From 7d977da92554c34539a475feb7dcb0a6dc0ad654 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 30 Dec 2009 14:13:45 +0100 Subject: s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store them MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner --- source3/include/ntlmssp.h | 5 +++ source3/include/proto.h | 6 +++- source3/libads/sasl.c | 7 +++- source3/libsmb/cliconnect.c | 6 +++- source3/libsmb/clifsinfo.c | 6 +++- source3/libsmb/ntlmssp.c | 57 ++++++++++++++++++++++--------- source3/rpc_client/cli_pipe.c | 6 +++- source3/utils/ntlm_auth.c | 6 +++- source3/winbindd/winbindd_ccache_access.c | 6 +++- 9 files changed, 82 insertions(+), 23 deletions(-) diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index f44922f7b5..afed1901e5 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -56,6 +56,11 @@ struct ntlmssp_state unsigned char *nt_hash; unsigned char *lm_hash; + struct { + const char *netbios_name; + const char *netbios_domain; + } client; + struct { bool is_standalone; const char *netbios_name; diff --git a/source3/include/proto.h b/source3/include/proto.h index de2923938b..1b28b47b01 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3217,7 +3217,11 @@ NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, const char *dns_name, const char *dns_domain, struct ntlmssp_state **ntlmssp_state); -NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state); +NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx, + const char *netbios_name, + const char *netbios_domain, + bool use_ntlmv2, + struct ntlmssp_state **_ntlmssp_state); /* The following definitions come from libsmb/ntlmssp_sign.c */ diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 6a0a1ae3d2..3856f5b49a 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -134,7 +134,12 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) struct ntlmssp_state *ntlmssp_state; - if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) { + nt_status = ntlmssp_client_start(NULL, + global_myname(), + lp_workgroup(), + lp_client_ntlmv2_auth(), + &ntlmssp_state); + if (!NT_STATUS_IS_OK(nt_status)) { return ADS_ERROR_NT(nt_status); } ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN; diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 11faa27b3f..9ac3551d7c 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1000,7 +1000,11 @@ static struct tevent_req *cli_session_setup_ntlmssp_send( cli_temp_set_signing(cli); - status = ntlmssp_client_start(&state->ntlmssp_state); + status = ntlmssp_client_start(state, + global_myname(), + lp_workgroup(), + lp_client_ntlmv2_auth(), + &state->ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { goto fail; } diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index b3c9d5f6e7..3297ec76ca 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -634,7 +634,11 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, if (!es) { return NT_STATUS_NO_MEMORY; } - status = ntlmssp_client_start(&es->s.ntlmssp_state); + status = ntlmssp_client_start(NULL, + global_myname(), + lp_workgroup(), + lp_client_ntlmv2_auth(), + &es->s.ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { goto fail; } diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 8723588467..e2bf4f2247 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -982,8 +982,8 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, "NTLMSSP", NTLMSSP_NEGOTIATE, ntlmssp_state->neg_flags, - ntlmssp_state->get_domain(), - ntlmssp_state->get_global_myname()); + ntlmssp_state->client.netbios_domain, + ntlmssp_state->client.netbios_name); if (DEBUGLEVEL >= 10) { if (NT_STATUS_IS_OK(ntlmssp_pull_NEGOTIATE_MESSAGE(next_request, @@ -1272,7 +1272,7 @@ noccache: nt_response.data, nt_response.length, ntlmssp_state->domain, ntlmssp_state->user, - ntlmssp_state->get_global_myname(), + ntlmssp_state->client.netbios_name, encrypted_session_key.data, encrypted_session_key.length, ntlmssp_state->neg_flags)) { @@ -1310,27 +1310,36 @@ done: return nt_status; } -NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state) +NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx, + const char *netbios_name, + const char *netbios_domain, + bool use_ntlmv2, + struct ntlmssp_state **_ntlmssp_state) { - *ntlmssp_state = TALLOC_ZERO_P(NULL, struct ntlmssp_state); - if (!*ntlmssp_state) { - DEBUG(0,("ntlmssp_client_start: talloc failed!\n")); - talloc_destroy(*ntlmssp_state); - return NT_STATUS_NO_MEMORY; + struct ntlmssp_state *ntlmssp_state; + + if (!netbios_name) { + netbios_name = ""; } - (*ntlmssp_state)->role = NTLMSSP_CLIENT; + if (!netbios_domain) { + netbios_domain = ""; + } - (*ntlmssp_state)->get_global_myname = global_myname; - (*ntlmssp_state)->get_domain = lp_workgroup; + ntlmssp_state = talloc_zero(mem_ctx, struct ntlmssp_state); + if (!ntlmssp_state) { + return NT_STATUS_NO_MEMORY; + } - (*ntlmssp_state)->unicode = True; + ntlmssp_state->role = NTLMSSP_CLIENT; - (*ntlmssp_state)->use_ntlmv2 = lp_client_ntlmv2_auth(); + ntlmssp_state->unicode = True; - (*ntlmssp_state)->expected_state = NTLMSSP_INITIAL; + ntlmssp_state->use_ntlmv2 = use_ntlmv2; - (*ntlmssp_state)->neg_flags = + ntlmssp_state->expected_state = NTLMSSP_INITIAL; + + ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_NTLM | @@ -1338,5 +1347,21 @@ NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state) NTLMSSP_NEGOTIATE_KEY_EXCH | NTLMSSP_REQUEST_TARGET; + ntlmssp_state->client.netbios_name = talloc_strdup(ntlmssp_state, netbios_name); + if (!ntlmssp_state->client.netbios_name) { + talloc_free(ntlmssp_state); + return NT_STATUS_NO_MEMORY; + } + ntlmssp_state->client.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain); + if (!ntlmssp_state->client.netbios_domain) { + talloc_free(ntlmssp_state); + return NT_STATUS_NO_MEMORY; + } + + /* TODO: remove this */ + ntlmssp_state->get_global_myname = global_myname; + ntlmssp_state->get_domain = lp_workgroup; + + *_ntlmssp_state = ntlmssp_state; return NT_STATUS_OK; } diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 2f7db99f20..af1ebd6f41 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -3167,7 +3167,11 @@ static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, goto fail; } - status = ntlmssp_client_start(&result->a_u.ntlmssp_state); + status = ntlmssp_client_start(NULL, + global_myname(), + lp_workgroup(), + lp_client_ntlmv2_auth(), + &result->a_u.ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { goto fail; } diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 487401b662..929c11f5a9 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -645,7 +645,11 @@ static NTSTATUS ntlm_auth_start_ntlmssp_client(struct ntlmssp_state **client_ntl return NT_STATUS_INVALID_PARAMETER; } - status = ntlmssp_client_start(client_ntlmssp_state); + status = ntlmssp_client_start(NULL, + global_myname(), + lp_workgroup(), + lp_client_ntlmv2_auth(), + client_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Could not start NTLMSSP client: %s\n", diff --git a/source3/winbindd/winbindd_ccache_access.c b/source3/winbindd/winbindd_ccache_access.c index f8f57f6add..ff5c8408f4 100644 --- a/source3/winbindd/winbindd_ccache_access.c +++ b/source3/winbindd/winbindd_ccache_access.c @@ -54,7 +54,11 @@ static NTSTATUS do_ntlm_auth_with_hashes(const char *username, struct ntlmssp_state *ntlmssp_state = NULL; DATA_BLOB dummy_msg, reply; - status = ntlmssp_client_start(&ntlmssp_state); + status = ntlmssp_client_start(NULL, + global_myname(), + lp_workgroup(), + lp_client_ntlmv2_auth(), + &ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Could not start NTLMSSP client: %s\n", -- cgit