diff options
Diffstat (limited to 'source4/libcli/auth')
-rw-r--r-- | source4/libcli/auth/credentials.c | 6 | ||||
-rw-r--r-- | source4/libcli/auth/credentials.h | 1 | ||||
-rw-r--r-- | source4/libcli/auth/gensec.c | 30 | ||||
-rw-r--r-- | source4/libcli/auth/gensec.h | 3 | ||||
-rw-r--r-- | source4/libcli/auth/gensec_ntlmssp.c | 3 | ||||
-rw-r--r-- | source4/libcli/auth/ntlmssp.c | 16 | ||||
-rw-r--r-- | source4/libcli/auth/ntlmssp.h | 4 | ||||
-rw-r--r-- | source4/libcli/auth/schannel.c | 16 | ||||
-rw-r--r-- | source4/libcli/auth/schannel_state.c | 6 |
9 files changed, 60 insertions, 25 deletions
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c index bcb462ae9d..90b8313c9d 100644 --- a/source4/libcli/auth/credentials.c +++ b/source4/libcli/auth/credentials.c @@ -192,12 +192,18 @@ next comes the client specific functions void creds_client_init(struct creds_CredentialState *creds, const struct netr_Credential *client_challenge, const struct netr_Credential *server_challenge, + const char *computer_name, + const char *domain, + const char *account_name, const struct samr_Password *machine_password, struct netr_Credential *initial_credential, uint32_t negotiate_flags) { creds->sequence = time(NULL); creds->negotiate_flags = negotiate_flags; + creds->computer_name = talloc_strdup(creds, computer_name); + creds->domain = talloc_strdup(creds, domain); + creds->account_name = talloc_strdup(creds, account_name); dump_data_pw("Client chall", client_challenge->data, sizeof(client_challenge->data)); dump_data_pw("Server chall", server_challenge->data, sizeof(server_challenge->data)); diff --git a/source4/libcli/auth/credentials.h b/source4/libcli/auth/credentials.h index d1417bf83e..6ce3288b01 100644 --- a/source4/libcli/auth/credentials.h +++ b/source4/libcli/auth/credentials.h @@ -30,6 +30,7 @@ struct creds_CredentialState { struct netr_Credential client; struct netr_Credential server; uint16_t secure_channel_type; + const char *domain; const char *computer_name; const char *account_name; uint32_t rid; diff --git a/source4/libcli/auth/gensec.c b/source4/libcli/auth/gensec.c index e0fa27359a..d3fa7daae3 100644 --- a/source4/libcli/auth/gensec.c +++ b/source4/libcli/auth/gensec.c @@ -148,7 +148,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, struct gensec_security **gense * @param mem_ctx The parent TALLOC memory context. * @param parent The parent GENSEC context * @param gensec_security Returned GENSEC context pointer. - * @note Used by SPENGO in particular, for the actual implementation mechanism + * @note Used by SPNEGO in particular, for the actual implementation mechanism */ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, @@ -618,6 +618,34 @@ const char *gensec_get_domain(struct gensec_security *gensec_security) } /** + * Set the client workstation on a GENSEC context - ensures it is talloc()ed + * + */ + +NTSTATUS gensec_set_workstation(struct gensec_security *gensec_security, const char *workstation) +{ + gensec_security->user.workstation = talloc_strdup(gensec_security, workstation); + if (!gensec_security->user.workstation) { + return NT_STATUS_NO_MEMORY; + } + return NT_STATUS_OK; +} + +/** + * Return the client workstation on a GENSEC context - ensures it is talloc()ed + * + */ + +const char *gensec_get_workstation(struct gensec_security *gensec_security) +{ + if (gensec_security->user.workstation) { + return gensec_security->user.workstation; + } else { + return lp_netbios_name(); + } +} + +/** * Set a kerberos realm on a GENSEC context - ensures it is talloc()ed * */ diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h index a555584840..a4383d852c 100644 --- a/source4/libcli/auth/gensec.h +++ b/source4/libcli/auth/gensec.h @@ -29,6 +29,7 @@ struct gensec_security; struct gensec_user { + const char *workstation; const char *domain; const char *realm; const char *name; @@ -59,7 +60,7 @@ struct gensec_security_ops { const char *name; const char *sasl_name; uint8_t auth_type; /* 0 if not offered on DCE-RPC */ - const char *oid; /* NULL if not offered by SPENGO */ + const char *oid; /* NULL if not offered by SPNEGO */ NTSTATUS (*client_start)(struct gensec_security *gensec_security); NTSTATUS (*server_start)(struct gensec_security *gensec_security); NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, diff --git a/source4/libcli/auth/gensec_ntlmssp.c b/source4/libcli/auth/gensec_ntlmssp.c index 524815382d..51456d9107 100644 --- a/source4/libcli/auth/gensec_ntlmssp.c +++ b/source4/libcli/auth/gensec_ntlmssp.c @@ -245,6 +245,9 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur NT_STATUS_NOT_OK_RETURN(nt_status); } + nt_status = ntlmssp_set_workstation(gensec_ntlmssp_state->ntlmssp_state, + gensec_get_workstation(gensec_security)); + gensec_security->private_data = gensec_ntlmssp_state; return NT_STATUS_OK; diff --git a/source4/libcli/auth/ntlmssp.c b/source4/libcli/auth/ntlmssp.c index 572ce66bb2..91bc9eadbd 100644 --- a/source4/libcli/auth/ntlmssp.c +++ b/source4/libcli/auth/ntlmssp.c @@ -194,7 +194,7 @@ NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *dom NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char *workstation) { ntlmssp_state->workstation = talloc_strdup(ntlmssp_state, workstation); - if (!ntlmssp_state->domain) { + if (!ntlmssp_state->workstation) { return NT_STATUS_NO_MEMORY; } return NT_STATUS_OK; @@ -346,7 +346,7 @@ static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state, *chal_flags |= NTLMSSP_REQUEST_TARGET; if (ntlmssp_state->server_role == ROLE_STANDALONE) { *chal_flags |= NTLMSSP_TARGET_TYPE_SERVER; - return ntlmssp_state->get_global_myname(); + return ntlmssp_state->server_name; } else { *chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN; return ntlmssp_state->get_domain(); @@ -531,7 +531,7 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, msrpc_gen(out_mem_ctx, &struct_blob, "aaaaa", NTLMSSP_NAME_TYPE_DOMAIN, target_name, - NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->get_global_myname(), + NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->server_name, NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname, NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname, 0, ""); @@ -923,7 +923,9 @@ NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, struct ntlmssp_state **ntlmss (*ntlmssp_state)->set_challenge = set_challenge; (*ntlmssp_state)->may_set_challenge = may_set_challenge; - (*ntlmssp_state)->get_global_myname = lp_netbios_name; + (*ntlmssp_state)->workstation = NULL; + (*ntlmssp_state)->server_name = lp_netbios_name(); + (*ntlmssp_state)->get_domain = lp_workgroup; (*ntlmssp_state)->server_role = ROLE_DOMAIN_MEMBER; /* a good default */ @@ -990,7 +992,7 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, NTLMSSP_NEGOTIATE, ntlmssp_state->neg_flags, ntlmssp_state->get_domain(), - ntlmssp_state->get_global_myname()); + ntlmssp_state->workstation); ntlmssp_state->expected_state = NTLMSSP_CHALLENGE; @@ -1240,7 +1242,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, nt_response.data, nt_response.length, ntlmssp_state->domain, ntlmssp_state->user, - ntlmssp_state->get_global_myname(), + ntlmssp_state->workstation, encrypted_session_key.data, encrypted_session_key.length, ntlmssp_state->neg_flags)) { @@ -1279,7 +1281,7 @@ NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx, struct ntlmssp_state **ntlmss (*ntlmssp_state)->role = NTLMSSP_CLIENT; - (*ntlmssp_state)->get_global_myname = lp_netbios_name; + (*ntlmssp_state)->workstation = lp_netbios_name(); (*ntlmssp_state)->get_domain = lp_workgroup; (*ntlmssp_state)->unicode = lp_parm_bool(-1, "ntlmssp_client", "unicode", True); diff --git a/source4/libcli/auth/ntlmssp.h b/source4/libcli/auth/ntlmssp.h index e8a2356e2c..e17c133c8b 100644 --- a/source4/libcli/auth/ntlmssp.h +++ b/source4/libcli/auth/ntlmssp.h @@ -95,7 +95,7 @@ struct ntlmssp_state char *user; char *domain; - char *workstation; + const char *workstation; char *password; char *server_domain; @@ -161,7 +161,7 @@ struct ntlmssp_state */ NTSTATUS (*check_password)(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key); - const char *(*get_global_myname)(void); + const char *server_name; const char *(*get_domain)(void); /* SMB Signing */ diff --git a/source4/libcli/auth/schannel.c b/source4/libcli/auth/schannel.c index 92442234bd..a5521d4626 100644 --- a/source4/libcli/auth/schannel.c +++ b/source4/libcli/auth/schannel.c @@ -272,24 +272,14 @@ NTSTATUS schannel_sign_packet(struct schannel_state *state, } /* - destroy an schannel context - */ -void schannel_end(struct schannel_state **state) -{ - if (*state) { - talloc_free(*state); - (*state) = NULL; - } -} - -/* create an schannel context state */ -NTSTATUS schannel_start(struct schannel_state **state, +NTSTATUS schannel_start(TALLOC_CTX *mem_ctx, + struct schannel_state **state, const uint8_t session_key[16], BOOL initiator) { - (*state) = talloc(NULL, struct schannel_state); + (*state) = talloc(mem_ctx, struct schannel_state); if (!(*state)) { return NT_STATUS_NO_MEMORY; } diff --git a/source4/libcli/auth/schannel_state.c b/source4/libcli/auth/schannel_state.c index 2a9e0a3ec3..b2d632a1f0 100644 --- a/source4/libcli/auth/schannel_state.c +++ b/source4/libcli/auth/schannel_state.c @@ -127,6 +127,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, ldb_msg_add_string(ldb, msg, "secureChannelType", sct); ldb_msg_add_string(ldb, msg, "accountName", creds->account_name); ldb_msg_add_string(ldb, msg, "computerName", creds->computer_name); + ldb_msg_add_string(ldb, msg, "flatname", creds->domain); ldb_msg_add_string(ldb, msg, "rid", rid); ldb_delete(ldb, msg->dn); @@ -155,6 +156,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, */ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, const char *computer_name, + const char *domain, struct creds_CredentialState **creds) { struct ldb_context *ldb; @@ -174,7 +176,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - expr = talloc_asprintf(mem_ctx, "(dn=computerName=%s)", computer_name); + expr = talloc_asprintf(mem_ctx, "(&(computerName=%s)(flatname=%s))", computer_name, domain); if (expr == NULL) { talloc_free(ldb); return NT_STATUS_NO_MEMORY; @@ -217,6 +219,8 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, (*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_string(res[0], "computerName", NULL)); + (*creds)->domain = talloc_reference(*creds, ldb_msg_find_string(res[0], "flatname", NULL)); + (*creds)->rid = ldb_msg_find_uint(res[0], "rid", 0); talloc_free(ldb); |