From 55c630404a999180e3bd9dd697d526fc3e21cd3b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 31 Jan 2012 16:17:04 +1100 Subject: auth: Provide a way to specify the NTLMSSP server name to GENSEC This avoids us needing to assume lp_netbios_name().lp_dnsdomain() if the caller knows better. This will allow preservation of current s3 behaviour. Andrew Bartlett Signed-off-by: Stefan Metzmacher --- auth/gensec/gensec.h | 4 +++ auth/ntlmssp/gensec_ntlmssp_server.c | 53 ++++++++++++++++++++++++------------ 2 files changed, 40 insertions(+), 17 deletions(-) (limited to 'auth') diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h index c52eecb8d0..aba1018a92 100644 --- a/auth/gensec/gensec.h +++ b/auth/gensec/gensec.h @@ -83,6 +83,10 @@ struct gensec_settings { * should be used, rather than those loaded by the plugin * mechanism */ struct gensec_security_ops **backends; + + /* To fill in our own name in the NTLMSSP server */ + const char *server_dns_domain; + const char *server_dns_name; }; struct gensec_security_ops { diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c index 1f1f5b3f7b..de86dd509e 100644 --- a/auth/ntlmssp/gensec_ntlmssp_server.c +++ b/auth/ntlmssp/gensec_ntlmssp_server.c @@ -266,6 +266,10 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) NTSTATUS nt_status; struct ntlmssp_state *ntlmssp_state; struct gensec_ntlmssp_context *gensec_ntlmssp; + const char *netbios_name; + const char *netbios_domain; + const char *dns_name; + const char *dns_domain; nt_status = gensec_ntlmssp_start(gensec_security); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -339,33 +343,48 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) ntlmssp_state->server.is_standalone = false; } - ntlmssp_state->server.netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx); + netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx); + netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx); - ntlmssp_state->server.netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx); - - { + if (gensec_security->settings->server_dns_name) { + dns_name = gensec_security->settings->server_dns_name; + } else { const char *dnsdomain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx); - char *dnsname, *lower_netbiosname; - lower_netbiosname = strlower_talloc(ntlmssp_state, ntlmssp_state->server.netbios_name); + char *lower_netbiosname; + + lower_netbiosname = strlower_talloc(ntlmssp_state, netbios_name); + NT_STATUS_HAVE_NO_MEMORY(lower_netbiosname); /* Find out the DNS host name */ if (dnsdomain && dnsdomain[0] != '\0') { - dnsname = talloc_asprintf(ntlmssp_state, "%s.%s", - lower_netbiosname, - dnsdomain); + dns_name = talloc_asprintf(ntlmssp_state, "%s.%s", + lower_netbiosname, + dnsdomain); talloc_free(lower_netbiosname); - ntlmssp_state->server.dns_name = dnsname; + NT_STATUS_HAVE_NO_MEMORY(dns_name); } else { - ntlmssp_state->server.dns_name = lower_netbiosname; + dns_name = lower_netbiosname; } + } - NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name); - - ntlmssp_state->server.dns_domain - = talloc_strdup(ntlmssp_state, - lpcfg_dnsdomain(gensec_security->settings->lp_ctx)); - NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain); + if (gensec_security->settings->server_dns_domain) { + dns_domain = gensec_security->settings->server_dns_domain; + } else { + dns_domain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx); } + ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_name); + + ntlmssp_state->server.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_domain); + + ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name); + + ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain); + NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain); + return NT_STATUS_OK; } + -- cgit