#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
+#include "param/param.h"
+#include "auth/session_proto.h"
enum GENSEC_KRB5_STATE {
GENSEC_KRB5_SERVER_START,
krb5_data enc_ticket;
krb5_keyblock *keyblock;
krb5_ticket *ticket;
- BOOL gssapi;
+ bool gssapi;
};
static int gensec_krb5_destroy(struct gensec_krb5_state *gensec_krb5_state)
gensec_krb5_state->keyblock = NULL;
gensec_krb5_state->session_key = data_blob(NULL, 0);
gensec_krb5_state->pac = data_blob(NULL, 0);
- gensec_krb5_state->gssapi = False;
+ gensec_krb5_state->gssapi = false;
talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy);
- if (cli_credentials_get_krb5_context(creds, &gensec_krb5_state->smb_krb5_context)) {
+ if (cli_credentials_get_krb5_context(creds,
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
talloc_free(gensec_krb5_state);
return NT_STATUS_INTERNAL_ERROR;
}
return nt_status;
}
- gensec_krb5_state = gensec_security->private_data;
+ gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
gensec_krb5_state->state_position = GENSEC_KRB5_SERVER_START;
return NT_STATUS_OK;
if (NT_STATUS_IS_OK(nt_status)) {
struct gensec_krb5_state *gensec_krb5_state;
- gensec_krb5_state = gensec_security->private_data;
- gensec_krb5_state->gssapi = True;
+ gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
+ gensec_krb5_state->gssapi = true;
}
return nt_status;
}
return nt_status;
}
- gensec_krb5_state = gensec_security->private_data;
+ gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
gensec_krb5_state->state_position = GENSEC_KRB5_CLIENT_START;
principal = gensec_get_target_principal(gensec_security);
- ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), &ccache_container);
+ ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security),
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &ccache_container);
switch (ret) {
case 0:
break;
DEBUG(3, ("Cannot reach a KDC we require to contact %s\n", principal));
return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
default:
- DEBUG(1, ("gensec_krb5_start: Aquiring initiator credentails failed: %s\n", error_message(ret)));
+ DEBUG(1, ("gensec_krb5_start: Aquiring initiator credentials failed: %s\n", error_message(ret)));
return NT_STATUS_UNSUCCESSFUL;
}
in_data.length = 0;
- if (principal && lp_client_use_spnego_principal()) {
+ if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) {
krb5_principal target_principal;
ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal,
&target_principal);
if (NT_STATUS_IS_OK(nt_status)) {
struct gensec_krb5_state *gensec_krb5_state;
- gensec_krb5_state = gensec_security->private_data;
- gensec_krb5_state->gssapi = True;
+ gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
+ gensec_krb5_state->gssapi = true;
}
return nt_status;
}
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out)
{
- struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data;
+ struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
krb5_error_code ret = 0;
NTSTATUS nt_status;
if (ret) {
DEBUG(1,("krb5_rd_rep (mutual authentication) failed (%s)\n",
smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, ret, out_mem_ctx)));
- dump_data_pw("Mutual authentication message:\n", inbuf.data, inbuf.length);
+ dump_data_pw("Mutual authentication message:\n", (uint8_t *)inbuf.data, inbuf.length);
nt_status = NT_STATUS_ACCESS_DENIED;
} else {
*out = data_blob(NULL, 0);
}
/* Grab the keytab, however generated */
- ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), &keytab);
+ ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security),
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &keytab);
if (ret) {
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
if (ret) {
return NT_STATUS_LOGON_FAILURE;
}
- unwrapped_out.data = outbuf.data;
+ unwrapped_out.data = (uint8_t *)outbuf.data;
unwrapped_out.length = outbuf.length;
gensec_krb5_state->state_position = GENSEC_KRB5_DONE;
/* wrap that up in a nice GSS-API wrapping */
static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security,
DATA_BLOB *session_key)
{
- struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data;
+ struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context;
krb5_auth_context auth_context = gensec_krb5_state->auth_context;
krb5_keyblock *skey;
struct auth_session_info **_session_info)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data;
+ struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context;
struct auth_serversupplied_info *server_info = NULL;
struct auth_session_info *session_info = NULL;
KRB5_AUTHDATA_WIN2K_PAC,
&pac_data);
- if (ret && lp_parm_bool(-1, "gensec", "require_pac", False)) {
+ if (ret && lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access: %s \n",
principal_string,
smb_get_krb5_error_message(context,
DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n",
smb_get_krb5_error_message(context,
ret, mem_ctx)));
- nt_status = sam_get_server_info_principal(mem_ctx, principal_string,
+ nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string,
&server_info);
krb5_free_principal(context, client_principal);
free(principal_string);
}
/* decode and verify the pac */
- nt_status = kerberos_pac_logon_info(gensec_krb5_state, &logon_info, pac,
+ nt_status = kerberos_pac_logon_info(gensec_krb5_state,
+ lp_iconv_convenience(gensec_security->lp_ctx),
+ &logon_info, pac,
gensec_krb5_state->smb_krb5_context->krb5_context,
NULL, gensec_krb5_state->keyblock,
client_principal,
}
/* references the server_info into the session_info */
- nt_status = auth_generate_session_info(mem_ctx, server_info, &session_info);
+ nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
const DATA_BLOB *in,
DATA_BLOB *out)
{
- struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data;
+ struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context;
krb5_auth_context auth_context = gensec_krb5_state->auth_context;
krb5_error_code ret;
const DATA_BLOB *in,
DATA_BLOB *out)
{
- struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data;
+ struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context;
krb5_auth_context auth_context = gensec_krb5_state->auth_context;
krb5_error_code ret;
return NT_STATUS_OK;
}
-static BOOL gensec_krb5_have_feature(struct gensec_security *gensec_security,
+static bool gensec_krb5_have_feature(struct gensec_security *gensec_security,
uint32_t feature)
{
- struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data;
+ struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
if (feature & GENSEC_FEATURE_SESSION_KEY) {
- return True;
+ return true;
}
if (!gensec_krb5_state->gssapi &&
(feature & GENSEC_FEATURE_SEAL)) {
- return True;
+ return true;
}
- return False;
+ return false;
}
static const char *gensec_krb5_oids[] = {
.session_key = gensec_krb5_session_key,
.session_info = gensec_krb5_session_info,
.have_feature = gensec_krb5_have_feature,
- .enabled = False,
- .kerberos = True,
+ .enabled = false,
+ .kerberos = true,
.priority = GENSEC_KRB5
};
.have_feature = gensec_krb5_have_feature,
.wrap = gensec_krb5_wrap,
.unwrap = gensec_krb5_unwrap,
- .enabled = True,
- .kerberos = True,
+ .enabled = true,
+ .kerberos = true,
.priority = GENSEC_KRB5
};
-NTSTATUS gensec_krb5_init(void)
+_PUBLIC_ NTSTATUS gensec_krb5_init(void)
{
NTSTATUS ret;
git.samba.org / samba.git / blobdiff