diff options
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/globals.h | 2 | ||||
-rw-r--r-- | source3/smbd/negprot.c | 2 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 63 |
3 files changed, 22 insertions, 45 deletions
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index bfa649b98b..5b65711b99 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -509,7 +509,7 @@ struct smbd_server_connection { struct { bool encrypted_passwords; bool spnego; - struct auth_context *auth_context; + struct auth4_context *auth_context; bool done; /* * Size of the data we can receive. Set by us. diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 8a6b509fea..e44ac5cb75 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -44,7 +44,7 @@ static void get_challenge(struct smbd_server_connection *sconn, uint8 buff[8]) } DEBUG(10, ("get challenge: creating negprot_global_auth_context\n")); - nt_status = make_auth_context_subsystem( + nt_status = make_auth4_context( sconn, &sconn->smb1.negprot.auth_context); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("make_auth_context_subsystem returned %s", diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index da306b97bc..b2e1f2421f 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -77,31 +77,33 @@ static int push_signature(uint8 **outbuf) ****************************************************************************/ static NTSTATUS check_guest_password(const struct tsocket_address *remote_address, - struct auth_serversupplied_info **server_info) + TALLOC_CTX *mem_ctx, + struct auth_session_info **session_info) { - struct auth_context *auth_context; + struct auth4_context *auth_context; struct auth_usersupplied_info *user_info = NULL; - + uint8_t chal[8]; NTSTATUS nt_status; - static unsigned char chal[8] = { 0, }; DEBUG(3,("Got anonymous request\n")); - nt_status = make_auth_context_fixed(talloc_tos(), &auth_context, chal); + nt_status = make_auth4_context(talloc_tos(), &auth_context); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } + auth_context->get_ntlm_challenge(auth_context, + chal); + if (!make_user_info_guest(remote_address, &user_info)) { TALLOC_FREE(auth_context); return NT_STATUS_NO_MEMORY; } - nt_status = auth_context->check_ntlm_password(auth_context, - user_info, - server_info); - TALLOC_FREE(auth_context); + nt_status = auth_check_password_session_info(auth_context, + mem_ctx, user_info, session_info); free_user_info(&user_info); + TALLOC_FREE(auth_context); return nt_status; } @@ -396,7 +398,6 @@ void reply_sesssetup_and_X(struct smb_request *req) const char *native_lanman; const char *primary_domain; struct auth_usersupplied_info *user_info = NULL; - struct auth_serversupplied_info *server_info = NULL; struct auth_session_info *session_info = NULL; uint16 smb_flag2 = req->flags2; @@ -671,10 +672,10 @@ void reply_sesssetup_and_X(struct smb_request *req) if (!*user) { - nt_status = check_guest_password(sconn->remote_address, &server_info); + nt_status = check_guest_password(sconn->remote_address, req, &session_info); } else if (doencrypt) { - struct auth_context *negprot_auth_context = NULL; + struct auth4_context *negprot_auth_context = NULL; negprot_auth_context = sconn->smb1.negprot.auth_context; if (!negprot_auth_context) { DEBUG(0, ("reply_sesssetup_and_X: Attempted encrypted " @@ -689,15 +690,13 @@ void reply_sesssetup_and_X(struct smb_request *req) sconn->remote_address, lm_resp, nt_resp); if (NT_STATUS_IS_OK(nt_status)) { - nt_status = negprot_auth_context->check_ntlm_password( - negprot_auth_context, - user_info, - &server_info); + nt_status = auth_check_password_session_info(negprot_auth_context, + req, user_info, &session_info); } } else { - struct auth_context *plaintext_auth_context = NULL; + struct auth4_context *plaintext_auth_context = NULL; - nt_status = make_auth_context_subsystem( + nt_status = make_auth4_context( talloc_tos(), &plaintext_auth_context); if (NT_STATUS_IS_OK(nt_status)) { @@ -715,38 +714,16 @@ void reply_sesssetup_and_X(struct smb_request *req) } if (NT_STATUS_IS_OK(nt_status)) { - nt_status = plaintext_auth_context->check_ntlm_password( - plaintext_auth_context, - user_info, - &server_info); - - TALLOC_FREE(plaintext_auth_context); + nt_status = auth_check_password_session_info(plaintext_auth_context, + req, user_info, &session_info); } + TALLOC_FREE(plaintext_auth_context); } } free_user_info(&user_info); if (!NT_STATUS_IS_OK(nt_status)) { - nt_status = do_map_to_guest_server_info(nt_status, &server_info, - user, domain); - } - - if (!NT_STATUS_IS_OK(nt_status)) { - data_blob_free(&nt_resp); - data_blob_free(&lm_resp); - data_blob_clear_free(&plaintext_password); - reply_nterror(req, nt_status_squash(nt_status)); - END_PROFILE(SMBsesssetupX); - return; - } - - nt_status = create_local_token(req, server_info, NULL, sub_user, &session_info); - TALLOC_FREE(server_info); - - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(10, ("create_local_token failed: %s\n", - nt_errstr(nt_status))); data_blob_free(&nt_resp); data_blob_free(&lm_resp); data_blob_clear_free(&plaintext_password); |