[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Thu Dec 22 12:58:04 MST 2011
The branch, master has been updated
via 21fb9a4 s3-librpc Use gensec_sig_size() instead of a fixed NTLMSSP_SIG_SIZE
via 0649863 s3-rpc_server: Rework pipe_ntlmssp_auth_bind() to be generic
via d52e547 s3-rpc_server: Allow gensec mechanisms to return NT_STATUS_OK
via 83f0ca3 s3-rpc_server: rename pipe_ntlmssp_verify_final() to pipe_auth_generic_verify_final()
via 43f35f1 s3-rpc_server: Rename dcesrv_ntlmssp.[ch] to dcesrv_auth_generic.[ch]
via db8bbf9 s3-rpc_server rename NTLMSSP functions to auth_generic..()
via 815490d s3-rpc_server rename ntlmssp_server_auth_start() -> auth_generic_server_start()
via 2dd23e9 s3-rpc_server remove unused header
via 5e03843 s3-auth split the auth_generic functions into a seperate file
via b85bcd7 s3-rpc_server request both sign and seal for clarity
via c171316 s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directly
via 1100f6e s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()
via 6391fff s3-auth rename auth_ntlmssp_state -> auth_generic_state
via 0b7bc1c s3-rpc_server request the DCE_STYLE feature in ntlmssp_server_auth_start
from 6765e7c s3-netlogon: use dsgetdcname() instead of get_dc_name()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 21fb9a47ea196087394a772c77687fa4aedd647f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Dec 21 15:54:20 2011 +1100
s3-librpc Use gensec_sig_size() instead of a fixed NTLMSSP_SIG_SIZE
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Thu Dec 22 20:57:27 CET 2011 on sn-devel-104
commit 06498637bb4d71787f6e903e7dc58466b1d660d2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Dec 21 15:34:17 2011 +1100
s3-rpc_server: Rework pipe_ntlmssp_auth_bind() to be generic
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit d52e5473ef3c167e2d5707616313f049b406d725
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Dec 21 15:28:26 2011 +1100
s3-rpc_server: Allow gensec mechanisms to return NT_STATUS_OK
If a kerberos mechanism is added, then it can return OK after just one packet.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 83f0ca3aadf6f3fe949ea9408f9800eada554b6e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Dec 21 15:17:45 2011 +1100
s3-rpc_server: rename pipe_ntlmssp_verify_final() to pipe_auth_generic_verify_final()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 43f35f1826c676032a17acd8a2e8ad2264d32e90
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Dec 21 15:09:29 2011 +1100
s3-rpc_server: Rename dcesrv_ntlmssp.[ch] to dcesrv_auth_generic.[ch]
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit db8bbf92ad47d8a410beba8984ef1644af4b92ba
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Dec 21 14:40:04 2011 +1100
s3-rpc_server rename NTLMSSP functions to auth_generic..()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 815490d3e8e6e254d2d199c84ecf68df76f31c6d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Dec 21 14:32:43 2011 +1100
s3-rpc_server rename ntlmssp_server_auth_start() -> auth_generic_server_start()
By adding an OID parameter we can make this routine generic to any
gensec module that may be made available.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 2dd23e900ac8873f121be57ce87d4e3a8878dc6c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 16 17:05:12 2011 +1100
s3-rpc_server remove unused header
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 5e038432f76718560639c86c613ba7ccd371540c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 16 16:55:36 2011 +1100
s3-auth split the auth_generic functions into a seperate file
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit b85bcd7a241112e2ceb80212f2d1f993e5f27b82
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 16 16:44:17 2011 +1100
s3-rpc_server request both sign and seal for clarity
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit c17131685cc7febea6f09c7029c26e9993f8bc91
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 16 16:38:53 2011 +1100
s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directly
This makes it clear that this can support more than just NTLMSSP.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 1100f6eca568bdf725922eff09988559d2714e45
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 16 16:08:56 2011 +1100
s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()
This function handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 6391fff9dad8a2bd7033930e7d6ff5c8617701c6
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 16 16:07:24 2011 +1100
s3-auth rename auth_ntlmssp_state -> auth_generic_state
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 0b7bc1c45c73beddc60e6da2fc415f2506b36e43
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 16 15:55:08 2011 +1100
s3-rpc_server request the DCE_STYLE feature in ntlmssp_server_auth_start
This is not used or honoured by NTLMSSP, but I hope to make this routine
more generic in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/Makefile.in | 4 +-
source3/auth/auth_generic.c | 189 ++++++++++++++++++++
source3/auth/auth_ntlmssp.c | 163 +-----------------
source3/auth/proto.h | 10 +-
source3/auth/wscript_build | 2 +-
source3/include/auth.h | 2 +-
source3/include/ntlmssp_wrap.h | 14 +-
source3/include/smb.h | 2 +-
source3/librpc/crypto/cli_spnego.c | 2 +-
source3/librpc/rpc/dcerpc_helpers.c | 9 +-
source3/libsmb/clifsinfo.c | 2 +-
source3/libsmb/ntlmssp_wrap.c | 14 +-
source3/rpc_client/cli_pipe.c | 2 +-
.../{dcesrv_ntlmssp.c => dcesrv_auth_generic.c} | 76 +++++++--
.../{dcesrv_ntlmssp.h => dcesrv_auth_generic.h} | 17 ++-
source3/rpc_server/dcesrv_spnego.c | 7 +-
source3/rpc_server/srv_pipe.c | 51 ++----
source3/rpc_server/wscript_build | 2 +-
source3/smbd/globals.h | 2 +-
source3/smbd/negprot.c | 4 +-
source3/smbd/seal.c | 6 +-
source3/smbd/sesssetup.c | 18 +-
source3/smbd/smb2_sesssetup.c | 12 +-
23 files changed, 345 insertions(+), 265 deletions(-)
create mode 100644 source3/auth/auth_generic.c
rename source3/rpc_server/{dcesrv_ntlmssp.c => dcesrv_auth_generic.c} (58%)
rename source3/rpc_server/{dcesrv_ntlmssp.h => dcesrv_auth_generic.h} (69%)
Changeset truncated at 500 lines:
diff --git a/source3/Makefile.in b/source3/Makefile.in
index cf7c5ae..cd73263 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -760,7 +760,7 @@ RPC_CONFIG = rpc_server/rpc_config.o
RPC_SERVICE = rpc_server/rpc_server.o
-RPC_CRYPTO = rpc_server/dcesrv_ntlmssp.o \
+RPC_CRYPTO = rpc_server/dcesrv_auth_generic.o \
rpc_server/dcesrv_gssapi.o \
rpc_server/dcesrv_spnego.o
@@ -908,7 +908,7 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \
auth/user_info.o \
auth/user_util.o \
auth/user_krb5.o \
- auth/auth_compat.o auth/auth_ntlmssp.o \
+ auth/auth_compat.o auth/auth_ntlmssp.o auth/auth_generic.o \
$(PLAINTEXT_AUTH_OBJ) $(SLCACHE_OBJ) $(DCUTIL_OBJ)
MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_hash2.o
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
new file mode 100644
index 0000000..47723d5
--- /dev/null
+++ b/source3/auth/auth_generic.c
@@ -0,0 +1,189 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 3.0
+ handle NLTMSSP, server side
+
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Andrew Bartlett 2001-2003,2011
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth.h"
+#include "../auth/ntlmssp/ntlmssp.h"
+#include "ntlmssp_wrap.h"
+#include "../librpc/gen_ndr/netlogon.h"
+#include "../librpc/gen_ndr/dcerpc.h"
+#include "../lib/tsocket/tsocket.h"
+#include "auth/gensec/gensec.h"
+#include "librpc/rpc/dcerpc.h"
+#include "lib/param/param.h"
+
+NTSTATUS auth_generic_prepare(const struct tsocket_address *remote_address,
+ struct auth_generic_state **auth_ntlmssp_state)
+{
+ struct auth_context *auth_context;
+ struct auth_generic_state *ans;
+ NTSTATUS nt_status;
+
+ ans = talloc_zero(NULL, struct auth_generic_state);
+ if (!ans) {
+ DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ nt_status = make_auth_context_subsystem(talloc_tos(), &auth_context);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ }
+
+ ans->auth_context = talloc_steal(ans, auth_context);
+
+ if (auth_context->prepare_gensec) {
+ nt_status = auth_context->prepare_gensec(ans,
+ &ans->gensec_security);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ }
+ *auth_ntlmssp_state = ans;
+ return NT_STATUS_OK;
+ } else {
+ struct gensec_settings *gensec_settings;
+ struct loadparm_context *lp_ctx;
+
+ lp_ctx = loadparm_init_s3(ans, loadparm_s3_context());
+ if (lp_ctx == NULL) {
+ DEBUG(10, ("loadparm_init_s3 failed\n"));
+ TALLOC_FREE(ans);
+ return NT_STATUS_INVALID_SERVER_STATE;
+ }
+
+ gensec_settings = lpcfg_gensec_settings(ans, lp_ctx);
+ if (lp_ctx == NULL) {
+ DEBUG(10, ("lpcfg_gensec_settings failed\n"));
+ TALLOC_FREE(ans);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ nt_status = gensec_server_start(ans, gensec_settings,
+ NULL, &ans->gensec_security);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ }
+ talloc_unlink(ans, lp_ctx);
+ talloc_unlink(ans, gensec_settings);
+ }
+
+ nt_status = gensec_set_remote_address(ans->gensec_security,
+ remote_address);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ }
+
+ *auth_ntlmssp_state = ans;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_start(struct auth_generic_state *auth_ntlmssp_state, const char *oid)
+{
+ struct gensec_ntlmssp_context *gensec_ntlmssp;
+ NTSTATUS status;
+
+ if (auth_ntlmssp_state->auth_context->gensec_start_mech_by_oid) {
+ return auth_ntlmssp_state->auth_context->gensec_start_mech_by_oid(
+ auth_ntlmssp_state->gensec_security, oid);
+ }
+
+ if (strcmp(oid, GENSEC_OID_NTLMSSP) != 0) {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ status = gensec_start_mech_by_ops(auth_ntlmssp_state->gensec_security,
+ &gensec_ntlmssp3_server_ops);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ gensec_ntlmssp =
+ talloc_get_type_abort(auth_ntlmssp_state->gensec_security->private_data,
+ struct gensec_ntlmssp_context);
+
+ gensec_ntlmssp->auth_context = talloc_move(gensec_ntlmssp, &auth_ntlmssp_state->auth_context);
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_authtype_start(struct auth_generic_state *auth_ntlmssp_state,
+ uint8_t auth_type, uint8_t auth_level)
+{
+ struct gensec_ntlmssp_context *gensec_ntlmssp;
+ NTSTATUS status;
+
+ if (auth_ntlmssp_state->auth_context->gensec_start_mech_by_authtype) {
+ return auth_ntlmssp_state->auth_context->gensec_start_mech_by_authtype(
+ auth_ntlmssp_state->gensec_security,
+ auth_type, auth_level);
+ }
+
+ if (auth_type != DCERPC_AUTH_TYPE_NTLMSSP) {
+ /* The caller will then free the auth_ntlmssp_state,
+ * undoing what was done in auth_generic_prepare().
+ *
+ * We can't do that logic here, as
+ * auth_ntlmssp_want_feature() may have been called in
+ * between.
+ */
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ gensec_want_feature(auth_ntlmssp_state->gensec_security,
+ GENSEC_FEATURE_DCE_STYLE);
+ gensec_want_feature(auth_ntlmssp_state->gensec_security,
+ GENSEC_FEATURE_ASYNC_REPLIES);
+ if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
+ gensec_want_feature(auth_ntlmssp_state->gensec_security,
+ GENSEC_FEATURE_SIGN);
+ } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+ gensec_want_feature(auth_ntlmssp_state->gensec_security,
+ GENSEC_FEATURE_SIGN);
+ gensec_want_feature(auth_ntlmssp_state->gensec_security,
+ GENSEC_FEATURE_SEAL);
+ } else if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
+ /* Default features */
+ } else {
+ DEBUG(2,("auth_level %d not supported in DCE/RPC authentication\n",
+ auth_level));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ status = gensec_start_mech_by_ops(auth_ntlmssp_state->gensec_security,
+ &gensec_ntlmssp3_server_ops);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ gensec_ntlmssp =
+ talloc_get_type_abort(auth_ntlmssp_state->gensec_security->private_data,
+ struct gensec_ntlmssp_context);
+
+ gensec_ntlmssp->auth_context = talloc_move(gensec_ntlmssp, &auth_ntlmssp_state->auth_context);
+
+ return NT_STATUS_OK;
+}
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index b57fda1..a0deada 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -210,76 +210,6 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
return nt_status;
}
-NTSTATUS auth_ntlmssp_prepare(const struct tsocket_address *remote_address,
- struct auth_ntlmssp_state **auth_ntlmssp_state)
-{
- struct auth_context *auth_context;
- struct auth_ntlmssp_state *ans;
- NTSTATUS nt_status;
-
- ans = talloc_zero(NULL, struct auth_ntlmssp_state);
- if (!ans) {
- DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- nt_status = make_auth_context_subsystem(talloc_tos(), &auth_context);
- if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(ans);
- return nt_status;
- }
-
- ans->auth_context = talloc_steal(ans, auth_context);
-
- if (auth_context->prepare_gensec) {
- nt_status = auth_context->prepare_gensec(ans,
- &ans->gensec_security);
- if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(ans);
- return nt_status;
- }
- *auth_ntlmssp_state = ans;
- return NT_STATUS_OK;
- } else {
- struct gensec_settings *gensec_settings;
- struct loadparm_context *lp_ctx;
-
- lp_ctx = loadparm_init_s3(ans, loadparm_s3_context());
- if (lp_ctx == NULL) {
- DEBUG(10, ("loadparm_init_s3 failed\n"));
- TALLOC_FREE(ans);
- return NT_STATUS_INVALID_SERVER_STATE;
- }
-
- gensec_settings = lpcfg_gensec_settings(ans, lp_ctx);
- if (lp_ctx == NULL) {
- DEBUG(10, ("lpcfg_gensec_settings failed\n"));
- TALLOC_FREE(ans);
- return NT_STATUS_NO_MEMORY;
- }
-
- nt_status = gensec_server_start(ans, gensec_settings,
- NULL, &ans->gensec_security);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(ans);
- return nt_status;
- }
- talloc_unlink(ans, lp_ctx);
- talloc_unlink(ans, gensec_settings);
- }
-
- nt_status = gensec_set_remote_address(ans->gensec_security,
- remote_address);
- if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(ans);
- return nt_status;
- }
-
- *auth_ntlmssp_state = ans;
- return NT_STATUS_OK;
-}
-
static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_security)
{
NTSTATUS nt_status;
@@ -349,7 +279,7 @@ static const char *gensec_ntlmssp3_server_oids[] = {
NULL
};
-static const struct gensec_security_ops gensec_ntlmssp3_server_ops = {
+const struct gensec_security_ops gensec_ntlmssp3_server_ops = {
.name = "ntlmssp3_server",
.sasl_name = GENSEC_SASL_NAME_NTLMSSP, /* "NTLM" */
.auth_type = DCERPC_AUTH_TYPE_NTLMSSP,
@@ -371,94 +301,3 @@ static const struct gensec_security_ops gensec_ntlmssp3_server_ops = {
.priority = GENSEC_NTLMSSP
};
-NTSTATUS auth_generic_start(struct auth_ntlmssp_state *auth_ntlmssp_state, const char *oid)
-{
- struct gensec_ntlmssp_context *gensec_ntlmssp;
- NTSTATUS status;
-
- if (auth_ntlmssp_state->auth_context->gensec_start_mech_by_oid) {
- return auth_ntlmssp_state->auth_context->gensec_start_mech_by_oid(
- auth_ntlmssp_state->gensec_security, oid);
- }
-
- if (strcmp(oid, GENSEC_OID_NTLMSSP) != 0) {
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- status = gensec_start_mech_by_ops(auth_ntlmssp_state->gensec_security,
- &gensec_ntlmssp3_server_ops);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- gensec_ntlmssp =
- talloc_get_type_abort(auth_ntlmssp_state->gensec_security->private_data,
- struct gensec_ntlmssp_context);
-
- gensec_ntlmssp->auth_context = talloc_move(gensec_ntlmssp, &auth_ntlmssp_state->auth_context);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS auth_generic_authtype_start(struct auth_ntlmssp_state *auth_ntlmssp_state,
- uint8_t auth_type, uint8_t auth_level)
-{
- struct gensec_ntlmssp_context *gensec_ntlmssp;
- NTSTATUS status;
-
- if (auth_ntlmssp_state->auth_context->gensec_start_mech_by_authtype) {
- return auth_ntlmssp_state->auth_context->gensec_start_mech_by_authtype(
- auth_ntlmssp_state->gensec_security,
- auth_type, auth_level);
- }
-
- if (auth_type != DCERPC_AUTH_TYPE_NTLMSSP) {
- /* The caller will then free the auth_ntlmssp_state,
- * undoing what was done in auth_ntlmssp_prepare().
- *
- * We can't do that logic here, as
- * auth_ntlmssp_want_feature() may have been called in
- * between.
- */
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- gensec_want_feature(auth_ntlmssp_state->gensec_security,
- GENSEC_FEATURE_DCE_STYLE);
- gensec_want_feature(auth_ntlmssp_state->gensec_security,
- GENSEC_FEATURE_ASYNC_REPLIES);
- if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
- gensec_want_feature(auth_ntlmssp_state->gensec_security,
- GENSEC_FEATURE_SIGN);
- } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- gensec_want_feature(auth_ntlmssp_state->gensec_security,
- GENSEC_FEATURE_SIGN);
- gensec_want_feature(auth_ntlmssp_state->gensec_security,
- GENSEC_FEATURE_SEAL);
- } else if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
- /* Default features */
- } else {
- DEBUG(2,("auth_level %d not supported in DCE/RPC authentication\n",
- auth_level));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- status = gensec_start_mech_by_ops(auth_ntlmssp_state->gensec_security,
- &gensec_ntlmssp3_server_ops);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- gensec_ntlmssp =
- talloc_get_type_abort(auth_ntlmssp_state->gensec_security->private_data,
- struct gensec_ntlmssp_context);
-
- gensec_ntlmssp->auth_context = talloc_move(gensec_ntlmssp, &auth_ntlmssp_state->auth_context);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state *auth_ntlmssp_state)
-{
- return auth_generic_start(auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
-}
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index bc2d58a..125ac14 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -69,11 +69,11 @@ NTSTATUS auth_netlogond_init(void);
/* The following definitions come from auth/auth_ntlmssp.c */
-NTSTATUS auth_ntlmssp_prepare(const struct tsocket_address *remote_address,
- struct auth_ntlmssp_state **auth_ntlmssp_state);
-NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state *auth_ntlmssp_state);
-NTSTATUS auth_generic_start(struct auth_ntlmssp_state *auth_ntlmssp_state, const char *oid);
-NTSTATUS auth_generic_authtype_start(struct auth_ntlmssp_state *auth_ntlmssp_state,
+NTSTATUS auth_generic_prepare(const struct tsocket_address *remote_address,
+ struct auth_generic_state **auth_ntlmssp_state);
+NTSTATUS auth_ntlmssp_start(struct auth_generic_state *auth_ntlmssp_state);
+NTSTATUS auth_generic_start(struct auth_generic_state *auth_ntlmssp_state, const char *oid);
+NTSTATUS auth_generic_authtype_start(struct auth_generic_state *auth_ntlmssp_state,
uint8_t auth_type, uint8_t auth_level);
diff --git a/source3/auth/wscript_build b/source3/auth/wscript_build
index 9fdc27d..4894e35 100644
--- a/source3/auth/wscript_build
+++ b/source3/auth/wscript_build
@@ -12,7 +12,7 @@ AUTH_NETLOGOND_SRC = 'auth_netlogond.c'
AUTH_SRC = '''auth.c
user_krb5.c
- auth_compat.c auth_ntlmssp.c'''
+ auth_compat.c auth_ntlmssp.c auth_generic.c'''
bld.SAMBA3_SUBSYSTEM('TOKEN_UTIL',
source='token_util.c',
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 5be5701..9d043bf 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -137,7 +137,7 @@ struct auth_init_function_entry {
struct auth_init_function_entry *prev, *next;
};
-struct auth_ntlmssp_state;
+struct auth_generic_state;
/* Changed from 1 -> 2 to add the logon_parameters field. */
/* Changed from 2 -> 3 when we reworked many auth structures to use IDL or be in common with Samba4 */
diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h
index 68032bb..fb98309 100644
--- a/source3/include/ntlmssp_wrap.h
+++ b/source3/include/ntlmssp_wrap.h
@@ -23,7 +23,9 @@
struct gensec_security;
-struct auth_ntlmssp_state {
+extern const struct gensec_security_ops gensec_ntlmssp3_server_ops;
+
+struct auth_generic_state {
/* used only by server implementation */
struct auth_context *auth_context;
@@ -34,14 +36,14 @@ struct auth_ntlmssp_state {
struct gensec_security *gensec_security;
};
-NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
+NTSTATUS auth_ntlmssp_set_username(struct auth_generic_state *ans,
const char *user);
-NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans,
+NTSTATUS auth_ntlmssp_set_domain(struct auth_generic_state *ans,
const char *domain);
-NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans,
+NTSTATUS auth_ntlmssp_set_password(struct auth_generic_state *ans,
const char *password);
NTSTATUS auth_ntlmssp_client_prepare(TALLOC_CTX *mem_ctx,
- struct auth_ntlmssp_state **_ans);
-NTSTATUS auth_ntlmssp_client_start(struct auth_ntlmssp_state *ans);
+ struct auth_generic_state **_ans);
+NTSTATUS auth_ntlmssp_client_start(struct auth_generic_state *ans);
#endif /* _NTLMSSP_WRAP_ */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index fed1f38..1a11610 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1215,7 +1215,7 @@ typedef struct user_struct {
struct auth_session_info *session_info;
- struct auth_ntlmssp_state *auth_ntlmssp_state;
+ struct auth_generic_state *auth_ntlmssp_state;
} user_struct;
/*
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index fce2de3..827b135 100644
--- a/source3/librpc/crypto/cli_spnego.c
--
Samba Shared Repository
More information about the samba-cvs
mailing list