simple.c b/source4/auth/ntlm/auth_simple.c index e7039c3657..e7039c3657 100644 --- a/source4/auth/auth_simple.c +++ b/source4/auth/ntlm/auth_simple.c diff --git a/source4/auth/auth_unix.c b/source4/auth/ntlm/auth_unix.c index a417107025..a417107025 100644 --- a/source4/auth/auth_unix.c +++ b/source4/auth/ntlm/auth_unix.c diff --git a/source4/auth/auth_util.c b/source4/auth/ntlm/auth_util.c index 1d86b858cf..1d86b858cf 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/ntlm/auth_util.c diff --git a/source4/auth/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c index 149f549afa..149f549afa 100644 --- a/source4/auth/auth_winbind.c +++ b/source4/auth/ntlm/auth_winbind.c diff --git a/source4/auth/ntlm/config.mk b/source4/auth/ntlm/config.mk new file mode 100644 index 0000000000..319aca7318 --- /dev/null +++ b/source4/auth/ntlm/config.mk @@ -0,0 +1,87 @@ +# NTLM auth server subsystem + +[SUBSYSTEM::ntlm_check] +PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL + +ntlm_check_OBJ_FILES = $(addprefix auth/ntlm/, ntlm_check.o) + +####################### +# Start MODULE auth_sam +[MODULE::auth_sam_module] +# gensec_krb5 and gensec_gssapi depend on it +INIT_FUNCTION = auth_sam_init +SUBSYSTEM = auth +PRIVATE_DEPENDENCIES = \ + SAMDB auth_sam ntlm_check +# End MODULE auth_sam +####################### + +auth_sam_module_OBJ_FILES = $(addprefix auth/ntlm/, auth_sam.o) + +####################### +# Start MODULE auth_anonymous +[MODULE::auth_anonymous] +INIT_FUNCTION = auth_anonymous_init +SUBSYSTEM = auth +# End MODULE auth_anonymous +####################### + +auth_anonymous_OBJ_FILES = $(addprefix auth/ntlm/, auth_anonymous.o) + +####################### +# Start MODULE auth_anonymous +[MODULE::auth_server] +INIT_FUNCTION = auth_server_init +SUBSYSTEM = auth +PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_SMB +OUTPUT_TYPE = SHARED_LIBRARY +# End MODULE auth_server +####################### + +auth_server_OBJ_FILES = $(addprefix auth/ntlm/, auth_server.o) + +####################### +# Start MODULE auth_winbind +[MODULE::auth_winbind] +INIT_FUNCTION = auth_winbind_init +SUBSYSTEM = auth +PRIVATE_DEPENDENCIES = NDR_WINBIND MESSAGING LIBWINBIND-CLIENT +# End MODULE auth_winbind +####################### + +auth_winbind_OBJ_FILES = $(addprefix auth/ntlm/, auth_winbind.o) + +####################### +# Start MODULE auth_developer +[MODULE::auth_developer] +INIT_FUNCTION = auth_developer_init +SUBSYSTEM = auth +# End MODULE auth_developer +####################### + +auth_developer_OBJ_FILES = $(addprefix auth/ntlm/, auth_developer.o) + +[MODULE::auth_unix] +INIT_FUNCTION = auth_unix_init +SUBSYSTEM = auth +PRIVATE_DEPENDENCIES = CRYPT PAM PAM_ERRORS NSS_WRAPPER + +auth_unix_OBJ_FILES = $(addprefix auth/ntlm/, auth_unix.o) + +[SUBSYSTEM::PAM_ERRORS] +PRIVATE_PROTO_HEADER = pam_errors.h + +#VERSION = 0.0.1 +#SO_VERSION = 0 +PAM_ERRORS_OBJ_FILES = $(addprefix auth/ntlm/, pam_errors.o) + +[MODULE::auth] +INIT_FUNCTION = server_service_auth_init +SUBSYSTEM = service +PRIVATE_PROTO_HEADER = auth_proto.h +PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS + +auth_OBJ_FILES = $(addprefix auth/ntlm/, auth.o auth_util.o auth_simple.o) + +# PUBLIC_HEADERS += auth/auth.h + diff --git a/source4/auth/ntlm_check.c b/source4/auth/ntlm/ntlm_check.c index 55f2595f44..0dbbce0edc 100644 --- a/source4/auth/ntlm_check.c +++ b/source4/auth/ntlm/ntlm_check.c @@ -24,6 +24,7 @@ #include "librpc/gen_ndr/netlogon.h" #include "libcli/auth/libcli_auth.h" #include "param/param.h" +#include "auth/ntlm/ntlm_check.h" /**************************************************************************** Core of smb password checking routine. diff --git a/source4/auth/ntlm/ntlm_check.h b/source4/auth/ntlm/ntlm_check.h new file mode 100644 index 0000000000..eb115b74d6 --- /dev/null +++ b/source4/auth/ntlm/ntlm_check.h @@ -0,0 +1,75 @@ +/* + Unix SMB/CIFS implementation. + Password and authentication handling + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2004 + Copyright (C) Gerald Carter 2003 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + + +/** + * Compare password hashes against those from the SAM + * + * @param mem_ctx talloc context + * @param client_lanman LANMAN password hash, as supplied by the client + * @param client_nt NT (MD4) password hash, as supplied by the client + * @param username internal Samba username, for log messages + * @param client_username username the client used + * @param client_domain domain name the client used (may be mapped) + * @param stored_lanman LANMAN password hash, as stored on the SAM + * @param stored_nt NT (MD4) password hash, as stored on the SAM + * @param user_sess_key User session key + * @param lm_sess_key LM session key (first 8 bytes of the LM hash) + */ + +NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + const struct samr_Password *client_lanman, + const struct samr_Password *client_nt, + const char *username, + const struct samr_Password *stored_lanman, + const struct samr_Password *stored_nt); + +/** + * Check a challenge-response password against the value of the NT or + * LM password hash. + * + * @param mem_ctx talloc context + * @param challenge 8-byte challenge. If all zero, forces plaintext comparison + * @param nt_response 'unicode' NT response to the challenge, or unicode password + * @param lm_response ASCII or LANMAN response to the challenge, or password in DOS code page + * @param username internal Samba username, for log messages + * @param client_username username the client used + * @param client_domain domain name the client used (may be mapped) + * @param stored_lanman LANMAN ASCII password from our passdb or similar + * @param stored_nt MD4 unicode password from our passdb or similar + * @param user_sess_key User session key + * @param lm_sess_key LM session key (first 8 bytes of the LM hash) + */ + +NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + uint32_t logon_parameters, + const DATA_BLOB *challenge, + const DATA_BLOB *lm_response, + const DATA_BLOB *nt_response, + const char *username, + const char *client_username, + const char *client_domain, + const struct samr_Password *stored_lanman, + const struct samr_Password *stored_nt, + DATA_BLOB *user_sess_key, + DATA_BLOB *lm_sess_key); diff --git a/source4/auth/pam_errors.c b/source4/auth/ntlm/pam_errors.c index 9774ad8727..9774ad8727 100644 --- a/source4/auth/pam_errors.c +++ b/source4/auth/ntlm/pam_errors.c diff --git a/source4/auth/ntlm/pam_errors.h b/source4/auth/ntlm/pam_errors.h new file mode 100644 index 0000000000..904950caa6 --- /dev/null +++ b/source4/auth/ntlm/pam_errors.h @@ -0,0 +1,39 @@ +#ifndef __AUTH_NTLM_PAM_ERRORS_H__ +#define __AUTH_NTLM_PAM_ERRORS_H__ + +#undef _PRINTF_ATTRIBUTE +#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2) +/* This file was automatically generated by mkproto.pl. DO NOT EDIT */ + +/* this file contains prototypes for functions that are private + * to this subsystem or library. These functions should not be + * used outside this particular subsystem! */ + + +/* The following definitions come from auth/ntlm/pam_errors.c */ + + +/***************************************************************************** +convert a PAM error to a NT status32 code + *****************************************************************************/ +NTSTATUS pam_to_nt_status(int pam_error); + +/***************************************************************************** +convert an NT status32 code to a PAM error + *****************************************************************************/ +int nt_status_to_pam(NTSTATUS nt_status); + +/***************************************************************************** +convert a PAM error to a NT status32 code + *****************************************************************************/ +NTSTATUS pam_to_nt_status(int pam_error); + +/***************************************************************************** +convert an NT status32 code to a PAM error + *****************************************************************************/ +int nt_status_to_pam(NTSTATUS nt_status); +#undef _PRINTF_ATTRIBUTE +#define _PRINTF_ATTRIBUTE(a1, a2) + +#endif /* __AUTH_NTLM_PAM_ERRORS_H__ */ + |