auth: Remove plugable password-check functions from gensec_ntlmssp

The auth4_context layer now provides the plugability here.

Andrew Bartlett

1 files changed, 0 insertions, 139 deletions

diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c
index 61d0afff61f..f4dfab38566 100644
--- a/auth/ntlmssp/gensec_ntlmssp_server.c
+++ b/auth/ntlmssp/gensec_ntlmssp_server.c
@@ -36,138 +36,6 @@
 
 
 /**
- * Return the challenge as determined by the authentication subsystem
- * @return an 8 byte random challenge
- */
-
-static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
-					   uint8_t chal[8])
-{
-	struct gensec_ntlmssp_context *gensec_ntlmssp =
-		talloc_get_type_abort(ntlmssp_state->callback_private,
-				      struct gensec_ntlmssp_context);
-	struct auth4_context *auth_context = gensec_ntlmssp->gensec_security->auth_context;
-	NTSTATUS status = NT_STATUS_NOT_IMPLEMENTED;
-
-	if (auth_context->get_ntlm_challenge) {
-		status = auth_context->get_ntlm_challenge(auth_context, chal);
-		if (!NT_STATUS_IS_OK(status)) {
-			DEBUG(1, ("auth_ntlmssp_get_challenge: failed to get challenge: %s\n",
-				  nt_errstr(status)));
-			return status;
-		}
-	}
-
-	return status;
-}
-
-/**
- * Some authentication methods 'fix' the challenge, so we may not be able to set it
- *
- * @return If the effective challenge used by the auth subsystem may be modified
- */
-static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state)
-{
-	struct gensec_ntlmssp_context *gensec_ntlmssp =
-		talloc_get_type_abort(ntlmssp_state->callback_private,
-				      struct gensec_ntlmssp_context);
-	struct auth4_context *auth_context = gensec_ntlmssp->gensec_security->auth_context;
-
-	if (auth_context->challenge_may_be_modified) {
-		return auth_context->challenge_may_be_modified(auth_context);
-	}
-	return false;
-}
-
-/**
- * NTLM2 authentication modifies the effective challenge,
- * @param challenge The new challenge value
- */
-static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge)
-{
-	struct gensec_ntlmssp_context *gensec_ntlmssp =
-		talloc_get_type_abort(ntlmssp_state->callback_private,
-				      struct gensec_ntlmssp_context);
-	struct auth4_context *auth_context = gensec_ntlmssp->gensec_security->auth_context;
-	NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
-	const uint8_t *chal;
-
-	if (challenge->length != 8) {
-		return NT_STATUS_INVALID_PARAMETER;
-	}
-
-	chal = challenge->data;
-
-	if (auth_context->set_ntlm_challenge) {
-		nt_status = auth_context->set_ntlm_challenge(auth_context,
-							chal,
-							"NTLMSSP callback (NTLM2)");
-	}
-	return nt_status;
-}
-
-/**
- * Check the password on an NTLMSSP login.
- *
- * Return the session keys used on the connection.
- */
-
-static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
-					    TALLOC_CTX *mem_ctx,
-					    DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
-{
-	struct gensec_ntlmssp_context *gensec_ntlmssp =
-		talloc_get_type_abort(ntlmssp_state->callback_private,
-				      struct gensec_ntlmssp_context);
-	struct auth4_context *auth_context = gensec_ntlmssp->gensec_security->auth_context;
-	NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
-	struct auth_usersupplied_info *user_info;
-
-	user_info = talloc_zero(ntlmssp_state, struct auth_usersupplied_info);
-	if (!user_info) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
-	user_info->flags = 0;
-	user_info->mapped_state = false;
-	user_info->client.account_name = ntlmssp_state->user;
-	user_info->client.domain_name = ntlmssp_state->domain;
-	user_info->workstation_name = ntlmssp_state->client.netbios_name;
-	user_info->remote_host = gensec_get_remote_address(gensec_ntlmssp->gensec_security);
-
-	user_info->password_state = AUTH_PASSWORD_RESPONSE;
-	user_info->password.response.lanman = ntlmssp_state->lm_resp;
-	user_info->password.response.lanman.data = talloc_steal(user_info, ntlmssp_state->lm_resp.data);
-	user_info->password.response.nt = ntlmssp_state->nt_resp;
-	user_info->password.response.nt.data = talloc_steal(user_info, ntlmssp_state->nt_resp.data);
-
-	if (auth_context->check_ntlm_password) {
-		nt_status = auth_context->check_ntlm_password(auth_context,
-							      gensec_ntlmssp,
-							      user_info,
-							      &gensec_ntlmssp->server_returned_info,
-							      user_session_key, lm_session_key);
-	}
-	talloc_free(user_info);
-
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		DEBUG(5,("%s: Checking NTLMSSP password for %s\\%s failed: %s\n",
-			 __location__,
-			 user_info->client.domain_name,
-			 user_info->client.account_name,
-			 nt_errstr(nt_status)));
-	}
-
-	NT_STATUS_NOT_OK_RETURN(nt_status);
-
-	talloc_steal(mem_ctx, user_session_key->data);
-	talloc_steal(mem_ctx, lm_session_key->data);
-
-	return nt_status;
-}
-
-/**
  * Return the credentials of a logged on user, including session keys
  * etc.
  *
@@ -244,8 +112,6 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
 	}
 	gensec_ntlmssp->ntlmssp_state = ntlmssp_state;
 
-	ntlmssp_state->callback_private = gensec_ntlmssp;
-
 	ntlmssp_state->role = NTLMSSP_SERVER;
 
 	ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
@@ -291,11 +157,6 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
 		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
 	}
 
-	ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
-	ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
-	ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
-	ntlmssp_state->check_password = auth_ntlmssp_check_password;
-
 	if (lpcfg_server_role(gensec_security->settings->lp_ctx) == ROLE_STANDALONE) {
 		ntlmssp_state->server.is_standalone = true;
 	} else {