GENSEC has the concept of starting the GENSEC subsystem before starting the
actual mechansim. Between these two stages is when most context methods
are called, to specify credentials and features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
/* Look for the first module to provide a start_gensec hook, and set that if provided */
for (method = (*auth_context)->auth_method_list; method; method = method->next) {
/* Look for the first module to provide a start_gensec hook, and set that if provided */
for (method = (*auth_context)->auth_method_list; method; method = method->next) {
- if (method->start_gensec) {
- (*auth_context)->start_gensec = method->start_gensec;
+ if (method->prepare_gensec && method->gensec_start_mech_by_oid) {
+ (*auth_context)->prepare_gensec = method->prepare_gensec;
+ (*auth_context)->gensec_start_mech_by_oid = method->gensec_start_mech_by_oid;
- if (auth_context->start_gensec) {
- nt_status = auth_context->start_gensec(ans, GENSEC_OID_NTLMSSP, &ans->gensec_security);
+ if (auth_context->prepare_gensec) {
+ nt_status = auth_context->prepare_gensec(ans, &ans->gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(ans);
return nt_status;
} else {
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(ans);
return nt_status;
} else {
- *auth_ntlmssp_state = ans;
- return NT_STATUS_OK;
+ nt_status = auth_context->gensec_start_mech_by_oid(ans->gensec_security, GENSEC_OID_NTLMSSP);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ } else {
+ *auth_ntlmssp_state = ans;
+ return NT_STATUS_OK;
+ }
/* Hook to allow GENSEC to handle blob-based authentication
* mechanisms, without directly linking the mechansim code */
/* Hook to allow GENSEC to handle blob-based authentication
* mechanisms, without directly linking the mechansim code */
-static NTSTATUS start_gensec(TALLOC_CTX *mem_ctx, const char *oid_string,
- struct gensec_security **gensec_context)
+static NTSTATUS prepare_gensec(TALLOC_CTX *mem_ctx,
+ struct gensec_security **gensec_context)
{
NTSTATUS status;
struct loadparm_context *lp_ctx;
{
NTSTATUS status;
struct loadparm_context *lp_ctx;
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_UNIX_TOKEN);
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_UNIX_TOKEN);
- status = gensec_start_mech_by_oid(gensec_ctx, oid_string);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to start GENSEC %s server code: %s\n",
- gensec_get_name_by_oid(gensec_ctx, oid_string), nt_errstr(status)));
- TALLOC_FREE(frame);
- return status;
- }
-
*gensec_context = gensec_ctx;
*gensec_context = gensec_ctx;
}
result->name = "samba4";
result->auth = check_samba4_security;
}
result->name = "samba4";
result->auth = check_samba4_security;
- result->start_gensec = start_gensec;
+ result->prepare_gensec = prepare_gensec;
+ result->gensec_start_mech_by_oid = gensec_start_mech_by_oid;
*auth_method = result;
return NT_STATUS_OK;
*auth_method = result;
return NT_STATUS_OK;
struct auth_serversupplied_info **server_info);
NTSTATUS (*nt_status_squash)(NTSTATUS nt_status);
struct auth_serversupplied_info **server_info);
NTSTATUS (*nt_status_squash)(NTSTATUS nt_status);
- NTSTATUS (*start_gensec)(TALLOC_CTX *mem_ctx, const char *oid_string,
+ NTSTATUS (*prepare_gensec)(TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_context);
struct gensec_security **gensec_context);
+ NTSTATUS (*gensec_start_mech_by_oid)(struct gensec_security *gensec_context, const char *oid_string);
};
typedef struct auth_methods
};
typedef struct auth_methods
void **my_private_data,
TALLOC_CTX *mem_ctx);
void **my_private_data,
TALLOC_CTX *mem_ctx);
- /* Optional method allowing this module to provide a way to get a gensec context */
- NTSTATUS (*start_gensec)(TALLOC_CTX *mem_ctx, const char *oid_string,
+ /* Optional methods allowing this module to provide a way to get a gensec context */
+ NTSTATUS (*prepare_gensec)(TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_context);
struct gensec_security **gensec_context);
+ NTSTATUS (*gensec_start_mech_by_oid)(struct gensec_security *gensec_context, const char *oid_string);
/* Used to keep tabs on things like the cli for SMB server authentication */
void *private_data;
/* Used to keep tabs on things like the cli for SMB server authentication */
void *private_data;