summaryrefslogtreecommitdiff
path: root/source4/libcli
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/auth/credentials.c6
-rw-r--r--source4/libcli/auth/credentials.h1
-rw-r--r--source4/libcli/auth/gensec.c30
-rw-r--r--source4/libcli/auth/gensec.h3
-rw-r--r--source4/libcli/auth/gensec_ntlmssp.c3
-rw-r--r--source4/libcli/auth/ntlmssp.c16
-rw-r--r--source4/libcli/auth/ntlmssp.h4
-rw-r--r--source4/libcli/auth/schannel.c16
-rw-r--r--source4/libcli/auth/schannel_state.c6
9 files changed, 60 insertions, 25 deletions
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c
index bcb462ae9d..90b8313c9d 100644
--- a/source4/libcli/auth/credentials.c
+++ b/source4/libcli/auth/credentials.c
@@ -192,12 +192,18 @@ next comes the client specific functions
void creds_client_init(struct creds_CredentialState *creds,
const struct netr_Credential *client_challenge,
const struct netr_Credential *server_challenge,
+ const char *computer_name,
+ const char *domain,
+ const char *account_name,
const struct samr_Password *machine_password,
struct netr_Credential *initial_credential,
uint32_t negotiate_flags)
{
creds->sequence = time(NULL);
creds->negotiate_flags = negotiate_flags;
+ creds->computer_name = talloc_strdup(creds, computer_name);
+ creds->domain = talloc_strdup(creds, domain);
+ creds->account_name = talloc_strdup(creds, account_name);
dump_data_pw("Client chall", client_challenge->data, sizeof(client_challenge->data));
dump_data_pw("Server chall", server_challenge->data, sizeof(server_challenge->data));
diff --git a/source4/libcli/auth/credentials.h b/source4/libcli/auth/credentials.h
index d1417bf83e..6ce3288b01 100644
--- a/source4/libcli/auth/credentials.h
+++ b/source4/libcli/auth/credentials.h
@@ -30,6 +30,7 @@ struct creds_CredentialState {
struct netr_Credential client;
struct netr_Credential server;
uint16_t secure_channel_type;
+ const char *domain;
const char *computer_name;
const char *account_name;
uint32_t rid;
diff --git a/source4/libcli/auth/gensec.c b/source4/libcli/auth/gensec.c
index e0fa27359a..d3fa7daae3 100644
--- a/source4/libcli/auth/gensec.c
+++ b/source4/libcli/auth/gensec.c
@@ -148,7 +148,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, struct gensec_security **gense
* @param mem_ctx The parent TALLOC memory context.
* @param parent The parent GENSEC context
* @param gensec_security Returned GENSEC context pointer.
- * @note Used by SPENGO in particular, for the actual implementation mechanism
+ * @note Used by SPNEGO in particular, for the actual implementation mechanism
*/
NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
@@ -618,6 +618,34 @@ const char *gensec_get_domain(struct gensec_security *gensec_security)
}
/**
+ * Set the client workstation on a GENSEC context - ensures it is talloc()ed
+ *
+ */
+
+NTSTATUS gensec_set_workstation(struct gensec_security *gensec_security, const char *workstation)
+{
+ gensec_security->user.workstation = talloc_strdup(gensec_security, workstation);
+ if (!gensec_security->user.workstation) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ return NT_STATUS_OK;
+}
+
+/**
+ * Return the client workstation on a GENSEC context - ensures it is talloc()ed
+ *
+ */
+
+const char *gensec_get_workstation(struct gensec_security *gensec_security)
+{
+ if (gensec_security->user.workstation) {
+ return gensec_security->user.workstation;
+ } else {
+ return lp_netbios_name();
+ }
+}
+
+/**
* Set a kerberos realm on a GENSEC context - ensures it is talloc()ed
*
*/
diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h
index a555584840..a4383d852c 100644
--- a/source4/libcli/auth/gensec.h
+++ b/source4/libcli/auth/gensec.h
@@ -29,6 +29,7 @@
struct gensec_security;
struct gensec_user {
+ const char *workstation;
const char *domain;
const char *realm;
const char *name;
@@ -59,7 +60,7 @@ struct gensec_security_ops {
const char *name;
const char *sasl_name;
uint8_t auth_type; /* 0 if not offered on DCE-RPC */
- const char *oid; /* NULL if not offered by SPENGO */
+ const char *oid; /* NULL if not offered by SPNEGO */
NTSTATUS (*client_start)(struct gensec_security *gensec_security);
NTSTATUS (*server_start)(struct gensec_security *gensec_security);
NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
diff --git a/source4/libcli/auth/gensec_ntlmssp.c b/source4/libcli/auth/gensec_ntlmssp.c
index 524815382d..51456d9107 100644
--- a/source4/libcli/auth/gensec_ntlmssp.c
+++ b/source4/libcli/auth/gensec_ntlmssp.c
@@ -245,6 +245,9 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur
NT_STATUS_NOT_OK_RETURN(nt_status);
}
+ nt_status = ntlmssp_set_workstation(gensec_ntlmssp_state->ntlmssp_state,
+ gensec_get_workstation(gensec_security));
+
gensec_security->private_data = gensec_ntlmssp_state;
return NT_STATUS_OK;
diff --git a/source4/libcli/auth/ntlmssp.c b/source4/libcli/auth/ntlmssp.c
index 572ce66bb2..91bc9eadbd 100644
--- a/source4/libcli/auth/ntlmssp.c
+++ b/source4/libcli/auth/ntlmssp.c
@@ -194,7 +194,7 @@ NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *dom
NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char *workstation)
{
ntlmssp_state->workstation = talloc_strdup(ntlmssp_state, workstation);
- if (!ntlmssp_state->domain) {
+ if (!ntlmssp_state->workstation) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
@@ -346,7 +346,7 @@ static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
*chal_flags |= NTLMSSP_REQUEST_TARGET;
if (ntlmssp_state->server_role == ROLE_STANDALONE) {
*chal_flags |= NTLMSSP_TARGET_TYPE_SERVER;
- return ntlmssp_state->get_global_myname();
+ return ntlmssp_state->server_name;
} else {
*chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN;
return ntlmssp_state->get_domain();
@@ -531,7 +531,7 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
msrpc_gen(out_mem_ctx,
&struct_blob, "aaaaa",
NTLMSSP_NAME_TYPE_DOMAIN, target_name,
- NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->get_global_myname(),
+ NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->server_name,
NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname,
NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname,
0, "");
@@ -923,7 +923,9 @@ NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, struct ntlmssp_state **ntlmss
(*ntlmssp_state)->set_challenge = set_challenge;
(*ntlmssp_state)->may_set_challenge = may_set_challenge;
- (*ntlmssp_state)->get_global_myname = lp_netbios_name;
+ (*ntlmssp_state)->workstation = NULL;
+ (*ntlmssp_state)->server_name = lp_netbios_name();
+
(*ntlmssp_state)->get_domain = lp_workgroup;
(*ntlmssp_state)->server_role = ROLE_DOMAIN_MEMBER; /* a good default */
@@ -990,7 +992,7 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
NTLMSSP_NEGOTIATE,
ntlmssp_state->neg_flags,
ntlmssp_state->get_domain(),
- ntlmssp_state->get_global_myname());
+ ntlmssp_state->workstation);
ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
@@ -1240,7 +1242,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
nt_response.data, nt_response.length,
ntlmssp_state->domain,
ntlmssp_state->user,
- ntlmssp_state->get_global_myname(),
+ ntlmssp_state->workstation,
encrypted_session_key.data, encrypted_session_key.length,
ntlmssp_state->neg_flags)) {
@@ -1279,7 +1281,7 @@ NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx, struct ntlmssp_state **ntlmss
(*ntlmssp_state)->role = NTLMSSP_CLIENT;
- (*ntlmssp_state)->get_global_myname = lp_netbios_name;
+ (*ntlmssp_state)->workstation = lp_netbios_name();
(*ntlmssp_state)->get_domain = lp_workgroup;
(*ntlmssp_state)->unicode = lp_parm_bool(-1, "ntlmssp_client", "unicode", True);
diff --git a/source4/libcli/auth/ntlmssp.h b/source4/libcli/auth/ntlmssp.h
index e8a2356e2c..e17c133c8b 100644
--- a/source4/libcli/auth/ntlmssp.h
+++ b/source4/libcli/auth/ntlmssp.h
@@ -95,7 +95,7 @@ struct ntlmssp_state
char *user;
char *domain;
- char *workstation;
+ const char *workstation;
char *password;
char *server_domain;
@@ -161,7 +161,7 @@ struct ntlmssp_state
*/
NTSTATUS (*check_password)(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
- const char *(*get_global_myname)(void);
+ const char *server_name;
const char *(*get_domain)(void);
/* SMB Signing */
diff --git a/source4/libcli/auth/schannel.c b/source4/libcli/auth/schannel.c
index 92442234bd..a5521d4626 100644
--- a/source4/libcli/auth/schannel.c
+++ b/source4/libcli/auth/schannel.c
@@ -272,24 +272,14 @@ NTSTATUS schannel_sign_packet(struct schannel_state *state,
}
/*
- destroy an schannel context
- */
-void schannel_end(struct schannel_state **state)
-{
- if (*state) {
- talloc_free(*state);
- (*state) = NULL;
- }
-}
-
-/*
create an schannel context state
*/
-NTSTATUS schannel_start(struct schannel_state **state,
+NTSTATUS schannel_start(TALLOC_CTX *mem_ctx,
+ struct schannel_state **state,
const uint8_t session_key[16],
BOOL initiator)
{
- (*state) = talloc(NULL, struct schannel_state);
+ (*state) = talloc(mem_ctx, struct schannel_state);
if (!(*state)) {
return NT_STATUS_NO_MEMORY;
}
diff --git a/source4/libcli/auth/schannel_state.c b/source4/libcli/auth/schannel_state.c
index 2a9e0a3ec3..b2d632a1f0 100644
--- a/source4/libcli/auth/schannel_state.c
+++ b/source4/libcli/auth/schannel_state.c
@@ -127,6 +127,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
ldb_msg_add_string(ldb, msg, "secureChannelType", sct);
ldb_msg_add_string(ldb, msg, "accountName", creds->account_name);
ldb_msg_add_string(ldb, msg, "computerName", creds->computer_name);
+ ldb_msg_add_string(ldb, msg, "flatname", creds->domain);
ldb_msg_add_string(ldb, msg, "rid", rid);
ldb_delete(ldb, msg->dn);
@@ -155,6 +156,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
*/
NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
const char *computer_name,
+ const char *domain,
struct creds_CredentialState **creds)
{
struct ldb_context *ldb;
@@ -174,7 +176,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- expr = talloc_asprintf(mem_ctx, "(dn=computerName=%s)", computer_name);
+ expr = talloc_asprintf(mem_ctx, "(&(computerName=%s)(flatname=%s))", computer_name, domain);
if (expr == NULL) {
talloc_free(ldb);
return NT_STATUS_NO_MEMORY;
@@ -217,6 +219,8 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
(*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_string(res[0], "computerName", NULL));
+ (*creds)->domain = talloc_reference(*creds, ldb_msg_find_string(res[0], "flatname", NULL));
+
(*creds)->rid = ldb_msg_find_uint(res[0], "rid", 0);
talloc_free(ldb);
generated by cgit (git 2.34.1) at 2024-07-14 17:11:42 +0000