3 * DCERPC Server functions
4 * Copyright (C) Simo Sorce 2010.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "rpc_server/dcesrv_ntlmssp.h"
23 #include "../libcli/auth/ntlmssp.h"
24 #include "ntlmssp_wrap.h"
27 NTSTATUS
ntlmssp_server_auth_start(TALLOC_CTX
*mem_ctx
,
33 const struct tsocket_address
*remote_address
,
34 struct auth_ntlmssp_state
**ctx
)
36 struct auth_ntlmssp_state
*a
= NULL
;
39 status
= auth_ntlmssp_start(remote_address
, &a
);
40 if (!NT_STATUS_IS_OK(status
)) {
41 DEBUG(0, (__location__
": auth_ntlmssp_start failed: %s\n",
46 /* Clear flags, then set them according to requested flags */
47 auth_ntlmssp_and_flags(a
, ~(NTLMSSP_NEGOTIATE_SIGN
|
48 NTLMSSP_NEGOTIATE_SEAL
));
51 auth_ntlmssp_or_flags(a
, NTLMSSP_NEGOTIATE_SIGN
);
54 /* Always implies both sign and seal for ntlmssp */
55 auth_ntlmssp_or_flags(a
, NTLMSSP_NEGOTIATE_SIGN
|
56 NTLMSSP_NEGOTIATE_SEAL
);
59 status
= auth_ntlmssp_update(a
, *token_in
, token_out
);
60 if (!NT_STATUS_EQUAL(status
, NT_STATUS_MORE_PROCESSING_REQUIRED
)) {
61 DEBUG(0, (__location__
": auth_ntlmssp_update failed: %s\n",
66 /* Make sure data is bound to the memctx, to be freed the caller */
67 talloc_steal(mem_ctx
, token_out
->data
);
68 /* steal ntlmssp context too */
69 *ctx
= talloc_move(mem_ctx
, &a
);
71 status
= NT_STATUS_OK
;
74 if (!NT_STATUS_IS_OK(status
)) {
81 NTSTATUS
ntlmssp_server_step(struct auth_ntlmssp_state
*ctx
,
88 /* this has to be done as root in order to verify the password */
90 status
= auth_ntlmssp_update(ctx
, *token_in
, token_out
);
93 /* put the output token data on the given mem_ctx */
94 talloc_steal(mem_ctx
, token_out
->data
);
99 NTSTATUS
ntlmssp_server_check_flags(struct auth_ntlmssp_state
*ctx
,
100 bool do_sign
, bool do_seal
)
102 if (do_sign
&& !auth_ntlmssp_negotiated_sign(ctx
)) {
103 DEBUG(1, (__location__
"Integrity was requested but client "
104 "failed to negotiate signing.\n"));
105 return NT_STATUS_ACCESS_DENIED
;
108 if (do_seal
&& !auth_ntlmssp_negotiated_seal(ctx
)) {
109 DEBUG(1, (__location__
"Privacy was requested but client "
110 "failed to negotiate sealing.\n"));
111 return NT_STATUS_ACCESS_DENIED
;
117 NTSTATUS
ntlmssp_server_get_user_info(struct auth_ntlmssp_state
*ctx
,
119 struct auth_session_info
**session_info
)
123 status
= auth_ntlmssp_steal_session_info(mem_ctx
, ctx
, session_info
);
124 if (!NT_STATUS_IS_OK(status
)) {
125 DEBUG(1, (__location__
": Failed to get authenticated user "
126 "info: %s\n", nt_errstr(status
)));
130 DEBUG(5, (__location__
"OK: user: %s domain: %s workstation: %s\n",
131 auth_ntlmssp_get_username(ctx
),
132 auth_ntlmssp_get_domain(ctx
),
133 auth_ntlmssp_get_client(ctx
)));