[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Wed Jan 11 02:50:05 MST 2012
The branch, master has been updated
via fc2c76f s4:auth: Make sure to check the optional auth_context hooks before using them
via 5c92e9a gensec: Make sure to check the optional auth_context hooks before using them
via 98ba33b gensec: Rename want_flags and got_flags in gensec_gssapi
via 226c3ef gensec: make gensec_gssapi.h common
via 49bafcf s3-librpc Supply target service and server to spnego_generic_init_client()
via 50a939a s3-librpc: Rename spnego_ntlmssp_init_client and make generic
via 138121c s3-libsmb: split out auth_generic client functions into auth_generic.c
via e8cd972 s3-librpc: rename get_ntlmssp_auth_footer to be more generic
via e574489 s3-librpc Set target service and server into gensec
via b89a043 s3-librpc Rename and rework cli_rpc_pipe_open_ntlmssp() to be generic
via 1e5e219 s3-librpc Rename create_ntlmssp_auth_rpc_bind_req() to be more generic
via f5a1171 gensec: move gensec_util.c to the top level
via 14c8a13 auth: make auth4_context common to provide access to generate_session_info_pac()
via b213514 auth/kerberos: Remove unused headers from gssapi_parse.c
via 6412ff8 s3-librpc Return user principal name on supplied mem_ctx
from 7fb82a5 krb5: Require gss_get_name_attribute or Heimdal's PAC parsing to build with krb5
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fc2c76f9218b1e92982b4b1813f44b9010dcd842
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jan 11 19:00:34 2012 +1100
s4:auth: Make sure to check the optional auth_context hooks before using them
These are optional to supply - some callers only provide an auth_context for the
other plugin functions, and so we need to deal with this cleanly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Wed Jan 11 10:49:13 CET 2012 on sn-devel-104
commit 5c92e9a46f46c0967fbec40826d5392ec86c3d6f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jan 11 19:00:34 2012 +1100
gensec: Make sure to check the optional auth_context hooks before using them
These are optional to supply - some callers only provide an auth_context for the
other plugin functions, and so we need to deal with this cleanly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 98ba33b2583185ae66f7eaa86b74bf3d0fcc99ff
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jan 11 11:26:31 2012 +1100
gensec: Rename want_flags and got_flags in gensec_gssapi
This make it clearer what type of flags these are.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 226c3ef7a604086295bc717a64fcfacbe60df45d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jan 11 11:14:54 2012 +1100
gensec: make gensec_gssapi.h common
This will make it easier to share elements of the GSSAPI gensec mechs,
in much the same way elements of the NTLMSSP mech are shared.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 49bafcfa48f2d440101c0634d934528cbee69bf1
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jan 2 15:21:05 2012 +1100
s3-librpc Supply target service and server to spnego_generic_init_client()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 50a939ad8580c24fc42be50cda531874bfd66efd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jan 2 14:29:51 2012 +1100
s3-librpc: Rename spnego_ntlmssp_init_client and make generic
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 138121c51638634639dd264f514bbbb84bcf2f60
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jan 5 17:15:14 2012 +0100
s3-libsmb: split out auth_generic client functions into auth_generic.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit e8cd9721776d3ffc574dcf93c8eb668d4dce36d0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jan 2 13:11:38 2012 +1100
s3-librpc: rename get_ntlmssp_auth_footer to be more generic
This can handle any gensec auth type now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit e574489be46dc7697a9718657e6941b11c6578d1
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jan 2 13:00:44 2012 +1100
s3-librpc Set target service and server into gensec
This will allow cli_rpc_pipe_open_generic_auth() to handle kerberos mechanisms.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit b89a0439b3e38b6da739119d904d25901f34a8f8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jan 2 12:51:06 2012 +1100
s3-librpc Rename and rework cli_rpc_pipe_open_ntlmssp() to be generic
This also includes renaming the helper function
rpccli_ntlmssp_bind_data, and allows this function to operate on any
gensec-supplied auth type.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 1e5e219a4b6fa4add004a51a68c03b0182ed25f7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Dec 31 23:08:25 2011 +1100
s3-librpc Rename create_ntlmssp_auth_rpc_bind_req() to be more generic
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit f5a117172ec17e1b0b9245bb5e067ca2da23572c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Dec 31 22:24:44 2011 +1100
gensec: move gensec_util.c to the top level
To do this some defines need to move to common_auth.h
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 14c8a13d3e2b2eb199e9eb26fa41f89bc380509e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Dec 31 22:45:51 2011 +1100
auth: make auth4_context common to provide access to generate_session_info_pac()
By providing this context, a function pointer for
generate_session_info_pac() can be inserted into gensec, allowing the
s3 PAC processing in an otherwise more generic gensec module.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit b21351463192d72f0b4faeace81bea12b47f810e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Dec 31 22:24:07 2011 +1100
auth/kerberos: Remove unused headers from gssapi_parse.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 6412ff84ce473536e711c9642655e12fe7fd2fba
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Dec 28 22:54:23 2011 +1100
s3-librpc Return user principal name on supplied mem_ctx
Signed-off-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/common_auth.h | 64 ++++++++++
auth/gensec/gensec.h | 14 +++
{source4/auth => auth}/gensec/gensec_gssapi.h | 2 +-
{source4/auth => auth}/gensec/gensec_util.c | 7 +-
auth/gensec/wscript_build | 2 +-
auth/kerberos/gssapi_parse.c | 2 -
source3/Makefile.in | 2 +
source3/include/auth_generic.h | 2 +
source3/librpc/crypto/cli_spnego.c | 30 +++++-
source3/librpc/crypto/gse.c | 6 +-
source3/librpc/crypto/spnego.h | 5 +-
source3/librpc/rpc/dcerpc_helpers.c | 10 +-
source3/libsmb/auth_generic.c | 154 +++++++++++++++++++++++++
source3/libsmb/ntlmssp_wrap.c | 129 +--------------------
source3/libsmb/passchange.c | 16 ++-
source3/rpc_client/cli_pipe.c | 90 +++++++++------
source3/rpc_client/cli_pipe.h | 18 ++--
source3/rpcclient/rpcclient.c | 4 +-
source3/utils/net_rpc.c | 4 +-
source3/wscript_build | 7 +-
source4/auth/auth.h | 57 ---------
source4/auth/gensec/gensec_gssapi.c | 52 ++++----
source4/auth/gensec/wscript_build | 2 +-
source4/auth/ntlmssp/ntlmssp_server.c | 44 ++++---
24 files changed, 417 insertions(+), 306 deletions(-)
rename {source4/auth => auth}/gensec/gensec_gssapi.h (97%)
rename {source4/auth => auth}/gensec/gensec_util.c (94%)
create mode 100644 source3/libsmb/auth_generic.c
Changeset truncated at 500 lines:
diff --git a/auth/common_auth.h b/auth/common_auth.h
index e9c4bb5..40f7da4 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -33,6 +33,11 @@ enum auth_password_state {
AUTH_PASSWORD_RESPONSE = 3
};
+#define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the default world and network groups */
+#define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */
+#define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES 0x04 /* Use a trivial map between users and privilages, rather than a DB */
+#define AUTH_SESSION_INFO_UNIX_TOKEN 0x08 /* The returned token must have the unix_token and unix_info elements provided */
+
struct auth_usersupplied_info
{
const char *workstation_name;
@@ -65,4 +70,63 @@ struct auth_usersupplied_info
uint32_t flags;
};
+struct auth_method_context;
+struct tevent_context;
+struct imessaging_context;
+struct loadparm_context;
+struct ldb_context;
+struct smb_krb5_context;
+
+struct auth4_context {
+ struct {
+ /* Who set this up in the first place? */
+ const char *set_by;
+
+ bool may_be_modified;
+
+ DATA_BLOB data;
+ } challenge;
+
+ /* methods, in the order they should be called */
+ struct auth_method_context *methods;
+
+ /* the event context to use for calls that can block */
+ struct tevent_context *event_ctx;
+
+ /* the messaging context which can be used by backends */
+ struct imessaging_context *msg_ctx;
+
+ /* loadparm context */
+ struct loadparm_context *lp_ctx;
+
+ /* SAM database for this local machine - to fill in local groups, or to authenticate local NTLM users */
+ struct ldb_context *sam_ctx;
+
+ NTSTATUS (*check_password)(struct auth4_context *auth_ctx,
+ TALLOC_CTX *mem_ctx,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_user_info_dc **user_info_dc);
+
+ NTSTATUS (*get_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]);
+
+ bool (*challenge_may_be_modified)(struct auth4_context *auth_ctx);
+
+ NTSTATUS (*set_challenge)(struct auth4_context *auth_ctx, const uint8_t chal[8], const char *set_by);
+
+ NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx,
+ struct auth4_context *auth_context,
+ struct auth_user_info_dc *user_info_dc,
+ uint32_t session_info_flags,
+ struct auth_session_info **session_info);
+
+ NTSTATUS (*generate_session_info_pac)(struct auth4_context *auth_ctx,
+ TALLOC_CTX *mem_ctx,
+ struct smb_krb5_context *smb_krb5_context,
+ DATA_BLOB *pac_blob,
+ const char *principal_name,
+ const struct tsocket_address *remote_address,
+ uint32_t session_info_flags,
+ struct auth_session_info **session_info);
+};
+
#endif
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index be330e9..a1ae634 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -313,4 +313,18 @@ bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism
NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal);
+NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
+ struct gensec_security *gensec_security,
+ struct auth_user_info_dc *user_info_dc,
+ struct auth_session_info **session_info);
+
+NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
+ struct gensec_security *gensec_security,
+ struct smb_krb5_context *smb_krb5_context,
+ DATA_BLOB *pac_blob,
+ const char *principal_string,
+ const struct tsocket_address *remote_address,
+ struct auth_session_info **session_info);
+
+
#endif /* __GENSEC_H__ */
diff --git a/source4/auth/gensec/gensec_gssapi.h b/auth/gensec/gensec_gssapi.h
similarity index 97%
rename from source4/auth/gensec/gensec_gssapi.h
rename to auth/gensec/gensec_gssapi.h
index 246fc99..4a64762 100644
--- a/source4/auth/gensec/gensec_gssapi.h
+++ b/auth/gensec/gensec_gssapi.h
@@ -40,7 +40,7 @@ struct gensec_gssapi_state {
struct gss_channel_bindings_struct *input_chan_bindings;
gss_name_t server_name;
gss_name_t client_name;
- OM_uint32 want_flags, got_flags;
+ OM_uint32 gss_want_flags, gss_got_flags;
gss_OID gss_oid;
struct smb_krb5_context *smb_krb5_context;
diff --git a/source4/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c
similarity index 94%
rename from source4/auth/gensec/gensec_util.c
rename to auth/gensec/gensec_util.c
index 9c5db48..1b4c0b1 100644
--- a/source4/auth/gensec/gensec_util.c
+++ b/auth/gensec/gensec_util.c
@@ -22,10 +22,7 @@
#include "includes.h"
#include "auth/gensec/gensec.h"
-#include "auth/gensec/gensec_proto.h"
-#include "auth/auth.h"
-#include "auth/credentials/credentials.h"
-#include "auth/system_session_proto.h"
+#include "auth/common_auth.h"
NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
struct gensec_security *gensec_security,
@@ -44,7 +41,7 @@ NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
}
- if (gensec_security->auth_context) {
+ if (gensec_security->auth_context && gensec_security->auth_context->generate_session_info) {
nt_status = gensec_security->auth_context->generate_session_info(mem_ctx, gensec_security->auth_context,
user_info_dc,
session_info_flags,
diff --git a/auth/gensec/wscript_build b/auth/gensec/wscript_build
index e3e9372..03d97e6 100644
--- a/auth/gensec/wscript_build
+++ b/auth/gensec/wscript_build
@@ -1,6 +1,6 @@
#!/usr/bin/env python
bld.SAMBA_LIBRARY('gensec',
- source='gensec.c gensec_start.c',
+ source='gensec.c gensec_start.c gensec_util.c',
pc_files='gensec.pc',
autoproto='gensec_toplevel_proto.h',
public_deps='tevent-util samba-util errors LIBPACKET auth_system_session samba-modules gensec_util',
diff --git a/auth/kerberos/gssapi_parse.c b/auth/kerberos/gssapi_parse.c
index 6e9eddc..dadc58b 100644
--- a/auth/kerberos/gssapi_parse.c
+++ b/auth/kerberos/gssapi_parse.c
@@ -24,8 +24,6 @@
#include "includes.h"
#include "../lib/util/asn1.h"
#include "auth/gensec/gensec.h"
-#include "system/kerberos.h"
-#include "auth/kerberos/kerberos.h"
/*
generate a krb5 GSS-API wrapper packet given a ticket
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 532cd79..c3dbd31 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -555,8 +555,10 @@ LIBSMB_OBJ0 = \
../libcli/auth/ntlm_check.o \
libsmb/ntlmssp.o \
libsmb/ntlmssp_wrap.o \
+ libsmb/auth_generic.o \
../auth/gensec/gensec.o \
../auth/gensec/gensec_start.o \
+ ../auth/gensec/gensec_util.o \
../auth/credentials/credentials.o \
../auth/credentials/credentials_samba3.o \
../auth/ntlmssp/ntlmssp.o \
diff --git a/source3/include/auth_generic.h b/source3/include/auth_generic.h
index faea610..96b07cd 100644
--- a/source3/include/auth_generic.h
+++ b/source3/include/auth_generic.h
@@ -45,4 +45,6 @@ NTSTATUS auth_generic_client_start_by_authtype(struct auth_generic_state *ans,
uint8_t auth_type,
uint8_t auth_level);
+extern const struct gensec_security_ops gensec_ntlmssp3_client_ops;
+
#endif /* _AUTH_GENERIC_ */
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index 54ea99b..98251c7 100644
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -84,9 +84,12 @@ NTSTATUS spnego_gssapi_init_client(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
+NTSTATUS spnego_generic_init_client(TALLOC_CTX *mem_ctx,
+ const char *oid,
bool do_sign, bool do_seal,
bool is_dcerpc,
+ const char *server,
+ const char *target_service,
const char *domain,
const char *username,
const char *password,
@@ -100,7 +103,11 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- sp_ctx->mech = SPNEGO_NTLMSSP;
+ if (strcmp(oid, GENSEC_OID_NTLMSSP) == 0) {
+ sp_ctx->mech = SPNEGO_NTLMSSP;
+ } else {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
status = auth_generic_client_prepare(sp_ctx,
&auth_generic_state);
@@ -138,7 +145,24 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
GENSEC_FEATURE_SEAL);
}
- status = auth_generic_client_start(auth_generic_state, GENSEC_OID_NTLMSSP);
+ if (is_dcerpc) {
+ gensec_want_feature(auth_generic_state->gensec_security,
+ GENSEC_FEATURE_DCE_STYLE);
+ }
+
+ status = gensec_set_target_service(auth_generic_state->gensec_security, target_service);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(sp_ctx);
+ return status;
+ }
+
+ status = gensec_set_target_hostname(auth_generic_state->gensec_security, server);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(sp_ctx);
+ return status;
+ }
+
+ status = auth_generic_client_start(auth_generic_state, oid);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(sp_ctx);
return status;
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 9eaef5a..85643e8 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -690,9 +690,9 @@ NTSTATUS gse_get_client_name(struct gse_context *gse_ctx,
return NT_STATUS_INTERNAL_ERROR;
}
- *cli_name = talloc_strndup(talloc_tos(),
- (char *)name_buffer.value,
- name_buffer.length);
+ *cli_name = talloc_strndup(mem_ctx,
+ (char *)name_buffer.value,
+ name_buffer.length);
gss_maj = gss_release_buffer(&gss_min, &name_buffer);
diff --git a/source3/librpc/crypto/spnego.h b/source3/librpc/crypto/spnego.h
index 2605169..a31f997 100644
--- a/source3/librpc/crypto/spnego.h
+++ b/source3/librpc/crypto/spnego.h
@@ -61,9 +61,12 @@ NTSTATUS spnego_gssapi_init_client(TALLOC_CTX *mem_ctx,
const char *username,
const char *password,
struct spnego_context **spengo_ctx);
-NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
+NTSTATUS spnego_generic_init_client(TALLOC_CTX *mem_ctx,
+ const char *oid,
bool do_sign, bool do_seal,
bool is_dcerpc,
+ const char *server,
+ const char *target_service,
const char *domain,
const char *username,
const char *password,
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 30c05a3..026b1fa 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -382,7 +382,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
Create and add the NTLMSSP sign/seal auth data.
********************************************************************/
-static NTSTATUS add_ntlmssp_auth_footer(struct gensec_security *gensec_security,
+static NTSTATUS add_generic_auth_footer(struct gensec_security *gensec_security,
enum dcerpc_AuthLevel auth_level,
DATA_BLOB *rpc_out)
{
@@ -450,7 +450,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct gensec_security *gensec_security,
Check/unseal the NTLMSSP auth data. (Unseal in place).
********************************************************************/
-static NTSTATUS get_ntlmssp_auth_footer(struct gensec_security *gensec_security,
+static NTSTATUS get_generic_auth_footer(struct gensec_security *gensec_security,
enum dcerpc_AuthLevel auth_level,
DATA_BLOB *data, DATA_BLOB *full_pkt,
DATA_BLOB *auth_token)
@@ -809,7 +809,7 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
case DCERPC_AUTH_TYPE_NTLMSSP:
gensec_security = talloc_get_type_abort(auth->auth_ctx,
struct gensec_security);
- status = add_ntlmssp_auth_footer(gensec_security,
+ status = add_generic_auth_footer(gensec_security,
auth->auth_level,
rpc_out);
break;
@@ -937,11 +937,11 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
case DCERPC_AUTH_TYPE_NTLMSSP:
- DEBUG(10, ("NTLMSSP auth\n"));
+ DEBUG(10, ("GENSEC auth\n"));
gensec_security = talloc_get_type_abort(auth->auth_ctx,
struct gensec_security);
- status = get_ntlmssp_auth_footer(gensec_security,
+ status = get_generic_auth_footer(gensec_security,
auth->auth_level,
&data, &full_pkt,
&auth_info.credentials);
diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c
new file mode 100644
index 0000000..42669f7
--- /dev/null
+++ b/source3/libsmb/auth_generic.c
@@ -0,0 +1,154 @@
+/*
+ NLTMSSP wrappers
+
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Andrew Bartlett 2001-2003,2011
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/ntlmssp/ntlmssp.h"
+#include "auth_generic.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
+#include "librpc/rpc/dcerpc.h"
+#include "lib/param/param.h"
+
+NTSTATUS auth_generic_set_username(struct auth_generic_state *ans,
+ const char *user)
+{
+ cli_credentials_set_username(ans->credentials, user, CRED_SPECIFIED);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans,
+ const char *domain)
+{
+ cli_credentials_set_domain(ans->credentials, domain, CRED_SPECIFIED);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
+ const char *password)
+{
+ cli_credentials_set_password(ans->credentials, password, CRED_SPECIFIED);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_generic_state)
+{
+ struct auth_generic_state *ans;
+ NTSTATUS nt_status;
+
+ struct gensec_settings *gensec_settings;
+ struct loadparm_context *lp_ctx;
+
+ ans = talloc_zero(mem_ctx, struct auth_generic_state);
+ if (!ans) {
+ DEBUG(0,("auth_generic_start: talloc failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ lp_ctx = loadparm_init_s3(ans, loadparm_s3_context());
+ if (lp_ctx == NULL) {
+ DEBUG(10, ("loadparm_init_s3 failed\n"));
+ TALLOC_FREE(ans);
+ return NT_STATUS_INVALID_SERVER_STATE;
+ }
+
+ gensec_settings = lpcfg_gensec_settings(ans, lp_ctx);
+ if (lp_ctx == NULL) {
+ DEBUG(10, ("lpcfg_gensec_settings failed\n"));
+ TALLOC_FREE(ans);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ gensec_settings->backends = talloc_zero_array(gensec_settings, struct gensec_security_ops *, 2);
+ if (gensec_settings->backends == NULL) {
+ TALLOC_FREE(ans);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ gensec_settings->backends[0] = &gensec_ntlmssp3_client_ops;
+
+ nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ }
+
+ ans->credentials = cli_credentials_init(ans);
+ if (!ans->credentials) {
+ TALLOC_FREE(ans);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ cli_credentials_guess(ans->credentials, lp_ctx);
+
+ talloc_unlink(ans, lp_ctx);
+ talloc_unlink(ans, gensec_settings);
+
+ *auth_generic_state = ans;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_client_start(struct auth_generic_state *ans, const char *oid)
+{
+ NTSTATUS status;
+
+ /* Transfer the credentials to gensec */
+ status = gensec_set_credentials(ans->gensec_security, ans->credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+ talloc_unlink(ans, ans->credentials);
+ ans->credentials = NULL;
+
+ status = gensec_start_mech_by_oid(ans->gensec_security,
+ oid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_client_start_by_authtype(struct auth_generic_state *ans,
+ uint8_t auth_type,
+ uint8_t auth_level)
+{
+ NTSTATUS status;
+
+ /* Transfer the credentials to gensec */
+ status = gensec_set_credentials(ans->gensec_security, ans->credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+ talloc_unlink(ans, ans->credentials);
+ ans->credentials = NULL;
+
+ status = gensec_start_mech_by_authtype(ans->gensec_security,
+ auth_type, auth_level);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c
index 3650812..1dda3fb 100644
--- a/source3/libsmb/ntlmssp_wrap.c
+++ b/source3/libsmb/ntlmssp_wrap.c
@@ -26,27 +26,6 @@
--
Samba Shared Repository
More information about the samba-cvs
mailing list