#include "../librpc/gen_ndr/ndr_dssetup.h"
#include "../libcli/auth/schannel.h"
#include "../libcli/auth/spnego.h"
-#include "../libcli/auth/ntlmssp.h"
+#include "../auth/ntlmssp/ntlmssp.h"
#include "ntlmssp_wrap.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "librpc/rpc/dcerpc.h"
#include "rpc_dce.h"
#include "cli_pipe.h"
#include "libsmb/libsmb.h"
+#include "auth/gensec/gensec.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_CLI
TALLOC_CTX *mem_ctx,
DATA_BLOB *auth_token)
{
- struct auth_ntlmssp_state *ntlmssp_ctx;
+ struct gensec_security *gensec_security;
DATA_BLOB null_blob = data_blob_null;
NTSTATUS status;
- ntlmssp_ctx = talloc_get_type_abort(cli->auth->auth_ctx,
- struct auth_ntlmssp_state);
+ gensec_security = talloc_get_type_abort(cli->auth->auth_ctx,
+ struct gensec_security);
DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
- status = auth_ntlmssp_update(ntlmssp_ctx, mem_ctx, null_blob, auth_token);
+ status = gensec_update(gensec_security, mem_ctx, NULL, null_blob, auth_token);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
data_blob_free(auth_token);
struct rpc_pipe_bind_state *state = tevent_req_data(
req, struct rpc_pipe_bind_state);
struct pipe_auth_data *pauth = state->cli->auth;
- struct auth_ntlmssp_state *ntlmssp_ctx;
+ struct gensec_security *gensec_security;
struct spnego_context *spnego_ctx;
struct gse_context *gse_ctx;
struct ncacn_packet *pkt = NULL;
return;
case DCERPC_AUTH_TYPE_NTLMSSP:
- ntlmssp_ctx = talloc_get_type_abort(pauth->auth_ctx,
- struct auth_ntlmssp_state);
- status = auth_ntlmssp_update(ntlmssp_ctx, state,
- auth.credentials, &auth_token);
+ gensec_security = talloc_get_type_abort(pauth->auth_ctx,
+ struct gensec_security);
+ status = gensec_update(gensec_security, state, NULL,
+ auth.credentials, &auth_token);
if (NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
status = rpc_bind_next_send(req, state,
ok = rpccli_bh_is_connected(h);
if (!ok) {
- tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+ tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
return tevent_req_post(req, ev);
}
ok = rpccli_bh_is_connected(h);
if (!ok) {
- tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+ tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
return tevent_req_post(req, ev);
}
return h;
}
-bool rpccli_get_pwd_hash(struct rpc_pipe_client *rpc_cli, uint8_t nt_hash[16])
-{
- struct auth_ntlmssp_state *a = NULL;
- struct cli_state *cli;
-
- if (rpc_cli->auth->auth_type == DCERPC_AUTH_TYPE_NTLMSSP) {
- a = talloc_get_type_abort(rpc_cli->auth->auth_ctx,
- struct auth_ntlmssp_state);
- } else if (rpc_cli->auth->auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
- struct spnego_context *spnego_ctx;
- enum spnego_mech auth_type;
- void *auth_ctx;
- NTSTATUS status;
-
- spnego_ctx = talloc_get_type_abort(rpc_cli->auth->auth_ctx,
- struct spnego_context);
- status = spnego_get_negotiated_mech(spnego_ctx,
- &auth_type, &auth_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- return false;
- }
-
- if (auth_type == SPNEGO_NTLMSSP) {
- a = talloc_get_type_abort(auth_ctx,
- struct auth_ntlmssp_state);
- }
- }
-
- if (a) {
- memcpy(nt_hash, auth_ntlmssp_get_nt_hash(a), 16);
- return true;
- }
-
- cli = rpc_pipe_np_smb_conn(rpc_cli);
- if (cli == NULL) {
- return false;
- }
- E_md4hash(cli->password ? cli->password : "", nt_hash);
- return true;
-}
-
NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx,
struct pipe_auth_data **presult)
{
return NT_STATUS_OK;
}
-static int cli_auth_ntlmssp_data_destructor(struct pipe_auth_data *auth)
-{
- TALLOC_FREE(auth->auth_ctx);
- return 0;
-}
-
static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level,
const char *password,
struct pipe_auth_data **presult)
{
- struct auth_ntlmssp_state *ntlmssp_ctx;
+ struct auth_generic_state *ntlmssp_ctx;
struct pipe_auth_data *result;
NTSTATUS status;
goto fail;
}
- status = auth_ntlmssp_client_start(NULL,
- lp_netbios_name(),
- lp_workgroup(),
- lp_client_ntlmv2_auth(),
- &ntlmssp_ctx);
+ status = auth_ntlmssp_client_prepare(result,
+ &ntlmssp_ctx);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
- talloc_set_destructor(result, cli_auth_ntlmssp_data_destructor);
-
status = auth_ntlmssp_set_username(ntlmssp_ctx, username);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
goto fail;
}
- /*
- * Turn off sign+seal to allow selected auth level to turn it back on.
- */
- auth_ntlmssp_and_flags(ntlmssp_ctx, ~(NTLMSSP_NEGOTIATE_SIGN |
- NTLMSSP_NEGOTIATE_SEAL));
-
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
- auth_ntlmssp_want_feature(ntlmssp_ctx, NTLMSSP_FEATURE_SIGN);
+ gensec_want_feature(ntlmssp_ctx->gensec_security, GENSEC_FEATURE_SIGN);
} else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- auth_ntlmssp_want_feature(ntlmssp_ctx, NTLMSSP_FEATURE_SEAL);
+ gensec_want_feature(ntlmssp_ctx->gensec_security, GENSEC_FEATURE_SEAL);
}
- result->auth_ctx = ntlmssp_ctx;
+ status = auth_ntlmssp_client_start(ntlmssp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ result->auth_ctx = talloc_move(result, &ntlmssp_ctx->gensec_security);
+ talloc_free(ntlmssp_ctx);
*presult = result;
return NT_STATUS_OK;
struct rpc_pipe_client *cli,
DATA_BLOB *session_key)
{
+ NTSTATUS status;
struct pipe_auth_data *a;
struct schannel_state *schannel_auth;
- struct auth_ntlmssp_state *ntlmssp_ctx;
+ struct gensec_security *gensec_security;
struct spnego_context *spnego_ctx;
struct gse_context *gse_ctx;
DATA_BLOB sk = data_blob_null;
make_dup = false;
break;
case DCERPC_AUTH_TYPE_NTLMSSP:
- ntlmssp_ctx = talloc_get_type_abort(a->auth_ctx,
- struct auth_ntlmssp_state);
- sk = auth_ntlmssp_get_session_key(ntlmssp_ctx, mem_ctx);
+ gensec_security = talloc_get_type_abort(a->auth_ctx,
+ struct gensec_security);
+ status = gensec_session_key(gensec_security, mem_ctx, &sk);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
make_dup = false;
break;
case DCERPC_AUTH_TYPE_KRB5:
}
if (make_dup) {
- *session_key = data_blob_dup_talloc(mem_ctx, &sk);
+ *session_key = data_blob_dup_talloc(mem_ctx, sk);
} else {
*session_key = sk;
}