From 9c5b26f8647bd31dec9864d8c42959f81e686619 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 31 Jan 2012 14:39:34 +1100 Subject: s3-auth: Use common gensec_ntlmssp server functions for more of gensec_ntlmssp3_server This is possible because we now supply the auth4_context abstraction that this code is looking for. Andrew Bartlett Signed-off-by: Stefan Metzmacher --- auth/ntlmssp/gensec_ntlmssp_server.c | 23 ++++++++++++++++------- auth/ntlmssp/ntlmssp_private.h | 31 +++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 7 deletions(-) (limited to 'auth/ntlmssp') diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c index f37f2e716e..841e6a67f0 100644 --- a/auth/ntlmssp/gensec_ntlmssp_server.c +++ b/auth/ntlmssp/gensec_ntlmssp_server.c @@ -81,8 +81,8 @@ NTSTATUS gensec_ntlmssp_server_auth(struct gensec_security *gensec_security, * @return an 8 byte random challenge */ -static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state, - uint8_t chal[8]) +NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state, + uint8_t chal[8]) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(ntlmssp_state->callback_private, @@ -107,7 +107,7 @@ static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_s * * @return If the effective challenge used by the auth subsystem may be modified */ -static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state) +bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(ntlmssp_state->callback_private, @@ -124,7 +124,7 @@ static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_s * NTLM2 authentication modifies the effective challenge, * @param challenge The new challenge value */ -static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge) +NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(ntlmssp_state->callback_private, @@ -153,9 +153,9 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, * Return the session keys used on the connection. */ -static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, - TALLOC_CTX *mem_ctx, - DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) +NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, + TALLOC_CTX *mem_ctx, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(ntlmssp_state->callback_private, @@ -191,6 +191,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, user_session_key, lm_session_key); } talloc_free(user_info); + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(5,("%s: Checking NTLMSSP password for %s\\%s failed: %s\n", + __location__, + user_info->client.domain_name, + user_info->client.account_name, + nt_errstr(nt_status))); + } + NT_STATUS_NOT_OK_RETURN(nt_status); talloc_steal(mem_ctx, user_session_key->data); diff --git a/auth/ntlmssp/ntlmssp_private.h b/auth/ntlmssp/ntlmssp_private.h index 431626c34d..e7fa3d5539 100644 --- a/auth/ntlmssp/ntlmssp_private.h +++ b/auth/ntlmssp/ntlmssp_private.h @@ -134,3 +134,34 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security, * */ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security); + +/** + * Return the challenge as determined by the authentication subsystem + * @return an 8 byte random challenge + */ + +NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state, + uint8_t chal[8]); + +/** + * Some authentication methods 'fix' the challenge, so we may not be able to set it + * + * @return If the effective challenge used by the auth subsystem may be modified + */ +bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state); + +/** + * NTLM2 authentication modifies the effective challenge, + * @param challenge The new challenge value + */ +NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge); + +/** + * Check the password on an NTLMSSP login. + * + * Return the session keys used on the connection. + */ + +NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, + TALLOC_CTX *mem_ctx, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key); -- cgit