diff options
Diffstat (limited to 'source4/utils/ntlm_auth.c')
| -rw-r--r-- | source4/utils/ntlm_auth.c | 88 |
1 files changed, 53 insertions, 35 deletions
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index f999995daf..c51b35aa03 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -37,6 +37,7 @@ #include "lib/messaging/messaging.h" #include "lib/messaging/irpc.h" #include "auth/ntlmssp/ntlmssp.h" +#include "param/param.h" #define INITIAL_BUFFER_SIZE 300 #define MAX_BUFFER_SIZE 63000 @@ -120,21 +121,21 @@ static void mux_printf(unsigned int mux_id, const char *format, ...) /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the form DOMAIN/user into a domain and a user */ -static BOOL parse_ntlm_auth_domain_user(const char *domuser, fstring domain, +static bool parse_ntlm_auth_domain_user(const char *domuser, fstring domain, fstring user) { - char *p = strchr(domuser,*lp_winbind_separator()); + char *p = strchr(domuser,*lp_winbind_separator(global_loadparm)); if (!p) { - return False; + return false; } fstrcpy(user, p+1); fstrcpy(domain, domuser); domain[PTR_DIFF(p, domuser)] = 0; - return True; + return true; } /** @@ -167,8 +168,8 @@ static void base64_decode_inplace(char *s) /* Authenticate a user with a plaintext password */ -static BOOL check_plaintext_auth(const char *user, const char *pass, - BOOL stdout_diagnostics) +static bool check_plaintext_auth(const char *user, const char *pass, + bool stdout_diagnostics) { return (strcmp(pass, opt_password) == 0); } @@ -219,7 +220,7 @@ static NTSTATUS local_pw_check_specified(const char *username, if (unix_name) { asprintf(unix_name, "%s%c%s", domain, - *lp_winbind_separator(), + *lp_winbind_separator(global_loadparm), username); } } else { @@ -244,7 +245,7 @@ static void manage_squid_basic_request(enum stdio_helper_mode stdio_helper_mode, char *user, *pass; user=buf; - pass=memchr(buf,' ',length); + pass = memchr(buf, ' ', length); if (!pass) { DEBUG(2, ("Password not found. Denying access\n")); mux_printf(mux_id, "ERR\n"); @@ -258,7 +259,7 @@ static void manage_squid_basic_request(enum stdio_helper_mode stdio_helper_mode, rfc1738_unescape(pass); } - if (check_plaintext_auth(user, pass, False)) { + if (check_plaintext_auth(user, pass, false)) { mux_printf(mux_id, "OK\n"); } else { mux_printf(mux_id, "ERR\n"); @@ -324,17 +325,35 @@ static const char *get_password(struct cli_credentials *credentials) return password; } +/** + Check if a string is part of a list. +**/ +static bool in_list(const char *s, const char *list, bool casesensitive) +{ + pstring tok; + const char *p=list; + + if (!list) + return false; + + while (next_token(&p, tok, LIST_SEP, sizeof(tok))) { + if ((casesensitive?strcmp:strcasecmp_m)(tok,s) == 0) + return true; + } + return false; +} + static void gensec_want_feature_list(struct gensec_security *state, char* feature_list) { - if (in_list("NTLMSSP_FEATURE_SESSION_KEY", feature_list, True)) { + if (in_list("NTLMSSP_FEATURE_SESSION_KEY", feature_list, true)) { DEBUG(10, ("want GENSEC_FEATURE_SESSION_KEY\n")); gensec_want_feature(state, GENSEC_FEATURE_SESSION_KEY); } - if (in_list("NTLMSSP_FEATURE_SIGN", feature_list, True)) { + if (in_list("NTLMSSP_FEATURE_SIGN", feature_list, true)) { DEBUG(10, ("want GENSEC_FEATURE_SIGN\n")); gensec_want_feature(state, GENSEC_FEATURE_SIGN); } - if (in_list("NTLMSSP_FEATURE_SEAL", feature_list, True)) { + if (in_list("NTLMSSP_FEATURE_SEAL", feature_list, true)) { DEBUG(10, ("want GENSEC_FEATURE_SEAL\n")); gensec_want_feature(state, GENSEC_FEATURE_SEAL); } @@ -357,7 +376,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, struct messaging_context *msg; NTSTATUS nt_status; - BOOL first = False; + bool first = false; const char *reply_code; struct cli_credentials *creds; @@ -367,7 +386,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, TALLOC_CTX *mem_ctx; if (*private) { - state = *private; + state = (struct gensec_ntlm_state *)*private; } else { state = talloc_zero(NULL, struct gensec_ntlm_state); if (!state) { @@ -442,7 +461,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, if (!ev) { exit(1); } - msg = messaging_client_init(state, ev); + msg = messaging_client_init(state, lp_messaging_path(state, global_loadparm), ev); if (!msg) { exit(1); } @@ -455,7 +474,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, } creds = cli_credentials_init(state->gensec_state); - cli_credentials_set_conf(creds); + cli_credentials_set_conf(creds, global_loadparm); if (opt_username) { cli_credentials_set_username(creds, opt_username, CRED_SPECIFIED); } @@ -489,12 +508,12 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, case GSS_SPNEGO_SERVER: nt_status = gensec_start_mech_by_oid(state->gensec_state, GENSEC_OID_SPNEGO); if (!in.length) { - first = True; + first = true; } break; case NTLMSSP_CLIENT_1: if (!in.length) { - first = True; + first = true; } /* fall through */ case SQUID_2_5_NTLMSSP: @@ -550,7 +569,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, struct security_token *token = session_info->security_token; const char *sidstr = dom_sid_string(session_info, token->sids[i]); - grouplist = talloc_asprintf_append(grouplist, "%s,", sidstr); + grouplist = talloc_asprintf_append_buffer(grouplist, "%s,", sidstr); } mux_printf(mux_id, "GL %s\n", grouplist); @@ -640,7 +659,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, reply_code = "AF"; reply_arg = talloc_asprintf(state->gensec_state, "%s%s%s", session_info->server_info->domain_name, - lp_winbind_separator(), session_info->server_info->account_name); + lp_winbind_separator(global_loadparm), session_info->server_info->account_name); talloc_free(session_info); } } else if (state->gensec_state->gensec_role == GENSEC_CLIENT) { @@ -682,8 +701,8 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod static char *username; static char *domain; static char *plaintext_password; - static BOOL ntlm_server_1_user_session_key; - static BOOL ntlm_server_1_lm_session_key; + static bool ntlm_server_1_user_session_key; + static bool ntlm_server_1_lm_session_key; if (strequal(buf, ".")) { if (!full_username && !username) { @@ -691,12 +710,12 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod } else if (plaintext_password) { /* handle this request as plaintext */ if (!full_username) { - if (asprintf(&full_username, "%s%c%s", domain, *lp_winbind_separator(), username) == -1) { + if (asprintf(&full_username, "%s%c%s", domain, *lp_winbind_separator(global_loadparm), username) == -1) { mux_printf(mux_id, "Error: Out of memory in asprintf!\n.\n"); return; } } - if (check_plaintext_auth(full_username, plaintext_password, False)) { + if (check_plaintext_auth(full_username, plaintext_password, false)) { mux_printf(mux_id, "Authenticated: Yes\n"); } else { mux_printf(mux_id, "Authenticated: No\n"); @@ -726,7 +745,7 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod } if (!domain) { - domain = smb_xstrdup(lp_workgroup()); + domain = smb_xstrdup(lp_workgroup(global_loadparm)); } if (ntlm_server_1_lm_session_key) @@ -738,7 +757,7 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod if (!NT_STATUS_IS_OK( local_pw_check_specified(username, domain, - lp_netbios_name(), + lp_netbios_name(global_loadparm), &challenge, &lm_response, &nt_response, @@ -789,8 +808,8 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod SAFE_FREE(username); SAFE_FREE(domain); SAFE_FREE(plaintext_password); - ntlm_server_1_user_session_key = False; - ntlm_server_1_lm_session_key = False; + ntlm_server_1_user_session_key = false; + ntlm_server_1_lm_session_key = false; mux_printf(mux_id, ".\n"); return; @@ -883,8 +902,7 @@ static void manage_squid_request(enum stdio_helper_mode helper_mode, static void *normal_private; void **private; - buf = talloc(NULL, char); - buf[0] = '\0'; + buf = talloc_strdup(NULL, ""); if (buf == NULL) { DEBUG(0, ("Failed to allocate memory for reading the input " @@ -907,7 +925,7 @@ static void manage_squid_request(enum stdio_helper_mode helper_mode, exit(0); } - buf = talloc_append_string(buf, buf, tmp); + buf = talloc_strdup_append_buffer(buf, tmp); buf_size += INITIAL_BUFFER_SIZE; if (buf_size > MAX_BUFFER_SIZE) { @@ -1066,7 +1084,7 @@ int main(int argc, const char **argv) gensec_init(); if (opt_domain == NULL) { - opt_domain = lp_workgroup(); + opt_domain = lp_workgroup(global_loadparm); } if (helper_protocol) { @@ -1093,7 +1111,7 @@ int main(int argc, const char **argv) } if (opt_workstation == NULL) { - opt_workstation = lp_netbios_name(); + opt_workstation = lp_netbios_name(global_loadparm); } if (!opt_password) { @@ -1103,8 +1121,8 @@ int main(int argc, const char **argv) { char *user; - asprintf(&user, "%s%c%s", opt_domain, *lp_winbind_separator(), opt_username); - if (!check_plaintext_auth(user, opt_password, True)) { + asprintf(&user, "%s%c%s", opt_domain, *lp_winbind_separator(global_loadparm), opt_username); + if (!check_plaintext_auth(user, opt_password, true)) { return 1; } } |