r4620: - add interface functions to the auth subsystem so that callers doesn't need to

use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
author: Stefan Metzmacher <metze@samba.org> 2005-01-09 12:55:25 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 13:08:34 -0500
commit: 46a32687da249174a666d9166fccbe705c8beba0 (patch)
tree: 07a43ce2b630ea0a943c01ba4d631c9da18630c8 /source4/libcli/auth/gensec_ntlmssp.c
parent: b61b22d73a0b0fb3322884e3712c89a52a47f56b (diff)
download: samba-46a32687da249174a666d9166fccbe705c8beba0.tar.gz
samba-46a32687da249174a666d9166fccbe705c8beba0.tar.bz2
samba-46a32687da249174a666d9166fccbe705c8beba0.zip
1 files changed, 54 insertions, 100 deletions
diff --git a/source4/libcli/auth/gensec_ntlmssp.c b/source4/libcli/auth/gensec_ntlmssp.c
index a91c2817af..ae97803ef7 100644
--- a/source4/libcli/auth/gensec_ntlmssp.c
+++ b/source4/libcli/auth/gensec_ntlmssp.c
@@ -5,6 +5,7 @@
 
    Copyright (C) Andrew Tridgell 2003
    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
+   Copyright (C) Stefan Metzmacher 2005
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -40,8 +41,15 @@ struct gensec_ntlmssp_state {
 static const uint8_t *auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state)
 {
 	struct gensec_ntlmssp_state *gensec_ntlmssp_state = ntlmssp_state->auth_context;
+	NTSTATUS status;
+	const uint8_t *chal;
+
+	status = auth_get_challenge(gensec_ntlmssp_state->auth_context, &chal);
+	if (!NT_STATUS_IS_OK(status)) {
+		return NULL;
+	}
 
-	return gensec_ntlmssp_state->auth_context->get_ntlm_challenge(gensec_ntlmssp_state->auth_context);
+	return chal;
 }
 
 /**
@@ -53,7 +61,7 @@ static BOOL auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_s
 {
 	struct gensec_ntlmssp_state *gensec_ntlmssp_state = ntlmssp_state->auth_context;
 
-	return gensec_ntlmssp_state->auth_context->challenge_may_be_modified;
+	return auth_challenge_may_be_modified(gensec_ntlmssp_state->auth_context);
 }
 
 /**
@@ -62,20 +70,20 @@ static BOOL auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_s
  */
 static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge)
 {
+	NTSTATUS nt_status;
 	struct gensec_ntlmssp_state *gensec_ntlmssp_state = ntlmssp_state->auth_context;
 	struct auth_context *auth_context = gensec_ntlmssp_state->auth_context;
+	const uint8_t *chal;
 
-	SMB_ASSERT(challenge->length == 8);
+	if (challenge->length != 8) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
-	auth_context->challenge = data_blob_talloc(auth_context, 
-						   challenge->data, challenge->length);
+	chal = challenge->data;
 
-	auth_context->challenge_set_by = "NTLMSSP callback (NTLM2)";
+	nt_status = auth_context_set_challenge(auth_context, chal, "NTLMSSP callback (NTLM2)");
 
-	DEBUG(5, ("auth_context challenge set by %s\n", auth_context->challenge_set_by));
-	DEBUG(5, ("challenge is: \n"));
-	dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
-	return NT_STATUS_OK;
+	return nt_status;
 }
 
 /**
@@ -90,44 +98,21 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 	struct auth_usersupplied_info *user_info = NULL;
 	NTSTATUS nt_status;
 
-#if 0
-	/* the client has given us its machine name (which we otherwise would not get on port 445).
-	   we need to possibly reload smb.conf if smb.conf includes depend on the machine name */
-
-	set_remote_machine_name(gensec_ntlmssp_state->ntlmssp_state->workstation, True);
-
-	/* setup the string used by %U */
-	/* sub_set_smb_name checks for weird internally */
-	sub_set_smb_name(gensec_ntlmssp_state->ntlmssp_state->user);
-
-	reload_services(True);
-
-#endif
-	nt_status = make_user_info_map(ntlmssp_state,
-				       &user_info, 
+	nt_status = make_user_info_map(ntlmssp_state, 
 				       gensec_ntlmssp_state->ntlmssp_state->user, 
 				       gensec_ntlmssp_state->ntlmssp_state->domain, 
 				       gensec_ntlmssp_state->ntlmssp_state->workstation, 
 	                               gensec_ntlmssp_state->ntlmssp_state->lm_resp.data ? &gensec_ntlmssp_state->ntlmssp_state->lm_resp : NULL, 
 	                               gensec_ntlmssp_state->ntlmssp_state->nt_resp.data ? &gensec_ntlmssp_state->ntlmssp_state->nt_resp : NULL, 
-				       NULL, NULL, NULL,
-				       True);
-
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		return nt_status;
-	}
-
-	nt_status = gensec_ntlmssp_state->
-		auth_context->check_ntlm_password(gensec_ntlmssp_state->auth_context, 
-						  user_info, 
-						  gensec_ntlmssp_state, 
-						  &gensec_ntlmssp_state->server_info); 
+				       NULL, NULL, NULL, True,
+				       &user_info);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
 
-	free_user_info(&user_info);
+	nt_status = auth_check_password(gensec_ntlmssp_state->auth_context, gensec_ntlmssp_state,
+						  user_info, &gensec_ntlmssp_state->server_info);
+	talloc_free(user_info);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
 
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		return nt_status;
-	}
 	if (gensec_ntlmssp_state->server_info->user_session_key.length) {
 		DEBUG(10, ("Got NT session key of length %u\n", gensec_ntlmssp_state->server_info->user_session_key.length));
 		*user_session_key = data_blob_talloc(ntlmssp_state, 
@@ -151,12 +136,6 @@ static int gensec_ntlmssp_destroy(void *ptr)
 		ntlmssp_end(&gensec_ntlmssp_state->ntlmssp_state);
 	}
 
-	if (gensec_ntlmssp_state->auth_context) {
-		free_auth_context(&gensec_ntlmssp_state->auth_context);
-	}
-	if (gensec_ntlmssp_state->server_info) {
-		free_server_info(&gensec_ntlmssp_state->server_info);
-	}
 	return 0;
 }
 
@@ -183,21 +162,16 @@ static NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security)
 static NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
 {
 	NTSTATUS nt_status;
-	NTSTATUS status;
 	struct ntlmssp_state *ntlmssp_state;
 	struct gensec_ntlmssp_state *gensec_ntlmssp_state;
 
-	status = gensec_ntlmssp_start(gensec_security);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
+	nt_status = gensec_ntlmssp_start(gensec_security);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	gensec_ntlmssp_state = gensec_security->private_data;
 
-	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_server_start(gensec_ntlmssp_state,
-							      &gensec_ntlmssp_state->ntlmssp_state))) {
-		return nt_status;
-	}
+	nt_status = ntlmssp_server_start(gensec_ntlmssp_state, &gensec_ntlmssp_state->ntlmssp_state);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
 		gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
@@ -206,19 +180,17 @@ static NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_secur
 		gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
 	}
 
-	ntlmssp_state = gensec_ntlmssp_state->ntlmssp_state;
-	nt_status = make_auth_context_subsystem(gensec_ntlmssp_state, &gensec_ntlmssp_state->auth_context);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		return nt_status;
-	}
+	nt_status = auth_context_create(gensec_ntlmssp_state, lp_auth_methods(), &gensec_ntlmssp_state->auth_context);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
 
+	ntlmssp_state = gensec_ntlmssp_state->ntlmssp_state;
 	ntlmssp_state->auth_context = gensec_ntlmssp_state;
 	ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
 	ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
 	ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
 	ntlmssp_state->check_password = auth_ntlmssp_check_password;
 	ntlmssp_state->server_role = lp_server_role();
-	
+
 	return NT_STATUS_OK;
 }
 
@@ -226,19 +198,15 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur
 {
 	struct gensec_ntlmssp_state *gensec_ntlmssp_state;
 	char *password = NULL;
-	
-	NTSTATUS status;
-	status = gensec_ntlmssp_start(gensec_security);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
+	NTSTATUS nt_status;
+
+	nt_status = gensec_ntlmssp_start(gensec_security);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	gensec_ntlmssp_state = gensec_security->private_data;
-	status = ntlmssp_client_start(gensec_ntlmssp_state,
-				      &gensec_ntlmssp_state->ntlmssp_state);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
+	nt_status = ntlmssp_client_start(gensec_ntlmssp_state,
+					 &gensec_ntlmssp_state->ntlmssp_state);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
 		/*
@@ -259,36 +227,27 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur
 		gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
 	}
 
-	status = ntlmssp_set_domain(gensec_ntlmssp_state->ntlmssp_state, 
-				    gensec_security->user.domain);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
+	nt_status = ntlmssp_set_domain(gensec_ntlmssp_state->ntlmssp_state, 
+				       gensec_security->user.domain);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
 	
-	status = ntlmssp_set_username(gensec_ntlmssp_state->ntlmssp_state, 
-				      gensec_security->user.name);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
+	nt_status = ntlmssp_set_username(gensec_ntlmssp_state->ntlmssp_state, 
+					 gensec_security->user.name);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	if (gensec_security->user.name) {
-		status = gensec_get_password(gensec_security, gensec_ntlmssp_state, &password);
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
+		nt_status = gensec_get_password(gensec_security, gensec_ntlmssp_state, &password);
+		NT_STATUS_NOT_OK_RETURN(nt_status);
 	}
 
 	if (password) {
-		status = ntlmssp_set_password(gensec_ntlmssp_state->ntlmssp_state, 
-					      password);
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
+		nt_status = ntlmssp_set_password(gensec_ntlmssp_state->ntlmssp_state, password);
+		NT_STATUS_NOT_OK_RETURN(nt_status);
 	}
 
 	gensec_security->private_data = gensec_ntlmssp_state;
 
-	return status;
+	return NT_STATUS_OK;
 }
 
 /*
@@ -499,19 +458,14 @@ static NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_secur
 {
 	NTSTATUS nt_status;
 	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
-	nt_status = make_session_info(gensec_ntlmssp_state, gensec_ntlmssp_state->server_info, session_info);
 
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		return nt_status;
-	}
+	nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_ntlmssp_state->server_info, session_info);
+	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	(*session_info)->session_key = data_blob_talloc(*session_info, 
 							gensec_ntlmssp_state->ntlmssp_state->session_key.data,
 							gensec_ntlmssp_state->ntlmssp_state->session_key.length);
 
-	(*session_info)->workstation = talloc_strdup(*session_info, 
-						     gensec_ntlmssp_state->ntlmssp_state->workstation);
-
 	return NT_STATUS_OK;
 }
author	Stefan Metzmacher <metze@samba.org>	2005-01-09 12:55:25 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 13:08:34 -0500
commit	46a32687da249174a666d9166fccbe705c8beba0 (patch)
tree	07a43ce2b630ea0a943c01ba4d631c9da18630c8 /source4/libcli/auth/gensec_ntlmssp.c
parent	b61b22d73a0b0fb3322884e3712c89a52a47f56b (diff)
download	samba-46a32687da249174a666d9166fccbe705c8beba0.tar.gz samba-46a32687da249174a666d9166fccbe705c8beba0.tar.bz2 samba-46a32687da249174a666d9166fccbe705c8beba0.zip