diff options
author | Volker Lendecke <vl@samba.org> | 2020-01-02 17:22:36 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2020-01-06 22:09:32 +0000 |
commit | 066c4eeaa4fc36052eb30c3aeb6d0be4c82ae1ef (patch) | |
tree | 04ee35311fc4a756abb5da99cc9bc6218f0889f0 /source3/utils | |
parent | d3d2e6df9c17202c37e8f6beeb0da2738838181c (diff) | |
download | samba-066c4eeaa4fc36052eb30c3aeb6d0be4c82ae1ef.tar.gz |
ntlm_auth: Replace local_pw_check() by _send and _recv
This is just fake async, but it avoids one use of a sync function
pointer in auth4_context
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3/utils')
-rw-r--r-- | source3/utils/ntlm_auth.c | 130 |
1 files changed, 101 insertions, 29 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index aeae460ce8d..cbd439e7a6e 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -47,6 +47,7 @@ #include "lib/param/loadparm.h" #include "lib/util/base64.h" #include "cmdline_contexts.h" +#include "lib/util/tevent_ntstatus.h" #include <gnutls/gnutls.h> #include <gnutls/crypto.h> @@ -989,42 +990,112 @@ static NTSTATUS winbind_pw_check(struct auth4_context *auth4_context, return nt_status; } -static NTSTATUS local_pw_check(struct auth4_context *auth4_context, - TALLOC_CTX *mem_ctx, - const struct auth_usersupplied_info *user_info, - uint8_t *pauthoritative, - void **server_returned_info, - DATA_BLOB *session_key, DATA_BLOB *lm_session_key) +struct local_pw_check_state { + uint8_t authoritative; + void *server_info; + DATA_BLOB nt_session_key; + DATA_BLOB lm_session_key; +}; + +static struct tevent_req *local_pw_check_send( + TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct auth4_context *auth4_context, + const struct auth_usersupplied_info *user_info) { - NTSTATUS nt_status; + struct tevent_req *req = NULL; + struct local_pw_check_state *state = NULL; struct samr_Password lm_pw, nt_pw; + NTSTATUS nt_status; + + req = tevent_req_create( + mem_ctx, &state, struct local_pw_check_state); + if (req == NULL) { + return NULL; + } + state->authoritative = 1; nt_lm_owf_gen (opt_password, nt_pw.hash, lm_pw.hash); - *pauthoritative = 1; + nt_status = ntlm_password_check( + state, + true, + NTLM_AUTH_ON, + 0, + &auth4_context->challenge.data, + &user_info->password.response.lanman, + &user_info->password.response.nt, + user_info->client.account_name, + user_info->client.account_name, + user_info->client.domain_name, + &lm_pw, + &nt_pw, + &state->nt_session_key, + &state->lm_session_key); + + if (tevent_req_nterror(req, nt_status)) { + DBG_NOTICE("Login for user [%s]\\[%s]@[%s] failed due to " + "[%s]\n", + user_info->client.domain_name, + user_info->client.account_name, + user_info->workstation_name, + nt_errstr(nt_status)); + return tevent_req_post(req, ev); + } + + state->server_info = talloc_asprintf( + state, + "%s%c%s", + user_info->client.domain_name, + *lp_winbind_separator(), + user_info->client.account_name); + if (tevent_req_nomem(state->server_info, req)) { + return tevent_req_post(req, ev); + } + + tevent_req_done(req); + return tevent_req_post(req, ev); +} + +static NTSTATUS local_pw_check_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + uint8_t *pauthoritative, + void **server_returned_info, + DATA_BLOB *nt_session_key, + DATA_BLOB *lm_session_key) +{ + struct local_pw_check_state *state = tevent_req_data( + req, struct local_pw_check_state); + NTSTATUS status; - nt_status = ntlm_password_check(mem_ctx, - true, NTLM_AUTH_ON, 0, - &auth4_context->challenge.data, - &user_info->password.response.lanman, - &user_info->password.response.nt, - user_info->client.account_name, - user_info->client.account_name, - user_info->client.domain_name, - &lm_pw, &nt_pw, session_key, lm_session_key); + if (pauthoritative != NULL) { + *pauthoritative = state->authoritative; + } - if (NT_STATUS_IS_OK(nt_status)) { - *server_returned_info = talloc_asprintf(mem_ctx, - "%s%c%s", user_info->client.domain_name, - *lp_winbind_separator(), - user_info->client.account_name); - } else { - DEBUG(3, ("Login for user [%s]\\[%s]@[%s] failed due to [%s]\n", - user_info->client.domain_name, user_info->client.account_name, - user_info->workstation_name, - nt_errstr(nt_status))); + if (tevent_req_is_nterror(req, &status)) { + return status; } - return nt_status; + + if (server_returned_info != NULL) { + *server_returned_info = talloc_move( + mem_ctx, &state->server_info); + } + if (nt_session_key != NULL) { + *nt_session_key = (DATA_BLOB) { + .data = talloc_move( + mem_ctx, &state->nt_session_key.data), + .length = state->nt_session_key.length, + }; + } + if (lm_session_key != NULL) { + *lm_session_key = (DATA_BLOB) { + .data = talloc_move( + mem_ctx, &state->lm_session_key.data), + .length = state->lm_session_key.length, + }; + } + + return NT_STATUS_OK; } static NTSTATUS ntlm_auth_prepare_gensec_client(TALLOC_CTX *mem_ctx, @@ -1111,7 +1182,8 @@ static struct auth4_context *make_auth4_context_ntlm_auth(TALLOC_CTX *mem_ctx, b auth4_context->get_ntlm_challenge = ntlm_auth_get_challenge; auth4_context->set_ntlm_challenge = ntlm_auth_set_challenge; if (local_pw) { - auth4_context->check_ntlm_password = local_pw_check; + auth4_context->check_ntlm_password_send = local_pw_check_send; + auth4_context->check_ntlm_password_recv = local_pw_check_recv; } else { auth4_context->check_ntlm_password = winbind_pw_check; } |