summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2007-12-03 17:41:50 +0100
committerStefan Metzmacher <metze@samba.org>2007-12-21 05:47:34 +0100
commitecea5ce24553989103d4a06296b24f4d29f30a36 (patch)
tree806e6d582a799f24061dc5ca9df2ac36c26ad4f6 /source4/auth/gensec
parentab5bbd26029e8ae62256c454daee14852b940a6a (diff)
downloadsamba-ecea5ce24553989103d4a06296b24f4d29f30a36.tar.gz
samba-ecea5ce24553989103d4a06296b24f4d29f30a36.tar.bz2
samba-ecea5ce24553989103d4a06296b24f4d29f30a36.zip
r26260: Store loadparm context in gensec context.
(This used to be commit b9e3a4862e267be39d603fed8207a237c3d72081)
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r--source4/auth/gensec/cyrus_sasl.c2
-rw-r--r--source4/auth/gensec/gensec.c15
-rw-r--r--source4/auth/gensec/gensec.h6
-rw-r--r--source4/auth/gensec/gensec_gssapi.c41
-rw-r--r--source4/auth/gensec/gensec_krb5.c14
-rw-r--r--source4/auth/gensec/schannel.c7
-rw-r--r--source4/auth/gensec/spnego.c2
7 files changed, 44 insertions, 43 deletions
diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c
index 7ccdb1edec..0bce35e1c5 100644
--- a/source4/auth/gensec/cyrus_sasl.c
+++ b/source4/auth/gensec/cyrus_sasl.c
@@ -112,7 +112,7 @@ static int gensec_sasl_dispose(struct gensec_sasl_state *gensec_sasl_state)
return 0;
}
-static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security)
{
struct gensec_sasl_state *gensec_sasl_state;
const char *service = gensec_get_target_service(gensec_security);
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 27981a7504..f055b1a995 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -477,6 +477,7 @@ const char **gensec_security_oids(struct gensec_security *gensec_security,
*/
static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
struct event_context *ev,
+ struct loadparm_context *lp_ctx,
struct messaging_context *msg,
struct gensec_security **gensec_security)
{
@@ -502,6 +503,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
(*gensec_security)->event_ctx = ev;
(*gensec_security)->msg_ctx = msg;
+ (*gensec_security)->lp_ctx = lp_ctx;
return NT_STATUS_OK;
}
@@ -528,6 +530,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
(*gensec_security)->subcontext = true;
(*gensec_security)->event_ctx = parent->event_ctx;
(*gensec_security)->msg_ctx = parent->msg_ctx;
+ (*gensec_security)->lp_ctx = parent->lp_ctx;
return NT_STATUS_OK;
}
@@ -540,7 +543,8 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
*/
_PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_security,
- struct event_context *ev)
+ struct event_context *ev,
+ struct loadparm_context *lp_ctx)
{
NTSTATUS status;
struct event_context *new_ev = NULL;
@@ -551,7 +555,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
ev = new_ev;
}
- status = gensec_start(mem_ctx, ev, NULL, gensec_security);
+ status = gensec_start(mem_ctx, ev, lp_ctx, NULL, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(new_ev);
return status;
@@ -570,6 +574,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
*/
NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
struct event_context *ev,
+ struct loadparm_context *lp_ctx,
struct messaging_context *msg,
struct gensec_security **gensec_security)
{
@@ -585,7 +590,7 @@ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
return NT_STATUS_INTERNAL_ERROR;
}
- status = gensec_start(mem_ctx, ev, msg, gensec_security);
+ status = gensec_start(mem_ctx, ev, lp_ctx, msg, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -603,7 +608,7 @@ static NTSTATUS gensec_start_mech(struct gensec_security *gensec_security)
switch (gensec_security->gensec_role) {
case GENSEC_CLIENT:
if (gensec_security->ops->client_start) {
- status = gensec_security->ops->client_start(gensec_security, global_loadparm);
+ status = gensec_security->ops->client_start(gensec_security);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2, ("Failed to start GENSEC client mech %s: %s\n",
gensec_security->ops->name, nt_errstr(status)));
@@ -1108,7 +1113,7 @@ _PUBLIC_ NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_secu
_PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_security)
{
/* We allow the target hostname to be overriden for testing purposes */
- const char *target_hostname = lp_parm_string(global_loadparm, NULL, "gensec", "target_hostname");
+ const char *target_hostname = lp_parm_string(gensec_security->lp_ctx, NULL, "gensec", "target_hostname");
if (target_hostname) {
return target_hostname;
}
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 6b787d25aa..dbedcf091a 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -75,15 +75,12 @@ struct gensec_update_request {
} callback;
};
-struct loadparm_context;
-
struct gensec_security_ops {
const char *name;
const char *sasl_name;
uint8_t auth_type; /* 0 if not offered on DCE-RPC */
const char **oid; /* NULL if not offered by SPNEGO */
- NTSTATUS (*client_start)(struct gensec_security *gensec_security,
- struct loadparm_context *lp_ctx);
+ NTSTATUS (*client_start)(struct gensec_security *gensec_security);
NTSTATUS (*server_start)(struct gensec_security *gensec_security);
/**
Determine if a packet has the right 'magic' for this mechanism
@@ -150,6 +147,7 @@ struct gensec_security_ops_wrapper {
struct gensec_security {
const struct gensec_security_ops *ops;
+ struct loadparm_context *lp_ctx;
void *private_data;
struct cli_credentials *credentials;
struct gensec_target target;
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 1d8d5f057a..c91da6d1a0 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -142,8 +142,7 @@ static int gensec_gssapi_destructor(struct gensec_gssapi_state *gensec_gssapi_st
return 0;
}
-static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security,
- struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
{
struct gensec_gssapi_state *gensec_gssapi_state;
krb5_error_code ret;
@@ -156,7 +155,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security,
gensec_gssapi_state->gss_exchange_count = 0;
gensec_gssapi_state->max_wrap_buf_size
- = lp_parm_int(lp_ctx, NULL, "gensec_gssapi", "max wrap buf size", 65536);
+ = lp_parm_int(gensec_security->lp_ctx, NULL, "gensec_gssapi", "max wrap buf size", 65536);
gensec_gssapi_state->sasl = false;
gensec_gssapi_state->sasl_state = STAGE_GSS_NEG;
@@ -171,16 +170,16 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security,
gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
gensec_gssapi_state->want_flags = 0;
- if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "mutual", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "mutual", true)) {
gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG;
}
- if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "delegation", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "delegation", true)) {
gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG;
}
- if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "replay", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "replay", true)) {
gensec_gssapi_state->want_flags |= GSS_C_REPLAY_FLAG;
}
- if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "sequence", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "sequence", true)) {
gensec_gssapi_state->want_flags |= GSS_C_SEQUENCE_FLAG;
}
@@ -214,10 +213,10 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security,
talloc_free(gensec_gssapi_state);
return NT_STATUS_INTERNAL_ERROR;
}
- if (lp_realm(lp_ctx) && *lp_realm(lp_ctx)) {
- char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(lp_ctx));
+ if (lp_realm(gensec_security->lp_ctx) && *lp_realm(gensec_security->lp_ctx)) {
+ char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(gensec_security->lp_ctx));
if (!upper_realm) {
- DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(lp_ctx)));
+ DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(gensec_security->lp_ctx)));
talloc_free(gensec_gssapi_state);
return NT_STATUS_NO_MEMORY;
}
@@ -231,7 +230,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security,
}
/* don't do DNS lookups of any kind, it might/will fail for a netbios name */
- ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
+ ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(gensec_security->lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
if (ret) {
DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n"));
talloc_free(gensec_gssapi_state);
@@ -240,7 +239,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security,
ret = smb_krb5_init_context(gensec_gssapi_state,
gensec_security->event_ctx,
- lp_ctx,
+ gensec_security->lp_ctx,
&gensec_gssapi_state->smb_krb5_context);
if (ret) {
DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n",
@@ -259,7 +258,7 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi
struct cli_credentials *machine_account;
struct gssapi_creds_container *gcc;
- nt_status = gensec_gssapi_start(gensec_security, global_loadparm);
+ nt_status = gensec_gssapi_start(gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
@@ -298,7 +297,7 @@ static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_s
return nt_status;
}
-static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_security)
{
struct gensec_gssapi_state *gensec_gssapi_state;
struct cli_credentials *creds = gensec_get_credentials(gensec_security);
@@ -324,7 +323,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
return NT_STATUS_INVALID_PARAMETER;
}
- nt_status = gensec_gssapi_start(gensec_security, lp_ctx);
+ nt_status = gensec_gssapi_start(gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
@@ -334,7 +333,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
gensec_gssapi_state->gss_oid = gss_mech_krb5;
principal = gensec_get_target_principal(gensec_security);
- if (principal && lp_client_use_spnego_principal(lp_ctx)) {
+ if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) {
name_type = GSS_C_NULL_OID;
} else {
principal = talloc_asprintf(gensec_gssapi_state, "%s@%s",
@@ -380,11 +379,11 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
return NT_STATUS_OK;
}
-static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_security)
{
NTSTATUS nt_status;
struct gensec_gssapi_state *gensec_gssapi_state;
- nt_status = gensec_gssapi_client_start(gensec_security, lp_ctx);
+ nt_status = gensec_gssapi_client_start(gensec_security);
if (NT_STATUS_IS_OK(nt_status)) {
gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
@@ -1319,10 +1318,10 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
talloc_free(mem_ctx);
return nt_status;
}
- } else if (!lp_parm_bool(global_loadparm, NULL, "gensec", "require_pac", false)) {
+ } else if (!lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
- nt_status = sam_get_server_info_principal(mem_ctx, global_loadparm, principal_string,
+ nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string,
&server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -1361,7 +1360,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
}
cli_credentials_set_event_context(session_info->credentials, gensec_security->event_ctx);
- cli_credentials_set_conf(session_info->credentials, global_loadparm);
+ cli_credentials_set_conf(session_info->credentials, gensec_security->lp_ctx);
/* Just so we don't segfault trying to get at a username */
cli_credentials_set_anonymous(session_info->credentials);
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 296f587827..26cc66a213 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -116,7 +116,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy);
- if (cli_credentials_get_krb5_context(creds, global_loadparm, &gensec_krb5_state->smb_krb5_context)) {
+ if (cli_credentials_get_krb5_context(creds, gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
talloc_free(gensec_krb5_state);
return NT_STATUS_INTERNAL_ERROR;
}
@@ -210,7 +210,7 @@ static NTSTATUS gensec_fake_gssapi_krb5_server_start(struct gensec_security *gen
return nt_status;
}
-static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security)
{
struct gensec_krb5_state *gensec_krb5_state;
krb5_error_code ret;
@@ -261,7 +261,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
}
in_data.length = 0;
- if (principal && lp_client_use_spnego_principal(global_loadparm)) {
+ if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) {
krb5_principal target_principal;
ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal,
&target_principal);
@@ -322,9 +322,9 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
}
}
-static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gensec_security)
{
- NTSTATUS nt_status = gensec_krb5_client_start(gensec_security, lp_ctx);
+ NTSTATUS nt_status = gensec_krb5_client_start(gensec_security);
if (NT_STATUS_IS_OK(nt_status)) {
struct gensec_krb5_state *gensec_krb5_state;
@@ -582,7 +582,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
KRB5_AUTHDATA_WIN2K_PAC,
&pac_data);
- if (ret && lp_parm_bool(global_loadparm, NULL, "gensec", "require_pac", false)) {
+ if (ret && lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access: %s \n",
principal_string,
smb_get_krb5_error_message(context,
@@ -595,7 +595,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n",
smb_get_krb5_error_message(context,
ret, mem_ctx)));
- nt_status = sam_get_server_info_principal(mem_ctx, global_loadparm, principal_string,
+ nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string,
&server_info);
krb5_free_principal(context, client_principal);
free(principal_string);
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 7da96560a1..b14e741311 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -120,7 +120,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
}
/* pull the session key for this client */
- status = schannel_fetch_session_key(out_mem_ctx, global_loadparm, workstation,
+ status = schannel_fetch_session_key(out_mem_ctx, gensec_security->lp_ctx, workstation,
domain, &creds);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
@@ -183,7 +183,7 @@ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security,
struct auth_session_info **_session_info)
{
struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
- return auth_anonymous_session_info(state, global_loadparm, _session_info);
+ return auth_anonymous_session_info(state, gensec_security->lp_ctx, _session_info);
}
static NTSTATUS schannel_start(struct gensec_security *gensec_security)
@@ -218,8 +218,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
return NT_STATUS_OK;
}
-static NTSTATUS schannel_client_start(struct gensec_security *gensec_security,
- struct loadparm_context *lp_ctx)
+static NTSTATUS schannel_client_start(struct gensec_security *gensec_security)
{
NTSTATUS status;
struct schannel_state *state;
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index 4a7c2e1d49..15dabb8033 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -47,7 +47,7 @@ struct spnego_state {
};
-static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_security)
{
struct spnego_state *spnego_state;