search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r8774: make some gensec errors a bit less verbose
[Samba/ekacnet.git] / source / auth / gensec / gensec.c
blobb500a09fdce439b89bf949fbdd261efa40d59662
1 /*
2 Unix SMB/CIFS implementation.
3
4 Generic Authentication Interface
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25 #include "auth/auth.h"
26 #include "lib/events/events.h"
27
28 /* the list of currently registered GENSEC backends */
29 const static struct gensec_security_ops **generic_security_ops;
30 static int gensec_num_backends;
31
32 static const struct gensec_security_ops *gensec_security_by_authtype(uint8_t auth_type)
33 {
34 int i;
35 for (i=0; i < gensec_num_backends; i++) {
36 if (generic_security_ops[i]->auth_type == auth_type) {
37 return generic_security_ops[i];
38 }
39 }
40
41 return NULL;
42 }
43
44 static const struct gensec_security_ops *gensec_security_by_oid(const char *oid_string)
45 {
46 int i, j;
47 for (i=0; i < gensec_num_backends; i++) {
48 if (generic_security_ops[i]->oid) {
49 for (j=0; generic_security_ops[i]->oid[j]; j++) {
50 if (generic_security_ops[i]->oid[j] &&
51 (strcmp(generic_security_ops[i]->oid[j], oid_string) == 0)) {
52 return generic_security_ops[i];
53 }
54 }
55 }
56 }
57
58 return NULL;
59 }
60
61 static const struct gensec_security_ops *gensec_security_by_sasl_name(const char *sasl_name)
62 {
63 int i;
64 for (i=0; i < gensec_num_backends; i++) {
65 if (generic_security_ops[i]->sasl_name
66 && (strcmp(generic_security_ops[i]->sasl_name, sasl_name) == 0)) {
67 return generic_security_ops[i];
68 }
69 }
70
71 return NULL;
72 }
73
74 static const struct gensec_security_ops *gensec_security_by_name(const char *name)
75 {
76 int i;
77 for (i=0; i < gensec_num_backends; i++) {
78 if (generic_security_ops[i]->name
79 && (strcmp(generic_security_ops[i]->name, name) == 0)) {
80 return generic_security_ops[i];
81 }
82 }
83
84 return NULL;
85 }
86
87 const struct gensec_security_ops **gensec_security_all(int *num_backends_out)
88 {
89 *num_backends_out = gensec_num_backends;
90 return generic_security_ops;
91 }
92
93 /**
94 * Return a unique list of security subsystems from those specified in
95 * the OID list. That is, where two OIDs refer to the same module,
96 * return that module only once
97 *
98 * The list is in the exact order of the OIDs asked for, where available.
99 */
100
101 const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(TALLOC_CTX *mem_ctx,
102 const char **oid_strings,
103 const char *skip)
104 {
105 struct gensec_security_ops_wrapper *backends_out;
106 const struct gensec_security_ops **backends;
107 int i, j, k, oid_idx;
108 int num_backends_out = 0;
109 int num_backends;
110
111 if (!oid_strings) {
112 return NULL;
113 }
114
115 backends = gensec_security_all(&num_backends);
116
117 backends_out = talloc_array(mem_ctx, struct gensec_security_ops_wrapper, 1);
118 if (!backends_out) {
119 return NULL;
120 }
121 backends_out[0].op = NULL;
122 backends_out[0].oid = NULL;
123
124 for (oid_idx = 0; oid_strings[oid_idx]; oid_idx++) {
125 if (strcmp(oid_strings[oid_idx], skip) == 0) {
126 continue;
127 }
128
129 for (i=0; i < num_backends; i++) {
130 if (!backends[i]->oid) {
131 continue;
132 }
133 for (j=0; backends[i]->oid[j]; j++) {
134 if (!backends[i]->oid[j] ||
135 !(strcmp(backends[i]->oid[j],
136 oid_strings[oid_idx]) == 0)) {
137 continue;
138 }
139
140 for (k=0; backends_out[k].op; k++) {
141 if (backends_out[k].op == backends[i]) {
142 break;
143 }
144 }
145
146 if (k < num_backends_out) {
147 /* already in there */
148 continue;
149 }
150
151 backends_out = talloc_realloc(mem_ctx, backends_out,
152 struct gensec_security_ops_wrapper,
153 num_backends_out + 2);
154 if (!backends_out) {
155 return NULL;
156 }
157
158 backends_out[num_backends_out].op = backends[i];
159 backends_out[num_backends_out].oid = backends[i]->oid[j];
160 num_backends_out++;
161 backends_out[num_backends_out].op = NULL;
162 backends_out[num_backends_out].oid = NULL;
163 }
164 }
165 }
166 return backends_out;
167 }
168
169 /**
170 * Return OIDS from the security subsystems listed
171 */
172
173 const char **gensec_security_oids_from_ops(TALLOC_CTX *mem_ctx,
174 const struct gensec_security_ops **ops,
175 int num_backends,
176 const char *skip)
177 {
178 int i;
179 int j = 0;
180 int k;
181 const char **oid_list;
182 if (!ops) {
183 return NULL;
184 }
185 oid_list = talloc_array(mem_ctx, const char *, 1);
186 if (!oid_list) {
187 return NULL;
188 }
189
190 for (i=0; i<num_backends; i++) {
191 if (!ops[i]->oid) {
192 continue;
193 }
194
195 for (k = 0; ops[i]->oid[k]; k++) {
196 if (skip && strcmp(skip, ops[i]->oid[k])==0) {
197 } else {
198 oid_list = talloc_realloc(mem_ctx, oid_list, const char *, j + 2);
199 if (!oid_list) {
200 return NULL;
201 }
202 oid_list[j] = ops[i]->oid[k];
203 j++;
204 }
205 }
206 }
207 oid_list[j] = NULL;
208 return oid_list;
209 }
210
211
212 /**
213 * Return all the security subsystems currently enabled in GENSEC
214 */
215
216 const char **gensec_security_oids(TALLOC_CTX *mem_ctx, const char *skip)
217 {
218 int num_backends;
219 const struct gensec_security_ops **ops = gensec_security_all(&num_backends);
220 return gensec_security_oids_from_ops(mem_ctx, ops,
221 num_backends, skip);
222 }
223
224
225
226 /**
227 Start the GENSEC system, returning a context pointer.
228 @param mem_ctx The parent TALLOC memory context.
229 @param gensec_security Returned GENSEC context pointer.
230 @note The mem_ctx is only a parent and may be NULL.
231 */
232 static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
233 struct gensec_security **gensec_security,
234 struct event_context *ev)
235 {
236 (*gensec_security) = talloc(mem_ctx, struct gensec_security);
237 NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
238
239 (*gensec_security)->ops = NULL;
240
241 ZERO_STRUCT((*gensec_security)->target);
242
243 (*gensec_security)->subcontext = False;
244 (*gensec_security)->want_features = 0;
245
246 if (ev == NULL) {
247 ev = event_context_init(*gensec_security);
248 if (ev == NULL) {
249 talloc_free(*gensec_security);
250 return NT_STATUS_NO_MEMORY;
251 }
252 }
253
254 (*gensec_security)->event_ctx = ev;
255
256 return NT_STATUS_OK;
257 }
258
259 /**
260 * Start a GENSEC subcontext, with a copy of the properties of the parent
261 * @param mem_ctx The parent TALLOC memory context.
262 * @param parent The parent GENSEC context
263 * @param gensec_security Returned GENSEC context pointer.
264 * @note Used by SPNEGO in particular, for the actual implementation mechanism
265 */
266
267 NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
268 struct gensec_security *parent,
269 struct gensec_security **gensec_security)
270 {
271 (*gensec_security) = talloc(mem_ctx, struct gensec_security);
272 NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
273
274 (**gensec_security) = *parent;
275 (*gensec_security)->ops = NULL;
276 (*gensec_security)->private_data = NULL;
277
278 (*gensec_security)->subcontext = True;
279 (*gensec_security)->event_ctx = parent->event_ctx;
280
281 return NT_STATUS_OK;
282 }
283
284 /**
285 Start the GENSEC system, in client mode, returning a context pointer.
286 @param mem_ctx The parent TALLOC memory context.
287 @param gensec_security Returned GENSEC context pointer.
288 @note The mem_ctx is only a parent and may be NULL.
289 */
290 NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
291 struct gensec_security **gensec_security,
292 struct event_context *ev)
293 {
294 NTSTATUS status;
295 status = gensec_start(mem_ctx, gensec_security, ev);
296 if (!NT_STATUS_IS_OK(status)) {
297 return status;
298 }
299 (*gensec_security)->gensec_role = GENSEC_CLIENT;
300
301 return status;
302 }
303
304 /**
305 Start the GENSEC system, in server mode, returning a context pointer.
306 @param mem_ctx The parent TALLOC memory context.
307 @param gensec_security Returned GENSEC context pointer.
308 @note The mem_ctx is only a parent and may be NULL.
309 */
310 NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
311 struct gensec_security **gensec_security,
312 struct event_context *ev)
313 {
314 NTSTATUS status;
315 status = gensec_start(mem_ctx, gensec_security, ev);
316 if (!NT_STATUS_IS_OK(status)) {
317 return status;
318 }
319 (*gensec_security)->gensec_role = GENSEC_SERVER;
320
321 return status;
322 }
323
324 static NTSTATUS gensec_start_mech(struct gensec_security *gensec_security)
325 {
326 NTSTATUS status;
327 DEBUG(5, ("Starting GENSEC %smechanism %s\n",
328 gensec_security->subcontext ? "sub" : "",
329 gensec_security->ops->name));
330 switch (gensec_security->gensec_role) {
331 case GENSEC_CLIENT:
332 if (gensec_security->ops->client_start) {
333 status = gensec_security->ops->client_start(gensec_security);
334 if (!NT_STATUS_IS_OK(status)) {
335 DEBUG(2, ("Failed to start GENSEC client mech %s: %s\n",
336 gensec_security->ops->name, nt_errstr(status)));
337 }
338 return status;
339 }
340 case GENSEC_SERVER:
341 if (gensec_security->ops->server_start) {
342 status = gensec_security->ops->server_start(gensec_security);
343 if (!NT_STATUS_IS_OK(status)) {
344 DEBUG(1, ("Failed to start GENSEC server mech %s: %s\n",
345 gensec_security->ops->name, nt_errstr(status)));
346 }
347 return status;
348 }
349 }
350 return NT_STATUS_INVALID_PARAMETER;
351 }
352
353 /**
354 * Start a GENSEC sub-mechanism by DCERPC allocated 'auth type' number
355 * @param gensec_security GENSEC context pointer.
356 * @param auth_type DCERPC auth type
357 * @param auth_level DCERPC auth level
358 */
359
360 NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
361 uint8_t auth_type, uint8_t auth_level)
362 {
363 gensec_security->ops = gensec_security_by_authtype(auth_type);
364 if (!gensec_security->ops) {
365 DEBUG(3, ("Could not find GENSEC backend for auth_type=%d\n", (int)auth_type));
366 return NT_STATUS_INVALID_PARAMETER;
367 }
368 gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE);
369 if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
370 gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
371 } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
372 gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
373 gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
374 } else if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
375 /* Default features */
376 } else {
377 DEBUG(2,("auth_level %d not supported in DCE/RPC authentication\n",
378 auth_level));
379 return NT_STATUS_INVALID_PARAMETER;
380 }
381
382 return gensec_start_mech(gensec_security);
383 }
384
385 const char *gensec_get_name_by_authtype(uint8_t authtype)
386 {
387 const struct gensec_security_ops *ops;
388 ops = gensec_security_by_authtype(authtype);
389 if (ops) {
390 return ops->name;
391 }
392 return NULL;
393 }
394
395
396 const char *gensec_get_name_by_oid(const char *oid_string)
397 {
398 const struct gensec_security_ops *ops;
399 ops = gensec_security_by_oid(oid_string);
400 if (ops) {
401 return ops->name;
402 }
403 return NULL;
404 }
405
406
407 /**
408 * Start a GENSEC sub-mechanism with a specifed mechansim structure, used in SPNEGO
409 *
410 */
411
412 NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security,
413 const struct gensec_security_ops *ops)
414 {
415 gensec_security->ops = ops;
416 return gensec_start_mech(gensec_security);
417 }
418
419 /**
420 * Start a GENSEC sub-mechanism by OID, used in SPNEGO
421 *
422 * @note This should also be used when you wish to just start NLTMSSP (for example), as it uses a
423 * well-known #define to hook it in.
424 */
425
426 NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
427 const char *mech_oid)
428 {
429 gensec_security->ops = gensec_security_by_oid(mech_oid);
430 if (!gensec_security->ops) {
431 DEBUG(3, ("Could not find GENSEC backend for oid=%s\n", mech_oid));
432 return NT_STATUS_INVALID_PARAMETER;
433 }
434 return gensec_start_mech(gensec_security);
435 }
436
437 /**
438 * Start a GENSEC sub-mechanism by a well know SASL name
439 *
440 */
441
442 NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
443 const char *sasl_name)
444 {
445 gensec_security->ops = gensec_security_by_sasl_name(sasl_name);
446 if (!gensec_security->ops) {
447 DEBUG(3, ("Could not find GENSEC backend for sasl_name=%s\n", sasl_name));
448 return NT_STATUS_INVALID_PARAMETER;
449 }
450 return gensec_start_mech(gensec_security);
451 }
452
453 /*
454 wrappers for the gensec function pointers
455 */
456 NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
457 TALLOC_CTX *mem_ctx,
458 uint8_t *data, size_t length,
459 const uint8_t *whole_pdu, size_t pdu_length,
460 const DATA_BLOB *sig)
461 {
462 if (!gensec_security->ops->unseal_packet) {
463 return NT_STATUS_NOT_IMPLEMENTED;
464 }
465 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
466 if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
467 return gensec_check_packet(gensec_security, mem_ctx,
468 data, length,
469 whole_pdu, pdu_length,
470 sig);
471 }
472 return NT_STATUS_INVALID_PARAMETER;
473 }
474
475 return gensec_security->ops->unseal_packet(gensec_security, mem_ctx,
476 data, length,
477 whole_pdu, pdu_length,
478 sig);
479 }
480
481 NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
482 TALLOC_CTX *mem_ctx,
483 const uint8_t *data, size_t length,
484 const uint8_t *whole_pdu, size_t pdu_length,
485 const DATA_BLOB *sig)
486 {
487 if (!gensec_security->ops->check_packet) {
488 return NT_STATUS_NOT_IMPLEMENTED;
489 }
490 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
491 return NT_STATUS_INVALID_PARAMETER;
492 }
493
494 return gensec_security->ops->check_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
495 }
496
497 NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
498 TALLOC_CTX *mem_ctx,
499 uint8_t *data, size_t length,
500 const uint8_t *whole_pdu, size_t pdu_length,
501 DATA_BLOB *sig)
502 {
503 if (!gensec_security->ops->seal_packet) {
504 return NT_STATUS_NOT_IMPLEMENTED;
505 }
506 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
507 if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
508 return gensec_sign_packet(gensec_security, mem_ctx,
509 data, length,
510 whole_pdu, pdu_length,
511 sig);
512 }
513 return NT_STATUS_INVALID_PARAMETER;
514 }
515
516 return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
517 }
518
519 NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
520 TALLOC_CTX *mem_ctx,
521 const uint8_t *data, size_t length,
522 const uint8_t *whole_pdu, size_t pdu_length,
523 DATA_BLOB *sig)
524 {
525 if (!gensec_security->ops->sign_packet) {
526 return NT_STATUS_NOT_IMPLEMENTED;
527 }
528 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
529 return NT_STATUS_INVALID_PARAMETER;
530 }
531
532 return gensec_security->ops->sign_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
533 }
534
535 size_t gensec_sig_size(struct gensec_security *gensec_security)
536 {
537 if (!gensec_security->ops->sig_size) {
538 return 0;
539 }
540 if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
541 return 0;
542 }
543
544 return gensec_security->ops->sig_size(gensec_security);
545 }
546
547 NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
548 TALLOC_CTX *mem_ctx,
549 const DATA_BLOB *in,
550 DATA_BLOB *out)
551 {
552 if (!gensec_security->ops->wrap) {
553 return NT_STATUS_NOT_IMPLEMENTED;
554 }
555 return gensec_security->ops->wrap(gensec_security, mem_ctx, in, out);
556 }
557
558 NTSTATUS gensec_unwrap(struct gensec_security *gensec_security,
559 TALLOC_CTX *mem_ctx,
560 const DATA_BLOB *in,
561 DATA_BLOB *out)
562 {
563 if (!gensec_security->ops->unwrap) {
564 return NT_STATUS_NOT_IMPLEMENTED;
565 }
566 return gensec_security->ops->unwrap(gensec_security, mem_ctx, in, out);
567 }
568
569 NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
570 DATA_BLOB *session_key)
571 {
572 if (!gensec_security->ops->session_key) {
573 return NT_STATUS_NOT_IMPLEMENTED;
574 }
575 return gensec_security->ops->session_key(gensec_security, session_key);
576 }
577
578 /**
579 * Return the credentials of a logged on user, including session keys
580 * etc.
581 *
582 * Only valid after a successful authentication
583 *
584 * May only be called once per authentication.
585 *
586 */
587
588 NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
589 struct auth_session_info **session_info)
590 {
591 if (!gensec_security->ops->session_info) {
592 return NT_STATUS_NOT_IMPLEMENTED;
593 }
594 return gensec_security->ops->session_info(gensec_security, session_info);
595 }
596
597 /**
598 * Next state function for the GENSEC state machine
599 *
600 * @param gensec_security GENSEC State
601 * @param out_mem_ctx The TALLOC_CTX for *out to be allocated on
602 * @param in The request, as a DATA_BLOB
603 * @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx
604 * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent,
605 * or NT_STATUS_OK if the user is authenticated.
606 */
607
608 NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
609 const DATA_BLOB in, DATA_BLOB *out)
610 {
611 return gensec_security->ops->update(gensec_security, out_mem_ctx, in, out);
612 }
613
614 /**
615 * Set the requirement for a certain feature on the connection
616 *
617 */
618
619 void gensec_want_feature(struct gensec_security *gensec_security,
620 uint32_t feature)
621 {
622 gensec_security->want_features |= feature;
623 }
624
625 /**
626 * Check the requirement for a certain feature on the connection
627 *
628 */
629
630 BOOL gensec_have_feature(struct gensec_security *gensec_security,
631 uint32_t feature)
632 {
633 if (!gensec_security->ops->have_feature) {
634 return False;
635 }
636 return gensec_security->ops->have_feature(gensec_security, feature);
637 }
638
639 /**
640 * Associate a credentails structure with a GENSEC context - talloc_reference()s it to the context
641 *
642 */
643
644 NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security, struct cli_credentials *credentials)
645 {
646 gensec_security->credentials = talloc_reference(gensec_security, credentials);
647 return NT_STATUS_OK;
648 }
649
650 /**
651 * Return the credentails structure associated with a GENSEC context
652 *
653 */
654
655 struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security)
656 {
657 return gensec_security->credentials;
658 }
659
660 /**
661 * Set the target service (such as 'http' or 'host') on a GENSEC context - ensures it is talloc()ed
662 *
663 */
664
665 NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, const char *service)
666 {
667 gensec_security->target.service = talloc_strdup(gensec_security, service);
668 if (!gensec_security->target.service) {
669 return NT_STATUS_NO_MEMORY;
670 }
671 return NT_STATUS_OK;
672 }
673
674 /**
675 * Set the target hostname (suitable for kerberos resolutation) on a GENSEC context - ensures it is talloc()ed
676 *
677 */
678
679 NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_security, const char *hostname)
680 {
681 gensec_security->target.hostname = talloc_strdup(gensec_security, hostname);
682 if (!gensec_security->target.hostname) {
683 return NT_STATUS_NO_MEMORY;
684 }
685 return NT_STATUS_OK;
686 }
687
688 const char *gensec_get_target_hostname(struct gensec_security *gensec_security)
689 {
690 if (gensec_security->target.hostname) {
691 return gensec_security->target.hostname;
692 }
693
694 /* TODO: Add a 'set sockaddr' call, and do a reverse lookup */
695 return NULL;
696 }
697
698 const char *gensec_get_target_service(struct gensec_security *gensec_security)
699 {
700 if (gensec_security->target.service) {
701 return gensec_security->target.service;
702 }
703
704 return "host";
705 }
706
707 /*
708 register a GENSEC backend.
709
710 The 'name' can be later used by other backends to find the operations
711 structure for this backend.
712 */
713 NTSTATUS gensec_register(const void *_ops)
714 {
715 const struct gensec_security_ops *ops = _ops;
716
717 if (!lp_parm_bool(-1, "gensec", ops->name, ops->enabled)) {
718 DEBUG(2,("gensec subsystem %s is disabled\n", ops->name));
719 return NT_STATUS_OK;
720 }
721
722 if (gensec_security_by_name(ops->name) != NULL) {
723 /* its already registered! */
724 DEBUG(0,("GENSEC backend '%s' already registered\n",
725 ops->name));
726 return NT_STATUS_OBJECT_NAME_COLLISION;
727 }
728
729 generic_security_ops = realloc_p(generic_security_ops,
730 const struct gensec_security_ops *,
731 gensec_num_backends+1);
732 if (!generic_security_ops) {
733 smb_panic("out of memory in gensec_register");
734 }
735
736 generic_security_ops[gensec_num_backends] = ops;
737
738 gensec_num_backends++;
739
740 DEBUG(3,("GENSEC backend '%s' registered\n",
741 ops->name));
742
743 return NT_STATUS_OK;
744 }
745
746 /*
747 return the GENSEC interface version, and the size of some critical types
748 This can be used by backends to either detect compilation errors, or provide
749 multiple implementations for different smbd compilation options in one module
750 */
751 const struct gensec_critical_sizes *gensec_interface_version(void)
752 {
753 static const struct gensec_critical_sizes critical_sizes = {
754 GENSEC_INTERFACE_VERSION,
755 sizeof(struct gensec_security_ops),
756 sizeof(struct gensec_security),
757 };
758
759 return &critical_sizes;
760 }
761
762 /*
763 initialise the GENSEC subsystem
764 */
765 NTSTATUS gensec_init(void)
766 {
767 return NT_STATUS_OK;
768 }