sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

auth: Make check_password and generate_session_info hook generic

Browse Source 
gensec_ntlmssp does not need to know the internal form of the
struct user_info_dc or auth_serversupplied_info.  This will allow the
calling logic to be put in common.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2012-01-30 11:17:44 +11:00
parent 7c6713e78f
commit a647df4607
6 changed files with 74 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
auth/common_auth.h
View File

@ -108,7 +108,8 @@ struct auth4_context {
NTSTATUS (*check_password)(struct auth4_context *auth_ctx, NTSTATUS (*check_password)(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info, const struct auth_usersupplied_info *user_info,
struct auth_user_info_dc **user_info_dc); void **server_returned_info,
DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
NTSTATUS (*get_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]); NTSTATUS (*get_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]);
@ -118,7 +119,7 @@ struct auth4_context {
NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx, NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context, struct auth4_context *auth_context,
struct auth_user_info_dc *user_info_dc, void *server_returned_info,
uint32_t session_info_flags, uint32_t session_info_flags,
struct auth_session_info **session_info); struct auth_session_info **session_info);

5
auth/ntlmssp/ntlmssp.h
View File

@ -34,13 +34,10 @@ struct ntlmssp_state;
struct gensec_ntlmssp_context { struct gensec_ntlmssp_context {
/* used only by s3 server implementation */ /* used only by s3 server implementation */
struct auth_context *auth_context; struct auth_context *auth_context;
struct auth_serversupplied_info *server_info;
/* Used by the s4 server implementation */
struct auth_user_info_dc *user_info_dc;
/* For GENSEC users */ /* For GENSEC users */
struct gensec_security *gensec_security; struct gensec_security *gensec_security;
void *server_returned_info;
/* used by both client and server implementation */ /* used by both client and server implementation */
struct ntlmssp_state *ntlmssp_state; struct ntlmssp_state *ntlmssp_state;

33
source3/auth/auth_ntlmssp.c
View File

@ -37,10 +37,12 @@ static NTSTATUS gensec_ntlmssp3_server_session_info(struct gensec_security *gens
struct gensec_ntlmssp_context *gensec_ntlmssp = struct gensec_ntlmssp_context *gensec_ntlmssp =
talloc_get_type_abort(gensec_security->private_data, talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context); struct gensec_ntlmssp_context);
struct auth_serversupplied_info *server_info = talloc_get_type_abort(gensec_ntlmssp->server_returned_info,
struct auth_serversupplied_info);
NTSTATUS nt_status; NTSTATUS nt_status;
nt_status = create_local_token(mem_ctx, nt_status = create_local_token(mem_ctx,
gensec_ntlmssp->server_info, server_info,
&gensec_ntlmssp->ntlmssp_state->session_key, &gensec_ntlmssp->ntlmssp_state->session_key,
gensec_ntlmssp->ntlmssp_state->user, gensec_ntlmssp->ntlmssp_state->user,
session_info); session_info);
@ -137,6 +139,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
struct gensec_ntlmssp_context *gensec_ntlmssp = struct gensec_ntlmssp_context *gensec_ntlmssp =
(struct gensec_ntlmssp_context *)ntlmssp_state->callback_private; (struct gensec_ntlmssp_context *)ntlmssp_state->callback_private;
struct auth_usersupplied_info *user_info = NULL; struct auth_usersupplied_info *user_info = NULL;
struct auth_serversupplied_info *server_info;
NTSTATUS nt_status; NTSTATUS nt_status;
bool username_was_mapped; bool username_was_mapped;
@ -168,7 +171,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT; user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
nt_status = gensec_ntlmssp->auth_context->check_ntlm_password(gensec_ntlmssp->auth_context, nt_status = gensec_ntlmssp->auth_context->check_ntlm_password(gensec_ntlmssp->auth_context,
user_info, &gensec_ntlmssp->server_info); user_info, &server_info);
username_was_mapped = user_info->was_mapped; username_was_mapped = user_info->was_mapped;
@ -176,9 +179,10 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
if (!NT_STATUS_IS_OK(nt_status)) { if (!NT_STATUS_IS_OK(nt_status)) {
nt_status = do_map_to_guest_server_info(nt_status, nt_status = do_map_to_guest_server_info(nt_status,
&gensec_ntlmssp->server_info, &server_info,
gensec_ntlmssp->ntlmssp_state->user, gensec_ntlmssp->ntlmssp_state->user,
gensec_ntlmssp->ntlmssp_state->domain); gensec_ntlmssp->ntlmssp_state->domain);
gensec_ntlmssp->server_returned_info = server_info;
return nt_status; return nt_status;
} }
@ -186,26 +190,27 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
return nt_status; return nt_status;
} }
gensec_ntlmssp->server_info->nss_token |= username_was_mapped; server_info->nss_token |= username_was_mapped;
/* Clear out the session keys, and pass them to the caller. /* Clear out the session keys, and pass them to the caller.
* They will not be used in this form again - instead the * They will not be used in this form again - instead the
* NTLMSSP code will decide on the final correct session key, * NTLMSSP code will decide on the final correct session key,
* and supply it to create_local_token() */ * and supply it to create_local_token() */
if (gensec_ntlmssp->server_info->session_key.length) { if (server_info->session_key.length) {
DEBUG(10, ("Got NT session key of length %u\n", DEBUG(10, ("Got NT session key of length %u\n",
(unsigned int)gensec_ntlmssp->server_info->session_key.length)); (unsigned int)server_info->session_key.length));
*session_key = gensec_ntlmssp->server_info->session_key; *session_key = server_info->session_key;
talloc_steal(mem_ctx, gensec_ntlmssp->server_info->session_key.data); talloc_steal(mem_ctx, server_info->session_key.data);
gensec_ntlmssp->server_info->session_key = data_blob_null; server_info->session_key = data_blob_null;
} }
if (gensec_ntlmssp->server_info->lm_session_key.length) { if (server_info->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n", DEBUG(10, ("Got LM session key of length %u\n",
(unsigned int)gensec_ntlmssp->server_info->lm_session_key.length)); (unsigned int)server_info->lm_session_key.length));
*lm_session_key = gensec_ntlmssp->server_info->lm_session_key; *lm_session_key = server_info->lm_session_key;
talloc_steal(mem_ctx, gensec_ntlmssp->server_info->lm_session_key.data); talloc_steal(mem_ctx, server_info->lm_session_key.data);
gensec_ntlmssp->server_info->lm_session_key = data_blob_null; server_info->lm_session_key = data_blob_null;
} }
gensec_ntlmssp->server_returned_info = server_info;
return nt_status; return nt_status;
} }

8
source4/auth/auth.h
View File

@ -152,9 +152,15 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx, struct loadparm_context *lp_ctx,
struct auth4_context **auth_ctx); struct auth4_context **auth_ctx);
NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
void **server_returned_info,
DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key);
NTSTATUS auth_check_password(struct auth4_context *auth_ctx, NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info, const struct auth_usersupplied_info *user_info,
struct auth_user_info_dc **user_info_dc); struct auth_user_info_dc **user_info_dc);
NTSTATUS auth4_init(void); NTSTATUS auth4_init(void);
NTSTATUS auth_register(const struct auth_operations *ops); NTSTATUS auth_register(const struct auth_operations *ops);

39
source4/auth/ntlm/auth.c
View File

@ -35,7 +35,7 @@
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx, static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context, struct auth4_context *auth_context,
struct auth_user_info_dc *user_info_dc, void *server_returned_info,
uint32_t session_info_flags, uint32_t session_info_flags,
struct auth_session_info **session_info); struct auth_session_info **session_info);
@ -208,6 +208,38 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
return status; return status;
} }
_PUBLIC_ NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
void **server_returned_info,
DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
{
struct auth_user_info_dc *user_info_dc;
NTSTATUS status = auth_check_password(auth_ctx, mem_ctx, user_info, &user_info_dc);
if (NT_STATUS_IS_OK(status)) {
*server_returned_info = user_info_dc;
if (user_session_key) {
DEBUG(10, ("Got NT session key of length %u\n",
(unsigned)user_info_dc->user_session_key.length));
*user_session_key = user_info_dc->user_session_key;
talloc_steal(mem_ctx, user_session_key->data);
user_info_dc->user_session_key = data_blob_null;
}
if (lm_session_key) {
DEBUG(10, ("Got LM session key of length %u\n",
(unsigned)user_info_dc->lm_session_key.length));
*lm_session_key = user_info_dc->lm_session_key;
talloc_steal(mem_ctx, lm_session_key->data);
user_info_dc->lm_session_key = data_blob_null;
}
}
return status;
}
struct auth_check_password_state { struct auth_check_password_state {
struct auth4_context *auth_ctx; struct auth4_context *auth_ctx;
const struct auth_usersupplied_info *user_info; const struct auth_usersupplied_info *user_info;
@ -433,10 +465,11 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
* generation of unix tokens via IRPC */ * generation of unix tokens via IRPC */
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx, static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context, struct auth4_context *auth_context,
struct auth_user_info_dc *user_info_dc, void *server_returned_info,
uint32_t session_info_flags, uint32_t session_info_flags,
struct auth_session_info **session_info) struct auth_session_info **session_info)
{ {
struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(server_returned_info, struct auth_user_info_dc);
NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx, NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
auth_context->sam_ctx, user_info_dc, auth_context->sam_ctx, user_info_dc,
session_info_flags, session_info); session_info_flags, session_info);
@ -562,7 +595,7 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **
DLIST_ADD_END(ctx->methods, method, struct auth_method_context *); DLIST_ADD_END(ctx->methods, method, struct auth_method_context *);
} }
ctx->check_password = auth_check_password; ctx->check_password = auth_check_password_wrapper;
ctx->get_challenge = auth_get_challenge; ctx->get_challenge = auth_get_challenge;
ctx->set_challenge = auth_context_set_challenge; ctx->set_challenge = auth_context_set_challenge;
ctx->challenge_may_be_modified = auth_challenge_may_be_modified; ctx->challenge_may_be_modified = auth_challenge_may_be_modified;

25
source4/auth/ntlmssp/ntlmssp_server.c
View File

@ -189,25 +189,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
nt_status = auth_context->check_password(auth_context, nt_status = auth_context->check_password(auth_context,
gensec_ntlmssp, gensec_ntlmssp,
user_info, user_info,
&gensec_ntlmssp->user_info_dc); &gensec_ntlmssp->server_returned_info,
user_session_key, lm_session_key);
} }
talloc_free(user_info); talloc_free(user_info);
NT_STATUS_NOT_OK_RETURN(nt_status); NT_STATUS_NOT_OK_RETURN(nt_status);
if (gensec_ntlmssp->user_info_dc->user_session_key.length) { talloc_steal(mem_ctx, user_session_key->data);
DEBUG(10, ("Got NT session key of length %u\n", talloc_steal(mem_ctx, lm_session_key->data);
(unsigned)gensec_ntlmssp->user_info_dc->user_session_key.length));
*user_session_key = gensec_ntlmssp->user_info_dc->user_session_key;
talloc_steal(mem_ctx, user_session_key->data);
gensec_ntlmssp->user_info_dc->user_session_key = data_blob_null;
}
if (gensec_ntlmssp->user_info_dc->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n",
(unsigned)gensec_ntlmssp->user_info_dc->lm_session_key.length));
*lm_session_key = gensec_ntlmssp->user_info_dc->lm_session_key;
talloc_steal(mem_ctx, lm_session_key->data);
gensec_ntlmssp->user_info_dc->lm_session_key = data_blob_null;
}
return nt_status; return nt_status;
} }
@ -229,10 +219,11 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
struct gensec_ntlmssp_context *gensec_ntlmssp = struct gensec_ntlmssp_context *gensec_ntlmssp =
talloc_get_type_abort(gensec_security->private_data, talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context); struct gensec_ntlmssp_context);
struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(gensec_ntlmssp->server_returned_info,
struct auth_user_info_dc);
nt_status = gensec_generate_session_info(mem_ctx, nt_status = gensec_generate_session_info(mem_ctx,
gensec_security, gensec_security,
gensec_ntlmssp->user_info_dc, user_info_dc,
session_info); session_info);
NT_STATUS_NOT_OK_RETURN(nt_status); NT_STATUS_NOT_OK_RETURN(nt_status);