The branch, master has been updated
via e53ca4845e123eeff5e29869995e4a1a455f5f5d (commit)
from d0aedeb46e5d2da582b5c030114186f8d755b528 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e53ca4845e123eeff5e29869995e4a1a455f5f5d
Author: Jeremy Allison <[email protected]>
Date: Thu Jun 4 11:14:20 2009 -0700
Add NTLMSSP SPNEGO to smb2 auth. Tested with Win7.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/smb2_negprot.c | 6 +++-
source3/smbd/smb2_server.c | 3 +-
source3/smbd/smb2_sesssetup.c | 75 +++++++++++++++++++++++++++++++++++++----
3 files changed, 75 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index e946490..b312a7f 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -142,11 +142,15 @@ NTSTATUS smbd_smb2_request_process_negprot(struct
smbd_smb2_request *req)
}
security_offset = SMB2_HDR_BODY + 0x40;
+
+#if 1
+ /* Try SPNEGO auth... */
security_buffer = data_blob_const(negprot_spnego_blob.data + 16,
negprot_spnego_blob.length - 16);
-
+#else
/* for now we want raw NTLMSSP */
security_buffer = data_blob_const(NULL, 0);
+#endif
outbody = data_blob_talloc(req->out.vector, NULL, 0x40);
if (outbody.data == NULL) {
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index f7aad0e..20754fb 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -245,7 +245,8 @@ static NTSTATUS smbd_smb2_request_setup_out(struct
smbd_smb2_request *req)
NT_STATUS_V(NT_STATUS_INTERNAL_ERROR));
SSVAL(outhdr, SMB2_HDR_OPCODE,
SVAL(inhdr, SMB2_HDR_OPCODE));
- SSVAL(outhdr, SMB2_HDR_CREDIT, 0);
+ /* Make up a number for now... JRA. FIXME ! FIXME !*/
+ SSVAL(outhdr, SMB2_HDR_CREDIT, 20);
SIVAL(outhdr, SMB2_HDR_FLAGS, SMB2_HDR_FLAG_REDIRECT);
SIVAL(outhdr, SMB2_HDR_NEXT_COMMAND, next_command_ofs);
SBVAL(outhdr, SMB2_HDR_MESSAGE_ID,
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 0f0a900..faf7bd3 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -150,6 +150,7 @@ static NTSTATUS smbd_smb2_session_setup(struct
smbd_smb2_request *req,
NTSTATUS status;
*out_session_flags = 0;
+ *out_session_id = 0;
if (in_session_id == 0) {
int id;
@@ -202,15 +203,75 @@ static NTSTATUS smbd_smb2_session_setup(struct
smbd_smb2_request *req,
}
}
- status = auth_ntlmssp_update(session->auth_ntlmssp_state,
- in_security_buffer,
- out_security_buffer);
- if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ if (in_security_buffer.data[0] == ASN1_APPLICATION(0)) {
+ DATA_BLOB secblob_in;
+ DATA_BLOB chal_out;
+ char *kerb_mech = NULL;
+
+ status = parse_spnego_mechanisms(in_security_buffer,
+ &secblob_in, &kerb_mech);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(session);
+ return nt_status_squash(status);
+ }
+
+ /* For now, just SPNEGO NTLMSSP - krb5 goes here later.. */
+ status = auth_ntlmssp_update(session->auth_ntlmssp_state,
+ secblob_in,
+ &chal_out);
+
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ auth_ntlmssp_end(&session->auth_ntlmssp_state);
+ TALLOC_FREE(session);
+ return nt_status_squash(status);
+ }
+
+ *out_security_buffer = spnego_gen_auth_response(&chal_out,
+ status, OID_NTLMSSP);
+
*out_session_id = session->vuid;
return status;
- } else if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(session);
- return status;
+ } else if (in_security_buffer.data[0] == ASN1_CONTEXT(1)) {
+ DATA_BLOB auth = data_blob_null;
+ DATA_BLOB auth_out = data_blob_null;
+
+ /* its an auth packet */
+ if (!spnego_parse_auth(in_security_buffer, &auth)) {
+ TALLOC_FREE(session);
+ return NT_STATUS_LOGON_FAILURE;
+ }
+ /* For now, just SPNEGO NTLMSSP - krb5 goes here later.. */
+ status = auth_ntlmssp_update(session->auth_ntlmssp_state,
+ auth,
+ &auth_out);
+ if (!NT_STATUS_IS_OK(status)) {
+ auth_ntlmssp_end(&session->auth_ntlmssp_state);
+ TALLOC_FREE(session);
+ return nt_status_squash(status);
+ }
+
+ *out_security_buffer = spnego_gen_auth_response(&auth_out,
+ status, NULL);
+
+ *out_session_id = session->vuid;
+ } else if (strncmp((char *)(in_security_buffer.data), "NTLMSSP", 7) ==
0) {
+
+ /* RAW NTLMSSP */
+ status = auth_ntlmssp_update(session->auth_ntlmssp_state,
+ in_security_buffer,
+ out_security_buffer);
+
+ if (NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ *out_session_id = session->vuid;
+ return status;
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ auth_ntlmssp_end(&session->auth_ntlmssp_state);
+ TALLOC_FREE(session);
+ return nt_status_squash(status);
+ }
+ *out_session_id = session->vuid;
}
/* TODO: setup session key for signing */
--
Samba Shared Repository
