NTSTATUS (*check_password)(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_user_info_dc **user_info_dc);
+ void **server_returned_info,
+ DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
NTSTATUS (*get_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]);
NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context,
- struct auth_user_info_dc *user_info_dc,
+ void *server_returned_info,
uint32_t session_info_flags,
struct auth_session_info **session_info);
struct gensec_ntlmssp_context {
/* used only by s3 server implementation */
struct auth_context *auth_context;
- struct auth_serversupplied_info *server_info;
-
- /* Used by the s4 server implementation */
- struct auth_user_info_dc *user_info_dc;
/* For GENSEC users */
struct gensec_security *gensec_security;
+ void *server_returned_info;
/* used by both client and server implementation */
struct ntlmssp_state *ntlmssp_state;
struct gensec_ntlmssp_context *gensec_ntlmssp =
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
+ struct auth_serversupplied_info *server_info = talloc_get_type_abort(gensec_ntlmssp->server_returned_info,
+ struct auth_serversupplied_info);
NTSTATUS nt_status;
nt_status = create_local_token(mem_ctx,
- gensec_ntlmssp->server_info,
+ server_info,
&gensec_ntlmssp->ntlmssp_state->session_key,
gensec_ntlmssp->ntlmssp_state->user,
session_info);
struct gensec_ntlmssp_context *gensec_ntlmssp =
(struct gensec_ntlmssp_context *)ntlmssp_state->callback_private;
struct auth_usersupplied_info *user_info = NULL;
+ struct auth_serversupplied_info *server_info;
NTSTATUS nt_status;
bool username_was_mapped;
user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
nt_status = gensec_ntlmssp->auth_context->check_ntlm_password(gensec_ntlmssp->auth_context,
- user_info, &gensec_ntlmssp->server_info);
+ user_info, &server_info);
username_was_mapped = user_info->was_mapped;
if (!NT_STATUS_IS_OK(nt_status)) {
nt_status = do_map_to_guest_server_info(nt_status,
- &gensec_ntlmssp->server_info,
+ &server_info,
gensec_ntlmssp->ntlmssp_state->user,
gensec_ntlmssp->ntlmssp_state->domain);
+ gensec_ntlmssp->server_returned_info = server_info;
return nt_status;
}
return nt_status;
}
- gensec_ntlmssp->server_info->nss_token |= username_was_mapped;
+ server_info->nss_token |= username_was_mapped;
/* Clear out the session keys, and pass them to the caller.
* They will not be used in this form again - instead the
* NTLMSSP code will decide on the final correct session key,
* and supply it to create_local_token() */
- if (gensec_ntlmssp->server_info->session_key.length) {
+ if (server_info->session_key.length) {
DEBUG(10, ("Got NT session key of length %u\n",
- (unsigned int)gensec_ntlmssp->server_info->session_key.length));
- *session_key = gensec_ntlmssp->server_info->session_key;
- talloc_steal(mem_ctx, gensec_ntlmssp->server_info->session_key.data);
- gensec_ntlmssp->server_info->session_key = data_blob_null;
+ (unsigned int)server_info->session_key.length));
+ *session_key = server_info->session_key;
+ talloc_steal(mem_ctx, server_info->session_key.data);
+ server_info->session_key = data_blob_null;
}
- if (gensec_ntlmssp->server_info->lm_session_key.length) {
+ if (server_info->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n",
- (unsigned int)gensec_ntlmssp->server_info->lm_session_key.length));
- *lm_session_key = gensec_ntlmssp->server_info->lm_session_key;
- talloc_steal(mem_ctx, gensec_ntlmssp->server_info->lm_session_key.data);
- gensec_ntlmssp->server_info->lm_session_key = data_blob_null;
+ (unsigned int)server_info->lm_session_key.length));
+ *lm_session_key = server_info->lm_session_key;
+ talloc_steal(mem_ctx, server_info->lm_session_key.data);
+ server_info->lm_session_key = data_blob_null;
}
+ gensec_ntlmssp->server_returned_info = server_info;
return nt_status;
}
struct loadparm_context *lp_ctx,
struct auth4_context **auth_ctx);
+NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,
+ TALLOC_CTX *mem_ctx,
+ const struct auth_usersupplied_info *user_info,
+ void **server_returned_info,
+ DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key);
+
NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
- const struct auth_usersupplied_info *user_info,
+ const struct auth_usersupplied_info *user_info,
struct auth_user_info_dc **user_info_dc);
NTSTATUS auth4_init(void);
NTSTATUS auth_register(const struct auth_operations *ops);
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context,
- struct auth_user_info_dc *user_info_dc,
+ void *server_returned_info,
uint32_t session_info_flags,
struct auth_session_info **session_info);
return status;
}
+_PUBLIC_ NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,
+ TALLOC_CTX *mem_ctx,
+ const struct auth_usersupplied_info *user_info,
+ void **server_returned_info,
+ DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
+{
+ struct auth_user_info_dc *user_info_dc;
+ NTSTATUS status = auth_check_password(auth_ctx, mem_ctx, user_info, &user_info_dc);
+
+ if (NT_STATUS_IS_OK(status)) {
+ *server_returned_info = user_info_dc;
+
+ if (user_session_key) {
+ DEBUG(10, ("Got NT session key of length %u\n",
+ (unsigned)user_info_dc->user_session_key.length));
+ *user_session_key = user_info_dc->user_session_key;
+ talloc_steal(mem_ctx, user_session_key->data);
+ user_info_dc->user_session_key = data_blob_null;
+ }
+
+ if (lm_session_key) {
+ DEBUG(10, ("Got LM session key of length %u\n",
+ (unsigned)user_info_dc->lm_session_key.length));
+ *lm_session_key = user_info_dc->lm_session_key;
+ talloc_steal(mem_ctx, lm_session_key->data);
+ user_info_dc->lm_session_key = data_blob_null;
+ }
+ }
+
+ return status;
+}
+
struct auth_check_password_state {
struct auth4_context *auth_ctx;
const struct auth_usersupplied_info *user_info;
* generation of unix tokens via IRPC */
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context,
- struct auth_user_info_dc *user_info_dc,
+ void *server_returned_info,
uint32_t session_info_flags,
struct auth_session_info **session_info)
{
+ struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(server_returned_info, struct auth_user_info_dc);
NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
auth_context->sam_ctx, user_info_dc,
session_info_flags, session_info);
DLIST_ADD_END(ctx->methods, method, struct auth_method_context *);
}
- ctx->check_password = auth_check_password;
+ ctx->check_password = auth_check_password_wrapper;
ctx->get_challenge = auth_get_challenge;
ctx->set_challenge = auth_context_set_challenge;
ctx->challenge_may_be_modified = auth_challenge_may_be_modified;
nt_status = auth_context->check_password(auth_context,
gensec_ntlmssp,
user_info,
- &gensec_ntlmssp->user_info_dc);
+ &gensec_ntlmssp->server_returned_info,
+ user_session_key, lm_session_key);
}
talloc_free(user_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
- if (gensec_ntlmssp->user_info_dc->user_session_key.length) {
- DEBUG(10, ("Got NT session key of length %u\n",
- (unsigned)gensec_ntlmssp->user_info_dc->user_session_key.length));
- *user_session_key = gensec_ntlmssp->user_info_dc->user_session_key;
- talloc_steal(mem_ctx, user_session_key->data);
- gensec_ntlmssp->user_info_dc->user_session_key = data_blob_null;
- }
- if (gensec_ntlmssp->user_info_dc->lm_session_key.length) {
- DEBUG(10, ("Got LM session key of length %u\n",
- (unsigned)gensec_ntlmssp->user_info_dc->lm_session_key.length));
- *lm_session_key = gensec_ntlmssp->user_info_dc->lm_session_key;
- talloc_steal(mem_ctx, lm_session_key->data);
- gensec_ntlmssp->user_info_dc->lm_session_key = data_blob_null;
- }
+ talloc_steal(mem_ctx, user_session_key->data);
+ talloc_steal(mem_ctx, lm_session_key->data);
+
return nt_status;
}
struct gensec_ntlmssp_context *gensec_ntlmssp =
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
-
+ struct auth_user_info_dc *user_info_dc = talloc_get_type_abort(gensec_ntlmssp->server_returned_info,
+ struct auth_user_info_dc);
nt_status = gensec_generate_session_info(mem_ctx,
gensec_security,
- gensec_ntlmssp->user_info_dc,
+ user_info_dc,
session_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
git.samba.org / mdw / samba.git / commitdiff