summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth.c13
-rw-r--r--source3/auth/auth_ntlmssp.c6
-rw-r--r--source3/auth/proto.h40
-rw-r--r--source3/include/auth.h6
-rw-r--r--source3/rpc_server/netlogon/srv_netlog_nt.c4
5 files changed, 50 insertions, 19 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 0c91065605..4b075a6c54 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -78,8 +78,8 @@ static struct auth_init_function_entry *auth_find_backend_entry(const char *name
Returns a const char of length 8 bytes.
****************************************************************************/
-static NTSTATUS get_ntlm_challenge(struct auth_context *auth_context,
- uint8_t chal[8])
+NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
+ uint8_t chal[8])
{
DATA_BLOB challenge = data_blob_null;
const char *challenge_set_by = NULL;
@@ -202,9 +202,9 @@ static bool check_domain_match(const char *user, const char *domain)
*
**/
-static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
- const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info)
+NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
/* if all the modules say 'not for me' this is reasonable */
NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
@@ -366,9 +366,6 @@ static NTSTATUS make_auth_context(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- ctx->check_ntlm_password = check_ntlm_password;
- ctx->get_ntlm_challenge = get_ntlm_challenge;
-
talloc_set_destructor((TALLOC_CTX *)ctx, auth_context_destructor);
*auth_context = ctx;
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 582c8dc591..3437dbfb83 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -59,7 +59,7 @@ NTSTATUS auth3_get_challenge(struct auth4_context *auth4_context,
{
struct auth_context *auth_context = talloc_get_type_abort(auth4_context->private_data,
struct auth_context);
- auth_context->get_ntlm_challenge(auth_context, chal);
+ auth_get_ntlm_challenge(auth_context, chal);
return NT_STATUS_OK;
}
@@ -146,8 +146,8 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
mapped_user_info->flags = user_info->flags;
- nt_status = auth_context->check_ntlm_password(auth_context,
- mapped_user_info, &server_info);
+ nt_status = auth_check_ntlm_password(auth_context,
+ mapped_user_info, &server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n",
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 04f94ae84b..01e2934dc7 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -44,6 +44,46 @@ NTSTATUS make_auth_context_fixed(TALLOC_CTX *mem_ctx,
struct auth_context **auth_context,
uchar chal[8]) ;
+/****************************************************************************
+ Try to get a challenge out of the various authentication modules.
+ Returns a const char of length 8 bytes.
+****************************************************************************/
+
+NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
+ uint8_t chal[8]);
+
+/**
+ * Check a user's Plaintext, LM or NTLM password.
+ *
+ * Check a user's password, as given in the user_info struct and return various
+ * interesting details in the server_info struct.
+ *
+ * This function does NOT need to be in a become_root()/unbecome_root() pair
+ * as it makes the calls itself when needed.
+ *
+ * The return value takes precedence over the contents of the server_info
+ * struct. When the return is other than NT_STATUS_OK the contents
+ * of that structure is undefined.
+ *
+ * @param user_info Contains the user supplied components, including the passwords.
+ * Must be created with make_user_info() or one of its wrappers.
+ *
+ * @param auth_context Supplies the challenges and some other data.
+ * Must be created with make_auth_context(), and the challenges should be
+ * filled in, either at creation or by calling the challenge geneation
+ * function auth_get_challenge().
+ *
+ * @param server_info If successful, contains information about the authentication,
+ * including a struct samu struct describing the user.
+ *
+ * @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
+ *
+ **/
+
+NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info);
+
/* The following definitions come from auth/auth_builtin.c */
NTSTATUS auth_builtin_init(void);
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 894b7dff81..7f2c3e5db7 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -84,12 +84,6 @@ struct auth_context {
/* What order are the various methods in? Try to stop it changing under us */
struct auth_methods *auth_method_list;
- NTSTATUS (*get_ntlm_challenge)(struct auth_context *auth_context,
- uint8_t chal[8]);
- NTSTATUS (*check_ntlm_password)(const struct auth_context *auth_context,
- const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info);
-
prepare_gensec_fn prepare_gensec;
make_auth4_context_fn make_auth4_context;
};
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index fdbe9373a8..00d64a8aeb 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1584,7 +1584,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
return status;
}
- auth_context->get_ntlm_challenge(auth_context, chal);
+ auth_get_ntlm_challenge(auth_context, chal);
if (!make_user_info_netlogon_interactive(&user_info,
nt_username, nt_domain,
@@ -1605,7 +1605,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
} /* end switch */
if ( NT_STATUS_IS_OK(status) ) {
- status = auth_context->check_ntlm_password(auth_context,
+ status = auth_check_ntlm_password(auth_context,
user_info, &server_info);
}