summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-12-26 14:23:15 +1100
committerStefan Metzmacher <metze@samba.org>2012-01-05 17:17:28 +0100
commit3042e38d519411e774e110b16a2eeeaef4b25a65 (patch)
treee8586dd2c248ad1091c36d52bf69e031201bd0f4 /source3/auth
parent0c0c23f3fe6f7c55d69d6ca19f8252b12aa8fe5a (diff)
downloadsamba-3042e38d519411e774e110b16a2eeeaef4b25a65.tar.gz
samba-3042e38d519411e774e110b16a2eeeaef4b25a65.tar.bz2
samba-3042e38d519411e774e110b16a2eeeaef4b25a65.zip
s3-auth use gensec directly rather than via auth_generic_state
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_generic.c62
-rw-r--r--source3/auth/proto.h6
2 files changed, 24 insertions, 44 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 8141f18eac..cd4b764e85 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -33,89 +33,73 @@
NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
const struct tsocket_address *remote_address,
- struct auth_generic_state **auth_ntlmssp_state)
+ struct gensec_security **gensec_security_out)
{
+ struct gensec_security *gensec_security;
struct auth_context *auth_context;
- struct auth_generic_state *ans;
NTSTATUS nt_status;
- ans = talloc_zero(mem_ctx, struct auth_generic_state);
- if (!ans) {
- DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
- nt_status = make_auth_context_subsystem(talloc_tos(), &auth_context);
+ nt_status = make_auth_context_subsystem(tmp_ctx, &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return nt_status;
}
- ans->auth_context = talloc_steal(ans, auth_context);
-
if (auth_context->prepare_gensec) {
- nt_status = auth_context->prepare_gensec(ans,
- &ans->gensec_security);
+ nt_status = auth_context->prepare_gensec(tmp_ctx,
+ &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return nt_status;
}
} else {
struct gensec_settings *gensec_settings;
struct loadparm_context *lp_ctx;
- lp_ctx = loadparm_init_s3(ans, loadparm_s3_context());
+ lp_ctx = loadparm_init_s3(tmp_ctx, loadparm_s3_context());
if (lp_ctx == NULL) {
DEBUG(10, ("loadparm_init_s3 failed\n"));
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_INVALID_SERVER_STATE;
}
- gensec_settings = lpcfg_gensec_settings(ans, lp_ctx);
+ gensec_settings = lpcfg_gensec_settings(tmp_ctx, lp_ctx);
if (lp_ctx == NULL) {
DEBUG(10, ("lpcfg_gensec_settings failed\n"));
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
gensec_settings->backends = talloc_zero_array(gensec_settings, struct gensec_security_ops *, 2);
if (gensec_settings->backends == NULL) {
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
gensec_settings->backends[0] = &gensec_ntlmssp3_server_ops;
- nt_status = gensec_server_start(ans, gensec_settings,
- NULL, &ans->gensec_security);
+ nt_status = gensec_server_start(tmp_ctx, gensec_settings,
+ NULL, &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return nt_status;
}
- talloc_unlink(ans, lp_ctx);
- talloc_unlink(ans, gensec_settings);
+ talloc_unlink(tmp_ctx, lp_ctx);
+ talloc_unlink(tmp_ctx, gensec_settings);
}
- nt_status = gensec_set_remote_address(ans->gensec_security,
+ nt_status = gensec_set_remote_address(gensec_security,
remote_address);
if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return nt_status;
}
- *auth_ntlmssp_state = ans;
+ *gensec_security_out = talloc_steal(mem_ctx, gensec_security);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_OK;
}
-
-NTSTATUS auth_generic_start(struct auth_generic_state *auth_ntlmssp_state, const char *oid)
-{
- return gensec_start_mech_by_oid(auth_ntlmssp_state->gensec_security, oid);
-}
-
-NTSTATUS auth_generic_authtype_start(struct auth_generic_state *auth_ntlmssp_state,
- uint8_t auth_type, uint8_t auth_level)
-{
- return gensec_start_mech_by_authtype(auth_ntlmssp_state->gensec_security,
- auth_type, auth_level);
-}
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 31271da3e5..77f0f543e9 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -70,11 +70,7 @@ NTSTATUS auth_netlogond_init(void);
/* The following definitions come from auth/auth_ntlmssp.c */
NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, const struct tsocket_address *remote_address,
- struct auth_generic_state **auth_ntlmssp_state);
-NTSTATUS auth_generic_start(struct auth_generic_state *auth_ntlmssp_state, const char *oid);
-NTSTATUS auth_generic_authtype_start(struct auth_generic_state *auth_ntlmssp_state,
- uint8_t auth_type, uint8_t auth_level);
-
+ struct gensec_security **gensec_security_out);
/* The following definitions come from auth/auth_sam.c */