summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-12-26 11:39:29 +1100
committerStefan Metzmacher <metze@samba.org>2012-01-05 17:17:28 +0100
commitc579b735d6e5ba5345ae8e26477ab13c2646c84a (patch)
tree9472b81008fdb27d5582d7426c0cd32b156478a3
parent7b4f2fad544137db3399e0daa04dd154ba10357d (diff)
downloadsamba-c579b735d6e5ba5345ae8e26477ab13c2646c84a.tar.gz
samba-c579b735d6e5ba5345ae8e26477ab13c2646c84a.tar.bz2
samba-c579b735d6e5ba5345ae8e26477ab13c2646c84a.zip
s3-auth supply s3 ntlmssp module via gensec_settings
This will allow the supply of multiple modules in future without duplicating the module selection logic. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source3/auth/auth_generic.c35
1 files changed, 11 insertions, 24 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 47723d57bb..9b65f24e73 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -79,6 +79,14 @@ NTSTATUS auth_generic_prepare(const struct tsocket_address *remote_address,
return NT_STATUS_NO_MEMORY;
}
+ gensec_settings->backends = talloc_zero_array(gensec_settings, struct gensec_security_ops *, 2);
+ if (gensec_settings->backends == NULL) {
+ TALLOC_FREE(ans);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ gensec_settings->backends[0] = &gensec_ntlmssp3_server_ops;
+
nt_status = gensec_server_start(ans, gensec_settings,
NULL, &ans->gensec_security);
@@ -115,8 +123,7 @@ NTSTATUS auth_generic_start(struct auth_generic_state *auth_ntlmssp_state, const
return NT_STATUS_NOT_IMPLEMENTED;
}
- status = gensec_start_mech_by_ops(auth_ntlmssp_state->gensec_security,
- &gensec_ntlmssp3_server_ops);
+ status = gensec_start_mech_by_oid(auth_ntlmssp_state->gensec_security, oid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -153,28 +160,8 @@ NTSTATUS auth_generic_authtype_start(struct auth_generic_state *auth_ntlmssp_sta
return NT_STATUS_NOT_IMPLEMENTED;
}
- gensec_want_feature(auth_ntlmssp_state->gensec_security,
- GENSEC_FEATURE_DCE_STYLE);
- gensec_want_feature(auth_ntlmssp_state->gensec_security,
- GENSEC_FEATURE_ASYNC_REPLIES);
- if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
- gensec_want_feature(auth_ntlmssp_state->gensec_security,
- GENSEC_FEATURE_SIGN);
- } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- gensec_want_feature(auth_ntlmssp_state->gensec_security,
- GENSEC_FEATURE_SIGN);
- gensec_want_feature(auth_ntlmssp_state->gensec_security,
- GENSEC_FEATURE_SEAL);
- } else if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
- /* Default features */
- } else {
- DEBUG(2,("auth_level %d not supported in DCE/RPC authentication\n",
- auth_level));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- status = gensec_start_mech_by_ops(auth_ntlmssp_state->gensec_security,
- &gensec_ntlmssp3_server_ops);
+ status = gensec_start_mech_by_authtype(auth_ntlmssp_state->gensec_security,
+ auth_type, auth_level);
if (!NT_STATUS_IS_OK(status)) {
return status;
}