summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_ntlmssp.c34
-rw-r--r--source3/include/ntlmssp.h4
-rw-r--r--source3/include/proto.h8
-rw-r--r--source3/libsmb/ntlmssp.c101
-rw-r--r--source3/utils/ntlm_auth.c28
5 files changed, 131 insertions, 44 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 9eccebc564..3431d79a3f 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -157,6 +157,26 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
{
NTSTATUS nt_status;
TALLOC_CTX *mem_ctx;
+ bool is_standalone;
+ const char *netbios_name;
+ const char *netbios_domain;
+ const char *dns_name;
+ char *dns_domain;
+
+ if ((enum server_types)lp_server_role() == ROLE_STANDALONE) {
+ is_standalone = true;
+ } else {
+ is_standalone = false;
+ }
+
+ netbios_name = global_myname();
+ netbios_domain = lp_workgroup();
+ /* This should be a 'netbios domain -> DNS domain' mapping */
+ dns_domain = get_mydnsdomname(talloc_tos());
+ if (dns_domain) {
+ strlower_m(dns_domain);
+ }
+ dns_name = get_mydnsfullname();
mem_ctx = talloc_init("AUTH NTLMSSP context");
@@ -171,7 +191,14 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
(*auth_ntlmssp_state)->mem_ctx = mem_ctx;
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_server_start(&(*auth_ntlmssp_state)->ntlmssp_state))) {
+ nt_status = ntlmssp_server_start(NULL,
+ is_standalone,
+ netbios_name,
+ netbios_domain,
+ dns_name,
+ dns_domain,
+ &(*auth_ntlmssp_state)->ntlmssp_state);
+ if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
@@ -184,11 +211,6 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
(*auth_ntlmssp_state)->ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
(*auth_ntlmssp_state)->ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
(*auth_ntlmssp_state)->ntlmssp_state->check_password = auth_ntlmssp_check_password;
- if ((enum server_types)lp_server_role() == ROLE_STANDALONE) {
- (*auth_ntlmssp_state)->ntlmssp_state->server.is_standalone = true;
- } else {
- (*auth_ntlmssp_state)->ntlmssp_state->server.is_standalone = false;
- }
return NT_STATUS_OK;
}
diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h
index 636a0e7d5d..9c9b1fc951 100644
--- a/source3/include/ntlmssp.h
+++ b/source3/include/ntlmssp.h
@@ -59,6 +59,10 @@ struct ntlmssp_state
struct {
bool is_standalone;
+ const char *netbios_name;
+ const char *netbios_domain;
+ const char *dns_name;
+ const char *dns_domain;
} server;
DATA_BLOB internal_chal; /* Random challenge as supplied to the client for NTLM authentication */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index b3f22edba4..de2923938b 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3210,7 +3210,13 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
const DATA_BLOB in, DATA_BLOB *out) ;
void ntlmssp_end(struct ntlmssp_state **ntlmssp_state);
DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx);
-NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state);
+NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx,
+ bool is_standalone,
+ const char *netbios_name,
+ const char *netbios_domain,
+ const char *dns_name,
+ const char *dns_domain,
+ struct ntlmssp_state **ntlmssp_state);
NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state);
/* The following definitions come from libsmb/ntlmssp_sign.c */
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index c5b445d443..ac856bc489 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -369,10 +369,10 @@ static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
*chal_flags |= NTLMSSP_REQUEST_TARGET;
if (ntlmssp_state->server.is_standalone) {
*chal_flags |= NTLMSSP_TARGET_TYPE_SERVER;
- return ntlmssp_state->get_global_myname();
+ return ntlmssp_state->server.netbios_name;
} else {
*chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN;
- return ntlmssp_state->get_domain();
+ return ntlmssp_state->server.netbios_domain;
};
} else {
return "";
@@ -492,8 +492,6 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
const DATA_BLOB request, DATA_BLOB *reply)
{
DATA_BLOB struct_blob;
- const char *dnsname;
- char *dnsdomname = NULL;
uint32 neg_flags = 0;
uint32 ntlmssp_command, chal_flags;
uint8_t cryptkey[8];
@@ -560,29 +558,14 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state,
cryptkey, 8);
- /* This should be a 'netbios domain -> DNS domain' mapping */
- dnsdomname = get_mydnsdomname(ntlmssp_state);
- if (!dnsdomname) {
- dnsdomname = talloc_strdup(ntlmssp_state, "");
- }
- if (!dnsdomname) {
- return NT_STATUS_NO_MEMORY;
- }
- strlower_m(dnsdomname);
-
- dnsname = get_mydnsfullname();
- if (!dnsname) {
- dnsname = "";
- }
-
/* This creates the 'blob' of names that appears at the end of the packet */
if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
{
msrpc_gen(ntlmssp_state, &struct_blob, "aaaaa",
MsvAvNbDomainName, target_name,
- MsvAvNbComputerName, ntlmssp_state->get_global_myname(),
- MsvAvDnsDomainName, dnsdomname,
- MsvAvDnsComputerName, dnsname,
+ MsvAvNbComputerName, ntlmssp_state->server.netbios_name,
+ MsvAvDnsDomainName, ntlmssp_state->server.dns_domain,
+ MsvAvDnsComputerName, ntlmssp_state->server.dns_name,
MsvAvEOL, "");
} else {
struct_blob = data_blob_null;
@@ -885,28 +868,48 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
* @param ntlmssp_state NTLMSSP State, allocated by this function
*/
-NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state)
+NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx,
+ bool is_standalone,
+ const char *netbios_name,
+ const char *netbios_domain,
+ const char *dns_name,
+ const char *dns_domain,
+ struct ntlmssp_state **_ntlmssp_state)
{
- *ntlmssp_state = TALLOC_ZERO_P(NULL, struct ntlmssp_state);
- if (!*ntlmssp_state) {
- DEBUG(0,("ntlmssp_server_start: talloc failed!\n"));
- talloc_destroy(*ntlmssp_state);
+ struct ntlmssp_state *ntlmssp_state;
+
+ if (!netbios_name) {
+ netbios_name = "";
+ }
+
+ if (!netbios_domain) {
+ netbios_domain = "";
+ }
+
+ if (!dns_domain) {
+ dns_domain = "";
+ }
+
+ if (!dns_name) {
+ dns_name = "";
+ }
+
+ ntlmssp_state = talloc_zero(mem_ctx, struct ntlmssp_state);
+ if (!ntlmssp_state) {
return NT_STATUS_NO_MEMORY;
}
- (*ntlmssp_state)->role = NTLMSSP_SERVER;
+ ntlmssp_state->role = NTLMSSP_SERVER;
- (*ntlmssp_state)->get_challenge = get_challenge;
- (*ntlmssp_state)->set_challenge = set_challenge;
- (*ntlmssp_state)->may_set_challenge = may_set_challenge;
+ ntlmssp_state->get_challenge = get_challenge;
+ ntlmssp_state->set_challenge = set_challenge;
+ ntlmssp_state->may_set_challenge = may_set_challenge;
- (*ntlmssp_state)->get_global_myname = global_myname;
- (*ntlmssp_state)->get_domain = lp_workgroup;
- (*ntlmssp_state)->server.is_standalone = false; /* a good default */
+ ntlmssp_state->server.is_standalone = is_standalone;
- (*ntlmssp_state)->expected_state = NTLMSSP_NEGOTIATE;
+ ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
- (*ntlmssp_state)->neg_flags =
+ ntlmssp_state->neg_flags =
NTLMSSP_NEGOTIATE_128 |
NTLMSSP_NEGOTIATE_56 |
NTLMSSP_NEGOTIATE_VERSION |
@@ -917,6 +920,32 @@ NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state)
NTLMSSP_NEGOTIATE_SIGN |
NTLMSSP_NEGOTIATE_SEAL;
+ ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name);
+ if (!ntlmssp_state->server.netbios_name) {
+ talloc_free(ntlmssp_state);
+ return NT_STATUS_NO_MEMORY;
+ }
+ ntlmssp_state->server.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain);
+ if (!ntlmssp_state->server.netbios_domain) {
+ talloc_free(ntlmssp_state);
+ return NT_STATUS_NO_MEMORY;
+ }
+ ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
+ if (!ntlmssp_state->server.dns_name) {
+ talloc_free(ntlmssp_state);
+ return NT_STATUS_NO_MEMORY;
+ }
+ ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain);
+ if (!ntlmssp_state->server.dns_domain) {
+ talloc_free(ntlmssp_state);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* TODO: remove this */
+ ntlmssp_state->get_global_myname = global_myname;
+ ntlmssp_state->get_domain = lp_workgroup;
+
+ *_ntlmssp_state = ntlmssp_state;
return NT_STATUS_OK;
}
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index e018c28c30..487401b662 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -688,8 +688,34 @@ static NTSTATUS ntlm_auth_start_ntlmssp_client(struct ntlmssp_state **client_ntl
static NTSTATUS ntlm_auth_start_ntlmssp_server(struct ntlmssp_state **ntlmssp_state)
{
- NTSTATUS status = ntlmssp_server_start(ntlmssp_state);
+ NTSTATUS status;
+ const char *netbios_name;
+ const char *netbios_domain;
+ const char *dns_name;
+ char *dns_domain;
+ bool is_standalone = false;
+ if (opt_password) {
+ netbios_name = global_myname();
+ netbios_domain = lp_workgroup();
+ } else {
+ netbios_name = get_winbind_netbios_name();
+ netbios_domain = get_winbind_domain();
+ }
+ /* This should be a 'netbios domain -> DNS domain' mapping */
+ dns_domain = get_mydnsdomname(talloc_tos());
+ if (dns_domain) {
+ strlower_m(dns_domain);
+ }
+ dns_name = get_mydnsfullname();
+
+ status = ntlmssp_server_start(NULL,
+ is_standalone,
+ netbios_name,
+ netbios_domain,
+ dns_name,
+ dns_domain,
+ ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Could not start NTLMSSP server: %s\n",
nt_errstr(status)));