NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
{
NTSTATUS nt_status;
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_init("AUTH NTLMSSP context");
*auth_ntlmssp_state = TALLOC_ZERO_P(mem_ctx, AUTH_NTLMSSP_STATE);
if (!*auth_ntlmssp_state) {
DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
talloc_destroy(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(*auth_ntlmssp_state);
(*auth_ntlmssp_state)->mem_ctx = mem_ctx;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_server_start(&(*auth_ntlmssp_state)->ntlmssp_state))) {
return nt_status;
}
if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&(*auth_ntlmssp_state)->auth_context))) {
return nt_status;
}
(*auth_ntlmssp_state)->ntlmssp_state->auth_context = (*auth_ntlmssp_state);
(*auth_ntlmssp_state)->ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
(*auth_ntlmssp_state)->ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
(*auth_ntlmssp_state)->ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
(*auth_ntlmssp_state)->ntlmssp_state->check_password = auth_ntlmssp_check_password;
(*auth_ntlmssp_state)->ntlmssp_state->server_role = (enum server_types)lp_server_role();
return NT_STATUS_OK;
}
static NTSTATUS ntlm_auth_start_ntlmssp_server(NTLMSSP_STATE **ntlmssp_state)
{
NTSTATUS status = ntlmssp_server_start(ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Could not start NTLMSSP client: %s\n",
nt_errstr(status)));
return status;
}
/* Have we been given a local password, or should we ask winbind? */
if (opt_password) {
(*ntlmssp_state)->check_password = local_pw_check;
(*ntlmssp_state)->get_domain = lp_workgroup;
(*ntlmssp_state)->get_global_myname = global_myname;
} else {
(*ntlmssp_state)->check_password = winbind_pw_check;
(*ntlmssp_state)->get_domain = get_winbind_domain;
(*ntlmssp_state)->get_global_myname = get_winbind_netbios_name;
}
return NT_STATUS_OK;
}
static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_security)
{
NTSTATUS nt_status;
bool is_standalone;
const char *netbios_name;
const char *netbios_domain;
const char *dns_name;
char *dns_domain;
struct gensec_ntlmssp_context *gensec_ntlmssp;
if ((enum server_role)lp_server_role() == ROLE_STANDALONE) {
is_standalone = true;
} else {
is_standalone = false;
}
netbios_name = lp_netbios_name();
netbios_domain = lp_workgroup();
/* This should be a 'netbios domain -> DNS domain' mapping */
dns_domain = get_mydnsdomname(talloc_tos());
if (dns_domain) {
strlower_m(dns_domain);
}
dns_name = get_mydnsfullname();
nt_status = gensec_ntlmssp_start(gensec_security);
NT_STATUS_NOT_OK_RETURN(nt_status);
gensec_ntlmssp =
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
nt_status = make_auth_context_subsystem(gensec_ntlmssp, &gensec_ntlmssp->auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
nt_status = ntlmssp_server_start(gensec_ntlmssp,
is_standalone,
netbios_name,
netbios_domain,
dns_name,
dns_domain,
&gensec_ntlmssp->ntlmssp_state);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
gensec_ntlmssp->ntlmssp_state->callback_private = gensec_ntlmssp;
gensec_ntlmssp->ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
gensec_ntlmssp->ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
gensec_ntlmssp->ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
gensec_ntlmssp->ntlmssp_state->check_password = auth_ntlmssp_check_password;
if (gensec_ntlmssp->gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
if (gensec_ntlmssp->gensec_security->want_features & GENSEC_FEATURE_SIGN) {
gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
if (gensec_ntlmssp->gensec_security->want_features & GENSEC_FEATURE_SEAL) {
gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
return NT_STATUS_OK;
}
NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
struct auth_ntlmssp_state **auth_ntlmssp_state)
{
NTSTATUS nt_status;
bool is_standalone;
const char *netbios_name;
const char *netbios_domain;
const char *dns_name;
char *dns_domain;
struct auth_ntlmssp_state *ans;
struct auth_context *auth_context;
if ((enum server_role)lp_server_role() == ROLE_STANDALONE) {
is_standalone = true;
} else {
is_standalone = false;
}
netbios_name = lp_netbios_name();
netbios_domain = lp_workgroup();
/* This should be a 'netbios domain -> DNS domain' mapping */
dns_domain = get_mydnsdomname(talloc_tos());
if (dns_domain) {
strlower_m(dns_domain);
}
dns_name = get_mydnsfullname();
ans = talloc_zero(NULL, struct auth_ntlmssp_state);
if (!ans) {
DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
return NT_STATUS_NO_MEMORY;
}
ans->remote_address = tsocket_address_copy(remote_address, ans);
if (ans->remote_address == NULL) {
DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
return NT_STATUS_NO_MEMORY;
}
nt_status = ntlmssp_server_start(ans,
is_standalone,
netbios_name,
netbios_domain,
dns_name,
dns_domain,
&ans->ntlmssp_state);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
nt_status = make_auth_context_subsystem(talloc_tos(), &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
ans->auth_context = talloc_steal(ans, auth_context);
ans->ntlmssp_state->callback_private = ans;
ans->ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
ans->ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
ans->ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
ans->ntlmssp_state->check_password = auth_ntlmssp_check_password;
talloc_set_destructor((TALLOC_CTX *)ans, auth_ntlmssp_state_destructor);
*auth_ntlmssp_state = ans;
return NT_STATUS_OK;
}
