NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
const struct tsocket_address *remote_address,
+ const char *service_description,
struct gensec_security **gensec_security_out)
{
struct gensec_security *gensec_security;
return nt_status;
}
+ nt_status = gensec_set_target_service_description(gensec_security,
+ service_description);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(tmp_ctx);
+ return nt_status;
+ }
+
*gensec_security_out = talloc_steal(mem_ctx, gensec_security);
TALLOC_FREE(tmp_ctx);
return NT_STATUS_OK;
NTSTATUS make_auth4_context(TALLOC_CTX *mem_ctx, struct auth4_context **auth4_context_out);
NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, const struct tsocket_address *remote_address,
+ const char *service_description,
struct gensec_security **gensec_security_out);
NTSTATUS auth_check_password_session_info(struct auth4_context *auth_context,
DATA_BLOB *token_in,
DATA_BLOB *token_out,
const struct tsocket_address *remote_address,
+ const char *service_description,
struct gensec_security **ctx)
{
struct gensec_security *gensec_security = NULL;
NTSTATUS status;
- status = auth_generic_prepare(talloc_tos(), remote_address, &gensec_security);
+ status = auth_generic_prepare(talloc_tos(), remote_address,
+ service_description,
+ &gensec_security);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n",
nt_errstr(status)));
DATA_BLOB *token_in,
DATA_BLOB *token_out,
const struct tsocket_address *remote_address,
+ const char *service_description,
struct gensec_security **ctx)
{
NTSTATUS status;
token_in,
token_out,
remote_address,
+ service_description,
ctx);
unbecome_root();
return status;
DATA_BLOB *token_in,
DATA_BLOB *token_out,
const struct tsocket_address *remote_address,
+ const char *service_description,
struct gensec_security **ctx);
NTSTATUS auth_generic_server_step(struct gensec_security *ctx,
static bool pipe_auth_generic_bind(struct pipes_struct *p,
struct ncacn_packet *pkt,
struct dcerpc_auth *auth_info,
+ const char *service_description,
DATA_BLOB *response)
{
TALLOC_CTX *mem_ctx = pkt;
&auth_info->credentials,
response,
p->remote_address,
+ service_description,
&gensec_security);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
}
if (!pipe_auth_generic_bind(p, pkt,
- &auth_info, &auth_resp)) {
+ &auth_info,
+ table->name,
+ &auth_resp)) {
goto err_exit;
}
} else {
/* See if we can get an SPNEGO blob */
status = auth_generic_prepare(talloc_tos(),
xconn->remote_address,
+ "SMB",
&gensec_security);
+
+ /*
+ * There is no need to set a remote address or similar as we
+ * are just interested in the SPNEGO blob, we never keep this
+ * context.
+ */
+
if (NT_STATUS_IS_OK(status)) {
status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
if (NT_STATUS_IS_OK(status)) {
NTSTATUS status;
status = auth_generic_prepare(es, remote_address,
+ "SMB encryption",
&es->gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return nt_status_squash(status);
if (auth->gensec == NULL) {
status = auth_generic_prepare(session, xconn->remote_address,
+ "SMB",
&auth->gensec);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
if (state->auth->gensec == NULL) {
status = auth_generic_prepare(state->auth,
state->smb2req->xconn->remote_address,
+ "SMB2",
&state->auth->gensec);
if (tevent_req_nterror(req, status)) {
return tevent_req_post(req, ev);
git.samba.org / samba.git / commitdiff