search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
backupkey: Handle more clearly the case where we find the secret, but it has no value
[Samba.git] / source3 / libsmb / auth_generic.c
blob68d14516f39eb5db5aba3c017070480e0d95258b
1 /*
2 NLTMSSP wrappers
3
4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Andrew Bartlett 2001-2003,2011
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "auth/ntlmssp/ntlmssp.h"
23 #include "auth_generic.h"
24 #include "auth/gensec/gensec.h"
25 #include "auth/credentials/credentials.h"
26 #include "librpc/rpc/dcerpc.h"
27 #include "lib/param/param.h"
28 #include "librpc/crypto/gse.h"
29
30 NTSTATUS auth_generic_set_username(struct auth_generic_state *ans,
31 const char *user)
32 {
33 cli_credentials_set_username(ans->credentials, user, CRED_SPECIFIED);
34 return NT_STATUS_OK;
35 }
36
37 NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans,
38 const char *domain)
39 {
40 cli_credentials_set_domain(ans->credentials, domain, CRED_SPECIFIED);
41 return NT_STATUS_OK;
42 }
43
44 NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
45 const char *password)
46 {
47 cli_credentials_set_password(ans->credentials, password, CRED_SPECIFIED);
48 return NT_STATUS_OK;
49 }
50
51 NTSTATUS auth_generic_set_creds(struct auth_generic_state *ans,
52 struct cli_credentials *creds)
53 {
54 talloc_unlink(ans->credentials, creds);
55 ans->credentials = creds;
56 return NT_STATUS_OK;
57 }
58
59 NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_generic_state)
60 {
61 struct auth_generic_state *ans;
62 NTSTATUS nt_status;
63 size_t idx = 0;
64 struct gensec_settings *gensec_settings;
65 const struct gensec_security_ops **backends = NULL;
66 struct loadparm_context *lp_ctx;
67
68 ans = talloc_zero(mem_ctx, struct auth_generic_state);
69 if (!ans) {
70 DEBUG(0,("auth_generic_start: talloc failed!\n"));
71 return NT_STATUS_NO_MEMORY;
72 }
73
74 lp_ctx = loadparm_init_s3(ans, loadparm_s3_helpers());
75 if (lp_ctx == NULL) {
76 DEBUG(10, ("loadparm_init_s3 failed\n"));
77 TALLOC_FREE(ans);
78 return NT_STATUS_INVALID_SERVER_STATE;
79 }
80
81 gensec_settings = lpcfg_gensec_settings(ans, lp_ctx);
82 if (lp_ctx == NULL) {
83 DEBUG(10, ("lpcfg_gensec_settings failed\n"));
84 TALLOC_FREE(ans);
85 return NT_STATUS_NO_MEMORY;
86 }
87
88 backends = talloc_zero_array(gensec_settings,
89 const struct gensec_security_ops *, 6);
90 if (backends == NULL) {
91 TALLOC_FREE(ans);
92 return NT_STATUS_NO_MEMORY;
93 }
94 gensec_settings->backends = backends;
95
96 gensec_init();
97
98 /* These need to be in priority order, krb5 before NTLMSSP */
99 #if defined(HAVE_KRB5)
100 backends[idx++] = &gensec_gse_krb5_security_ops;
101 #endif
102
103 backends[idx++] = &gensec_ntlmssp3_client_ops;
104
105 backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
106 backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_SCHANNEL);
107 backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM);
108
109 nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
110
111 if (!NT_STATUS_IS_OK(nt_status)) {
112 TALLOC_FREE(ans);
113 return nt_status;
114 }
115
116 ans->credentials = cli_credentials_init(ans);
117 if (!ans->credentials) {
118 TALLOC_FREE(ans);
119 return NT_STATUS_NO_MEMORY;
120 }
121
122 cli_credentials_guess(ans->credentials, lp_ctx);
123
124 talloc_unlink(ans, lp_ctx);
125 talloc_unlink(ans, gensec_settings);
126
127 *auth_generic_state = ans;
128 return NT_STATUS_OK;
129 }
130
131 NTSTATUS auth_generic_client_start(struct auth_generic_state *ans, const char *oid)
132 {
133 NTSTATUS status;
134
135 /* Transfer the credentials to gensec */
136 status = gensec_set_credentials(ans->gensec_security, ans->credentials);
137 if (!NT_STATUS_IS_OK(status)) {
138 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
139 nt_errstr(status)));
140 return status;
141 }
142 talloc_unlink(ans, ans->credentials);
143 ans->credentials = NULL;
144
145 status = gensec_start_mech_by_oid(ans->gensec_security,
146 oid);
147 if (!NT_STATUS_IS_OK(status)) {
148 return status;
149 }
150
151 return NT_STATUS_OK;
152 }
153
154 NTSTATUS auth_generic_client_start_by_authtype(struct auth_generic_state *ans,
155 uint8_t auth_type,
156 uint8_t auth_level)
157 {
158 NTSTATUS status;
159
160 /* Transfer the credentials to gensec */
161 status = gensec_set_credentials(ans->gensec_security, ans->credentials);
162 if (!NT_STATUS_IS_OK(status)) {
163 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
164 nt_errstr(status)));
165 return status;
166 }
167 talloc_unlink(ans, ans->credentials);
168 ans->credentials = NULL;
169
170 status = gensec_start_mech_by_authtype(ans->gensec_security,
171 auth_type, auth_level);
172 if (!NT_STATUS_IS_OK(status)) {
173 return status;
174 }
175
176 return NT_STATUS_OK;
177 }
Samba GIT mirror