17 files changed:
Make a auth_info struct for the auth subsystem
***************************************************************************/
NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, const char **methods,
Make a auth_info struct for the auth subsystem
***************************************************************************/
NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, const char **methods,
- struct auth_context **auth_ctx,
- struct event_context *ev)
+ struct event_context *ev,
+ struct messaging_context *msg,
+ struct auth_context **auth_ctx)
{
int i;
struct auth_context *ctx;
{
int i;
struct auth_context *ctx;
return NT_STATUS_INTERNAL_ERROR;
}
return NT_STATUS_INTERNAL_ERROR;
}
+ if (!ev) {
+ DEBUG(0,("auth_context_create: called with out event context\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ if (!msg) {
+ DEBUG(0,("auth_context_create: called with out messaging context\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
ctx = talloc(mem_ctx, struct auth_context);
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->challenge.set_by = NULL;
ctx->challenge.may_be_modified = False;
ctx->challenge.data = data_blob(NULL, 0);
ctx->methods = NULL;
ctx = talloc(mem_ctx, struct auth_context);
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->challenge.set_by = NULL;
ctx->challenge.may_be_modified = False;
ctx->challenge.data = data_blob(NULL, 0);
ctx->methods = NULL;
-
- if (ev == NULL) {
- ev = event_context_init(ctx);
- if (ev == NULL) {
- talloc_free(ctx);
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- ctx->event_ctx = ev;
+ ctx->event_ctx = ev;
+ ctx->msg_ctx = msg;
for (i=0; methods[i] ; i++) {
struct auth_method_context *method;
for (i=0; methods[i] ; i++) {
struct auth_method_context *method;
/* the event context to use for calls that can block */
struct event_context *event_ctx;
/* the event context to use for calls that can block */
struct event_context *event_ctx;
+
+ /* the messaging context which can be used by backends */
+ struct messaging_context *msg_ctx;
};
/* this structure is used by backends to determine the size of some critical types */
};
/* this structure is used by backends to determine the size of some critical types */
#include "auth/auth.h"
#include "lib/events/events.h"
#include "auth/auth.h"
#include "lib/events/events.h"
-_PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
- const char *nt4_domain,
- const char *nt4_username,
- const char *password,
- struct auth_session_info **session_info)
+_PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct messaging_context *msg,
+ const char *nt4_domain,
+ const char *nt4_username,
+ const char *password,
+ struct auth_session_info **session_info)
{
struct auth_context *auth_context;
struct auth_usersupplied_info *user_info;
{
struct auth_context *auth_context;
struct auth_usersupplied_info *user_info;
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_NO_MEMORY;
}
- nt_status = auth_context_create(tmp_ctx, lp_auth_methods(), &auth_context,
- event_context_find(mem_ctx));
+ nt_status = auth_context_create(tmp_ctx, lp_auth_methods(),
+ ev, msg,
+ &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return nt_status;
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return nt_status;
@note The mem_ctx is only a parent and may be NULL.
*/
static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
@note The mem_ctx is only a parent and may be NULL.
*/
static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
- struct gensec_security **gensec_security,
- struct event_context *ev)
+ struct event_context *ev,
+ struct messaging_context *msg,
+ struct gensec_security **gensec_security)
{
(*gensec_security) = talloc(mem_ctx, struct gensec_security);
NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
{
(*gensec_security) = talloc(mem_ctx, struct gensec_security);
NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
}
(*gensec_security)->event_ctx = ev;
}
(*gensec_security)->event_ctx = ev;
+ (*gensec_security)->msg_ctx = msg;
(*gensec_security)->subcontext = True;
(*gensec_security)->event_ctx = parent->event_ctx;
(*gensec_security)->subcontext = True;
(*gensec_security)->event_ctx = parent->event_ctx;
+ (*gensec_security)->msg_ctx = parent->msg_ctx;
struct event_context *ev)
{
NTSTATUS status;
struct event_context *ev)
{
NTSTATUS status;
- status = gensec_start(mem_ctx, gensec_security, ev);
+ struct event_context *new_ev = NULL;
+
+ if (ev == NULL) {
+ new_ev = event_context_init(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(new_ev);
+ ev = new_ev;
+ }
+
+ status = gensec_start(mem_ctx, ev, NULL, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
if (!NT_STATUS_IS_OK(status)) {
+ talloc_steal((*gensec_security), new_ev);
(*gensec_security)->gensec_role = GENSEC_CLIENT;
return status;
(*gensec_security)->gensec_role = GENSEC_CLIENT;
return status;
@note The mem_ctx is only a parent and may be NULL.
*/
NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
@note The mem_ctx is only a parent and may be NULL.
*/
NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
- struct gensec_security **gensec_security,
- struct event_context *ev)
+ struct event_context *ev,
+ struct messaging_context *msg,
+ struct gensec_security **gensec_security)
- status = gensec_start(mem_ctx, gensec_security, ev);
+
+ if (!ev) {
+ DEBUG(0,("gensec_server_start: no event context given!\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ if (!msg) {
+ DEBUG(0,("gensec_server_start: no messaging context given!\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = gensec_start(mem_ctx, ev, msg, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (!NT_STATUS_IS_OK(status)) {
return status;
}
BOOL subcontext;
uint32_t want_features;
struct event_context *event_ctx;
BOOL subcontext;
uint32_t want_features;
struct event_context *event_ctx;
+ struct messaging_context *msg_ctx; /* only valid as server */
struct socket_address *my_addr, *peer_addr;
};
struct socket_address *my_addr, *peer_addr;
};
}
nt_status = auth_context_create(gensec_ntlmssp_state, lp_auth_methods(),
}
nt_status = auth_context_create(gensec_ntlmssp_state, lp_auth_methods(),
- &gensec_ntlmssp_state->auth_context,
- gensec_security->event_ctx);
+ gensec_security->event_ctx,
+ gensec_security->msg_ctx,
+ &gensec_ntlmssp_state->auth_context);
NT_STATUS_NOT_OK_RETURN(nt_status);
gensec_ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
NT_STATUS_NOT_OK_RETURN(nt_status);
gensec_ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
ap_req = data_blob_const(&input->data[header_len], ap_req_len);
krb_priv_req = data_blob_const(&input->data[header_len + ap_req_len], krb_priv_len);
ap_req = data_blob_const(&input->data[header_len], ap_req_len);
krb_priv_req = data_blob_const(&input->data[header_len + ap_req_len], krb_priv_len);
- nt_status = gensec_server_start(tmp_ctx, &gensec_security, kdc->task->event_ctx);
+ nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->msg_ctx, &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return False;
}
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return False;
}
- server_credentials
- = cli_credentials_init(tmp_ctx);
+ server_credentials = cli_credentials_init(tmp_ctx);
if (!server_credentials) {
DEBUG(1, ("Failed to init server credentials\n"));
return False;
if (!server_credentials) {
DEBUG(1, ("Failed to init server credentials\n"));
return False;
status = crack_dn_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account);
if (NT_STATUS_IS_OK(status)) {
status = crack_dn_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account);
if (NT_STATUS_IS_OK(status)) {
- status = authenticate_username_pw(call, nt4_domain, nt4_account,
- req->creds.password, &session_info);
+ status = authenticate_username_pw(call,
+ call->conn->connection->event.ctx,
+ call->conn->connection->msg_ctx,
+ nt4_domain, nt4_account,
+ req->creds.password,
+ &session_info);
}
reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
}
reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
if (!conn->gensec) {
conn->session_info = NULL;
if (!conn->gensec) {
conn->session_info = NULL;
- status = gensec_server_start(conn, &conn->gensec,
- conn->connection->event.ctx);
+ status = gensec_server_start(conn,
+ conn->connection->event.ctx,
+ conn->connection->msg_ctx,
+ &conn->gensec);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
result = LDAP_OPERATIONS_ERROR;
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
result = LDAP_OPERATIONS_ERROR;
- status = gensec_server_start(dce_conn, &auth->gensec_security, call->event_ctx);
+ status = gensec_server_start(dce_conn, call->event_ctx, call->msg_ctx, &auth->gensec_security);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC for DCERPC server: %s\n", nt_errstr(status)));
return False;
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC for DCERPC server: %s\n", nt_errstr(status)));
return False;
}
/* TODO: we need to deny anonymous access here */
}
/* TODO: we need to deny anonymous access here */
- nt_status = auth_context_create(mem_ctx, lp_auth_methods(), &auth_context,
- dce_call->event_ctx);
+ nt_status = auth_context_create(mem_ctx, lp_auth_methods(),
+ dce_call->event_ctx, dce_call->msg_ctx,
+ &auth_context);
NT_STATUS_NOT_OK_RETURN(nt_status);
user_info->logon_parameters = r->in.logon.password->identity_info.parameter_control;
NT_STATUS_NOT_OK_RETURN(nt_status);
user_info->logon_parameters = r->in.logon.password->identity_info.parameter_control;
case 6:
/* TODO: we need to deny anonymous access here */
case 6:
/* TODO: we need to deny anonymous access here */
- nt_status = auth_context_create(mem_ctx, lp_auth_methods(), &auth_context,
- dce_call->event_ctx);
+ nt_status = auth_context_create(mem_ctx, lp_auth_methods(),
+ dce_call->event_ctx, dce_call->msg_ctx,
+ &auth_context);
NT_STATUS_NOT_OK_RETURN(nt_status);
nt_status = auth_context_set_challenge(auth_context, r->in.logon.network->challenge, "netr_LogonSamLogonWithFlags");
NT_STATUS_NOT_OK_RETURN(nt_status);
nt_status = auth_context_set_challenge(auth_context, r->in.logon.network->challenge, "netr_LogonSamLogonWithFlags");
#include "auth/auth.h"
#include "scripting/ejs/smbcalls.h"
#include "lib/events/events.h"
#include "auth/auth.h"
#include "scripting/ejs/smbcalls.h"
#include "lib/events/events.h"
+#include "lib/messaging/irpc.h"
static int ejs_doauth(MprVarHandle eid,
TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username,
static int ejs_doauth(MprVarHandle eid,
TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username,
struct smbcalls_context *c;
struct event_context *ev;
struct smbcalls_context *c;
struct event_context *ev;
+ struct messaging_context *msg;
/* Hope we can find an smbcalls_context somewhere up there... */
c = talloc_find_parent_bytype(tmp_ctx, struct smbcalls_context);
if (c) {
ev = c->event_ctx;
/* Hope we can find an smbcalls_context somewhere up there... */
c = talloc_find_parent_bytype(tmp_ctx, struct smbcalls_context);
if (c) {
ev = c->event_ctx;
} else {
/* Hope we can find the event context somewhere up there... */
ev = event_context_find(tmp_ctx);
} else {
/* Hope we can find the event context somewhere up there... */
ev = event_context_find(tmp_ctx);
+ msg = messaging_client_init(tmp_ctx, ev);
- nt_status = auth_context_create(tmp_ctx, auth_types, &auth_context, ev);
+ nt_status = auth_context_create(tmp_ctx, auth_types, ev, msg, &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
mprSetPropertyValue(auth, "result", mprCreateBoolVar(False));
mprSetPropertyValue(auth, "report", mprString("Auth System Failure"));
if (!NT_STATUS_IS_OK(nt_status)) {
mprSetPropertyValue(auth, "result", mprCreateBoolVar(False));
mprSetPropertyValue(auth, "report", mprString("Auth System Failure"));
DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
nt_status = auth_context_create(smb_conn, lp_auth_methods(),
DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
nt_status = auth_context_create(smb_conn, lp_auth_methods(),
- &smb_conn->negotiate.auth_context,
- smb_conn->connection->event.ctx);
+ smb_conn->connection->event.ctx,
+ smb_conn->connection->msg_ctx,
+ &smb_conn->negotiate.auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("auth_context_create() returned %s", nt_errstr(nt_status)));
return nt_status;
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("auth_context_create() returned %s", nt_errstr(nt_status)));
return nt_status;
DATA_BLOB null_data_blob = data_blob(NULL, 0);
DATA_BLOB blob;
const char *oid;
DATA_BLOB null_data_blob = data_blob(NULL, 0);
DATA_BLOB blob;
const char *oid;
- NTSTATUS nt_status = gensec_server_start(req->smb_conn,
- &gensec_security,
- req->smb_conn->connection->event.ctx);
-
+ NTSTATUS nt_status;
+
+ nt_status = gensec_server_start(req->smb_conn,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
/* TODO: should we use just "anonymous" here? */
status = auth_context_create(req, lp_auth_methods(),
/* TODO: should we use just "anonymous" here? */
status = auth_context_create(req, lp_auth_methods(),
- &auth_context,
- req->smb_conn->connection->event.ctx);
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ &auth_context);
if (!NT_STATUS_IS_OK(status)) goto failed;
} else {
auth_context = req->smb_conn->negotiate.auth_context;
if (!NT_STATUS_IS_OK(status)) goto failed;
} else {
auth_context = req->smb_conn->negotiate.auth_context;
if (!smb_sess) {
struct gensec_security *gensec_ctx;
if (!smb_sess) {
struct gensec_security *gensec_ctx;
- status = gensec_server_start(req, &gensec_ctx,
- req->smb_conn->connection->event.ctx);
+ status = gensec_server_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ &gensec_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
goto failed;
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
goto failed;
NTSTATUS nt_status;
struct cli_credentials *server_credentials;
NTSTATUS nt_status;
struct cli_credentials *server_credentials;
- nt_status = gensec_server_start(req, &gensec_security,
- req->smb_conn->connection->event.ctx);
+ nt_status = gensec_server_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
if (vuid == 0) {
struct gensec_security *gensec_ctx;
if (vuid == 0) {
struct gensec_security *gensec_ctx;
- status = gensec_server_start(req, &gensec_ctx,
- req->smb_conn->connection->event.ctx);
+ status = gensec_server_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ &gensec_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
goto failed;
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
goto failed;
POPT_CREDENTIALS \
gensec \
LIBCLI_RESOLVE \
POPT_CREDENTIALS \
gensec \
LIBCLI_RESOLVE \
+ auth \
+ MESSAGING \
+ LIBEVENTS
MANPAGE = man/ntlm_auth.1
# End BINARY ntlm_auth
#################################
MANPAGE = man/ntlm_auth.1
# End BINARY ntlm_auth
#################################
#include "libcli/auth/libcli_auth.h"
#include "libcli/security/security.h"
#include "lib/ldb/include/ldb.h"
#include "libcli/auth/libcli_auth.h"
#include "libcli/security/security.h"
#include "lib/ldb/include/ldb.h"
+#include "lib/events/events.h"
+#include "lib/messaging/messaging.h"
+#include "lib/messaging/irpc.h"
#define SQUID_BUFFER_SIZE 2010
#define SQUID_BUFFER_SIZE 2010
const char *set_password;
};
struct gensec_ntlm_state *state;
const char *set_password;
};
struct gensec_ntlm_state *state;
+ struct event_context *ev;
+ struct messaging_context *msg;
NTSTATUS nt_status;
BOOL first = False;
NTSTATUS nt_status;
BOOL first = False;
break;
case GSS_SPNEGO_SERVER:
case SQUID_2_5_NTLMSSP:
break;
case GSS_SPNEGO_SERVER:
case SQUID_2_5_NTLMSSP:
- if (!NT_STATUS_IS_OK(gensec_server_start(NULL, &state->gensec_state, NULL))) {
+ ev = event_context_init(state);
+ if (!ev) {
+ exit(1);
+ }
+ msg = messaging_client_init(state, ev);
+ if (!msg) {
+ exit(1);
+ }
+ if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, msg, &state->gensec_state))) {