sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-28 01:58:17 +03:00
Code

s3-auth: Use the gensec-supplied DNS domain name and hostname.

Browse Source 
Also have a reasonable fallback for when it is not set.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett 2012-01-31 16:17:48 +11:00 committed by Stefan Metzmacher
parent 55c630404a
commit 3767fd4255
2 changed files with 76 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
source3/auth/auth_generic.c
View File

@ -183,6 +183,8 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx;
size_t idx = 0;
struct cli_credentials *server_credentials;
const char *dns_name;
const char *dns_domain;
struct auth4_context *auth4_context = talloc_zero(tmp_ctx, struct auth4_context);
if (auth4_context == NULL) {
DEBUG(10, ("failed to allocate auth4_context failed\n"));
@ -211,6 +213,36 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
/*
* This should be a 'netbios domain -> DNS domain'
* mapping, and can currently validly return NULL on
* poorly configured systems.
*
* This is used for the NTLMSSP server
*
*/
dns_name = get_mydnsfullname();
if (dns_name == NULL) {
dns_name = "";
}
dns_domain = get_mydnsdomname(tmp_ctx);
if (dns_domain == NULL) {
dns_domain = "";
}
gensec_settings->server_dns_name = strlower_talloc(gensec_settings, dns_name);
if (gensec_settings->server_dns_name == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
gensec_settings->server_dns_domain = strlower_talloc(gensec_settings, dns_domain);
if (gensec_settings->server_dns_domain == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
gensec_settings->backends = talloc_zero_array(gensec_settings,
struct gensec_security_ops *, 4);
if (gensec_settings->backends == NULL) {

72
source3/auth/auth_ntlmssp.c
View File

@ -205,17 +205,12 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_security)
{
NTSTATUS nt_status;
const char *dns_name;
char *dns_domain;
struct gensec_ntlmssp_context *gensec_ntlmssp;
struct ntlmssp_state *ntlmssp_state;
/* This should be a 'netbios domain -> DNS domain' mapping */
dns_domain = get_mydnsdomname(talloc_tos());
if (dns_domain) {
strlower_m(dns_domain);
}
dns_name = get_mydnsfullname();
const char *netbios_name;
const char *netbios_domain;
const char *dns_name;
const char *dns_domain;
nt_status = gensec_ntlmssp_start(gensec_security);
NT_STATUS_NOT_OK_RETURN(nt_status);
@ -224,14 +219,6 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
if (!dns_domain) {
dns_domain = "";
}
if (!dns_name) {
dns_name = "";
}
ntlmssp_state = talloc_zero(gensec_ntlmssp, struct ntlmssp_state);
if (!ntlmssp_state) {
return NT_STATUS_NO_MEMORY;
@ -251,15 +238,6 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
ntlmssp_state->allow_lm_key = true;
}
ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
if (!ntlmssp_state->server.dns_name) {
return NT_STATUS_NO_MEMORY;
}
ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain);
if (!ntlmssp_state->server.dns_domain) {
return NT_STATUS_NO_MEMORY;
}
ntlmssp_state->neg_flags =
NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION;
@ -305,9 +283,47 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu
ntlmssp_state->server.is_standalone = false;
}
ntlmssp_state->server.netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx);
netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx);
netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
ntlmssp_state->server.netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
if (gensec_security->settings->server_dns_name) {
dns_name = gensec_security->settings->server_dns_name;
} else {
const char *dnsdomain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
char *lower_netbiosname;
lower_netbiosname = strlower_talloc(ntlmssp_state, netbios_name);
NT_STATUS_HAVE_NO_MEMORY(lower_netbiosname);
/* Find out the DNS host name */
if (dnsdomain && dnsdomain[0] != '\0') {
dns_name = talloc_asprintf(ntlmssp_state, "%s.%s",
lower_netbiosname,
dnsdomain);
talloc_free(lower_netbiosname);
NT_STATUS_HAVE_NO_MEMORY(dns_name);
} else {
dns_name = lower_netbiosname;
}
}
if (gensec_security->settings->server_dns_domain) {
dns_domain = gensec_security->settings->server_dns_domain;
} else {
dns_domain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
}
ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name);
NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_name);
ntlmssp_state->server.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain);
NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_domain);
ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name);
ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain);
NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain);
return NT_STATUS_OK;
}