diff options
-rw-r--r-- | source3/auth/auth_ntlmssp.c | 34 | ||||
-rw-r--r-- | source3/include/ntlmssp.h | 4 | ||||
-rw-r--r-- | source3/include/proto.h | 8 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp.c | 101 | ||||
-rw-r--r-- | source3/utils/ntlm_auth.c | 28 |
5 files changed, 131 insertions, 44 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 9eccebc564..3431d79a3f 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -157,6 +157,26 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state) { NTSTATUS nt_status; TALLOC_CTX *mem_ctx; + bool is_standalone; + const char *netbios_name; + const char *netbios_domain; + const char *dns_name; + char *dns_domain; + + if ((enum server_types)lp_server_role() == ROLE_STANDALONE) { + is_standalone = true; + } else { + is_standalone = false; + } + + netbios_name = global_myname(); + netbios_domain = lp_workgroup(); + /* This should be a 'netbios domain -> DNS domain' mapping */ + dns_domain = get_mydnsdomname(talloc_tos()); + if (dns_domain) { + strlower_m(dns_domain); + } + dns_name = get_mydnsfullname(); mem_ctx = talloc_init("AUTH NTLMSSP context"); @@ -171,7 +191,14 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state) (*auth_ntlmssp_state)->mem_ctx = mem_ctx; - if (!NT_STATUS_IS_OK(nt_status = ntlmssp_server_start(&(*auth_ntlmssp_state)->ntlmssp_state))) { + nt_status = ntlmssp_server_start(NULL, + is_standalone, + netbios_name, + netbios_domain, + dns_name, + dns_domain, + &(*auth_ntlmssp_state)->ntlmssp_state); + if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -184,11 +211,6 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state) (*auth_ntlmssp_state)->ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge; (*auth_ntlmssp_state)->ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge; (*auth_ntlmssp_state)->ntlmssp_state->check_password = auth_ntlmssp_check_password; - if ((enum server_types)lp_server_role() == ROLE_STANDALONE) { - (*auth_ntlmssp_state)->ntlmssp_state->server.is_standalone = true; - } else { - (*auth_ntlmssp_state)->ntlmssp_state->server.is_standalone = false; - } return NT_STATUS_OK; } diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index 636a0e7d5d..9c9b1fc951 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -59,6 +59,10 @@ struct ntlmssp_state struct { bool is_standalone; + const char *netbios_name; + const char *netbios_domain; + const char *dns_name; + const char *dns_domain; } server; DATA_BLOB internal_chal; /* Random challenge as supplied to the client for NTLM authentication */ diff --git a/source3/include/proto.h b/source3/include/proto.h index b3f22edba4..de2923938b 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3210,7 +3210,13 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state, const DATA_BLOB in, DATA_BLOB *out) ; void ntlmssp_end(struct ntlmssp_state **ntlmssp_state); DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx); -NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state); +NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, + bool is_standalone, + const char *netbios_name, + const char *netbios_domain, + const char *dns_name, + const char *dns_domain, + struct ntlmssp_state **ntlmssp_state); NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state); /* The following definitions come from libsmb/ntlmssp_sign.c */ diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index c5b445d443..ac856bc489 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -369,10 +369,10 @@ static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state, *chal_flags |= NTLMSSP_REQUEST_TARGET; if (ntlmssp_state->server.is_standalone) { *chal_flags |= NTLMSSP_TARGET_TYPE_SERVER; - return ntlmssp_state->get_global_myname(); + return ntlmssp_state->server.netbios_name; } else { *chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN; - return ntlmssp_state->get_domain(); + return ntlmssp_state->server.netbios_domain; }; } else { return ""; @@ -492,8 +492,6 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, const DATA_BLOB request, DATA_BLOB *reply) { DATA_BLOB struct_blob; - const char *dnsname; - char *dnsdomname = NULL; uint32 neg_flags = 0; uint32 ntlmssp_command, chal_flags; uint8_t cryptkey[8]; @@ -560,29 +558,14 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state, cryptkey, 8); - /* This should be a 'netbios domain -> DNS domain' mapping */ - dnsdomname = get_mydnsdomname(ntlmssp_state); - if (!dnsdomname) { - dnsdomname = talloc_strdup(ntlmssp_state, ""); - } - if (!dnsdomname) { - return NT_STATUS_NO_MEMORY; - } - strlower_m(dnsdomname); - - dnsname = get_mydnsfullname(); - if (!dnsname) { - dnsname = ""; - } - /* This creates the 'blob' of names that appears at the end of the packet */ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) { msrpc_gen(ntlmssp_state, &struct_blob, "aaaaa", MsvAvNbDomainName, target_name, - MsvAvNbComputerName, ntlmssp_state->get_global_myname(), - MsvAvDnsDomainName, dnsdomname, - MsvAvDnsComputerName, dnsname, + MsvAvNbComputerName, ntlmssp_state->server.netbios_name, + MsvAvDnsDomainName, ntlmssp_state->server.dns_domain, + MsvAvDnsComputerName, ntlmssp_state->server.dns_name, MsvAvEOL, ""); } else { struct_blob = data_blob_null; @@ -885,28 +868,48 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, * @param ntlmssp_state NTLMSSP State, allocated by this function */ -NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state) +NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, + bool is_standalone, + const char *netbios_name, + const char *netbios_domain, + const char *dns_name, + const char *dns_domain, + struct ntlmssp_state **_ntlmssp_state) { - *ntlmssp_state = TALLOC_ZERO_P(NULL, struct ntlmssp_state); - if (!*ntlmssp_state) { - DEBUG(0,("ntlmssp_server_start: talloc failed!\n")); - talloc_destroy(*ntlmssp_state); + struct ntlmssp_state *ntlmssp_state; + + if (!netbios_name) { + netbios_name = ""; + } + + if (!netbios_domain) { + netbios_domain = ""; + } + + if (!dns_domain) { + dns_domain = ""; + } + + if (!dns_name) { + dns_name = ""; + } + + ntlmssp_state = talloc_zero(mem_ctx, struct ntlmssp_state); + if (!ntlmssp_state) { return NT_STATUS_NO_MEMORY; } - (*ntlmssp_state)->role = NTLMSSP_SERVER; + ntlmssp_state->role = NTLMSSP_SERVER; - (*ntlmssp_state)->get_challenge = get_challenge; - (*ntlmssp_state)->set_challenge = set_challenge; - (*ntlmssp_state)->may_set_challenge = may_set_challenge; + ntlmssp_state->get_challenge = get_challenge; + ntlmssp_state->set_challenge = set_challenge; + ntlmssp_state->may_set_challenge = may_set_challenge; - (*ntlmssp_state)->get_global_myname = global_myname; - (*ntlmssp_state)->get_domain = lp_workgroup; - (*ntlmssp_state)->server.is_standalone = false; /* a good default */ + ntlmssp_state->server.is_standalone = is_standalone; - (*ntlmssp_state)->expected_state = NTLMSSP_NEGOTIATE; + ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE; - (*ntlmssp_state)->neg_flags = + ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_56 | NTLMSSP_NEGOTIATE_VERSION | @@ -917,6 +920,32 @@ NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state) NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL; + ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name); + if (!ntlmssp_state->server.netbios_name) { + talloc_free(ntlmssp_state); + return NT_STATUS_NO_MEMORY; + } + ntlmssp_state->server.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain); + if (!ntlmssp_state->server.netbios_domain) { + talloc_free(ntlmssp_state); + return NT_STATUS_NO_MEMORY; + } + ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name); + if (!ntlmssp_state->server.dns_name) { + talloc_free(ntlmssp_state); + return NT_STATUS_NO_MEMORY; + } + ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain); + if (!ntlmssp_state->server.dns_domain) { + talloc_free(ntlmssp_state); + return NT_STATUS_NO_MEMORY; + } + + /* TODO: remove this */ + ntlmssp_state->get_global_myname = global_myname; + ntlmssp_state->get_domain = lp_workgroup; + + *_ntlmssp_state = ntlmssp_state; return NT_STATUS_OK; } diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index e018c28c30..487401b662 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -688,8 +688,34 @@ static NTSTATUS ntlm_auth_start_ntlmssp_client(struct ntlmssp_state **client_ntl static NTSTATUS ntlm_auth_start_ntlmssp_server(struct ntlmssp_state **ntlmssp_state) { - NTSTATUS status = ntlmssp_server_start(ntlmssp_state); + NTSTATUS status; + const char *netbios_name; + const char *netbios_domain; + const char *dns_name; + char *dns_domain; + bool is_standalone = false; + if (opt_password) { + netbios_name = global_myname(); + netbios_domain = lp_workgroup(); + } else { + netbios_name = get_winbind_netbios_name(); + netbios_domain = get_winbind_domain(); + } + /* This should be a 'netbios domain -> DNS domain' mapping */ + dns_domain = get_mydnsdomname(talloc_tos()); + if (dns_domain) { + strlower_m(dns_domain); + } + dns_name = get_mydnsfullname(); + + status = ntlmssp_server_start(NULL, + is_standalone, + netbios_name, + netbios_domain, + dns_name, + dns_domain, + ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Could not start NTLMSSP server: %s\n", nt_errstr(status))); |