diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-02-06 12:40:38 +1100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2012-02-16 15:18:42 +0100 |
| commit | 2b511f0e9280e0b918265bac8090d79d3c9d5115 (patch) | |
| tree | b2c8db285a6a6e588ac309ea395d6ebdc23bbafb /source3/librpc/crypto/spnego.h | |
| parent | 5c9b6db68e0f535ed2b42bbfee310b7cebf65ca4 (diff) | |
| download | samba-2b511f0e9280e0b918265bac8090d79d3c9d5115.tar.gz samba-2b511f0e9280e0b918265bac8090d79d3c9d5115.tar.bz2 samba-2b511f0e9280e0b918265bac8090d79d3c9d5115.zip | |
s3-librpc: Use gensec_spnego for DCE/RPC authentication
This ensures that we use the same SPNEGO code on session setup and on
DCE/RPC binds, and simplfies the calling code as spnego is no longer
a special case in cli_pipe.c
A special case wrapper function remains to avoid changing the
application layer callers in this patch.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/librpc/crypto/spnego.h')
| -rw-r--r-- | source3/librpc/crypto/spnego.h | 92 |
1 files changed, 0 insertions, 92 deletions
diff --git a/source3/librpc/crypto/spnego.h b/source3/librpc/crypto/spnego.h deleted file mode 100644 index b66ef4d152..0000000000 --- a/source3/librpc/crypto/spnego.h +++ /dev/null @@ -1,92 +0,0 @@ -/* - * SPNEGO Encapsulation - * RPC Pipe client routines - * Copyright (C) Simo Sorce 2010. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. - */ - -#ifndef _CLI_SPNEGO_H_ -#define _CLI_SPENGO_H_ - -enum spnego_mech { - SPNEGO_NONE = 0, - SPNEGO_KRB5, - SPNEGO_NTLMSSP -}; - -struct spnego_context { - enum spnego_mech mech; - - struct gensec_security *gensec_security; - - char *oid_list[ASN1_MAX_OIDS]; - char *mech_oid; - - enum { - SPNEGO_CONV_INIT = 0, - SPNEGO_CONV_NEGO, - SPNEGO_CONV_AUTH_MORE, - SPNEGO_CONV_AUTH_CONFIRM, - SPNEGO_CONV_AUTH_DONE - } state; - - bool do_sign; - bool do_seal; - bool is_dcerpc; - - struct tsocket_address *remote_address; - - bool more_processing; /* Current mech state requires more processing */ -}; - -NTSTATUS spnego_generic_init_client(TALLOC_CTX *mem_ctx, - const char *oid, - bool do_sign, bool do_seal, - bool is_dcerpc, - const char *server, - const char *target_service, - const char *domain, - const char *username, - const char *password, - struct spnego_context **spnego_ctx); - -NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx, - struct spnego_context *sp_ctx, - DATA_BLOB *spnego_in, - DATA_BLOB *spnego_out); - -bool spnego_require_more_processing(struct spnego_context *sp_ctx); - -NTSTATUS spnego_get_negotiated_mech(struct spnego_context *sp_ctx, - struct gensec_security **auth_context); - -NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx, - struct spnego_context *sp_ctx, - DATA_BLOB *data, DATA_BLOB *full_data, - DATA_BLOB *signature); -NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx, - struct spnego_context *sp_ctx, - DATA_BLOB *data, DATA_BLOB *full_data, - DATA_BLOB *signature); -NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx, - struct spnego_context *sp_ctx, - DATA_BLOB *data, DATA_BLOB *full_data, - DATA_BLOB *signature); -NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx, - struct spnego_context *sp_ctx, - DATA_BLOB *data, DATA_BLOB *full_data, - DATA_BLOB *signature); - -#endif /* _CLI_SPENGO_H_ */ |