f1510d2e90a9c91f96615382398ac8a43023cc4b
[kai/samba.git] / source3 / libsmb / auth_generic.c
1 /*
2    NLTMSSP wrappers
3
4    Copyright (C) Andrew Tridgell      2001
5    Copyright (C) Andrew Bartlett 2001-2003,2011
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 3 of the License, or
10    (at your option) any later version.
11
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16
17    You should have received a copy of the GNU General Public License
18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "auth/ntlmssp/ntlmssp.h"
23 #include "auth_generic.h"
24 #include "auth/gensec/gensec.h"
25 #include "auth/credentials/credentials.h"
26 #include "librpc/rpc/dcerpc.h"
27 #include "lib/param/param.h"
28 #include "librpc/crypto/gse.h"
29
30 NTSTATUS auth_generic_set_username(struct auth_generic_state *ans,
31                                    const char *user)
32 {
33         cli_credentials_set_username(ans->credentials, user, CRED_SPECIFIED);
34         return NT_STATUS_OK;
35 }
36
37 NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans,
38                                  const char *domain)
39 {
40         cli_credentials_set_domain(ans->credentials, domain, CRED_SPECIFIED);
41         return NT_STATUS_OK;
42 }
43
44 NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
45                                    const char *password)
46 {
47         cli_credentials_set_password(ans->credentials, password, CRED_SPECIFIED);
48         return NT_STATUS_OK;
49 }
50
51 NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_generic_state)
52 {
53         struct auth_generic_state *ans;
54         NTSTATUS nt_status;
55         size_t idx = 0;
56         struct gensec_settings *gensec_settings;
57         struct loadparm_context *lp_ctx;
58
59         ans = talloc_zero(mem_ctx, struct auth_generic_state);
60         if (!ans) {
61                 DEBUG(0,("auth_generic_start: talloc failed!\n"));
62                 return NT_STATUS_NO_MEMORY;
63         }
64
65         lp_ctx = loadparm_init_s3(ans, loadparm_s3_context());
66         if (lp_ctx == NULL) {
67                 DEBUG(10, ("loadparm_init_s3 failed\n"));
68                 TALLOC_FREE(ans);
69                 return NT_STATUS_INVALID_SERVER_STATE;
70         }
71
72         gensec_settings = lpcfg_gensec_settings(ans, lp_ctx);
73         if (lp_ctx == NULL) {
74                 DEBUG(10, ("lpcfg_gensec_settings failed\n"));
75                 TALLOC_FREE(ans);
76                 return NT_STATUS_NO_MEMORY;
77         }
78
79         gensec_settings->backends = talloc_zero_array(gensec_settings,
80                                         struct gensec_security_ops *, 4);
81         if (gensec_settings->backends == NULL) {
82                 TALLOC_FREE(ans);
83                 return NT_STATUS_NO_MEMORY;
84         }
85
86         gensec_init();
87
88         /* These need to be in priority order, krb5 before NTLMSSP */
89 #if defined(HAVE_KRB5)
90         gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
91 #endif
92
93         gensec_settings->backends[idx++] = &gensec_ntlmssp3_client_ops;
94
95         gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
96                                                 GENSEC_OID_SPNEGO);
97
98         nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
99
100         if (!NT_STATUS_IS_OK(nt_status)) {
101                 TALLOC_FREE(ans);
102                 return nt_status;
103         }
104
105         ans->credentials = cli_credentials_init(ans);
106         if (!ans->credentials) {
107                 TALLOC_FREE(ans);
108                 return NT_STATUS_NO_MEMORY;
109         }
110
111         cli_credentials_guess(ans->credentials, lp_ctx);
112
113         talloc_unlink(ans, lp_ctx);
114         talloc_unlink(ans, gensec_settings);
115
116         *auth_generic_state = ans;
117         return NT_STATUS_OK;
118 }
119
120 NTSTATUS auth_generic_client_start(struct auth_generic_state *ans, const char *oid)
121 {
122         NTSTATUS status;
123
124         /* Transfer the credentials to gensec */
125         status = gensec_set_credentials(ans->gensec_security, ans->credentials);
126         if (!NT_STATUS_IS_OK(status)) {
127                 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
128                           nt_errstr(status)));
129                 return status;
130         }
131         talloc_unlink(ans, ans->credentials);
132         ans->credentials = NULL;
133
134         status = gensec_start_mech_by_oid(ans->gensec_security,
135                                           oid);
136         if (!NT_STATUS_IS_OK(status)) {
137                 return status;
138         }
139
140         return NT_STATUS_OK;
141 }
142
143 NTSTATUS auth_generic_client_start_by_authtype(struct auth_generic_state *ans,
144                                                uint8_t auth_type,
145                                                uint8_t auth_level)
146 {
147         NTSTATUS status;
148
149         /* Transfer the credentials to gensec */
150         status = gensec_set_credentials(ans->gensec_security, ans->credentials);
151         if (!NT_STATUS_IS_OK(status)) {
152                 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
153                           nt_errstr(status)));
154                 return status;
155         }
156         talloc_unlink(ans, ans->credentials);
157         ans->credentials = NULL;
158
159         status = gensec_start_mech_by_authtype(ans->gensec_security,
160                                                auth_type, auth_level);
161         if (!NT_STATUS_IS_OK(status)) {
162                 return status;
163         }
164
165         return NT_STATUS_OK;
166 }