X-Git-Url: http://git.samba.org/samba.git/?a=blobdiff_plain;f=source4%2Fauth%2Fgensec%2Fgensec.c;h=0cb0d3d476183178d4d2150824b7bb437687d084;hb=28c1e4d3eb3162c0177085bae753102994a35846;hp=3de0e1c9356d5fa6c631d7330ddd5f70174d6350;hpb=fb5383c69ee52fb5e6d066a43451dc8c806cc795;p=nivanova%2Fsamba-autobuild%2F.git diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 3de0e1c9356..0cb0d3d4761 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -29,7 +29,10 @@ #include "librpc/rpc/dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/auth.h" +#include "auth/system_session_proto.h" #include "param/param.h" +#include "lib/util/tsort.h" /* the list of currently registered GENSEC backends */ static struct gensec_security_ops **generic_security_ops; @@ -44,7 +47,7 @@ _PUBLIC_ struct gensec_security_ops **gensec_security_all(void) bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security) { - return lp_parm_bool(security->settings->lp_ctx, NULL, "gensec", ops->name, ops->enabled); + return lpcfg_parm_bool(security->settings->lp_ctx, NULL, "gensec", ops->name, ops->enabled); } /* Sometimes we want to force only kerberos, sometimes we want to @@ -518,19 +521,9 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_ERROR; } - (*gensec_security) = talloc(mem_ctx, struct gensec_security); + (*gensec_security) = talloc_zero(mem_ctx, struct gensec_security); NT_STATUS_HAVE_NO_MEMORY(*gensec_security); - (*gensec_security)->ops = NULL; - (*gensec_security)->local_addr = NULL; - (*gensec_security)->remote_addr = NULL; - (*gensec_security)->private_data = NULL; - - ZERO_STRUCT((*gensec_security)->target); - - (*gensec_security)->subcontext = false; - (*gensec_security)->want_features = 0; - (*gensec_security)->event_ctx = ev; SMB_ASSERT(settings->lp_ctx != NULL); (*gensec_security)->settings = talloc_reference(*gensec_security, settings); @@ -551,7 +544,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, struct gensec_security *parent, struct gensec_security **gensec_security) { - (*gensec_security) = talloc(mem_ctx, struct gensec_security); + (*gensec_security) = talloc_zero(mem_ctx, struct gensec_security); NT_STATUS_HAVE_NO_MEMORY(*gensec_security); (**gensec_security) = *parent; @@ -595,6 +588,8 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, return status; } + + /** Start the GENSEC system, in server mode, returning a context pointer. @param mem_ctx The parent TALLOC memory context. @@ -713,10 +708,9 @@ _PUBLIC_ const char *gensec_get_name_by_oid(struct gensec_security *gensec_secur } return oid_string; } - -/** - * Start a GENSEC sub-mechanism with a specifed mechansim structure, used in SPNEGO +/** + * Start a GENSEC sub-mechanism with a specified mechansim structure, used in SPNEGO * */ @@ -1291,14 +1285,13 @@ _PUBLIC_ const struct tsocket_address *gensec_get_remote_address(struct gensec_s return gensec_security->remote_addr; } - /** * Set the target principal (assuming it it known, say from the SPNEGO reply) * - ensures it is talloc()ed * */ -NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal) +_PUBLIC_ NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal) { gensec_security->target.principal = talloc_strdup(gensec_security, principal); if (!gensec_security->target.principal) { @@ -1316,6 +1309,28 @@ const char *gensec_get_target_principal(struct gensec_security *gensec_security) return NULL; } +NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx, + struct gensec_security *gensec_security, + struct auth_serversupplied_info *server_info, + struct auth_session_info **session_info) +{ + NTSTATUS nt_status; + if (gensec_security->auth_context) { + uint32_t flags = AUTH_SESSION_INFO_DEFAULT_GROUPS; + if (server_info->authenticated) { + flags |= AUTH_SESSION_INFO_AUTHENTICATED; + } + nt_status = gensec_security->auth_context->generate_session_info(mem_ctx, gensec_security->auth_context, + server_info, + flags, + session_info); + } else { + nt_status = auth_generate_simple_session_info(mem_ctx, + server_info, session_info); + } + return nt_status; +} + /* register a GENSEC backend. @@ -1371,12 +1386,12 @@ static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_ int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value) { - return lp_parm_int(settings->lp_ctx, NULL, mechanism, name, default_value); + return lpcfg_parm_int(settings->lp_ctx, NULL, mechanism, name, default_value); } bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value) { - return lp_parm_bool(settings->lp_ctx, NULL, mechanism, name, default_value); + return lpcfg_parm_bool(settings->lp_ctx, NULL, mechanism, name, default_value); } /* @@ -1385,13 +1400,8 @@ bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism _PUBLIC_ NTSTATUS gensec_init(struct loadparm_context *lp_ctx) { static bool initialized = false; - extern NTSTATUS gensec_sasl_init(void); - extern NTSTATUS gensec_krb5_init(void); - extern NTSTATUS gensec_schannel_init(void); - extern NTSTATUS gensec_spnego_init(void); - extern NTSTATUS gensec_gssapi_init(void); - extern NTSTATUS gensec_ntlmssp_init(void); - +#define _MODULE_PROTO(init) extern NTSTATUS init(void); + STATIC_gensec_MODULES_PROTO; init_module_fn static_init[] = { STATIC_gensec_MODULES }; init_module_fn *shared_init; @@ -1405,7 +1415,7 @@ _PUBLIC_ NTSTATUS gensec_init(struct loadparm_context *lp_ctx) talloc_free(shared_init); - qsort(generic_security_ops, gensec_num_backends, sizeof(*generic_security_ops), QSORT_CAST sort_gensec); + TYPESAFE_QSORT(generic_security_ops, gensec_num_backends, sort_gensec); return NT_STATUS_OK; }