diff options
-rw-r--r-- | source3/auth/auth.c | 13 | ||||
-rw-r--r-- | source3/auth/auth_ntlmssp.c | 6 | ||||
-rw-r--r-- | source3/auth/proto.h | 40 | ||||
-rw-r--r-- | source3/include/auth.h | 6 | ||||
-rw-r--r-- | source3/rpc_server/netlogon/srv_netlog_nt.c | 4 |
5 files changed, 50 insertions, 19 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 0c91065605..4b075a6c54 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -78,8 +78,8 @@ static struct auth_init_function_entry *auth_find_backend_entry(const char *name Returns a const char of length 8 bytes. ****************************************************************************/ -static NTSTATUS get_ntlm_challenge(struct auth_context *auth_context, - uint8_t chal[8]) +NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context, + uint8_t chal[8]) { DATA_BLOB challenge = data_blob_null; const char *challenge_set_by = NULL; @@ -202,9 +202,9 @@ static bool check_domain_match(const char *user, const char *domain) * **/ -static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, - const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **server_info) +NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { /* if all the modules say 'not for me' this is reasonable */ NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER; @@ -366,9 +366,6 @@ static NTSTATUS make_auth_context(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - ctx->check_ntlm_password = check_ntlm_password; - ctx->get_ntlm_challenge = get_ntlm_challenge; - talloc_set_destructor((TALLOC_CTX *)ctx, auth_context_destructor); *auth_context = ctx; diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 582c8dc591..3437dbfb83 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -59,7 +59,7 @@ NTSTATUS auth3_get_challenge(struct auth4_context *auth4_context, { struct auth_context *auth_context = talloc_get_type_abort(auth4_context->private_data, struct auth_context); - auth_context->get_ntlm_challenge(auth_context, chal); + auth_get_ntlm_challenge(auth_context, chal); return NT_STATUS_OK; } @@ -146,8 +146,8 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context, mapped_user_info->flags = user_info->flags; - nt_status = auth_context->check_ntlm_password(auth_context, - mapped_user_info, &server_info); + nt_status = auth_check_ntlm_password(auth_context, + mapped_user_info, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n", diff --git a/source3/auth/proto.h b/source3/auth/proto.h index 04f94ae84b..01e2934dc7 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -44,6 +44,46 @@ NTSTATUS make_auth_context_fixed(TALLOC_CTX *mem_ctx, struct auth_context **auth_context, uchar chal[8]) ; +/**************************************************************************** + Try to get a challenge out of the various authentication modules. + Returns a const char of length 8 bytes. +****************************************************************************/ + +NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context, + uint8_t chal[8]); + +/** + * Check a user's Plaintext, LM or NTLM password. + * + * Check a user's password, as given in the user_info struct and return various + * interesting details in the server_info struct. + * + * This function does NOT need to be in a become_root()/unbecome_root() pair + * as it makes the calls itself when needed. + * + * The return value takes precedence over the contents of the server_info + * struct. When the return is other than NT_STATUS_OK the contents + * of that structure is undefined. + * + * @param user_info Contains the user supplied components, including the passwords. + * Must be created with make_user_info() or one of its wrappers. + * + * @param auth_context Supplies the challenges and some other data. + * Must be created with make_auth_context(), and the challenges should be + * filled in, either at creation or by calling the challenge geneation + * function auth_get_challenge(). + * + * @param server_info If successful, contains information about the authentication, + * including a struct samu struct describing the user. + * + * @return An NTSTATUS with NT_STATUS_OK or an appropriate error. + * + **/ + +NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info); + /* The following definitions come from auth/auth_builtin.c */ NTSTATUS auth_builtin_init(void); diff --git a/source3/include/auth.h b/source3/include/auth.h index 894b7dff81..7f2c3e5db7 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -84,12 +84,6 @@ struct auth_context { /* What order are the various methods in? Try to stop it changing under us */ struct auth_methods *auth_method_list; - NTSTATUS (*get_ntlm_challenge)(struct auth_context *auth_context, - uint8_t chal[8]); - NTSTATUS (*check_ntlm_password)(const struct auth_context *auth_context, - const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **server_info); - prepare_gensec_fn prepare_gensec; make_auth4_context_fn make_auth4_context; }; diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index fdbe9373a8..00d64a8aeb 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1584,7 +1584,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, return status; } - auth_context->get_ntlm_challenge(auth_context, chal); + auth_get_ntlm_challenge(auth_context, chal); if (!make_user_info_netlogon_interactive(&user_info, nt_username, nt_domain, @@ -1605,7 +1605,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, } /* end switch */ if ( NT_STATUS_IS_OK(status) ) { - status = auth_context->check_ntlm_password(auth_context, + status = auth_check_ntlm_password(auth_context, user_info, &server_info); } |