struct gensec_security *gensec_security;
};
-struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
- struct auth_ntlmssp_state *auth_ntlmssp_state)
+NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
+ struct auth_ntlmssp_state *auth_ntlmssp_state,
+ struct auth_serversupplied_info **_server_info)
{
struct auth_serversupplied_info *server_info;
struct netr_SamInfo3 *info3 = NULL;
NTSTATUS status;
+ DATA_BLOB session_key;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
- if (!tmp_ctx) {
- return NULL;
- }
+ NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
status = s3compat_gensec_session_info_info3(tmp_ctx,
auth_ntlmssp_state->gensec_security, &info3);
- DEBUG(10, ("s3compat_gensec_session_info_info3 returned %s\n", nt_errstr(status)));
+ DEBUG(1, ("s3compat_gensec_session_info_info3 returned %s\n", nt_errstr(status)));
if (!NT_STATUS_IS_OK(status)) {
talloc_free(tmp_ctx);
- return NULL;
+ return status;
}
status = make_server_info_info3(tmp_ctx, info3->base.account_name.string,
info3);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(tmp_ctx);
- DEBUG(10, ("make_server_info_info3 failed: %s\n",
+ DEBUG(1, ("make_server_info_info3 failed: %s\n",
nt_errstr(status)));
- return NULL;
+ return status;
}
+ /* Replace the session key with the correct value, modified by the NTLMSSP negotiation */
+ status = gensec_session_key(auth_ntlmssp_state->gensec_security, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(tmp_ctx);
+ DEBUG(1, ("gensec_session_key failed: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ server_info->user_session_key = data_blob_talloc(server_info, session_key.data, session_key.length);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->user_session_key.data, tmp_ctx);
+
/* TODO: Fill in the full list of groups from the full list we
* have in the session_info, to avoid a double-lookup */
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("create_local_token failed: %s\n",
nt_errstr(status)));
- return NULL;
+ return status;
}
- return talloc_steal(mem_ctx, server_info);
+ *_server_info = talloc_steal(mem_ctx, server_info);
+ return NT_STATUS_OK;
}
struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state)
return gensec_have_feature(auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SEAL);
}
+void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state)
+{
+ gensec_want_feature(auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SIGN);
+}
+
+void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
+{
+ gensec_want_feature(auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SIGN);
+ gensec_want_feature(auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SEAL);
+}
+
NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state)
{
NTSTATUS status;
talloc_free(*auth_ntlmssp_state);
return status;
}
- return gensec_start_mech_by_sasl_name((*auth_ntlmssp_state)->gensec_security, GENSEC_SASL_NAME_NTLMSSP);
+
+ status = gensec_start_mech_by_sasl_name((*auth_ntlmssp_state)->gensec_security, GENSEC_SASL_NAME_NTLMSSP);
+ gensec_want_feature((*auth_ntlmssp_state)->gensec_security, GENSEC_FEATURE_SESSION_KEY);
+
+ return status;
}
void auth_ntlmssp_end(struct auth_ntlmssp_state **auth_ntlmssp_state)