[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Fri Feb 17 04:19:05 MST 2012
The branch, master has been updated
via c35a7e8 auth: Allow the netbios name and domain to be set from winbindd in ntlm_auth3
via f433baa auth: Make more of the ntlmssp code private or static
via 6b573e7 s3-auth: Use common gensec_ntlmssp
via 27fb6f8 s3-auth: Use common gensec_ntlmssp_server_start
via 3767fd4 s3-auth: Use the gensec-supplied DNS domain name and hostname.
via 55c6304 auth: Provide a way to specify the NTLMSSP server name to GENSEC
via c616ab0 s3-auth: Allow NTLMSSP features to be disabled with smb.conf options for testing
via 8b8d1c3 auth: Rearrange ntlmssp code for clarity
via 93fed62 s3-auth: Use the lpcfg_ wrapper calls to set some variables
via db1ea56 s3-auth: Remove a layer of indirection and reorder to match gensec_ntlmssp_server_start()
via 725d551 auth: Set NTLMSSP_NEGOTIATE_SIGN when session key support is required
via 98992b5 s3-auth: Only allow LM_KEY cryptography when extra options are set
via 82e3098 s3-auth: Inline ntlmssp_server_start() into gensec_ntlmssp3_server_start()
via 9b147ce s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_server
via 9c5b26f s3-auth: Use common gensec_ntlmssp server functions for more of gensec_ntlmssp3_server
via 2f74f2f s3-auth: Add extra error messages on authentication or authorization failure
via b0aa49e auth: Cope with NO_USER_SESSION_KEY from security=server
via 52ac479 auth: Move the rest of the source4 gensec_ntlmssp code to the top level
via 8adde1b s3-auth Hook checking passwords and generating session_info via the auth4_context
via a68d4cc s3-build: Use credentials_ntlm.c in the autoconf build as well
from f758706 build: Add exceptions for callcatcher unused function detection
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c35a7e8c478062de0d5d6771b59e0430cd9706c3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Feb 6 18:02:11 2012 +1100
auth: Allow the netbios name and domain to be set from winbindd in ntlm_auth3
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Fri Feb 17 12:18:51 CET 2012 on sn-devel-104
commit f433baa3c8a995cbbeecdcbc75f8ae503a5ae4b6
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 21:20:34 2012 +1100
auth: Make more of the ntlmssp code private or static
Now that there is only one gensec_ntlmssp server, some of these functions can be static
For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 6b573e73fc5d2787ed4165024957501a7c37c27a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 16:29:02 2012 +1100
s3-auth: Use common gensec_ntlmssp
There is no longer any samba3-specific code left here.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 27fb6f85e7f796cafff5900d3428cc5c2c89e87d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 16:19:32 2012 +1100
s3-auth: Use common gensec_ntlmssp_server_start
This is now identical code, so there is no need to duplicate it.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 3767fd42556d2f6bdee07d2ba20e7a78065e0346
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 16:17:48 2012 +1100
s3-auth: Use the gensec-supplied DNS domain name and hostname.
Also have a reasonable fallback for when it is not set.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 55c630404a999180e3bd9dd697d526fc3e21cd3b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 16:17:04 2012 +1100
auth: Provide a way to specify the NTLMSSP server name to GENSEC
This avoids us needing to assume lp_netbios_name().lp_dnsdomain() if the caller
knows better. This will allow preservation of current s3 behaviour.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit c616ab09655611e560f98f3c949a06c389b87767
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 16:01:45 2012 +1100
s3-auth: Allow NTLMSSP features to be disabled with smb.conf options for testing
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 8b8d1c3a63e336d3d872bb3ea10331e5496a82e9
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 15:57:06 2012 +1100
auth: Rearrange ntlmssp code for clarity
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 93fed62543ae6cee5ec26fda532c4ed8a650f74f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 15:52:17 2012 +1100
s3-auth: Use the lpcfg_ wrapper calls to set some variables
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit db1ea56d8bdcfdeaddab3dfcb550bf7a45908918
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 15:50:15 2012 +1100
s3-auth: Remove a layer of indirection and reorder to match gensec_ntlmssp_server_start()
commit 725d55183287acfa3a0c87ce95ff140740ddbe45
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 15:40:53 2012 +1100
auth: Set NTLMSSP_NEGOTIATE_SIGN when session key support is required
This matches the s3 NTLMSSP server.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 98992b5b4eabb6c0727952e6cdb4fcfdced4583d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 15:38:02 2012 +1100
s3-auth: Only allow LM_KEY cryptography when extra options are set
This crypto is incredibly poor, and can technically be enabled on an otherwise more
secure connection that uses NTLM for the actual authentication leg. Therefore
disable it by default.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 82e3098e8490168733f492b6a5745a279494d4fe
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 15:36:08 2012 +1100
s3-auth: Inline ntlmssp_server_start() into gensec_ntlmssp3_server_start()
This will help syncing this rotuine up with gensec_ntlmssp_server_start().
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 9b147ce26d040798f2528fb85907bf18865b8c8b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 14:43:25 2012 +1100
s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_server
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 9c5b26f8647bd31dec9864d8c42959f81e686619
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 14:39:34 2012 +1100
s3-auth: Use common gensec_ntlmssp server functions for more of gensec_ntlmssp3_server
This is possible because we now supply the auth4_context abstraction that this
code is looking for.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 2f74f2f18056e83c396b196939bc8f89bd4d0702
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 12:53:30 2012 +1100
s3-auth: Add extra error messages on authentication or authorization failure
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit b0aa49e9a3238b6395be78c2de101f2b98387686
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 18:14:19 2012 +1100
auth: Cope with NO_USER_SESSION_KEY from security=server
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 52ac479764e85296a6a6100d143104d78c51aa8b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jan 30 22:42:39 2012 +1100
auth: Move the rest of the source4 gensec_ntlmssp code to the top level
The ntlmssp_server code will be in common shortly, and aside from a
symbol name or two, moving the client code causes no harm and makes
less mess. We will also get the client code in common very soon.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 8adde1b46b49011298e77f44a2053d0ec735a306
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jan 30 22:11:41 2012 +1100
s3-auth Hook checking passwords and generating session_info via the auth4_context
This avoids creating a second auth_context, as it is a private pointer
in the auth4_context that has already been passed in, and makes the
gensec_ntlmssp code agnostic to the type of authentication backend
behind it. This will in turn allow the ntlmssp server code to be
further merged.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit a68d4ccec0b037dcf7bc28c9506dabdb60130837
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jan 31 20:50:36 2012 +1100
s3-build: Use credentials_ntlm.c in the autoconf build as well
Signed-off-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/gensec.h | 6 +
.../ntlmssp/gensec_ntlmssp_server.c | 124 +++++++----
{source4/auth => auth}/ntlmssp/ntlmssp.c | 38 ++--
auth/ntlmssp/ntlmssp.h | 64 +-----
{source4/auth => auth}/ntlmssp/ntlmssp_client.c | 64 +++---
auth/ntlmssp/ntlmssp_private.h | 140 ++++++++++++
auth/ntlmssp/ntlmssp_server.c | 4 +
auth/ntlmssp/wscript_build | 19 ++-
libcli/auth/wscript_build | 4 +-
libcli/lsarpc/wscript_build | 2 +-
source3/Makefile.in | 4 +
source3/auth/auth_generic.c | 43 ++++-
source3/auth/auth_ntlmssp.c | 241 +++++--------------
source3/auth/proto.h | 25 ++-
source3/configure.in | 4 +-
source3/libsmb/ntlmssp.c | 12 +-
source3/libsmb/ntlmssp_wrap.c | 1 +
source3/smbd/sesssetup.c | 3 +
source4/auth/ntlmssp/wscript_build | 12 -
source4/auth/wscript_build | 1 -
source4/torture/auth/ntlmssp.c | 1 +
21 files changed, 452 insertions(+), 360 deletions(-)
rename source4/auth/ntlmssp/ntlmssp_server.c => auth/ntlmssp/gensec_ntlmssp_server.c (79%)
rename {source4/auth => auth}/ntlmssp/ntlmssp.c (90%)
rename {source4/auth => auth}/ntlmssp/ntlmssp_client.c (95%)
delete mode 100644 source4/auth/ntlmssp/wscript_build
Changeset truncated at 500 lines:
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index c52eecb..f88da22 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -83,6 +83,12 @@ struct gensec_settings {
* should be used, rather than those loaded by the plugin
* mechanism */
struct gensec_security_ops **backends;
+
+ /* To fill in our own name in the NTLMSSP server */
+ const char *server_dns_domain;
+ const char *server_dns_name;
+ const char *server_netbios_domain;
+ const char *server_netbios_name;
};
struct gensec_security_ops {
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c
similarity index 79%
rename from source4/auth/ntlmssp/ntlmssp_server.c
rename to auth/ntlmssp/gensec_ntlmssp_server.c
index 693613f..8f45c2c 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/gensec_ntlmssp_server.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/Netbios implementation.
Version 3.0
handle NLTMSSP, client server side parsing
@@ -11,12 +11,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -31,10 +31,8 @@
#include "../libcli/auth/libcli_auth.h"
#include "../lib/crypto/crypto.h"
#include "auth/gensec/gensec.h"
-#include "auth/gensec/gensec_proto.h"
-#include "auth/auth.h"
+#include "auth/common_auth.h"
#include "param/param.h"
-#include "source4/auth/ntlmssp/proto.h"
/**
* Next state function for the Negotiate packet (GENSEC wrapper)
@@ -79,7 +77,7 @@ NTSTATUS gensec_ntlmssp_server_auth(struct gensec_security *gensec_security,
}
/**
- * Return the challenge as determined by the authentication subsystem
+ * Return the challenge as determined by the authentication subsystem
* @return an 8 byte random challenge
*/
@@ -123,7 +121,7 @@ static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_s
}
/**
- * NTLM2 authentication modifies the effective challenge,
+ * NTLM2 authentication modifies the effective challenge,
* @param challenge The new challenge value
*/
static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge)
@@ -150,7 +148,7 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state,
}
/**
- * Check the password on an NTLMSSP login.
+ * Check the password on an NTLMSSP login.
*
* Return the session keys used on the connection.
*/
@@ -193,15 +191,24 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
user_session_key, lm_session_key);
}
talloc_free(user_info);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(5,("%s: Checking NTLMSSP password for %s\\%s failed: %s\n",
+ __location__,
+ user_info->client.domain_name,
+ user_info->client.account_name,
+ nt_errstr(nt_status)));
+ }
+
NT_STATUS_NOT_OK_RETURN(nt_status);
talloc_steal(mem_ctx, user_session_key->data);
talloc_steal(mem_ctx, lm_session_key->data);
-
+
return nt_status;
}
-/**
+/**
* Return the credentials of a logged on user, including session keys
* etc.
*
@@ -213,7 +220,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
- struct auth_session_info **session_info)
+ struct auth_session_info **session_info)
{
NTSTATUS nt_status;
struct gensec_ntlmssp_context *gensec_ntlmssp =
@@ -237,15 +244,21 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
DEBUG(0, ("Cannot generate a session_info without the auth_context\n"));
return NT_STATUS_INTERNAL_ERROR;
}
-
+
NT_STATUS_NOT_OK_RETURN(nt_status);
- return gensec_ntlmssp_session_key(gensec_security, *session_info,
- &(*session_info)->session_key);
+ nt_status = gensec_ntlmssp_session_key(gensec_security, *session_info,
+ &(*session_info)->session_key);
+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_USER_SESSION_KEY)) {
+ (*session_info)->session_key = data_blob_null;
+ nt_status = NT_STATUS_OK;
+ }
+
+ return nt_status;
}
/**
- * Start NTLMSSP on the server side
+ * Start NTLMSSP on the server side
*
*/
NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
@@ -253,6 +266,10 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
NTSTATUS nt_status;
struct ntlmssp_state *ntlmssp_state;
struct gensec_ntlmssp_context *gensec_ntlmssp;
+ const char *netbios_name;
+ const char *netbios_domain;
+ const char *dns_name;
+ const char *dns_domain;
nt_status = gensec_ntlmssp_start(gensec_security);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -266,26 +283,24 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
if (!ntlmssp_state) {
return NT_STATUS_NO_MEMORY;
}
-
- ntlmssp_state->callback_private = gensec_ntlmssp;
-
gensec_ntlmssp->ntlmssp_state = ntlmssp_state;
- ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
+ ntlmssp_state->callback_private = gensec_ntlmssp;
ntlmssp_state->role = NTLMSSP_SERVER;
ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
- ntlmssp_state->allow_lm_key = (lpcfg_lanman_auth(gensec_security->settings->lp_ctx)
- && gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "allow_lm_key", false));
+ if (lpcfg_lanman_auth(gensec_security->settings->lp_ctx) &&
+ gensec_setting_bool(gensec_security->settings,
+ "ntlmssp_server", "allow_lm_key", false))
+ {
+ ntlmssp_state->allow_lm_key = true;
+ }
ntlmssp_state->neg_flags =
NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION;
- ntlmssp_state->lm_resp = data_blob(NULL, 0);
- ntlmssp_state->nt_resp = data_blob(NULL, 0);
-
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "128bit", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
}
@@ -306,6 +321,9 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
}
+ if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+ }
if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
@@ -318,40 +336,64 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
ntlmssp_state->check_password = auth_ntlmssp_check_password;
+
if (lpcfg_server_role(gensec_security->settings->lp_ctx) == ROLE_STANDALONE) {
ntlmssp_state->server.is_standalone = true;
} else {
ntlmssp_state->server.is_standalone = false;
}
- ntlmssp_state->server.netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx);
+ if (gensec_security->settings->server_netbios_name) {
+ netbios_name = gensec_security->settings->server_netbios_name;
+ } else {
+ netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx);
+ }
- ntlmssp_state->server.netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
+ if (gensec_security->settings->server_netbios_domain) {
+ netbios_domain = gensec_security->settings->server_netbios_domain;
+ } else {
+ netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
+ }
- {
+ if (gensec_security->settings->server_dns_name) {
+ dns_name = gensec_security->settings->server_dns_name;
+ } else {
const char *dnsdomain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
- char *dnsname, *lower_netbiosname;
- lower_netbiosname = strlower_talloc(ntlmssp_state, ntlmssp_state->server.netbios_name);
+ char *lower_netbiosname;
+
+ lower_netbiosname = strlower_talloc(ntlmssp_state, netbios_name);
+ NT_STATUS_HAVE_NO_MEMORY(lower_netbiosname);
/* Find out the DNS host name */
if (dnsdomain && dnsdomain[0] != '\0') {
- dnsname = talloc_asprintf(ntlmssp_state, "%s.%s",
- lower_netbiosname,
- dnsdomain);
+ dns_name = talloc_asprintf(ntlmssp_state, "%s.%s",
+ lower_netbiosname,
+ dnsdomain);
talloc_free(lower_netbiosname);
- ntlmssp_state->server.dns_name = dnsname;
+ NT_STATUS_HAVE_NO_MEMORY(dns_name);
} else {
- ntlmssp_state->server.dns_name = lower_netbiosname;
+ dns_name = lower_netbiosname;
}
+ }
- NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name);
-
- ntlmssp_state->server.dns_domain
- = talloc_strdup(ntlmssp_state,
- lpcfg_dnsdomain(gensec_security->settings->lp_ctx));
- NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain);
+ if (gensec_security->settings->server_dns_domain) {
+ dns_domain = gensec_security->settings->server_dns_domain;
+ } else {
+ dns_domain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
}
+ ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name);
+ NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_name);
+
+ ntlmssp_state->server.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain);
+ NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_domain);
+
+ ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
+ NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name);
+
+ ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain);
+ NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain);
+
return NT_STATUS_OK;
}
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/auth/ntlmssp/ntlmssp.c
similarity index 90%
rename from source4/auth/ntlmssp/ntlmssp.c
rename to auth/ntlmssp/ntlmssp.c
index 47903d1..71e0186 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/auth/ntlmssp/ntlmssp.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/Netbios implementation.
Version 3.0
handle NLTMSSP, client server side parsing
@@ -11,12 +11,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -25,16 +25,14 @@ struct auth_session_info;
#include "includes.h"
#include "auth/ntlmssp/ntlmssp.h"
-#include "source4/auth/ntlmssp/proto.h"
+#include "auth/ntlmssp/ntlmssp_private.h"
#include "../libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "auth/gensec/gensec.h"
-#include "auth/gensec/gensec_proto.h"
-#include "auth/gensec/gensec_toplevel_proto.h"
/**
* Callbacks for NTLMSSP - for both client and server operating modes
- *
+ *
*/
static const struct ntlmssp_callbacks {
@@ -123,27 +121,27 @@ static NTSTATUS gensec_ntlmssp_update_find(struct ntlmssp_state *ntlmssp_state,
}
}
- DEBUG(1, ("failed to find NTLMSSP callback for NTLMSSP mode %u, command %u\n",
+ DEBUG(1, ("failed to find NTLMSSP callback for NTLMSSP mode %u, command %u\n",
ntlmssp_state->role, ntlmssp_command));
-
+
return NT_STATUS_INVALID_PARAMETER;
}
/**
* Next state function for the wrapped NTLMSSP state machine
- *
+ *
* @param gensec_security GENSEC state, initialised to NTLMSSP
* @param out_mem_ctx The TALLOC_CTX for *out to be allocated on
* @param in The request, as a DATA_BLOB
* @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx
- * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent,
- * or NT_STATUS_OK if the user is authenticated.
+ * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent,
+ * or NT_STATUS_OK if the user is authenticated.
*/
-static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
- TALLOC_CTX *out_mem_ctx,
- struct tevent_context *ev,
- const DATA_BLOB input, DATA_BLOB *out)
+NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
+ TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
+ const DATA_BLOB input, DATA_BLOB *out)
{
struct gensec_ntlmssp_context *gensec_ntlmssp =
talloc_get_type_abort(gensec_security->private_data,
@@ -155,7 +153,7 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
*out = data_blob(NULL, 0);
if (!out_mem_ctx) {
- /* if the caller doesn't want to manage/own the memory,
+ /* if the caller doesn't want to manage/own the memory,
we can put it on our context */
out_mem_ctx = ntlmssp_state;
}
@@ -165,12 +163,12 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
status = ntlmssp_callbacks[i].sync_fn(gensec_security, out_mem_ctx, input, out);
NT_STATUS_NOT_OK_RETURN(status);
-
+
return NT_STATUS_OK;
}
-static const char *gensec_ntlmssp_oids[] = {
- GENSEC_OID_NTLMSSP,
+static const char *gensec_ntlmssp_oids[] = {
+ GENSEC_OID_NTLMSSP,
NULL
};
diff --git a/auth/ntlmssp/ntlmssp.h b/auth/ntlmssp/ntlmssp.h
index 54d3e53..0d6a64e 100644
--- a/auth/ntlmssp/ntlmssp.h
+++ b/auth/ntlmssp/ntlmssp.h
@@ -22,8 +22,6 @@
#include "../librpc/gen_ndr/ntlmssp.h"
-NTSTATUS gensec_ntlmssp_init(void);
-
struct auth_context;
struct auth_serversupplied_info;
struct tsocket_address;
@@ -31,18 +29,6 @@ struct auth_user_info_dc;
struct gensec_security;
struct ntlmssp_state;
-struct gensec_ntlmssp_context {
- /* used only by s3 server implementation */
- struct auth_context *auth_context;
-
- /* For GENSEC users */
- struct gensec_security *gensec_security;
- void *server_returned_info;
-
- /* used by both client and server implementation */
- struct ntlmssp_state *ntlmssp_state;
-};
-
/* NTLMSSP mode */
enum ntlmssp_role
{
@@ -192,49 +178,7 @@ NTSTATUS ntlmssp_unwrap(struct ntlmssp_state *ntlmssp_stae,
NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state);
bool ntlmssp_blob_matches_magic(const DATA_BLOB *blob);
-/* The following definitions come from ../source4/auth/ntlmssp/ntlmssp.c */
-
-
-/**
- * Return the NTLMSSP master session key
- *
- * @param ntlmssp_state NTLMSSP State
- */
-NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security,
- const DATA_BLOB *first_packet);
-bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security,
- uint32_t feature);
-NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *session_key);
-NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security);
-
-/* The following definitions come from ../source4/auth/ntlmssp/ntlmssp_sign.c */
-
-NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security,
- TALLOC_CTX *sig_mem_ctx,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig);
-NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig);
-NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
- TALLOC_CTX *sig_mem_ctx,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig);
-NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig);
-size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) ;
-NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security,
- TALLOC_CTX *out_mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out);
-NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security,
- TALLOC_CTX *out_mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out);
+
+/* The following definitions come from auth/ntlmssp/gensec_ntlmssp.c */
+
+NTSTATUS gensec_ntlmssp_init(void);
diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
similarity index 95%
rename from source4/auth/ntlmssp/ntlmssp_client.c
rename to auth/ntlmssp/ntlmssp_client.c
index 6e372dc..1a2e857 100644
--- a/source4/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/Netbios implementation.
Version 3.0
handle NLTMSSP, client server side parsing
@@ -11,12 +11,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
--
Samba Shared Repository
More information about the samba-cvs
mailing list