samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

136 lines

4.3 KiB

C

Raw Normal View History

s3-auth: Move auth_ntlmssp wrappers in their own file Signed-off-by: Andrew Bartlett <abartlet@samba.org> 2010-07-19 13:36:33 -04:00			`/*`
			`NLTMSSP wrappers`

			`Copyright (C) Andrew Tridgell 2001`
s3-auth Add my copyright I have done plenty of work here, I deserve some of the blame :-) Andrew Bartlett 2011-10-18 08:42:25 +11:00			`Copyright (C) Andrew Bartlett 2001-2003,2011`
s3-auth: Move auth_ntlmssp wrappers in their own file Signed-off-by: Andrew Bartlett <abartlet@samba.org> 2010-07-19 13:36:33 -04:00
			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`#include "includes.h"`
ntlmssp: Move ntlmssp code to auth/ntlmssp This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> 2011-07-25 16:04:38 +10:00			`#include "auth/ntlmssp/ntlmssp.h"`
auth: Make more of the ntlmssp code private or static Now that there is only one gensec_ntlmssp server, some of these functions can be static For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> 2012-01-31 21:20:34 +11:00			`#include "auth/ntlmssp/ntlmssp_private.h"`
s3-libsmb Make auth_ntlmssp client more generic As well as renaming, this allows us to start the mech by DCE/RPC auth type or OID. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> 2011-12-27 10:25:55 +11:00			`#include "auth_generic.h"`
s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmssp This allows the current behaviour of the NTLMSSP code to be unchanged while adding a way to hook in an alternate implementation via an auth module. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> 2011-07-27 13:34:34 +10:00			`#include "auth/gensec/gensec.h"`
auth/gensec: introduce gensec_internal.h We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 2013-08-05 07:12:01 +02:00			`#include "auth/gensec/gensec_internal.h"`
s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett 2011-10-18 16:16:02 +11:00			`#include "auth/credentials/credentials.h"`
			`#include "librpc/rpc/dcerpc.h"`
			`#include "lib/param/param.h"`
s3-auth: Move auth_ntlmssp wrappers in their own file Signed-off-by: Andrew Bartlett <abartlet@samba.org> 2010-07-19 13:36:33 -04:00
s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett 2011-10-18 16:16:02 +11:00			`static NTSTATUS gensec_ntlmssp3_client_update(struct gensec_security *gensec_security,`
			`TALLOC_CTX *out_mem_ctx,`
			`struct tevent_context *ev,`
			`const DATA_BLOB request,`
			`DATA_BLOB *reply)`
s3-auth: Move auth_ntlmssp wrappers in their own file Signed-off-by: Andrew Bartlett <abartlet@samba.org> 2010-07-19 13:36:33 -04:00			`{`
s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_update This clarifies the lifetime of the returned token. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> 2011-07-26 17:20:35 +10:00			`NTSTATUS status;`
s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett 2011-10-18 16:16:02 +11:00			`struct gensec_ntlmssp_context *gensec_ntlmssp =`
			`talloc_get_type_abort(gensec_security->private_data,`
			`struct gensec_ntlmssp_context);`

			`status = ntlmssp_update(gensec_ntlmssp->ntlmssp_state, request, reply);`
			`if (NT_STATUS_IS_OK(status) \|\|`
			`NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {`
			`talloc_steal(out_mem_ctx, reply->data);`
s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmssp This allows the current behaviour of the NTLMSSP code to be unchanged while adding a way to hook in an alternate implementation via an auth module. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> 2011-07-27 13:34:34 +10:00			`}`
s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett 2011-10-18 16:16:02 +11:00
s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_update This clarifies the lifetime of the returned token. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> 2011-07-26 17:20:35 +10:00			`return status;`
s3-auth: Move auth_ntlmssp wrappers in their own file Signed-off-by: Andrew Bartlett <abartlet@samba.org> 2010-07-19 13:36:33 -04:00			`}`

s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett 2011-10-18 16:16:02 +11:00			`static NTSTATUS gensec_ntlmssp3_client_start(struct gensec_security *gensec_security)`
			`{`
			`NTSTATUS nt_status;`
			`struct gensec_ntlmssp_context *gensec_ntlmssp;`
			`const char user, domain;`
			`const char *password;`

			`nt_status = gensec_ntlmssp_start(gensec_security);`
			`NT_STATUS_NOT_OK_RETURN(nt_status);`

			`gensec_ntlmssp =`
			`talloc_get_type_abort(gensec_security->private_data,`
			`struct gensec_ntlmssp_context);`

			`nt_status = ntlmssp_client_start(gensec_ntlmssp,`
			`lp_netbios_name(), lp_workgroup(),`
			`lp_client_ntlmv2_auth(), &gensec_ntlmssp->ntlmssp_state);`
			`if (!NT_STATUS_IS_OK(nt_status)) {`
			`return nt_status;`
			`}`

			`cli_credentials_get_ntlm_username_domain(gensec_security->credentials, gensec_ntlmssp, &user, &domain);`
			`if (!user \|\| !domain) {`
			`return NT_STATUS_NO_MEMORY;`
			`}`

			`nt_status = ntlmssp_set_username(gensec_ntlmssp->ntlmssp_state, user);`
			`if (!NT_STATUS_IS_OK(nt_status)) {`
			`return nt_status;`
			`}`

			`nt_status = ntlmssp_set_domain(gensec_ntlmssp->ntlmssp_state, domain);`
			`if (!NT_STATUS_IS_OK(nt_status)) {`
			`return nt_status;`
			`}`

			`password = cli_credentials_get_password(gensec_security->credentials);`
			`if (!password) {`
			`return NT_STATUS_NO_MEMORY;`
			`}`

			`nt_status = ntlmssp_set_password(gensec_ntlmssp->ntlmssp_state, password);`
			`if (!NT_STATUS_IS_OK(nt_status)) {`
			`return nt_status;`
			`}`

auth/ntlmssp: Remove gensec_security element from gensec_ntlmssp_state This just means there is one less pointer to ensure we initialise. Andrew Bartlett 2012-03-09 14:28:46 +11:00			`if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {`
s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett 2011-10-18 16:16:02 +11:00			`gensec_ntlmssp->ntlmssp_state->neg_flags \|= NTLMSSP_NEGOTIATE_SIGN;`
			`}`
auth/ntlmssp: Remove gensec_security element from gensec_ntlmssp_state This just means there is one less pointer to ensure we initialise. Andrew Bartlett 2012-03-09 14:28:46 +11:00			`if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {`
s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett 2011-10-18 16:16:02 +11:00			`gensec_ntlmssp->ntlmssp_state->neg_flags \|= NTLMSSP_NEGOTIATE_SIGN;`
			`}`
auth/ntlmssp: Remove gensec_security element from gensec_ntlmssp_state This just means there is one less pointer to ensure we initialise. Andrew Bartlett 2012-03-09 14:28:46 +11:00			`if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {`
s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett 2011-10-18 16:16:02 +11:00			`gensec_ntlmssp->ntlmssp_state->neg_flags \|= NTLMSSP_NEGOTIATE_SIGN;`
			`gensec_ntlmssp->ntlmssp_state->neg_flags \|= NTLMSSP_NEGOTIATE_SEAL;`
			`}`

			`return NT_STATUS_OK;`
			`}`

			`static const char *gensec_ntlmssp3_client_oids[] = {`
			`GENSEC_OID_NTLMSSP,`
			`NULL`
			`};`

s3-libsmb: split out auth_generic client functions into auth_generic.c Signed-off-by: Stefan Metzmacher <metze@samba.org> 2012-01-05 17:15:14 +01:00			`const struct gensec_security_ops gensec_ntlmssp3_client_ops = {`
s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett 2011-10-18 16:16:02 +11:00			`.name = "ntlmssp3_client",`
			`.sasl_name = GENSEC_SASL_NAME_NTLMSSP, /* "NTLM" */`
			`.auth_type = DCERPC_AUTH_TYPE_NTLMSSP,`
			`.oid = gensec_ntlmssp3_client_oids,`
			`.client_start = gensec_ntlmssp3_client_start,`
			`.magic = gensec_ntlmssp_magic,`
			`.update = gensec_ntlmssp3_client_update,`
			`.sig_size = gensec_ntlmssp_sig_size,`
			`.sign_packet = gensec_ntlmssp_sign_packet,`
			`.check_packet = gensec_ntlmssp_check_packet,`
			`.seal_packet = gensec_ntlmssp_seal_packet,`
			`.unseal_packet = gensec_ntlmssp_unseal_packet,`
			`.wrap = gensec_ntlmssp_wrap,`
			`.unwrap = gensec_ntlmssp_unwrap,`
			`.session_key = gensec_ntlmssp_session_key,`
			`.have_feature = gensec_ntlmssp_have_feature,`
			`.enabled = true,`
			`.priority = GENSEC_NTLMSSP`
			`};`

136 lines 4.3 KiB C Raw Normal View History Unescape Escape

136 lines

4.3 KiB

C

Raw Normal View History