diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-05-02 08:45:00 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:51:42 -0500 |
commit | 9f084101dd392ceb85f141f55ee56bed344626ef (patch) | |
tree | 2a9884d8e99e28b9dbfb153575e32c5b8bb9ef4c /source4/smb_server | |
parent | 585d87a9590ecf64681700d70c37e5276ee8514a (diff) | |
download | samba-9f084101dd392ceb85f141f55ee56bed344626ef.tar.gz samba-9f084101dd392ceb85f141f55ee56bed344626ef.tar.bz2 samba-9f084101dd392ceb85f141f55ee56bed344626ef.zip |
r443: Update Samba4 to the auth and NTLMSSP code from Samba3.
Not all the auth code is merged - only those parts that are actually
being used in Samba4.
There is a lot more work to do in the NTLMSSP area, and I hope to
develop that work here. There is a start on this here - splitting
NTLMSSP into two parts that my operate in an async fashion (before and
after the actual authentication)
Andrew Bartlett
(This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
Diffstat (limited to 'source4/smb_server')
-rw-r--r-- | source4/smb_server/password.c | 9 | ||||
-rw-r--r-- | source4/smb_server/sesssetup.c | 22 |
2 files changed, 26 insertions, 5 deletions
diff --git a/source4/smb_server/password.c b/source4/smb_server/password.c index 2811a14c21..196556819e 100644 --- a/source4/smb_server/password.c +++ b/source4/smb_server/password.c @@ -60,6 +60,8 @@ void invalidate_vuid(struct server_context *smb, uint16 vuid) SAFE_FREE(vuser->unix_homedir); SAFE_FREE(vuser->logon_script); + data_blob_free(&vuser->session_key); + session_yield(vuser); free_server_info(&vuser->server_info); @@ -95,6 +97,10 @@ void invalidate_all_vuids(struct server_context *smb) * @param server_info The token returned from the authentication process. * (now 'owned' by register_vuid) * + * @param session_key The User session key for the login session (now also 'owned' by register_vuid) + * + * @param smb_name The untranslated name of the user + * * @return Newly allocated vuid, biased by an offset. (This allows us to * tell random client vuid's (normally zero) from valid vuids.) * @@ -102,6 +108,7 @@ void invalidate_all_vuids(struct server_context *smb) int register_vuid(struct server_context *smb, struct auth_serversupplied_info *server_info, + DATA_BLOB *session_key, const char *smb_name) { user_struct *vuser = NULL; @@ -184,7 +191,7 @@ int register_vuid(struct server_context *smb, } } - memcpy(vuser->session_key, server_info->session_key, sizeof(vuser->session_key)); + vuser->session_key = *session_key; DEBUG(10,("register_vuid: (%u,%u) %s %s %s guest=%d\n", (unsigned int)vuser->uid, diff --git a/source4/smb_server/sesssetup.c b/source4/smb_server/sesssetup.c index 14e300c191..f42efcb7ec 100644 --- a/source4/smb_server/sesssetup.c +++ b/source4/smb_server/sesssetup.c @@ -44,6 +44,7 @@ static NTSTATUS sesssetup_old(struct request_context *req, union smb_sesssetup * auth_usersupplied_info *user_info = NULL; auth_serversupplied_info *server_info = NULL; DATA_BLOB null_blob; + DATA_BLOB session_key; if (!req->smb->negotiate.done_sesssetup) { req->smb->negotiate.max_send = sess->old.in.bufsize; @@ -63,11 +64,17 @@ static NTSTATUS sesssetup_old(struct request_context *req, union smb_sesssetup * user_info, &server_info); if (!NT_STATUS_IS_OK(status)) { - return NT_STATUS_ACCESS_DENIED; + return nt_status_squash(status); + } + + if (server_info->user_session_key.data) { + session_key = data_blob(server_info->user_session_key.data, server_info->user_session_key.length); + } else { + session_key = data_blob(NULL, 0); } sess->old.out.action = 0; - sess->old.out.vuid = register_vuid(req->smb, server_info, sess->old.in.user); + sess->old.out.vuid = register_vuid(req->smb, server_info, &session_key, sess->old.in.user); sesssetup_common_strings(req, &sess->old.out.os, &sess->old.out.lanman, @@ -85,6 +92,7 @@ static NTSTATUS sesssetup_nt1(struct request_context *req, union smb_sesssetup * NTSTATUS status; auth_usersupplied_info *user_info = NULL; auth_serversupplied_info *server_info = NULL; + DATA_BLOB session_key; if (!req->smb->negotiate.done_sesssetup) { req->smb->negotiate.max_send = sess->nt1.in.bufsize; @@ -103,11 +111,17 @@ static NTSTATUS sesssetup_nt1(struct request_context *req, union smb_sesssetup * user_info, &server_info); if (!NT_STATUS_IS_OK(status)) { - return NT_STATUS_ACCESS_DENIED; + return nt_status_squash(status); + } + + if (server_info->user_session_key.data) { + session_key = data_blob(server_info->user_session_key.data, server_info->user_session_key.length); + } else { + session_key = data_blob(NULL, 0); } sess->nt1.out.action = 0; - sess->nt1.out.vuid = register_vuid(req->smb, server_info, sess->old.in.user); + sess->nt1.out.vuid = register_vuid(req->smb, server_info, &session_key, sess->old.in.user); sesssetup_common_strings(req, &sess->nt1.out.os, &sess->nt1.out.lanman, |