sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

auth: let auth4_context->check_ntlm_password() return pauthoritative

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2017-03-17 11:52:51 +01:00
parent d568ebbcf9
commit 541d687347
7 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
auth/common_auth.h
View File

@ -110,6 +110,7 @@ struct auth4_context {
NTSTATUS (*check_ntlm_password)(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
uint8_t *pauthoritative,
void **server_returned_info,
DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);

3
auth/ntlmssp/ntlmssp_server.c
View File

@ -726,9 +726,12 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec
user_info->password.response.nt.data = talloc_steal(user_info, ntlmssp_state->nt_resp.data);
if (auth_context->check_ntlm_password) {
uint8_t authoritative = 0;
nt_status = auth_context->check_ntlm_password(auth_context,
gensec_ntlmssp,
user_info,
&authoritative,
&gensec_ntlmssp->server_returned_info,
user_session_key, lm_session_key);
}

2
source3/auth/auth_generic.c
View File

@ -389,10 +389,12 @@ NTSTATUS auth_check_password_session_info(struct auth4_context *auth_context,
{
NTSTATUS nt_status;
void *server_info;
uint8_t authoritative = 0;
nt_status = auth_context->check_ntlm_password(auth_context,
talloc_tos(),
user_info,
&authoritative,
&server_info, NULL, NULL);
if (NT_STATUS_IS_OK(nt_status)) {

12
source3/auth/auth_ntlmssp.c
View File

@ -136,6 +136,7 @@ NTSTATUS auth3_set_challenge(struct auth4_context *auth4_context, const uint8_t
NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
uint8_t *pauthoritative,
void **server_returned_info,
DATA_BLOB *session_key, DATA_BLOB *lm_session_key)
{
@ -145,7 +146,11 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
struct auth_serversupplied_info *server_info;
NTSTATUS nt_status;
bool username_was_mapped;
uint8_t authoritative = 0;
/*
* Be authoritative by default.
*/
*pauthoritative = 1;
/* The client has given us its machine name (which we only get over NBT transport).
We need to possibly reload smb.conf if smb.conf includes depend on the machine name. */
@ -181,7 +186,7 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
auth_context,
mapped_user_info,
&server_info,
&authoritative);
pauthoritative);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: "
@ -189,7 +194,7 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
user_info->client.domain_name,
user_info->client.account_name,
nt_errstr(nt_status),
authoritative));
*pauthoritative));
}
username_was_mapped = mapped_user_info->was_mapped;
@ -203,6 +208,7 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
user_info->client.domain_name,
&server_info);
if (NT_STATUS_IS_OK(nt_status)) {
*pauthoritative = 1;
*server_returned_info = talloc_steal(mem_ctx, server_info);
}
return nt_status;

1
source3/auth/proto.h
View File

@ -132,6 +132,7 @@ NTSTATUS auth3_set_challenge(struct auth4_context *auth4_context, const uint8_t
NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
uint8_t *pauthoritative,
void **server_returned_info,
DATA_BLOB *session_key, DATA_BLOB *lm_session_key);

9
source3/utils/ntlm_auth.c
View File

@ -947,6 +947,7 @@ static NTSTATUS ntlm_auth_set_challenge(struct auth4_context *auth_ctx, const ui
static NTSTATUS winbind_pw_check(struct auth4_context *auth4_context,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
uint8_t *pauthoritative,
void **server_returned_info,
DATA_BLOB *session_key, DATA_BLOB *lm_session_key)
{
@ -955,7 +956,6 @@ static NTSTATUS winbind_pw_check(struct auth4_context *auth4_context,
uint8_t lm_key[8];
uint8_t user_sess_key[16];
char *unix_name = NULL;
uint8_t authoritative = 0;
nt_status = contact_winbind_auth_crap(user_info->client.account_name, user_info->client.domain_name,
user_info->workstation_name,
@ -965,7 +965,7 @@ static NTSTATUS winbind_pw_check(struct auth4_context *auth4_context,
WBFLAG_PAM_LMKEY | WBFLAG_PAM_USER_SESSION_KEY | WBFLAG_PAM_UNIX_NAME,
0,
lm_key, user_sess_key,
&authoritative,
pauthoritative,
&error_string, &unix_name);
if (NT_STATUS_IS_OK(nt_status)) {
@ -995,7 +995,8 @@ static NTSTATUS winbind_pw_check(struct auth4_context *auth4_context,
static NTSTATUS local_pw_check(struct auth4_context *auth4_context,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
const struct auth_usersupplied_info *user_info,
uint8_t *pauthoritative,
void **server_returned_info,
DATA_BLOB *session_key, DATA_BLOB *lm_session_key)
{
@ -1004,6 +1005,8 @@ static NTSTATUS local_pw_check(struct auth4_context *auth4_context,
nt_lm_owf_gen (opt_password, nt_pw.hash, lm_pw.hash);
*pauthoritative = 1;
nt_status = ntlm_password_check(mem_ctx,
true, true, 0,
&auth4_context->challenge.data,

4
source4/auth/ntlm/auth.c
View File

@ -189,15 +189,15 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
static NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
uint8_t *pauthoritative,
void **server_returned_info,
DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
{
struct auth_user_info_dc *user_info_dc;
NTSTATUS status;
uint8_t authoritative = 0;
status = auth_check_password(auth_ctx, mem_ctx, user_info,
&user_info_dc, &authoritative);
&user_info_dc, pauthoritative);
if (!NT_STATUS_IS_OK(status)) {
return status;
}