summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-08-02 13:17:24 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-08-03 18:48:05 +1000
commit7b1d6a6a0568a62943877c61d95f6d7bb1fd1d1d (patch)
treefbe3cf65cba959f0621977ef4c809c2ce0fbf7d7 /source3
parent7c4eb9e32e7c84c37728b2f83f28360f4d0cab92 (diff)
downloadsamba-7b1d6a6a0568a62943877c61d95f6d7bb1fd1d1d.tar.gz
samba-7b1d6a6a0568a62943877c61d95f6d7bb1fd1d1d.tar.bz2
samba-7b1d6a6a0568a62943877c61d95f6d7bb1fd1d1d.zip
selftest: test plugin_s4_dc against all ncacn_np tests
Changes to the s3 epmapper behaviour seem to have fixed the rest of these tests. Andrew Bartlett
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth.c3
-rw-r--r--source3/auth/auth_ntlmssp.c36
-rw-r--r--source3/auth/auth_samba4.c1
-rw-r--r--source3/auth/proto.h2
-rw-r--r--source3/include/auth.h2
-rw-r--r--source3/librpc/rpc/dcerpc.h2
6 files changed, 45 insertions, 1 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index f2cd703297..4e413b1de5 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -462,9 +462,10 @@ static NTSTATUS make_auth_context_text_list(TALLOC_CTX *mem_ctx,
/* Look for the first module to provide a start_gensec hook, and set that if provided */
for (method = (*auth_context)->auth_method_list; method; method = method->next) {
- if (method->prepare_gensec && method->gensec_start_mech_by_oid) {
+ if (method->prepare_gensec) {
(*auth_context)->prepare_gensec = method->prepare_gensec;
(*auth_context)->gensec_start_mech_by_oid = method->gensec_start_mech_by_oid;
+ (*auth_context)->gensec_start_mech_by_authtype = method->gensec_start_mech_by_authtype;
break;
}
}
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index e52cf9209d..cccb319ccc 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -27,6 +27,7 @@
#include "../librpc/gen_ndr/netlogon.h"
#include "../lib/tsocket/tsocket.h"
#include "auth/gensec/gensec.h"
+#include "librpc/rpc/dcerpc.h"
NTSTATUS auth_ntlmssp_session_info(TALLOC_CTX *mem_ctx,
struct auth_ntlmssp_state *auth_ntlmssp_state,
@@ -290,6 +291,41 @@ NTSTATUS auth_generic_start(struct auth_ntlmssp_state *auth_ntlmssp_state, const
return NT_STATUS_OK;
}
+NTSTATUS auth_generic_authtype_start(struct auth_ntlmssp_state *auth_ntlmssp_state,
+ uint8_t auth_type, uint8_t auth_level)
+{
+ if (auth_ntlmssp_state->auth_context->gensec_start_mech_by_authtype) {
+ return auth_ntlmssp_state->auth_context->gensec_start_mech_by_authtype(auth_ntlmssp_state->gensec_security,
+ auth_type, auth_level);
+ }
+
+ if (auth_type != DCERPC_AUTH_TYPE_NTLMSSP) {
+ /* The caller will then free the auth_ntlmssp_state,
+ * undoing what was done in auth_ntlmssp_prepare().
+ *
+ * We can't do that logic here, as
+ * auth_ntlmssp_want_feature() may have been called in
+ * between.
+ */
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
+ auth_ntlmssp_want_feature(auth_ntlmssp_state, NTLMSSP_FEATURE_SIGN);
+ } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+ /* Always implies both sign and seal for ntlmssp */
+ auth_ntlmssp_want_feature(auth_ntlmssp_state, NTLMSSP_FEATURE_SEAL);
+ } else if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
+ /* Default features */
+ } else {
+ DEBUG(2,("auth_level %d not supported in DCE/RPC authentication\n",
+ auth_level));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ return NT_STATUS_OK;
+}
+
NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state *auth_ntlmssp_state)
{
return auth_generic_start(auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c
index 2c9a6a0f8c..7315c1621b 100644
--- a/source3/auth/auth_samba4.c
+++ b/source3/auth/auth_samba4.c
@@ -187,6 +187,7 @@ static NTSTATUS auth_init_samba4(struct auth_context *auth_context,
result->auth = check_samba4_security;
result->prepare_gensec = prepare_gensec;
result->gensec_start_mech_by_oid = gensec_start_mech_by_oid;
+ result->gensec_start_mech_by_authtype = gensec_start_mech_by_authtype;
*auth_method = result;
return NT_STATUS_OK;
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 239e8ff454..5dded1421c 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -76,6 +76,8 @@ NTSTATUS auth_ntlmssp_prepare(const struct tsocket_address *remote_address,
struct auth_ntlmssp_state **auth_ntlmssp_state);
NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state *auth_ntlmssp_state);
NTSTATUS auth_generic_start(struct auth_ntlmssp_state *auth_ntlmssp_state, const char *oid);
+NTSTATUS auth_generic_authtype_start(struct auth_ntlmssp_state *auth_ntlmssp_state,
+ uint8_t auth_type, uint8_t auth_level);
/* The following definitions come from auth/auth_sam.c */
diff --git a/source3/include/auth.h b/source3/include/auth.h
index f7422f0600..6721b1f188 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -88,6 +88,7 @@ struct auth_context {
NTSTATUS (*prepare_gensec)(TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_context);
NTSTATUS (*gensec_start_mech_by_oid)(struct gensec_security *gensec_context, const char *oid_string);
+ NTSTATUS (*gensec_start_mech_by_authtype)(struct gensec_security *gensec_context, uint8_t auth_type, uint8_t auth_level);
};
typedef struct auth_methods
@@ -113,6 +114,7 @@ typedef struct auth_methods
NTSTATUS (*prepare_gensec)(TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_context);
NTSTATUS (*gensec_start_mech_by_oid)(struct gensec_security *gensec_context, const char *oid_string);
+ NTSTATUS (*gensec_start_mech_by_authtype)(struct gensec_security *gensec_context, uint8_t auth_type, uint8_t auth_level);
/* Used to keep tabs on things like the cli for SMB server authentication */
void *private_data;
diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h
index d7e8e0c193..be23e10130 100644
--- a/source3/librpc/rpc/dcerpc.h
+++ b/source3/librpc/rpc/dcerpc.h
@@ -39,6 +39,8 @@ struct NL_AUTH_MESSAGE;
struct pipe_auth_data {
enum dcerpc_AuthType auth_type;
enum dcerpc_AuthLevel auth_level;
+
+ bool gensec_hook;
void *auth_ctx;