diff options
-rw-r--r-- | source3/rpc_server/dcesrv_auth_generic.c | 44 | ||||
-rw-r--r-- | source3/rpc_server/dcesrv_auth_generic.h | 8 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 36 |
3 files changed, 63 insertions, 25 deletions
diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c index 16dfd4a976..73737c24b7 100644 --- a/source3/rpc_server/dcesrv_auth_generic.c +++ b/source3/rpc_server/dcesrv_auth_generic.c @@ -71,7 +71,49 @@ NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx, goto done; } - /* steal ntlmssp context too */ + /* steal gensec context too */ + *ctx = talloc_move(mem_ctx, &a->gensec_security); + + status = NT_STATUS_OK; + +done: + TALLOC_FREE(a); + + return status; +} + +NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx, + uint8_t auth_type, uint8_t auth_level, + DATA_BLOB *token_in, + DATA_BLOB *token_out, + const struct tsocket_address *remote_address, + struct gensec_security **ctx) +{ + struct auth_generic_state *a = NULL; + NTSTATUS status; + + status = auth_generic_prepare(remote_address, &a); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n", + nt_errstr(status))); + return status; + } + + status = auth_generic_authtype_start(a, auth_type, auth_level); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, (__location__ ": auth_generic_start failed: %s\n", + nt_errstr(status))); + return status; + } + + status = gensec_update(a->gensec_security, mem_ctx, NULL, *token_in, token_out); + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + DEBUG(2, (__location__ ": gensec_update failed: %s\n", + nt_errstr(status))); + goto done; + } + + /* steal gensec context too */ *ctx = talloc_move(mem_ctx, &a->gensec_security); status = NT_STATUS_OK; diff --git a/source3/rpc_server/dcesrv_auth_generic.h b/source3/rpc_server/dcesrv_auth_generic.h index 119e29276a..07e69af1f7 100644 --- a/source3/rpc_server/dcesrv_auth_generic.h +++ b/source3/rpc_server/dcesrv_auth_generic.h @@ -31,6 +31,14 @@ NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx, DATA_BLOB *token_out, const struct tsocket_address *remote_address, struct gensec_security **ctx); + +NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx, + uint8_t auth_type, uint8_t auth_level, + DATA_BLOB *token_in, + DATA_BLOB *token_out, + const struct tsocket_address *remote_address, + struct gensec_security **ctx); + NTSTATUS auth_generic_server_step(struct gensec_security *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *token_in, diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index fa95c20f5f..61e306c199 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -584,7 +584,7 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p, Handle an NTLMSSP bind auth. *******************************************************************/ -static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p, +static bool pipe_auth_generic_bind(struct pipes_struct *p, TALLOC_CTX *mem_ctx, struct dcerpc_auth *auth_info, DATA_BLOB *response) @@ -592,25 +592,15 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p, struct gensec_security *gensec_security = NULL; NTSTATUS status; - if (strncmp((char *)auth_info->credentials.data, "NTLMSSP", 7) != 0) { - DEBUG(0, ("Failed to read NTLMSSP in blob\n")); - return false; - } - - /* We have an NTLMSSP blob. */ - status = auth_generic_server_start(p, - OID_NTLMSSP, - (auth_info->auth_level == - DCERPC_AUTH_LEVEL_INTEGRITY), - (auth_info->auth_level == - DCERPC_AUTH_LEVEL_PRIVACY), - true, - &auth_info->credentials, - response, - p->remote_address, - &gensec_security); + status = auth_generic_server_authtype_start(p, + auth_info->auth_type, + auth_info->auth_level, + &auth_info->credentials, + response, + p->remote_address, + &gensec_security); if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) { - DEBUG(0, (__location__ ": auth_ntlmssp_start failed: %s\n", + DEBUG(0, (__location__ ": auth_generic_server_authtype_start failed: %s\n", nt_errstr(status))); return false; } @@ -619,9 +609,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p, talloc_steal(mem_ctx, response->data); p->auth.auth_ctx = gensec_security; - p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP; - - DEBUG(10, (__location__ ": NTLMSSP auth started\n")); + p->auth.auth_type = auth_info->auth_type; return true; } @@ -1000,8 +988,8 @@ static bool api_pipe_bind_req(struct pipes_struct *p, switch (auth_type) { case DCERPC_AUTH_TYPE_NTLMSSP: - if (!pipe_ntlmssp_auth_bind(p, pkt, - &auth_info, &auth_resp)) { + if (!pipe_auth_generic_bind(p, pkt, + &auth_info, &auth_resp)) { goto err_exit; } assoc_gid = 0x7a77; |