mirror of
https://github.com/samba-team/samba.git
synced 2025-01-22 22:04:08 +03:00
s4:ntlmssp: keep struct gensec_ntlmssp_context in gensec_security->private_data
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
This commit is contained in:
Stefan Metzmacher
Günther Deschner
parent
a0522a5b26
commit
ee240799b6
@ -199,7 +199,10 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
const DATA_BLOB input, DATA_BLOB *out)
|
||||
{
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
NTSTATUS status;
|
||||
uint32_t i;
|
||||
|
||||
@ -229,7 +232,10 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
|
||||
NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security,
|
||||
DATA_BLOB *session_key)
|
||||
{
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
|
||||
if (gensec_ntlmssp_state->expected_state != NTLMSSP_DONE) {
|
||||
return NT_STATUS_NO_USER_SESSION_KEY;
|
||||
@ -348,7 +354,11 @@ DATA_BLOB ntlmssp_weakend_key(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
|
||||
static bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security,
|
||||
uint32_t feature)
|
||||
{
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
|
||||
if (feature & GENSEC_FEATURE_SIGN) {
|
||||
if (!gensec_ntlmssp_state->session_key.length) {
|
||||
return false;
|
||||
@ -404,7 +414,7 @@ NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security)
|
||||
|
||||
gensec_ntlmssp->ntlmssp_state = ntlmssp_state;
|
||||
|
||||
gensec_security->private_data = ntlmssp_state;
|
||||
gensec_security->private_data = gensec_ntlmssp;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
||||
@ -47,7 +47,10 @@ NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
DATA_BLOB in, DATA_BLOB *out)
|
||||
{
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
const char *domain = gensec_ntlmssp_state->domain;
|
||||
const char *workstation = cli_credentials_get_workstation(gensec_security->credentials);
|
||||
|
||||
@ -98,7 +101,10 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
{
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
uint32_t chal_flags, ntlmssp_command, unkn1, unkn2;
|
||||
DATA_BLOB server_domain_blob;
|
||||
DATA_BLOB challenge_blob;
|
||||
@ -297,13 +303,16 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
|
||||
|
||||
NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
|
||||
{
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp;
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state;
|
||||
NTSTATUS nt_status;
|
||||
|
||||
nt_status = gensec_ntlmssp_start(gensec_security);
|
||||
NT_STATUS_NOT_OK_RETURN(nt_status);
|
||||
|
||||
gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
|
||||
gensec_ntlmssp_state->role = NTLMSSP_CLIENT;
|
||||
|
||||
@ -372,8 +381,6 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
|
||||
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
|
||||
}
|
||||
|
||||
gensec_security->private_data = gensec_ntlmssp_state;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
||||
@ -120,7 +120,10 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
{
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
DATA_BLOB struct_blob;
|
||||
uint32_t neg_flags = 0;
|
||||
uint32_t ntlmssp_command, chal_flags;
|
||||
@ -398,7 +401,10 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
|
||||
DATA_BLOB *user_session_key,
|
||||
DATA_BLOB *lm_session_key)
|
||||
{
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
NTSTATUS nt_status;
|
||||
DATA_BLOB session_key = data_blob(NULL, 0);
|
||||
|
||||
@ -548,7 +554,10 @@ NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
{
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
DATA_BLOB user_session_key = data_blob_null;
|
||||
DATA_BLOB lm_session_key = data_blob_null;
|
||||
NTSTATUS nt_status;
|
||||
@ -720,10 +729,10 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
|
||||
struct auth_session_info **session_info)
|
||||
{
|
||||
NTSTATUS nt_status;
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_ntlmssp_state->callback_private,
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
|
||||
nt_status = auth_generate_session_info(gensec_ntlmssp_state,
|
||||
gensec_security->event_ctx,
|
||||
@ -752,10 +761,9 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
|
||||
nt_status = gensec_ntlmssp_start(gensec_security);
|
||||
NT_STATUS_NOT_OK_RETURN(nt_status);
|
||||
|
||||
gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
|
||||
gensec_ntlmssp = talloc_get_type_abort(gensec_ntlmssp_state->callback_private,
|
||||
gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
|
||||
gensec_ntlmssp_state->role = NTLMSSP_SERVER;
|
||||
|
||||
|
||||
@ -136,7 +136,10 @@ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security,
|
||||
const uint8_t *whole_pdu, size_t pdu_length,
|
||||
DATA_BLOB *sig)
|
||||
{
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
|
||||
return ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx,
|
||||
data, length,
|
||||
@ -155,7 +158,10 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
|
||||
const uint8_t *whole_pdu, size_t pdu_length,
|
||||
const DATA_BLOB *sig)
|
||||
{
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
|
||||
DATA_BLOB local_sig;
|
||||
NTSTATUS nt_status;
|
||||
@ -218,7 +224,10 @@ NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
|
||||
const uint8_t *whole_pdu, size_t pdu_length,
|
||||
DATA_BLOB *sig)
|
||||
{
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
NTSTATUS nt_status;
|
||||
if (!gensec_ntlmssp_state->session_key.length) {
|
||||
DEBUG(3, ("NO session key, cannot seal packet\n"));
|
||||
@ -281,7 +290,10 @@ NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security,
|
||||
const DATA_BLOB *sig)
|
||||
{
|
||||
NTSTATUS status;
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
if (!gensec_ntlmssp_state->session_key.length) {
|
||||
DEBUG(3, ("NO session key, cannot unseal packet\n"));
|
||||
return NT_STATUS_NO_USER_SESSION_KEY;
|
||||
@ -511,6 +523,10 @@ NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security,
|
||||
const DATA_BLOB *in,
|
||||
DATA_BLOB *out)
|
||||
{
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
DATA_BLOB sig;
|
||||
|
||||
if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
|
||||
@ -528,8 +544,6 @@ NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security,
|
||||
&sig);
|
||||
|
||||
} else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state =
|
||||
(struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
NTSTATUS status;
|
||||
uint32_t ntlm_seqnum;
|
||||
struct arcfour_state ntlm_state;
|
||||
|
||||
@ -27,6 +27,7 @@
|
||||
static bool torture_ntlmssp_self_check(struct torture_context *tctx)
|
||||
{
|
||||
struct gensec_security *gensec_security;
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp;
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state;
|
||||
DATA_BLOB data;
|
||||
DATA_BLOB sig, expected_sig;
|
||||
@ -46,7 +47,9 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
|
||||
gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP),
|
||||
"Failed to start GENSEC for NTLMSSP");
|
||||
|
||||
gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
|
||||
gensec_ntlmssp_state->session_key = strhex_to_data_blob(tctx, "0102030405060708090a0b0c0d0e0f00");
|
||||
dump_data_pw("NTLMSSP session key: \n",
|
||||
@ -101,7 +104,9 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
|
||||
gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP),
|
||||
"GENSEC start mech by oid");
|
||||
|
||||
gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data,
|
||||
struct gensec_ntlmssp_context);
|
||||
gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
|
||||
|
||||
gensec_ntlmssp_state->session_key = strhex_to_data_blob(tctx, "0102030405e538b0");
|
||||
dump_data_pw("NTLMSSP session key: \n",
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user