ctdb-scripts: Ignore shellcheck SC2181 warning (use of $?)
[metze/samba/wip.git] / source3 / libsmb / auth_generic.c
1 /*
2    NLTMSSP wrappers
3
4    Copyright (C) Andrew Tridgell      2001
5    Copyright (C) Andrew Bartlett 2001-2003,2011
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 3 of the License, or
10    (at your option) any later version.
11
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16
17    You should have received a copy of the GNU General Public License
18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "auth/ntlmssp/ntlmssp.h"
23 #include "auth_generic.h"
24 #include "auth/gensec/gensec.h"
25 #include "auth/credentials/credentials.h"
26 #include "librpc/rpc/dcerpc.h"
27 #include "lib/param/param.h"
28 #include "librpc/crypto/gse.h"
29
30 NTSTATUS auth_generic_set_username(struct auth_generic_state *ans,
31                                    const char *user)
32 {
33         cli_credentials_set_username(ans->credentials, user, CRED_SPECIFIED);
34         return NT_STATUS_OK;
35 }
36
37 NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans,
38                                  const char *domain)
39 {
40         cli_credentials_set_domain(ans->credentials, domain, CRED_SPECIFIED);
41         return NT_STATUS_OK;
42 }
43
44 NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
45                                    const char *password)
46 {
47         cli_credentials_set_password(ans->credentials, password, CRED_SPECIFIED);
48         return NT_STATUS_OK;
49 }
50
51 NTSTATUS auth_generic_set_creds(struct auth_generic_state *ans,
52                                 struct cli_credentials *creds)
53 {
54         talloc_unlink(ans->credentials, creds);
55         ans->credentials = creds;
56         return NT_STATUS_OK;
57 }
58
59 NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_generic_state)
60 {
61         struct auth_generic_state *ans;
62         NTSTATUS nt_status;
63         size_t idx = 0;
64         struct gensec_settings *gensec_settings;
65         const struct gensec_security_ops **backends = NULL;
66         struct loadparm_context *lp_ctx;
67
68         ans = talloc_zero(mem_ctx, struct auth_generic_state);
69         if (!ans) {
70                 DEBUG(0,("auth_generic_start: talloc failed!\n"));
71                 return NT_STATUS_NO_MEMORY;
72         }
73
74         lp_ctx = loadparm_init_s3(ans, loadparm_s3_helpers());
75         if (lp_ctx == NULL) {
76                 DEBUG(10, ("loadparm_init_s3 failed\n"));
77                 TALLOC_FREE(ans);
78                 return NT_STATUS_INVALID_SERVER_STATE;
79         }
80
81         gensec_settings = lpcfg_gensec_settings(ans, lp_ctx);
82         if (lp_ctx == NULL) {
83                 DEBUG(10, ("lpcfg_gensec_settings failed\n"));
84                 TALLOC_FREE(ans);
85                 return NT_STATUS_NO_MEMORY;
86         }
87
88         backends = talloc_zero_array(gensec_settings,
89                                      const struct gensec_security_ops *, 7);
90         if (backends == NULL) {
91                 TALLOC_FREE(ans);
92                 return NT_STATUS_NO_MEMORY;
93         }
94         gensec_settings->backends = backends;
95
96         gensec_init();
97
98         /* These need to be in priority order, krb5 before NTLMSSP */
99 #if defined(HAVE_KRB5)
100         backends[idx++] = &gensec_gse_krb5_security_ops;
101 #endif
102
103         backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
104         backends[idx++] = gensec_security_by_name(NULL, "ntlmssp_resume_ccache");
105
106         backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
107         backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_SCHANNEL);
108         backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM);
109
110         nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
111
112         if (!NT_STATUS_IS_OK(nt_status)) {
113                 TALLOC_FREE(ans);
114                 return nt_status;
115         }
116
117         ans->credentials = cli_credentials_init(ans);
118         if (!ans->credentials) {
119                 TALLOC_FREE(ans);
120                 return NT_STATUS_NO_MEMORY;
121         }
122
123         cli_credentials_guess(ans->credentials, lp_ctx);
124
125         talloc_unlink(ans, lp_ctx);
126         talloc_unlink(ans, gensec_settings);
127
128         *auth_generic_state = ans;
129         return NT_STATUS_OK;
130 }
131
132 NTSTATUS auth_generic_client_start(struct auth_generic_state *ans, const char *oid)
133 {
134         NTSTATUS status;
135
136         /* Transfer the credentials to gensec */
137         status = gensec_set_credentials(ans->gensec_security, ans->credentials);
138         if (!NT_STATUS_IS_OK(status)) {
139                 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
140                           nt_errstr(status)));
141                 return status;
142         }
143         talloc_unlink(ans, ans->credentials);
144         ans->credentials = NULL;
145
146         status = gensec_start_mech_by_oid(ans->gensec_security,
147                                           oid);
148         if (!NT_STATUS_IS_OK(status)) {
149                 return status;
150         }
151
152         return NT_STATUS_OK;
153 }
154
155 NTSTATUS auth_generic_client_start_by_name(struct auth_generic_state *ans,
156                                            const char *name)
157 {
158         NTSTATUS status;
159
160         /* Transfer the credentials to gensec */
161         status = gensec_set_credentials(ans->gensec_security, ans->credentials);
162         if (!NT_STATUS_IS_OK(status)) {
163                 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
164                           nt_errstr(status)));
165                 return status;
166         }
167         talloc_unlink(ans, ans->credentials);
168         ans->credentials = NULL;
169
170         status = gensec_start_mech_by_name(ans->gensec_security, name);
171         if (!NT_STATUS_IS_OK(status)) {
172                 return status;
173         }
174
175         return NT_STATUS_OK;
176 }
177
178 NTSTATUS auth_generic_client_start_by_authtype(struct auth_generic_state *ans,
179                                                uint8_t auth_type,
180                                                uint8_t auth_level)
181 {
182         NTSTATUS status;
183
184         /* Transfer the credentials to gensec */
185         status = gensec_set_credentials(ans->gensec_security, ans->credentials);
186         if (!NT_STATUS_IS_OK(status)) {
187                 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
188                           nt_errstr(status)));
189                 return status;
190         }
191         talloc_unlink(ans, ans->credentials);
192         ans->credentials = NULL;
193
194         status = gensec_start_mech_by_authtype(ans->gensec_security,
195                                                auth_type, auth_level);
196         if (!NT_STATUS_IS_OK(status)) {
197                 return status;
198         }
199
200         return NT_STATUS_OK;
201 }
202
203 NTSTATUS auth_generic_client_start_by_sasl(struct auth_generic_state *ans,
204                                            const char **sasl_list)
205 {
206         NTSTATUS status;
207
208         /* Transfer the credentials to gensec */
209         status = gensec_set_credentials(ans->gensec_security, ans->credentials);
210         if (!NT_STATUS_IS_OK(status)) {
211                 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
212                           nt_errstr(status)));
213                 return status;
214         }
215         talloc_unlink(ans, ans->credentials);
216         ans->credentials = NULL;
217
218         status = gensec_start_mech_by_sasl_list(ans->gensec_security, sasl_list);
219         if (!NT_STATUS_IS_OK(status)) {
220                 return status;
221         }
222
223         return NT_STATUS_OK;
224 }