#include "includes.h"
#include "auth/auth.h"
#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
#include "lib/util/dlinklist.h"
#include "rpc_server/dcerpc_server.h"
#include "rpc_server/dcerpc_server_proto.h"
auth->auth_audited = true;
}
+
+NTSTATUS dcesrv_gensec_prepare(TALLOC_CTX *mem_ctx,
+ struct dcesrv_call_state *call,
+ struct gensec_security **out)
+{
+ struct cli_credentials *server_creds = NULL;
+ struct imessaging_context *imsg_ctx =
+ dcesrv_imessaging_context(call->conn);
+ NTSTATUS status;
+
+ server_creds = cli_credentials_init(call->auth_state);
+ if (!server_creds) {
+ DEBUG(1, ("Failed to init server credentials\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ cli_credentials_set_conf(server_creds, call->conn->dce_ctx->lp_ctx);
+
+ status = cli_credentials_set_machine_account(server_creds,
+ call->conn->dce_ctx->lp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to obtain server credentials: %s\n",
+ nt_errstr(status)));
+ talloc_free(server_creds);
+ return status;
+ }
+
+ return samba_server_gensec_start(mem_ctx,
+ call->event_ctx,
+ imsg_ctx,
+ call->conn->dce_ctx->lp_ctx,
+ server_creds,
+ NULL,
+ out);
+}
struct dcesrv_auth;
struct dcesrv_connection_context;
struct dcesrv_iface_state;
+struct cli_credentials;
struct dcesrv_interface {
const char *name;
struct {
void (*successful_authz)(struct dcesrv_call_state *);
} log;
+ struct {
+ NTSTATUS (*gensec_prepare)(TALLOC_CTX *mem_ctx,
+ struct dcesrv_call_state *call,
+ struct gensec_security **out);
+ } auth;
};
/* server-wide context information for the dcerpc server */
static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call)
{
- struct cli_credentials *server_credentials = NULL;
struct dcesrv_connection *dce_conn = call->conn;
struct dcesrv_auth *auth = call->auth_state;
- struct imessaging_context *imsg_ctx =
- dcesrv_imessaging_context(call->conn);
NTSTATUS status;
if (auth->auth_started) {
auth->auth_level = call->in_auth_info.auth_level;
auth->auth_context_id = call->in_auth_info.auth_context_id;
- server_credentials
- = cli_credentials_init(auth);
- if (!server_credentials) {
- DEBUG(1, ("Failed to init server credentials\n"));
- return false;
- }
-
- cli_credentials_set_conf(server_credentials, call->conn->dce_ctx->lp_ctx);
- status = cli_credentials_set_machine_account(server_credentials, call->conn->dce_ctx->lp_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to obtain server credentials: %s\n",
- nt_errstr(status)));
- return false;
- }
-
- status = samba_server_gensec_start(auth,
- call->event_ctx,
- imsg_ctx,
- call->conn->dce_ctx->lp_ctx,
- server_credentials,
- NULL,
- &auth->gensec_security);
+ status = call->conn->dce_ctx->callbacks.auth.gensec_prepare(auth,
+ call,
+ &auth->gensec_security);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to call samba_server_gensec_start %s\n",
nt_errstr(status)));
struct dcesrv_context_callbacks srv_callbacks = {
.log.successful_authz = log_successful_dcesrv_authz_event,
+ .auth.gensec_prepare = dcesrv_gensec_prepare,
};
/*
struct dcesrv_context_callbacks srv_cb = {
.log.successful_authz = log_successful_dcesrv_authz_event,
+ .auth.gensec_prepare = dcesrv_gensec_prepare,
};
static NTSTATUS spoolss__op_bind(struct dcesrv_connection_context *context,