search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
smbd: Use brl_delete_lock_struct in brl_lock_cancel_default
[Samba.git] / source3 / libsmb / auth_generic.c
blob1f6c681a6e59c6b5bec1a57751df2af9aaae5760
1 /*
2 NLTMSSP wrappers
3
4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Andrew Bartlett 2001-2003,2011
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "auth/ntlmssp/ntlmssp.h"
23 #include "auth_generic.h"
24 #include "auth/gensec/gensec.h"
25 #include "auth/credentials/credentials.h"
26 #include "librpc/rpc/dcerpc.h"
27 #include "lib/param/param.h"
28 #include "librpc/crypto/gse.h"
29
30 NTSTATUS auth_generic_set_username(struct auth_generic_state *ans,
31 const char *user)
32 {
33 cli_credentials_set_username(ans->credentials, user, CRED_SPECIFIED);
34 return NT_STATUS_OK;
35 }
36
37 NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans,
38 const char *domain)
39 {
40 cli_credentials_set_domain(ans->credentials, domain, CRED_SPECIFIED);
41 return NT_STATUS_OK;
42 }
43
44 NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
45 const char *password)
46 {
47 cli_credentials_set_password(ans->credentials, password, CRED_SPECIFIED);
48 return NT_STATUS_OK;
49 }
50
51 NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_generic_state)
52 {
53 struct auth_generic_state *ans;
54 NTSTATUS nt_status;
55 size_t idx = 0;
56 struct gensec_settings *gensec_settings;
57 const struct gensec_security_ops **backends = NULL;
58 struct loadparm_context *lp_ctx;
59
60 ans = talloc_zero(mem_ctx, struct auth_generic_state);
61 if (!ans) {
62 DEBUG(0,("auth_generic_start: talloc failed!\n"));
63 return NT_STATUS_NO_MEMORY;
64 }
65
66 lp_ctx = loadparm_init_s3(ans, loadparm_s3_helpers());
67 if (lp_ctx == NULL) {
68 DEBUG(10, ("loadparm_init_s3 failed\n"));
69 TALLOC_FREE(ans);
70 return NT_STATUS_INVALID_SERVER_STATE;
71 }
72
73 gensec_settings = lpcfg_gensec_settings(ans, lp_ctx);
74 if (lp_ctx == NULL) {
75 DEBUG(10, ("lpcfg_gensec_settings failed\n"));
76 TALLOC_FREE(ans);
77 return NT_STATUS_NO_MEMORY;
78 }
79
80 backends = talloc_zero_array(gensec_settings,
81 const struct gensec_security_ops *, 6);
82 if (backends == NULL) {
83 TALLOC_FREE(ans);
84 return NT_STATUS_NO_MEMORY;
85 }
86 gensec_settings->backends = backends;
87
88 gensec_init();
89
90 /* These need to be in priority order, krb5 before NTLMSSP */
91 #if defined(HAVE_KRB5)
92 backends[idx++] = &gensec_gse_krb5_security_ops;
93 #endif
94
95 backends[idx++] = &gensec_ntlmssp3_client_ops;
96
97 backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
98 backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_SCHANNEL);
99 backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM);
100
101 nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
102
103 if (!NT_STATUS_IS_OK(nt_status)) {
104 TALLOC_FREE(ans);
105 return nt_status;
106 }
107
108 ans->credentials = cli_credentials_init(ans);
109 if (!ans->credentials) {
110 TALLOC_FREE(ans);
111 return NT_STATUS_NO_MEMORY;
112 }
113
114 cli_credentials_guess(ans->credentials, lp_ctx);
115
116 talloc_unlink(ans, lp_ctx);
117 talloc_unlink(ans, gensec_settings);
118
119 *auth_generic_state = ans;
120 return NT_STATUS_OK;
121 }
122
123 NTSTATUS auth_generic_client_start(struct auth_generic_state *ans, const char *oid)
124 {
125 NTSTATUS status;
126
127 /* Transfer the credentials to gensec */
128 status = gensec_set_credentials(ans->gensec_security, ans->credentials);
129 if (!NT_STATUS_IS_OK(status)) {
130 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
131 nt_errstr(status)));
132 return status;
133 }
134 talloc_unlink(ans, ans->credentials);
135 ans->credentials = NULL;
136
137 status = gensec_start_mech_by_oid(ans->gensec_security,
138 oid);
139 if (!NT_STATUS_IS_OK(status)) {
140 return status;
141 }
142
143 return NT_STATUS_OK;
144 }
145
146 NTSTATUS auth_generic_client_start_by_authtype(struct auth_generic_state *ans,
147 uint8_t auth_type,
148 uint8_t auth_level)
149 {
150 NTSTATUS status;
151
152 /* Transfer the credentials to gensec */
153 status = gensec_set_credentials(ans->gensec_security, ans->credentials);
154 if (!NT_STATUS_IS_OK(status)) {
155 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
156 nt_errstr(status)));
157 return status;
158 }
159 talloc_unlink(ans, ans->credentials);
160 ans->credentials = NULL;
161
162 status = gensec_start_mech_by_authtype(ans->gensec_security,
163 auth_type, auth_level);
164 if (!NT_STATUS_IS_OK(status)) {
165 return status;
166 }
167
168 return NT_STATUS_OK;
169 }
Samba GIT mirror