_PUBLIC_ NTSTATUS auth_check_password(struct auth_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
struct auth_user_info_dc **user_info_dc)
{
struct tevent_req *subreq;
struct tevent_context *ev;
bool ok;
NTSTATUS status;
/*TODO: create a new event context here! */
ev = auth_ctx->event_ctx;
subreq = auth_check_password_send(mem_ctx,
ev,
auth_ctx,
user_info);
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
ok = tevent_req_poll(subreq, ev);
if (!ok) {
return NT_STATUS_INTERNAL_ERROR;
}
status = auth_check_password_recv(subreq, mem_ctx, user_info_dc);
TALLOC_FREE(subreq);
return status;
}
/*
handler for NT1 style session setup
*/
static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
{
NTSTATUS status;
struct auth_usersupplied_info *user_info = NULL;
struct tsocket_address *remote_address;
const char *remote_machine = NULL;
struct tevent_req *subreq;
struct sesssetup_context *state;
sess->nt1.out.vuid = 0;
sess->nt1.out.action = 0;
sesssetup_common_strings(req,
&sess->nt1.out.os,
&sess->nt1.out.lanman,
&sess->nt1.out.domain);
if (!req->smb_conn->negotiate.done_sesssetup) {
req->smb_conn->negotiate.max_send = sess->nt1.in.bufsize;
req->smb_conn->negotiate.client_caps = sess->nt1.in.capabilities;
}
state = talloc(req, struct sesssetup_context);
if (!state) goto nomem;
state->req = req;
if (req->smb_conn->negotiate.oid) {
if (sess->nt1.in.user && *sess->nt1.in.user) {
/* We can't accept a normal login, because we
* don't have a challenge */
status = NT_STATUS_LOGON_FAILURE;
goto failed;
}
/* TODO: should we use just "anonymous" here? */
status = auth_context_create(state,
req->smb_conn->connection->event.ctx,
req->smb_conn->connection->msg_ctx,
req->smb_conn->lp_ctx,
&state->auth_context);
if (!NT_STATUS_IS_OK(status)) goto failed;
} else if (req->smb_conn->negotiate.auth_context) {
state->auth_context = req->smb_conn->negotiate.auth_context;
} else {
/* TODO: should we use just "anonymous" here? */
status = auth_context_create(state,
req->smb_conn->connection->event.ctx,
req->smb_conn->connection->msg_ctx,
req->smb_conn->lp_ctx,
&state->auth_context);
if (!NT_STATUS_IS_OK(status)) goto failed;
}
if (req->smb_conn->negotiate.calling_name) {
remote_machine = req->smb_conn->negotiate.calling_name->name;
}
remote_address = socket_get_remote_addr(req->smb_conn->connection->socket, req);
if (!remote_address) goto nomem;
if (!remote_machine) {
remote_machine = tsocket_address_inet_addr_string(remote_address, req);
if (!remote_machine) goto nomem;
}
user_info = talloc_zero(req, struct auth_usersupplied_info);
if (!user_info) goto nomem;
user_info->mapped_state = false;
user_info->logon_parameters = 0;
user_info->flags = 0;
user_info->client.account_name = sess->nt1.in.user;
user_info->client.domain_name = sess->nt1.in.domain;
user_info->workstation_name = remote_machine;
user_info->remote_host = talloc_steal(user_info, remote_address);
user_info->password_state = AUTH_PASSWORD_RESPONSE;
user_info->password.response.lanman = sess->nt1.in.password1;
user_info->password.response.lanman.data = talloc_steal(user_info, sess->nt1.in.password1.data);
user_info->password.response.nt = sess->nt1.in.password2;
user_info->password.response.nt.data = talloc_steal(user_info, sess->nt1.in.password2.data);
subreq = auth_check_password_send(state,
req->smb_conn->connection->event.ctx,
state->auth_context,
user_info);
if (!subreq) goto nomem;
tevent_req_set_callback(subreq, sesssetup_nt1_send, state);
return;
nomem:
status = NT_STATUS_NO_MEMORY;
failed:
status = nt_status_squash(status);
smbsrv_sesssetup_backend_send(req, sess, status);
}
/*
handler for old style session setup
*/
static void sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess)
{
struct auth_usersupplied_info *user_info = NULL;
struct tsocket_address *remote_address;
const char *remote_machine = NULL;
struct tevent_req *subreq;
struct sesssetup_context *state;
sess->old.out.vuid = 0;
sess->old.out.action = 0;
sesssetup_common_strings(req,
&sess->old.out.os,
&sess->old.out.lanman,
&sess->old.out.domain);
if (!req->smb_conn->negotiate.done_sesssetup) {
req->smb_conn->negotiate.max_send = sess->old.in.bufsize;
}
if (req->smb_conn->negotiate.calling_name) {
remote_machine = req->smb_conn->negotiate.calling_name->name;
}
remote_address = socket_get_remote_addr(req->smb_conn->connection->socket, req);
if (!remote_address) goto nomem;
if (!remote_machine) {
remote_machine = tsocket_address_inet_addr_string(remote_address, req);
if (!remote_machine) goto nomem;
}
user_info = talloc_zero(req, struct auth_usersupplied_info);
if (!user_info) goto nomem;
user_info->mapped_state = false;
user_info->logon_parameters = 0;
user_info->flags = 0;
user_info->client.account_name = sess->old.in.user;
user_info->client.domain_name = sess->old.in.domain;
user_info->workstation_name = remote_machine;
user_info->remote_host = talloc_steal(user_info, remote_address);
user_info->password_state = AUTH_PASSWORD_RESPONSE;
user_info->password.response.lanman = sess->old.in.password;
user_info->password.response.lanman.data = talloc_steal(user_info, sess->old.in.password.data);
user_info->password.response.nt = data_blob(NULL, 0);
state = talloc(req, struct sesssetup_context);
if (!state) goto nomem;
if (req->smb_conn->negotiate.auth_context) {
state->auth_context = req->smb_conn->negotiate.auth_context;
} else {
/* TODO: should we use just "anonymous" here? */
NTSTATUS status = auth_context_create(state,
req->smb_conn->connection->event.ctx,
req->smb_conn->connection->msg_ctx,
req->smb_conn->lp_ctx,
&state->auth_context);
if (!NT_STATUS_IS_OK(status)) {
smbsrv_sesssetup_backend_send(req, sess, status);
return;
}
}
state->req = req;
subreq = auth_check_password_send(state,
req->smb_conn->connection->event.ctx,
req->smb_conn->negotiate.auth_context,
user_info);
if (!subreq) goto nomem;
tevent_req_set_callback(subreq, sesssetup_old_send, state);
return;
nomem:
smbsrv_sesssetup_backend_send(req, sess, NT_STATUS_NO_MEMORY);
}