s3: libsmb: Do some hardening in the receive processing of cli_shadow_copy_data_recv().
[Samba.git] / source3 / libsmb / auth_generic.c
blob59560d677bc2aba7710d236828de8902e8137e9c
1 /*
2 NLTMSSP wrappers
4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Andrew Bartlett 2001-2003,2011
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "includes.h"
22 #include "auth/ntlmssp/ntlmssp.h"
23 #include "auth_generic.h"
24 #include "auth/gensec/gensec.h"
25 #include "auth/credentials/credentials.h"
26 #include "librpc/rpc/dcerpc.h"
27 #include "lib/param/param.h"
28 #include "librpc/crypto/gse.h"
30 NTSTATUS auth_generic_set_username(struct auth_generic_state *ans,
31 const char *user)
33 cli_credentials_set_username(ans->credentials, user, CRED_SPECIFIED);
34 return NT_STATUS_OK;
37 NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans,
38 const char *domain)
40 cli_credentials_set_domain(ans->credentials, domain, CRED_SPECIFIED);
41 return NT_STATUS_OK;
44 NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
45 const char *password)
47 cli_credentials_set_password(ans->credentials, password, CRED_SPECIFIED);
48 return NT_STATUS_OK;
51 NTSTATUS auth_generic_set_creds(struct auth_generic_state *ans,
52 struct cli_credentials *creds)
54 talloc_unlink(ans->credentials, creds);
55 ans->credentials = creds;
56 return NT_STATUS_OK;
59 NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_generic_state)
61 struct auth_generic_state *ans;
62 NTSTATUS nt_status;
63 size_t idx = 0;
64 struct gensec_settings *gensec_settings;
65 const struct gensec_security_ops **backends = NULL;
66 struct loadparm_context *lp_ctx;
68 ans = talloc_zero(mem_ctx, struct auth_generic_state);
69 if (!ans) {
70 DEBUG(0,("auth_generic_start: talloc failed!\n"));
71 return NT_STATUS_NO_MEMORY;
74 lp_ctx = loadparm_init_s3(ans, loadparm_s3_helpers());
75 if (lp_ctx == NULL) {
76 DEBUG(10, ("loadparm_init_s3 failed\n"));
77 TALLOC_FREE(ans);
78 return NT_STATUS_INVALID_SERVER_STATE;
81 gensec_settings = lpcfg_gensec_settings(ans, lp_ctx);
82 if (lp_ctx == NULL) {
83 DEBUG(10, ("lpcfg_gensec_settings failed\n"));
84 TALLOC_FREE(ans);
85 return NT_STATUS_NO_MEMORY;
88 backends = talloc_zero_array(gensec_settings,
89 const struct gensec_security_ops *, 7);
90 if (backends == NULL) {
91 TALLOC_FREE(ans);
92 return NT_STATUS_NO_MEMORY;
94 gensec_settings->backends = backends;
96 gensec_init();
98 /* These need to be in priority order, krb5 before NTLMSSP */
99 #if defined(HAVE_KRB5)
100 backends[idx++] = &gensec_gse_krb5_security_ops;
101 #endif
103 backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
104 backends[idx++] = gensec_security_by_name(NULL, "ntlmssp_resume_ccache");
106 backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
107 backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_SCHANNEL);
108 backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM);
110 nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
112 if (!NT_STATUS_IS_OK(nt_status)) {
113 TALLOC_FREE(ans);
114 return nt_status;
117 ans->credentials = cli_credentials_init(ans);
118 if (!ans->credentials) {
119 TALLOC_FREE(ans);
120 return NT_STATUS_NO_MEMORY;
123 cli_credentials_guess(ans->credentials, lp_ctx);
125 talloc_unlink(ans, lp_ctx);
126 talloc_unlink(ans, gensec_settings);
128 *auth_generic_state = ans;
129 return NT_STATUS_OK;
132 NTSTATUS auth_generic_client_start(struct auth_generic_state *ans, const char *oid)
134 NTSTATUS status;
136 /* Transfer the credentials to gensec */
137 status = gensec_set_credentials(ans->gensec_security, ans->credentials);
138 if (!NT_STATUS_IS_OK(status)) {
139 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
140 nt_errstr(status)));
141 return status;
143 talloc_unlink(ans, ans->credentials);
144 ans->credentials = NULL;
146 status = gensec_start_mech_by_oid(ans->gensec_security,
147 oid);
148 if (!NT_STATUS_IS_OK(status)) {
149 return status;
152 return NT_STATUS_OK;
155 NTSTATUS auth_generic_client_start_by_name(struct auth_generic_state *ans,
156 const char *name)
158 NTSTATUS status;
160 /* Transfer the credentials to gensec */
161 status = gensec_set_credentials(ans->gensec_security, ans->credentials);
162 if (!NT_STATUS_IS_OK(status)) {
163 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
164 nt_errstr(status)));
165 return status;
167 talloc_unlink(ans, ans->credentials);
168 ans->credentials = NULL;
170 status = gensec_start_mech_by_name(ans->gensec_security, name);
171 if (!NT_STATUS_IS_OK(status)) {
172 return status;
175 return NT_STATUS_OK;
178 NTSTATUS auth_generic_client_start_by_authtype(struct auth_generic_state *ans,
179 uint8_t auth_type,
180 uint8_t auth_level)
182 NTSTATUS status;
184 /* Transfer the credentials to gensec */
185 status = gensec_set_credentials(ans->gensec_security, ans->credentials);
186 if (!NT_STATUS_IS_OK(status)) {
187 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
188 nt_errstr(status)));
189 return status;
191 talloc_unlink(ans, ans->credentials);
192 ans->credentials = NULL;
194 status = gensec_start_mech_by_authtype(ans->gensec_security,
195 auth_type, auth_level);
196 if (!NT_STATUS_IS_OK(status)) {
197 return status;
200 return NT_STATUS_OK;
203 NTSTATUS auth_generic_client_start_by_sasl(struct auth_generic_state *ans,
204 const char **sasl_list)
206 NTSTATUS status;
208 /* Transfer the credentials to gensec */
209 status = gensec_set_credentials(ans->gensec_security, ans->credentials);
210 if (!NT_STATUS_IS_OK(status)) {
211 DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
212 nt_errstr(status)));
213 return status;
215 talloc_unlink(ans, ans->credentials);
216 ans->credentials = NULL;
218 status = gensec_start_mech_by_sasl_list(ans->gensec_security, sasl_list);
219 if (!NT_STATUS_IS_OK(status)) {
220 return status;
223 return NT_STATUS_OK;