From 43f35f1826c676032a17acd8a2e8ad2264d32e90 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 21 Dec 2011 15:09:29 +1100 Subject: s3-rpc_server: Rename dcesrv_ntlmssp.[ch] to dcesrv_auth_generic.[ch] Signed-off-by: Stefan Metzmacher --- source3/Makefile.in | 2 +- source3/rpc_server/dcesrv_auth_generic.c | 136 +++++++++++++++++++++++++++++++ source3/rpc_server/dcesrv_auth_generic.h | 44 ++++++++++ source3/rpc_server/dcesrv_ntlmssp.c | 136 ------------------------------- source3/rpc_server/dcesrv_ntlmssp.h | 44 ---------- source3/rpc_server/dcesrv_spnego.c | 2 +- source3/rpc_server/srv_pipe.c | 2 +- source3/rpc_server/wscript_build | 2 +- 8 files changed, 184 insertions(+), 184 deletions(-) create mode 100644 source3/rpc_server/dcesrv_auth_generic.c create mode 100644 source3/rpc_server/dcesrv_auth_generic.h delete mode 100644 source3/rpc_server/dcesrv_ntlmssp.c delete mode 100644 source3/rpc_server/dcesrv_ntlmssp.h diff --git a/source3/Makefile.in b/source3/Makefile.in index 1abf96ec1e..cd73263aa9 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -760,7 +760,7 @@ RPC_CONFIG = rpc_server/rpc_config.o RPC_SERVICE = rpc_server/rpc_server.o -RPC_CRYPTO = rpc_server/dcesrv_ntlmssp.o \ +RPC_CRYPTO = rpc_server/dcesrv_auth_generic.o \ rpc_server/dcesrv_gssapi.o \ rpc_server/dcesrv_spnego.o diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c new file mode 100644 index 0000000000..1756cddebd --- /dev/null +++ b/source3/rpc_server/dcesrv_auth_generic.c @@ -0,0 +1,136 @@ +/* + * NTLMSSP Acceptor + * DCERPC Server functions + * Copyright (C) Simo Sorce 2010. + * Copyright (C) Andrew Bartlett 2011. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + + +#include "includes.h" +#include "rpc_server/dcesrv_auth_generic.h" +#include "ntlmssp_wrap.h" +#include "auth.h" +#include "auth/gensec/gensec.h" + +NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx, + const char *oid, + bool do_sign, + bool do_seal, + bool is_dcerpc, + DATA_BLOB *token_in, + DATA_BLOB *token_out, + const struct tsocket_address *remote_address, + struct gensec_security **ctx) +{ + struct auth_generic_state *a = NULL; + NTSTATUS status; + + status = auth_generic_prepare(remote_address, &a); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n", + nt_errstr(status))); + return status; + } + + if (do_sign) { + gensec_want_feature(a->gensec_security, GENSEC_FEATURE_SIGN); + } + if (do_seal) { + gensec_want_feature(a->gensec_security, GENSEC_FEATURE_SIGN); + gensec_want_feature(a->gensec_security, GENSEC_FEATURE_SEAL); + } + + if (is_dcerpc) { + gensec_want_feature(a->gensec_security, GENSEC_FEATURE_DCE_STYLE); + } + + status = auth_generic_start(a, oid); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, (__location__ ": auth_generic_start failed: %s\n", + nt_errstr(status))); + return status; + } + + status = gensec_update(a->gensec_security, mem_ctx, NULL, *token_in, token_out); + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + DEBUG(0, (__location__ ": auth_ntlmssp_update failed: %s\n", + nt_errstr(status))); + goto done; + } + + /* steal ntlmssp context too */ + *ctx = talloc_move(mem_ctx, &a->gensec_security); + + status = NT_STATUS_OK; + +done: + TALLOC_FREE(a); + + return status; +} + +NTSTATUS auth_generic_server_step(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + DATA_BLOB *token_in, + DATA_BLOB *token_out) +{ + NTSTATUS status; + + /* this has to be done as root in order to verify the password */ + become_root(); + status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out); + unbecome_root(); + + return status; +} + +NTSTATUS auth_generic_server_check_flags(struct gensec_security *gensec_security, + bool do_sign, bool do_seal) +{ + if (do_sign && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { + DEBUG(1, (__location__ "Integrity was requested but client " + "failed to negotiate signing.\n")); + return NT_STATUS_ACCESS_DENIED; + } + + if (do_seal && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { + DEBUG(1, (__location__ "Privacy was requested but client " + "failed to negotiate sealing.\n")); + return NT_STATUS_ACCESS_DENIED; + } + + return NT_STATUS_OK; +} + +NTSTATUS auth_generic_server_get_user_info(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + struct auth_session_info **session_info) +{ + NTSTATUS status; + + status = gensec_session_info(gensec_security, mem_ctx, session_info); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, (__location__ ": Failed to get authenticated user " + "info: %s\n", nt_errstr(status))); + return status; + } + + DEBUG(5, (__location__ "OK: user: %s domain: %s\n", + (*session_info)->info->account_name, + (*session_info)->info->domain_name)); + + return NT_STATUS_OK; +} diff --git a/source3/rpc_server/dcesrv_auth_generic.h b/source3/rpc_server/dcesrv_auth_generic.h new file mode 100644 index 0000000000..119e29276a --- /dev/null +++ b/source3/rpc_server/dcesrv_auth_generic.h @@ -0,0 +1,44 @@ +/* + * NTLMSSP Acceptor + * DCERPC Server functions + * Copyright (C) Simo Sorce 2010. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef _DCESRV_NTLMSSP_H_ +#define _DCESRV_NTLMSSP_H_ + +struct gensec_security; + +NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx, + const char *oid, + bool do_sign, + bool do_seal, + bool is_dcerpc, + DATA_BLOB *token_in, + DATA_BLOB *token_out, + const struct tsocket_address *remote_address, + struct gensec_security **ctx); +NTSTATUS auth_generic_server_step(struct gensec_security *ctx, + TALLOC_CTX *mem_ctx, + DATA_BLOB *token_in, + DATA_BLOB *token_out); +NTSTATUS auth_generic_server_check_flags(struct gensec_security *ctx, + bool do_sign, bool do_seal); +NTSTATUS auth_generic_server_get_user_info(struct gensec_security *ctx, + TALLOC_CTX *mem_ctx, + struct auth_session_info **session_info); + +#endif /* _DCESRV_NTLMSSP_H_ */ diff --git a/source3/rpc_server/dcesrv_ntlmssp.c b/source3/rpc_server/dcesrv_ntlmssp.c deleted file mode 100644 index 1a637a07d1..0000000000 --- a/source3/rpc_server/dcesrv_ntlmssp.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * NTLMSSP Acceptor - * DCERPC Server functions - * Copyright (C) Simo Sorce 2010. - * Copyright (C) Andrew Bartlett 2011. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - - -#include "includes.h" -#include "rpc_server/dcesrv_ntlmssp.h" -#include "ntlmssp_wrap.h" -#include "auth.h" -#include "auth/gensec/gensec.h" - -NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx, - const char *oid, - bool do_sign, - bool do_seal, - bool is_dcerpc, - DATA_BLOB *token_in, - DATA_BLOB *token_out, - const struct tsocket_address *remote_address, - struct gensec_security **ctx) -{ - struct auth_generic_state *a = NULL; - NTSTATUS status; - - status = auth_generic_prepare(remote_address, &a); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n", - nt_errstr(status))); - return status; - } - - if (do_sign) { - gensec_want_feature(a->gensec_security, GENSEC_FEATURE_SIGN); - } - if (do_seal) { - gensec_want_feature(a->gensec_security, GENSEC_FEATURE_SIGN); - gensec_want_feature(a->gensec_security, GENSEC_FEATURE_SEAL); - } - - if (is_dcerpc) { - gensec_want_feature(a->gensec_security, GENSEC_FEATURE_DCE_STYLE); - } - - status = auth_generic_start(a, oid); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, (__location__ ": auth_generic_start failed: %s\n", - nt_errstr(status))); - return status; - } - - status = gensec_update(a->gensec_security, mem_ctx, NULL, *token_in, token_out); - if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - DEBUG(0, (__location__ ": auth_ntlmssp_update failed: %s\n", - nt_errstr(status))); - goto done; - } - - /* steal ntlmssp context too */ - *ctx = talloc_move(mem_ctx, &a->gensec_security); - - status = NT_STATUS_OK; - -done: - TALLOC_FREE(a); - - return status; -} - -NTSTATUS auth_generic_server_step(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - DATA_BLOB *token_in, - DATA_BLOB *token_out) -{ - NTSTATUS status; - - /* this has to be done as root in order to verify the password */ - become_root(); - status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out); - unbecome_root(); - - return status; -} - -NTSTATUS auth_generic_server_check_flags(struct gensec_security *gensec_security, - bool do_sign, bool do_seal) -{ - if (do_sign && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { - DEBUG(1, (__location__ "Integrity was requested but client " - "failed to negotiate signing.\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (do_seal && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { - DEBUG(1, (__location__ "Privacy was requested but client " - "failed to negotiate sealing.\n")); - return NT_STATUS_ACCESS_DENIED; - } - - return NT_STATUS_OK; -} - -NTSTATUS auth_generic_server_get_user_info(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - struct auth_session_info **session_info) -{ - NTSTATUS status; - - status = gensec_session_info(gensec_security, mem_ctx, session_info); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, (__location__ ": Failed to get authenticated user " - "info: %s\n", nt_errstr(status))); - return status; - } - - DEBUG(5, (__location__ "OK: user: %s domain: %s\n", - (*session_info)->info->account_name, - (*session_info)->info->domain_name)); - - return NT_STATUS_OK; -} diff --git a/source3/rpc_server/dcesrv_ntlmssp.h b/source3/rpc_server/dcesrv_ntlmssp.h deleted file mode 100644 index 119e29276a..0000000000 --- a/source3/rpc_server/dcesrv_ntlmssp.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * NTLMSSP Acceptor - * DCERPC Server functions - * Copyright (C) Simo Sorce 2010. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#ifndef _DCESRV_NTLMSSP_H_ -#define _DCESRV_NTLMSSP_H_ - -struct gensec_security; - -NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx, - const char *oid, - bool do_sign, - bool do_seal, - bool is_dcerpc, - DATA_BLOB *token_in, - DATA_BLOB *token_out, - const struct tsocket_address *remote_address, - struct gensec_security **ctx); -NTSTATUS auth_generic_server_step(struct gensec_security *ctx, - TALLOC_CTX *mem_ctx, - DATA_BLOB *token_in, - DATA_BLOB *token_out); -NTSTATUS auth_generic_server_check_flags(struct gensec_security *ctx, - bool do_sign, bool do_seal); -NTSTATUS auth_generic_server_get_user_info(struct gensec_security *ctx, - TALLOC_CTX *mem_ctx, - struct auth_session_info **session_info); - -#endif /* _DCESRV_NTLMSSP_H_ */ diff --git a/source3/rpc_server/dcesrv_spnego.c b/source3/rpc_server/dcesrv_spnego.c index 94c282cdfc..e89563a9fb 100644 --- a/source3/rpc_server/dcesrv_spnego.c +++ b/source3/rpc_server/dcesrv_spnego.c @@ -20,7 +20,7 @@ #include "includes.h" #include "../libcli/auth/spnego.h" #include "../lib/tsocket/tsocket.h" -#include "dcesrv_ntlmssp.h" +#include "dcesrv_auth_generic.h" #include "dcesrv_gssapi.h" #include "dcesrv_spnego.h" diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 5b2c78ab14..20dd021360 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -33,7 +33,7 @@ #include "../librpc/gen_ndr/ndr_schannel.h" #include "../libcli/auth/schannel.h" #include "../libcli/auth/spnego.h" -#include "dcesrv_ntlmssp.h" +#include "dcesrv_auth_generic.h" #include "dcesrv_gssapi.h" #include "dcesrv_spnego.h" #include "rpc_server.h" diff --git a/source3/rpc_server/wscript_build b/source3/rpc_server/wscript_build index 7c5b54a26a..d22d6eb14d 100755 --- a/source3/rpc_server/wscript_build +++ b/source3/rpc_server/wscript_build @@ -37,7 +37,7 @@ bld.SAMBA3_SUBSYSTEM('RPC_SERVICE', deps='samba-util') bld.SAMBA3_SUBSYSTEM('RPC_CRYPTO', - source='dcesrv_ntlmssp.c dcesrv_gssapi.c dcesrv_spnego.c', + source='dcesrv_auth_generic.c dcesrv_gssapi.c dcesrv_spnego.c', deps = 'KRB5_PAC') bld.SAMBA3_SUBSYSTEM('RPC_PIPE_REGISTER', -- cgit