s3-auth: Use common gensec_ntlmssp server functions for more of gensec_ntlmssp3_server

This is possible because we now supply the auth4_context abstraction that this code is looking for. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2012-01-31 14:39:34 +1100
committer: Stefan Metzmacher <metze@samba.org> 2012-02-17 10:48:09 +0100
commit: 9c5b26f8647bd31dec9864d8c42959f81e686619 (patch)
tree: ca7cbc7f3a645a9fa16ebd68d9053cdffee829e0 /auth
parent: 2f74f2f18056e83c396b196939bc8f89bd4d0702 (diff)
download: samba-9c5b26f8647bd31dec9864d8c42959f81e686619.tar.gz
2 files changed, 47 insertions, 7 deletions
diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c
index f37f2e716ea..841e6a67f0b 100644
--- a/auth/ntlmssp/gensec_ntlmssp_server.c
+++ b/auth/ntlmssp/gensec_ntlmssp_server.c
@@ -81,8 +81,8 @@ NTSTATUS gensec_ntlmssp_server_auth(struct gensec_security *gensec_security,
  * @return an 8 byte random challenge
  */
 
-static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
-					   uint8_t chal[8])
+NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
+				    uint8_t chal[8])
 {
 	struct gensec_ntlmssp_context *gensec_ntlmssp =
 		talloc_get_type_abort(ntlmssp_state->callback_private,
@@ -107,7 +107,7 @@ static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_s
  *
  * @return If the effective challenge used by the auth subsystem may be modified
  */
-static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state)
+bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state)
 {
 	struct gensec_ntlmssp_context *gensec_ntlmssp =
 		talloc_get_type_abort(ntlmssp_state->callback_private,
@@ -124,7 +124,7 @@ static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_s
  * NTLM2 authentication modifies the effective challenge,
  * @param challenge The new challenge value
  */
-static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge)
+NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge)
 {
 	struct gensec_ntlmssp_context *gensec_ntlmssp =
 		talloc_get_type_abort(ntlmssp_state->callback_private,
@@ -153,9 +153,9 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state,
  * Return the session keys used on the connection.
  */
 
-static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
-					    TALLOC_CTX *mem_ctx,
-					    DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
+NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
+				     TALLOC_CTX *mem_ctx,
+				     DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
 {
 	struct gensec_ntlmssp_context *gensec_ntlmssp =
 		talloc_get_type_abort(ntlmssp_state->callback_private,
@@ -191,6 +191,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 							 user_session_key, lm_session_key);
 	}
 	talloc_free(user_info);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(5,("%s: Checking NTLMSSP password for %s\\%s failed: %s\n",
+			 __location__,
+			 user_info->client.domain_name,
+			 user_info->client.account_name,
+			 nt_errstr(nt_status)));
+	}
+
 	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	talloc_steal(mem_ctx, user_session_key->data);
diff --git a/auth/ntlmssp/ntlmssp_private.h b/auth/ntlmssp/ntlmssp_private.h
index 431626c34df..e7fa3d55397 100644
--- a/auth/ntlmssp/ntlmssp_private.h
+++ b/auth/ntlmssp/ntlmssp_private.h
@@ -134,3 +134,34 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
  *
  */
 NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security);
+
+/**
+ * Return the challenge as determined by the authentication subsystem
+ * @return an 8 byte random challenge
+ */
+
+NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
+				    uint8_t chal[8]);
+
+/**
+ * Some authentication methods 'fix' the challenge, so we may not be able to set it
+ *
+ * @return If the effective challenge used by the auth subsystem may be modified
+ */
+bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state);
+
+/**
+ * NTLM2 authentication modifies the effective challenge,
+ * @param challenge The new challenge value
+ */
+NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge);
+
+/**
+ * Check the password on an NTLMSSP login.
+ *
+ * Return the session keys used on the connection.
+ */
+
+NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
+				     TALLOC_CTX *mem_ctx,
+				     DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key);
author	Andrew Bartlett <abartlet@samba.org>	2012-01-31 14:39:34 +1100
committer	Stefan Metzmacher <metze@samba.org>	2012-02-17 10:48:09 +0100
commit	9c5b26f8647bd31dec9864d8c42959f81e686619 (patch)
tree	ca7cbc7f3a645a9fa16ebd68d9053cdffee829e0 /auth
parent	2f74f2f18056e83c396b196939bc8f89bd4d0702 (diff)
download	samba-9c5b26f8647bd31dec9864d8c42959f81e686619.tar.gz