From a647df4607cb6d916cd689f92cd27995ca0f9ab4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 30 Jan 2012 11:17:44 +1100 Subject: auth: Make check_password and generate_session_info hook generic gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett --- source4/auth/auth.h | 8 ++++++- source4/auth/ntlm/auth.c | 39 ++++++++++++++++++++++++++++++++--- source4/auth/ntlmssp/ntlmssp_server.c | 25 +++++++--------------- 3 files changed, 51 insertions(+), 21 deletions(-) (limited to 'source4/auth') diff --git a/source4/auth/auth.h b/source4/auth/auth.h index a7fc413ecc..1b22701499 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -152,9 +152,15 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, struct auth4_context **auth_ctx); +NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx, + TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info, + void **server_returned_info, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key); + NTSTATUS auth_check_password(struct auth4_context *auth_ctx, TALLOC_CTX *mem_ctx, - const struct auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, struct auth_user_info_dc **user_info_dc); NTSTATUS auth4_init(void); NTSTATUS auth_register(const struct auth_operations *ops); diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c index 95bdd84837..a654fab096 100644 --- a/source4/auth/ntlm/auth.c +++ b/source4/auth/ntlm/auth.c @@ -35,7 +35,7 @@ static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context, - struct auth_user_info_dc *user_info_dc, + void *server_returned_info, uint32_t session_info_flags, struct auth_session_info **session_info); @@ -208,6 +208,38 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth4_context *auth_ctx, return status; } +_PUBLIC_ NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx, + TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info, + void **server_returned_info, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) +{ + struct auth_user_info_dc *user_info_dc; + NTSTATUS status = auth_check_password(auth_ctx, mem_ctx, user_info, &user_info_dc); + + if (NT_STATUS_IS_OK(status)) { + *server_returned_info = user_info_dc; + + if (user_session_key) { + DEBUG(10, ("Got NT session key of length %u\n", + (unsigned)user_info_dc->user_session_key.length)); + *user_session_key = user_info_dc->user_session_key; + talloc_steal(mem_ctx, user_session_key->data); + user_info_dc->user_session_key = data_blob_null; + } + + if (lm_session_key) { + DEBUG(10, ("Got LM session key of length %u\n", + (unsigned)user_info_dc->lm_session_key.length)); + *lm_session_key = user_info_dc->lm_session_key; + talloc_steal(mem_ctx, lm_session_key->data); + user_info_dc->lm_session_key = data_blob_null; + } + } + + return status; +} + struct auth_check_password_state { struct auth4_context *auth_ctx; const struct auth_usersupplied_info *user_info; @@ -433,10 +465,11 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req, * generation of unix tokens via IRPC */ static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context, - struct auth_user_info_dc *user_info_dc, + void *server_returned_info, uint32_t session_info_flags, struct auth_session_info **session_info) { + struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(server_returned_info, struct auth_user_info_dc); NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx, auth_context->sam_ctx, user_info_dc, session_info_flags, session_info); @@ -562,7 +595,7 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char ** DLIST_ADD_END(ctx->methods, method, struct auth_method_context *); } - ctx->check_password = auth_check_password; + ctx->check_password = auth_check_password_wrapper; ctx->get_challenge = auth_get_challenge; ctx->set_challenge = auth_context_set_challenge; ctx->challenge_may_be_modified = auth_challenge_may_be_modified; diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index dcd6123499..1a876e319f 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -189,25 +189,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, nt_status = auth_context->check_password(auth_context, gensec_ntlmssp, user_info, - &gensec_ntlmssp->user_info_dc); + &gensec_ntlmssp->server_returned_info, + user_session_key, lm_session_key); } talloc_free(user_info); NT_STATUS_NOT_OK_RETURN(nt_status); - if (gensec_ntlmssp->user_info_dc->user_session_key.length) { - DEBUG(10, ("Got NT session key of length %u\n", - (unsigned)gensec_ntlmssp->user_info_dc->user_session_key.length)); - *user_session_key = gensec_ntlmssp->user_info_dc->user_session_key; - talloc_steal(mem_ctx, user_session_key->data); - gensec_ntlmssp->user_info_dc->user_session_key = data_blob_null; - } - if (gensec_ntlmssp->user_info_dc->lm_session_key.length) { - DEBUG(10, ("Got LM session key of length %u\n", - (unsigned)gensec_ntlmssp->user_info_dc->lm_session_key.length)); - *lm_session_key = gensec_ntlmssp->user_info_dc->lm_session_key; - talloc_steal(mem_ctx, lm_session_key->data); - gensec_ntlmssp->user_info_dc->lm_session_key = data_blob_null; - } + talloc_steal(mem_ctx, user_session_key->data); + talloc_steal(mem_ctx, lm_session_key->data); + return nt_status; } @@ -229,10 +219,11 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security, struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); - + struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(gensec_ntlmssp->server_returned_info, + struct auth_user_info_dc); nt_status = gensec_generate_session_info(mem_ctx, gensec_security, - gensec_ntlmssp->user_info_dc, + user_info_dc, session_info); NT_STATUS_NOT_OK_RETURN(nt_status); -- cgit