#include "includes.h"
#include "../libcli/auth/spnego.h"
+#include "../lib/tsocket/tsocket.h"
#include "dcesrv_ntlmssp.h"
#include "dcesrv_gssapi.h"
#include "dcesrv_spnego.h"
static NTSTATUS spnego_init_server(TALLOC_CTX *mem_ctx,
bool do_sign, bool do_seal,
bool is_dcerpc,
+ const struct tsocket_address *remote_address,
struct spnego_context **spnego_ctx)
{
struct spnego_context *sp_ctx = NULL;
return NT_STATUS_NO_MEMORY;
}
+ sp_ctx->remote_address = tsocket_address_copy(remote_address, sp_ctx);
+ if (sp_ctx->remote_address == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
sp_ctx->do_sign = do_sign;
sp_ctx->do_seal = do_seal;
sp_ctx->is_dcerpc = is_dcerpc;
DATA_BLOB *token_in,
DATA_BLOB *token_out)
{
- struct auth_ntlmssp_state *ntlmssp_ctx;
+ struct gensec_security *gensec_security;
struct gse_context *gse_ctx;
NTSTATUS status;
break;
case SPNEGO_NTLMSSP:
- status = ntlmssp_server_auth_start(sp_ctx,
+ status = auth_generic_server_start(sp_ctx,
+ OID_NTLMSSP,
sp_ctx->do_sign,
sp_ctx->do_seal,
sp_ctx->is_dcerpc,
token_in,
token_out,
- &ntlmssp_ctx);
+ sp_ctx->remote_address,
+ &gensec_security);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to init ntlmssp server "
"(%s)\n", nt_errstr(status)));
return status;
}
- sp_ctx->mech_ctx.ntlmssp_state = ntlmssp_ctx;
+ sp_ctx->mech_ctx.gensec_security = gensec_security;
break;
default:
mem_ctx, &token_in, &token_out);
break;
case SPNEGO_NTLMSSP:
- status = ntlmssp_server_step(
- sp_ctx->mech_ctx.ntlmssp_state,
+ status = auth_generic_server_step(
+ sp_ctx->mech_ctx.gensec_security,
mem_ctx, &token_in, &token_out);
break;
default:
bool is_dcerpc,
DATA_BLOB *spnego_in,
DATA_BLOB *spnego_out,
+ const struct tsocket_address *remote_address,
struct spnego_context **spnego_ctx)
{
struct spnego_context *sp_ctx;
return NT_STATUS_INVALID_PARAMETER;
}
- status = spnego_init_server(mem_ctx, do_sign, do_seal, is_dcerpc, &sp_ctx);
+ status = spnego_init_server(mem_ctx,
+ do_sign,
+ do_seal,
+ is_dcerpc,
+ remote_address,
+ &sp_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
ret = spnego_parse_negTokenInit(sp_ctx, *spnego_in,
sp_ctx->oid_list, NULL, &token_in);
- if (!ret) {
+ if (!ret || sp_ctx->oid_list[0] == NULL) {
DEBUG(3, ("Invalid SPNEGO message\n"));
status = NT_STATUS_INVALID_PARAMETER;
goto done;