diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2008-04-08 03:45:06 +0200 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2008-04-08 03:45:06 +0200 |
| commit | b5d84a74d146cfe0d2e0c336a88bd269ad61cded (patch) | |
| tree | 8acad6b634cfe312144f92f8a0fb6ab44b47cd19 /source4/auth | |
| parent | 237f1cca028881a57f961884f427673907c1535a (diff) | |
| parent | 1f474f4a545752f7ac0ad402d01d1e768b973dbe (diff) | |
| download | samba-b5d84a74d146cfe0d2e0c336a88bd269ad61cded.tar.gz samba-b5d84a74d146cfe0d2e0c336a88bd269ad61cded.tar.bz2 samba-b5d84a74d146cfe0d2e0c336a88bd269ad61cded.zip | |
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3
Conflicts:
source/auth/credentials/config.mk
source/auth/gensec/config.mk
source/build/smb_build/makefile.pm
source/heimdal_build/config.mk
source/lib/events/config.mk
source/lib/nss_wrapper/config.mk
source/lib/policy/config.mk
source/lib/registry/config.mk
source/lib/socket_wrapper/config.mk
source/lib/tdb/config.mk
source/lib/tls/config.mk
source/lib/util/config.mk
source/libcli/config.mk
source/libcli/ldap/config.mk
source/libnet/config.mk
source/librpc/config.mk
source/param/config.mk
source/rpc_server/config.mk
source/scripting/ejs/config.mk
source/smbd/process_model.mk
(This used to be commit 760378e0294dd0cd4523a83448328478632d7e3d)
Diffstat (limited to 'source4/auth')
37 files changed, 523 insertions, 121 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c index f5149286b9..c4cb42779b 100644 --- a/source4/auth/auth.c +++ b/source4/auth/auth.c @@ -21,13 +21,14 @@ #include "includes.h" #include "lib/util/dlinklist.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "lib/events/events.h" #include "param/param.h" /*************************************************************************** Set a fixed challenge ***************************************************************************/ -NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by) +_PUBLIC_ NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by) { auth_ctx->challenge.set_by = talloc_strdup(auth_ctx, set_by); NT_STATUS_HAVE_NO_MEMORY(auth_ctx->challenge.set_by); @@ -145,7 +146,7 @@ static void auth_check_password_sync_callback(struct auth_check_password_request * **/ -NTSTATUS auth_check_password(struct auth_context *auth_ctx, +_PUBLIC_ NTSTATUS auth_check_password(struct auth_context *auth_ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) @@ -217,7 +218,7 @@ static void auth_check_password_async_timed_handler(struct event_context *ev, st * **/ -void auth_check_password_send(struct auth_context *auth_ctx, +_PUBLIC_ void auth_check_password_send(struct auth_context *auth_ctx, const struct auth_usersupplied_info *user_info, void (*callback)(struct auth_check_password_request *req, void *private_data), void *private_data) @@ -319,7 +320,7 @@ failed: * **/ -NTSTATUS auth_check_password_recv(struct auth_check_password_request *req, +_PUBLIC_ NTSTATUS auth_check_password_recv(struct auth_check_password_request *req, TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **server_info) { @@ -349,7 +350,7 @@ NTSTATUS auth_check_password_recv(struct auth_check_password_request *req, Make a auth_info struct for the auth subsystem - Allow the caller to specify the methods to use ***************************************************************************/ -NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, +_PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, struct event_context *ev, struct messaging_context *msg, struct loadparm_context *lp_ctx, @@ -412,7 +413,7 @@ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, Make a auth_info struct for the auth subsystem - Uses default auth_methods, depending on server role and smb.conf settings ***************************************************************************/ -NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, struct event_context *ev, struct messaging_context *msg, struct loadparm_context *lp_ctx, @@ -446,7 +447,7 @@ static int num_backends; The 'name' can be later used by other backends to find the operations structure for this backend. */ -NTSTATUS auth_register(const struct auth_operations *ops) +_PUBLIC_ NTSTATUS auth_register(const struct auth_operations *ops) { struct auth_operations *new_ops; @@ -511,7 +512,7 @@ const struct auth_critical_sizes *auth_interface_version(void) return &critical_sizes; } -NTSTATUS auth_init(void) +_PUBLIC_ NTSTATUS auth_init(void) { static bool initialized = false; extern NTSTATUS auth_developer_init(void); diff --git a/source4/auth/auth.h b/source4/auth/auth.h index ff7132c3ff..da8aac48ef 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -190,6 +190,63 @@ struct auth_critical_sizes { #include "auth/session.h" #include "auth/system_session_proto.h" -#include "auth/auth_proto.h" + +struct ldb_message; +struct ldb_context; +NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, const uint8_t **_chal); +NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, + struct ldb_context *sam_ctx, + uint32_t logon_parameters, + struct ldb_message *msg, + struct ldb_message *msg_domain_ref, + const char *logon_workstation, + const char *name_for_logs); +struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); +NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, + const char *netbios_name, + struct ldb_message *msg, + struct ldb_message *msg_domain_ref, + DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key, + struct auth_serversupplied_info **_server_info); +NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, + struct loadparm_context *lp_ctx, + struct auth_session_info **_session_info) ; +NTSTATUS auth_nt_status_squash(NTSTATUS nt_status); + +NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, + struct event_context *ev, + struct messaging_context *msg, + struct loadparm_context *lp_ctx, + struct auth_context **auth_ctx); + +NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct messaging_context *msg, + struct loadparm_context *lp_ctx, + struct auth_context **auth_ctx); + +NTSTATUS auth_check_password(struct auth_context *auth_ctx, + TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info); +NTSTATUS auth_init(void); +NTSTATUS auth_register(const struct auth_operations *ops); +NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct messaging_context *msg, + struct loadparm_context *lp_ctx, + const char *nt4_domain, + const char *nt4_username, + const char *password, + struct auth_session_info **session_info); +NTSTATUS auth_check_password_recv(struct auth_check_password_request *req, + TALLOC_CTX *mem_ctx, + struct auth_serversupplied_info **server_info); + +void auth_check_password_send(struct auth_context *auth_ctx, + const struct auth_usersupplied_info *user_info, + void (*callback)(struct auth_check_password_request *req, void *private_data), + void *private_data); +NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by); #endif /* _SMBAUTH_H_ */ diff --git a/source4/auth/auth_anonymous.c b/source4/auth/auth_anonymous.c index 38c13d4b65..b93c7c2008 100644 --- a/source4/auth/auth_anonymous.c +++ b/source4/auth/auth_anonymous.c @@ -21,6 +21,7 @@ #include "includes.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "param/param.h" /** diff --git a/source4/auth/auth_developer.c b/source4/auth/auth_developer.c index 0da947b68d..a2c9cbc828 100644 --- a/source4/auth/auth_developer.c +++ b/source4/auth/auth_developer.c @@ -21,6 +21,7 @@ #include "includes.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "libcli/security/security.h" #include "librpc/gen_ndr/ndr_samr.h" diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index 4cb8d2b304..4b467cee75 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -25,6 +25,7 @@ #include "lib/ldb/include/ldb.h" #include "util/util_ldb.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "auth/auth_sam.h" #include "dsdb/samdb/samdb.h" #include "libcli/security/security.h" diff --git a/source4/auth/auth_simple.c b/source4/auth/auth_simple.c index 3c7bf5433a..50be02a353 100644 --- a/source4/auth/auth_simple.c +++ b/source4/auth/auth_simple.c @@ -25,6 +25,7 @@ #include "auth/auth.h" #include "lib/events/events.h" #include "param/param.h" +#include "auth/session_proto.h" /* It's allowed to pass NULL as session_info, diff --git a/source4/auth/auth_unix.c b/source4/auth/auth_unix.c index 20e198701d..a417107025 100644 --- a/source4/auth/auth_unix.c +++ b/source4/auth/auth_unix.c @@ -21,6 +21,7 @@ #include "includes.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "system/passwd.h" /* needed by some systems for struct passwd */ #include "lib/socket/socket.h" #include "auth/pam_errors.h" diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index 5d2bc6bac0..1d86b858cf 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -246,7 +246,7 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex * @param nt_status NTSTATUS input for squashing. * @return the 'squashed' nt_status **/ -NTSTATUS auth_nt_status_squash(NTSTATUS nt_status) +_PUBLIC_ NTSTATUS auth_nt_status_squash(NTSTATUS nt_status) { if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) { /* Match WinXP and don't give the game away */ diff --git a/source4/auth/auth_winbind.c b/source4/auth/auth_winbind.c index 2f8074d3cb..149f549afa 100644 --- a/source4/auth/auth_winbind.c +++ b/source4/auth/auth_winbind.c @@ -23,6 +23,8 @@ #include "includes.h" #include "auth/auth.h" +#include "auth/auth_proto.h" +#include "auth/session_proto.h" #include "nsswitch/winbind_client.h" #include "librpc/gen_ndr/ndr_netlogon.h" #include "librpc/gen_ndr/ndr_winbind.h" diff --git a/source4/auth/config.mk b/source4/auth/config.mk index b82a1af8fa..14f5da0eb7 100644 --- a/source4/auth/config.mk +++ b/source4/auth/config.mk @@ -8,7 +8,7 @@ mkinclude credentials/config.mk PRIVATE_PROTO_HEADER = session_proto.h PUBLIC_DEPENDENCIES = CREDENTIALS -PUBLIC_HEADERS += auth/session.h +# PUBLIC_HEADERS += auth/session.h auth_session_OBJ_FILES = $(addprefix auth/, session.o) @@ -95,7 +95,7 @@ PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS service_auth_OBJ_FILES = $(addprefix auth/, auth.o auth_util.o auth_simple.o) -PUBLIC_HEADERS += auth/auth.h +# PUBLIC_HEADERS += auth/auth.h [PYTHON::swig_auth] PUBLIC_DEPENDENCIES = auth_system_session diff --git a/source4/auth/credentials/config.mk b/source4/auth/credentials/config.mk index d8c02ebea8..6f3ec3997c 100644 --- a/source4/auth/credentials/config.mk +++ b/source4/auth/credentials/config.mk @@ -9,7 +9,7 @@ PRIVATE_DEPENDENCIES = \ CREDENTIALS_OBJ_FILES = $(addprefix auth/credentials/, credentials.o credentials_files.o credentials_ntlm.o credentials_krb5.o ../kerberos/kerberos_util.o) -PUBLIC_HEADERS += $(addprefix auth/credentials/, credentials.h credentials_krb5.h) +PUBLIC_HEADERS += auth/credentials/credentials.h [PYTHON::swig_credentials] PUBLIC_DEPENDENCIES = CREDENTIALS LIBCMDLINE_CREDENTIALS diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c index 6d5c1210c9..89dddc9e05 100644 --- a/source4/auth/credentials/credentials.c +++ b/source4/auth/credentials/credentials.c @@ -33,7 +33,7 @@ * Create a new credentials structure * @param mem_ctx TALLOC_CTX parent for credentials structure */ -struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) +_PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) { struct cli_credentials *cred = talloc(mem_ctx, struct cli_credentials); if (!cred) { @@ -77,7 +77,7 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) * Create a new anonymous credential * @param mem_ctx TALLOC_CTX parent for credentials structure */ -struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx) +_PUBLIC_ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx) { struct cli_credentials *anon_credentials; @@ -87,23 +87,23 @@ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx) return anon_credentials; } -void cli_credentials_set_kerberos_state(struct cli_credentials *creds, +_PUBLIC_ void cli_credentials_set_kerberos_state(struct cli_credentials *creds, enum credentials_use_kerberos use_kerberos) { creds->use_kerberos = use_kerberos; } -enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds) +_PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds) { return creds->use_kerberos; } -void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features) +_PUBLIC_ void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features) { creds->gensec_features = gensec_features; } -uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds) +_PUBLIC_ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds) { return creds->gensec_features; } @@ -115,7 +115,7 @@ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds) * @retval The username set on this context. * @note Return value will never be NULL except by programmer error. */ -const char *cli_credentials_get_username(struct cli_credentials *cred) +_PUBLIC_ const char *cli_credentials_get_username(struct cli_credentials *cred) { if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, @@ -134,7 +134,7 @@ const char *cli_credentials_get_username(struct cli_credentials *cred) return cred->username; } -bool cli_credentials_set_username(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_username(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { if (obtained >= cred->username_obtained) { @@ -159,7 +159,7 @@ bool cli_credentials_set_username_callback(struct cli_credentials *cred, return false; } -bool cli_credentials_set_bind_dn(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_bind_dn(struct cli_credentials *cred, const char *bind_dn) { cred->bind_dn = talloc_strdup(cred, bind_dn); @@ -172,7 +172,7 @@ bool cli_credentials_set_bind_dn(struct cli_credentials *cred, * @retval The username set on this context. * @note Return value will be NULL if not specified explictly */ -const char *cli_credentials_get_bind_dn(struct cli_credentials *cred) +_PUBLIC_ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred) { return cred->bind_dn; } @@ -184,7 +184,7 @@ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred) * @retval The username set on this context. * @note Return value will never be NULL except by programmer error. */ -const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx) +_PUBLIC_ const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx) { if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, @@ -246,7 +246,7 @@ bool cli_credentials_set_principal_callback(struct cli_credentials *cred, * function to determine if authentication has been explicitly * requested */ -bool cli_credentials_authentication_requested(struct cli_credentials *cred) +_PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *cred) { if (cred->bind_dn) { return true; @@ -275,7 +275,7 @@ bool cli_credentials_authentication_requested(struct cli_credentials *cred) * @param cred credentials context * @retval If set, the cleartext password, otherwise NULL */ -const char *cli_credentials_get_password(struct cli_credentials *cred) +_PUBLIC_ const char *cli_credentials_get_password(struct cli_credentials *cred) { if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, @@ -297,7 +297,7 @@ const char *cli_credentials_get_password(struct cli_credentials *cred) /* Set a password on the credentials context, including an indication * of 'how' the password was obtained */ -bool cli_credentials_set_password(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { @@ -313,7 +313,7 @@ bool cli_credentials_set_password(struct cli_credentials *cred, return false; } -bool cli_credentials_set_password_callback(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_password_callback(struct cli_credentials *cred, const char *(*password_cb) (struct cli_credentials *)) { if (cred->password_obtained < CRED_CALLBACK) { @@ -358,7 +358,7 @@ bool cli_credentials_set_old_password(struct cli_credentials *cred, * @param cred credentials context * @retval If set, the cleartext password, otherwise NULL */ -const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, +_PUBLIC_ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, TALLOC_CTX *mem_ctx) { const char *password = cli_credentials_get_password(cred); @@ -377,7 +377,7 @@ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials * } } -bool cli_credentials_set_nt_hash(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred, const struct samr_Password *nt_hash, enum credentials_obtained obtained) { @@ -401,7 +401,7 @@ bool cli_credentials_set_nt_hash(struct cli_credentials *cred, * @retval The domain set on this context. * @note Return value will never be NULL except by programmer error. */ -const char *cli_credentials_get_domain(struct cli_credentials *cred) +_PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred) { if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, @@ -421,7 +421,7 @@ const char *cli_credentials_get_domain(struct cli_credentials *cred) } -bool cli_credentials_set_domain(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { @@ -456,7 +456,7 @@ bool cli_credentials_set_domain_callback(struct cli_credentials *cred, * @retval The realm set on this context. * @note Return value will never be NULL except by programmer error. */ -const char *cli_credentials_get_realm(struct cli_credentials *cred) +_PUBLIC_ const char *cli_credentials_get_realm(struct cli_credentials *cred) { if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred, @@ -479,7 +479,7 @@ const char *cli_credentials_get_realm(struct cli_credentials *cred) * Set the realm for this credentials context, and force it to * uppercase for the sainity of our local kerberos libraries */ -bool cli_credentials_set_realm(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_realm(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { @@ -512,7 +512,7 @@ bool cli_credentials_set_realm_callback(struct cli_credentials *cred, * @retval The workstation name set on this context. * @note Return value will never be NULL except by programmer error. */ -const char *cli_credentials_get_workstation(struct cli_credentials *cred) +_PUBLIC_ const char *cli_credentials_get_workstation(struct cli_credentials *cred) { if (cred->workstation_obtained == CRED_CALLBACK && !cred->callback_running) { @@ -525,7 +525,7 @@ const char *cli_credentials_get_workstation(struct cli_credentials *cred) return cred->workstation; } -bool cli_credentials_set_workstation(struct cli_credentials *cred, +_PUBLIC_ bool cli_credentials_set_workstation(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { @@ -560,7 +560,7 @@ bool cli_credentials_set_workstation_callback(struct cli_credentials *cred, * @param obtained This enum describes how 'specified' this password is */ -void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained) +_PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained) { char *uname, *p; @@ -597,7 +597,7 @@ void cli_credentials_parse_string(struct cli_credentials *credentials, const cha * @param mem_ctx The memory context to place the result on */ -const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx) +_PUBLIC_ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx) { const char *bind_dn = cli_credentials_get_bind_dn(credentials); const char *domain; @@ -625,7 +625,7 @@ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credential * * @param cred Credentials structure to fill in */ -void cli_credentials_set_conf(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred, struct loadparm_context *lp_ctx) { cli_credentials_set_username(cred, "", CRED_UNINITIALISED); @@ -640,7 +640,7 @@ void cli_credentials_set_conf(struct cli_credentials *cred, * * @param cred Credentials structure to fill in */ -void cli_credentials_guess(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred, struct loadparm_context *lp_ctx) { char *p; @@ -683,7 +683,7 @@ void cli_credentials_guess(struct cli_credentials *cred, * Attach NETLOGON credentials for use with SCHANNEL */ -void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, struct creds_CredentialState *netlogon_creds) { cred->netlogon_creds = talloc_reference(cred, netlogon_creds); @@ -702,7 +702,7 @@ struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_cred * Set NETLOGON secure channel type */ -void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, enum netr_SchannelType secure_channel_type) { cred->secure_channel_type = secure_channel_type; @@ -712,7 +712,7 @@ void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, * Return NETLOGON secure chanel type */ -enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred) +_PUBLIC_ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred) { return cred->secure_channel_type; } @@ -720,7 +720,7 @@ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_creden /** * Fill in a credentials structure as the anonymous user */ -void cli_credentials_set_anonymous(struct cli_credentials *cred) +_PUBLIC_ void cli_credentials_set_anonymous(struct cli_credentials *cred) { cli_credentials_set_username(cred, "", CRED_SPECIFIED); cli_credentials_set_domain(cred, "", CRED_SPECIFIED); @@ -734,7 +734,7 @@ void cli_credentials_set_anonymous(struct cli_credentials *cred) * @retval true if anonymous, false if a username is specified */ -bool cli_credentials_is_anonymous(struct cli_credentials *cred) +_PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred) { const char *username; @@ -763,7 +763,7 @@ bool cli_credentials_is_anonymous(struct cli_credentials *cred) * * @retval whether the credentials struct is finished */ -bool cli_credentials_wrong_password(struct cli_credentials *cred) +_PUBLIC_ bool cli_credentials_wrong_password(struct cli_credentials *cred) { if (cred->password_obtained != CRED_CALLBACK_RESULT) { return false; @@ -779,7 +779,7 @@ bool cli_credentials_wrong_password(struct cli_credentials *cred) /* set the common event context for this set of credentials */ -void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev) +_PUBLIC_ void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev) { cred->ev = ev; } @@ -787,7 +787,7 @@ void cli_credentials_set_event_context(struct cli_credentials *cred, struct even /* set the common event context for this set of credentials */ -struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred) +_PUBLIC_ struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred) { if (cred->ev == NULL) { cred->ev = event_context_find(cred); diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index 1b205c61ce..afcb300638 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -132,6 +132,117 @@ struct ccache_container; struct gssapi_creds_container; -#include "auth/credentials/credentials_proto.h" +const char *cli_credentials_get_workstation(struct cli_credentials *cred); +bool cli_credentials_set_workstation(struct cli_credentials *cred, + const char *val, + enum credentials_obtained obtained); +bool cli_credentials_is_anonymous(struct cli_credentials *cred); +struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx); +void cli_credentials_set_anonymous(struct cli_credentials *cred); +bool cli_credentials_wrong_password(struct cli_credentials *cred); +const char *cli_credentials_get_password(struct cli_credentials *cred); +void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, + const char **username, + const char **domain); +NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, + int *flags, + DATA_BLOB challenge, DATA_BLOB target_info, + DATA_BLOB *_lm_response, DATA_BLOB *_nt_response, + DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key); +const char *cli_credentials_get_realm(struct cli_credentials *cred); +const char *cli_credentials_get_username(struct cli_credentials *cred); +int cli_credentials_get_krb5_context(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct smb_krb5_context **smb_krb5_context); +int cli_credentials_get_ccache(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct ccache_container **ccc); +int cli_credentials_get_keytab(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct keytab_container **_ktc); +const char *cli_credentials_get_domain(struct cli_credentials *cred); +struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred); +void cli_credentials_set_machine_account_pending(struct cli_credentials *cred, + struct loadparm_context *lp_ctx); +void cli_credentials_set_conf(struct cli_credentials *cred, + struct loadparm_context *lp_ctx); +const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx); +int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct gssapi_creds_container **_gcc); +int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct gssapi_creds_container **_gcc); +void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev); +void cli_credentials_set_kerberos_state(struct cli_credentials *creds, + enum credentials_use_kerberos use_kerberos); +struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred); +bool cli_credentials_set_domain(struct cli_credentials *cred, + const char *val, + enum credentials_obtained obtained); +bool cli_credentials_set_username(struct cli_credentials *cred, + const char *val, enum credentials_obtained obtained); +bool cli_credentials_set_password(struct cli_credentials *cred, + const char *val, + enum credentials_obtained obtained); +struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx); +void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained); +const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, + TALLOC_CTX *mem_ctx); +bool cli_credentials_set_realm(struct cli_credentials *cred, + const char *val, + enum credentials_obtained obtained); +void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, + enum netr_SchannelType secure_channel_type); +void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, + struct creds_CredentialState *netlogon_creds); +NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, + struct smb_krb5_context *smb_krb5_context); +NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + const char *serviceprincipal); +NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred, + struct loadparm_context *lp_ctx); +bool cli_credentials_authentication_requested(struct cli_credentials *cred); +void cli_credentials_guess(struct cli_credentials *cred, + struct loadparm_context *lp_ctx); +bool cli_credentials_set_bind_dn(struct cli_credentials *cred, + const char *bind_dn); +const char *cli_credentials_get_bind_dn(struct cli_credentials *cred); +bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained); +const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx); +bool cli_credentials_set_password_callback(struct cli_credentials *cred, + const char *(*password_cb) (struct cli_credentials *)); +enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred); +void cli_credentials_set_kvno(struct cli_credentials *cred, + int kvno); +bool cli_credentials_set_nt_hash(struct cli_credentials *cred, + const struct samr_Password *nt_hash, + enum credentials_obtained obtained); +int cli_credentials_set_keytab_name(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + const char *keytab_name, + enum credentials_obtained obtained); +int cli_credentials_update_keytab(struct cli_credentials *cred, + struct loadparm_context *lp_ctx); +void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features); +uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds); +int cli_credentials_set_ccache(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + const char *name, + enum credentials_obtained obtained); +bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained); +bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, + int fd, enum credentials_obtained obtained); +void cli_credentials_invalidate_ccache(struct cli_credentials *cred, + enum credentials_obtained obtained); +void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal); +enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds); +NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct ldb_context *ldb, + const char *base, + const char *filter); + int cli_credentials_get_kvno(struct cli_credentials *cred); #endif /* __CREDENTIALS_H__ */ diff --git a/source4/auth/credentials/credentials.i b/source4/auth/credentials/credentials.i index 41ec67580e..0a604cf002 100644 --- a/source4/auth/credentials/credentials.i +++ b/source4/auth/credentials/credentials.i @@ -39,6 +39,10 @@ typedef struct cli_credentials cli_credentials; $1 = NULL; } +%constant int AUTO_USE_KERBEROS = CRED_AUTO_USE_KERBEROS; +%constant int DONT_USE_KERBEROS = CRED_DONT_USE_KERBEROS; +%constant int MUST_USE_KERBEROS = CRED_MUST_USE_KERBEROS; + %{ #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */ %} @@ -52,7 +56,7 @@ typedef struct cli_credentials cli_credentials; typedef struct cli_credentials { %extend { cli_credentials(void) { - return cli_credentials_init_anon(NULL); + return cli_credentials_init(NULL); } /* username */ const char *get_username(void); @@ -74,13 +78,18 @@ typedef struct cli_credentials { bool set_realm(const char *val, enum credentials_obtained=CRED_SPECIFIED); + /* Kerberos */ + void set_kerberos_state(enum credentials_use_kerberos use_kerberos); + void parse_string(const char *text, - enum credentials_obtained=CRED_SPECIFIED); + enum credentials_obtained=CRED_SPECIFIED); /* bind dn */ const char *get_bind_dn(void); bool set_bind_dn(const char *bind_dn); + void set_anonymous(); + /* workstation name */ const char *get_workstation(void); bool set_workstation(const char *workstation, diff --git a/source4/auth/credentials/credentials.py b/source4/auth/credentials/credentials.py index 14526af910..2b40fbeead 100644 --- a/source4/auth/credentials/credentials.py +++ b/source4/auth/credentials/credentials.py @@ -58,6 +58,9 @@ def _swig_setattr_nondynamic_method(set): import param +AUTO_USE_KERBEROS = _credentials.AUTO_USE_KERBEROS +DONT_USE_KERBEROS = _credentials.DONT_USE_KERBEROS +MUST_USE_KERBEROS = _credentials.MUST_USE_KERBEROS class Credentials(object): thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag') __repr__ = _swig_repr @@ -72,9 +75,11 @@ Credentials.get_domain = new_instancemethod(_credentials.Credentials_get_domain, Credentials.set_domain = new_instancemethod(_credentials.Credentials_set_domain,None,Credentials) Credentials.get_realm = new_instancemethod(_credentials.Credentials_get_realm,None,Credentials) Credentials.set_realm = new_instancemethod(_credentials.Credentials_set_realm,None,Credentials) +Credentials.set_kerberos_state = new_instancemethod(_credentials.Credentials_set_kerberos_state,None,Credentials) Credentials.parse_string = new_instancemethod(_credentials.Credentials_parse_string,None,Credentials) Credentials.get_bind_dn = new_instancemethod(_credentials.Credentials_get_bind_dn,None,Credentials) Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_dn,None,Credentials) +Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials) Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials) Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials) Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials) diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index c1001c9622..8bcbc65575 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -39,7 +39,7 @@ * @param obtained This enum describes how 'specified' this password is */ -bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, +_PUBLIC_ bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, int fd, enum credentials_obtained obtained) { char *p; @@ -83,7 +83,7 @@ bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, * @param obtained This enum describes how 'specified' this password is */ -bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained) +_PUBLIC_ bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained) { int fd = open(file, O_RDONLY, 0); bool ret; @@ -109,7 +109,7 @@ bool cli_credentials_parse_password_file(struct cli_credentials *credentials, co * @param obtained This enum describes how 'specified' this password is */ -bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained) +_PUBLIC_ bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained) { uint16_t len = 0; char *ptr, *val, *param; @@ -168,7 +168,7 @@ bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, * @param cred Credentials structure to fill in * @retval NTSTATUS error detailing any failure */ -NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, +_PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct ldb_context *ldb, const char *base, @@ -326,7 +326,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, * @param cred Credentials structure to fill in * @retval NTSTATUS error detailing any failure */ -NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred, +_PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred, struct loadparm_context *lp_ctx) { char *filter; @@ -369,7 +369,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred, * @param cred Credentials structure to fill in * @retval NTSTATUS error detailing any failure */ -NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, +_PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, struct loadparm_context *lp_ctx, const char *serviceprincipal) { @@ -395,7 +395,7 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, * than during, popt processing. * */ -void cli_credentials_set_machine_account_pending(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_set_machine_account_pending(struct cli_credentials *cred, struct loadparm_context *lp_ctx) { cred->machine_account_pending = true; diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index 52bf9f124f..cd9285b09d 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -25,10 +25,11 @@ #include "system/kerberos.h" #include "auth/kerberos/kerberos.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_proto.h" #include "auth/credentials/credentials_krb5.h" #include "param/param.h" -int cli_credentials_get_krb5_context(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct smb_krb5_context **smb_krb5_context) { @@ -52,7 +53,7 @@ int cli_credentials_get_krb5_context(struct cli_credentials *cred, * otherwise we might have problems with the krb5 context already * being here. */ -NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, +_PUBLIC_ NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, struct smb_krb5_context *smb_krb5_context) { if (!talloc_reference(cred, smb_krb5_context)) { @@ -126,7 +127,7 @@ static int free_dccache(struct ccache_container *ccc) { return 0; } -int cli_credentials_set_ccache(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred, struct loadparm_context *lp_ctx, const char *name, enum credentials_obtained obtained) @@ -251,7 +252,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred, return ret; } -int cli_credentials_get_ccache(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_get_ccache(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct ccache_container **ccc) { @@ -315,7 +316,7 @@ void cli_credentials_invalidate_client_gss_creds(struct cli_credentials *cred, } } -void cli_credentials_invalidate_ccache(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_invalidate_ccache(struct cli_credentials *cred, enum credentials_obtained obtained) { /* If the caller just changed the username/password etc, then @@ -346,7 +347,7 @@ static int free_gssapi_creds(struct gssapi_creds_container *gcc) return 0; } -int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc) { @@ -454,7 +455,7 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, * attached to this context. If this hasn't been done or set before, * it will be generated from the password. */ -int cli_credentials_get_keytab(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct keytab_container **_ktc) { @@ -508,7 +509,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred, /* Given the name of a keytab (presumably in the format * FILE:/etc/krb5.keytab), open it and attach it */ -int cli_credentials_set_keytab_name(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred, struct loadparm_context *lp_ctx, const char *keytab_name, enum credentials_obtained obtained) @@ -547,7 +548,7 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred, return ret; } -int cli_credentials_update_keytab(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred, struct loadparm_context *lp_ctx) { krb5_error_code ret; @@ -583,7 +584,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred, /* Get server gss credentials (in gsskrb5, this means the keytab) */ -int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, +_PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc) { @@ -657,7 +658,7 @@ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, * Set Kerberos KVNO */ -void cli_credentials_set_kvno(struct cli_credentials *cred, +_PUBLIC_ void cli_credentials_set_kvno(struct cli_credentials *cred, int kvno) { cred->kvno = kvno; @@ -667,7 +668,7 @@ void cli_credentials_set_kvno(struct cli_credentials *cred, * Return Kerberos KVNO */ -int cli_credentials_get_kvno(struct cli_credentials *cred) +_PUBLIC_ int cli_credentials_get_kvno(struct cli_credentials *cred) { return cred->kvno; } @@ -693,7 +694,7 @@ const char *cli_credentials_get_salt_principal(struct cli_credentials *cred) return cred->salt_principal; } -void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal) +_PUBLIC_ void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal) { cred->salt_principal = talloc_strdup(cred, principal); } diff --git a/source4/auth/credentials/credentials_ntlm.c b/source4/auth/credentials/credentials_ntlm.c index 04f1d312e6..b88f2018df 100644 --- a/source4/auth/credentials/credentials_ntlm.c +++ b/source4/auth/credentials/credentials_ntlm.c @@ -27,7 +27,7 @@ #include "libcli/auth/libcli_auth.h" #include "auth/credentials/credentials.h" -void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, +_PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, const char **username, const char **domain) { @@ -40,7 +40,7 @@ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALL } } -NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, int *flags, DATA_BLOB challenge, DATA_BLOB target_info, DATA_BLOB *_lm_response, DATA_BLOB *_nt_response, diff --git a/source4/auth/credentials/credentials_wrap.c b/source4/auth/credentials/credentials_wrap.c index b1b904c8a3..909233aaff 100644 --- a/source4/auth/credentials/credentials_wrap.c +++ b/source4/auth/credentials/credentials_wrap.c @@ -2462,7 +2462,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) #define SWIGTYPE_p_int swig_types[3] #define SWIGTYPE_p_loadparm_context swig_types[4] #define SWIGTYPE_p_loadparm_service swig_types[5] -#define SWIGTYPE_p_long_long swig_types[6] +#define SWIGTYPE_p_long swig_types[6] #define SWIGTYPE_p_param_context swig_types[7] #define SWIGTYPE_p_param_opt swig_types[8] #define SWIGTYPE_p_param_section swig_types[9] @@ -2470,7 +2470,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) #define SWIGTYPE_p_signed_char swig_types[11] #define SWIGTYPE_p_unsigned_char swig_types[12] #define SWIGTYPE_p_unsigned_int swig_types[13] -#define SWIGTYPE_p_unsigned_long_long swig_types[14] +#define SWIGTYPE_p_unsigned_long swig_types[14] #define SWIGTYPE_p_unsigned_short swig_types[15] static swig_type_info *swig_types[17]; static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0}; @@ -2525,10 +2525,20 @@ static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0}; typedef struct cli_credentials cli_credentials; + #define SWIG_From_long PyInt_FromLong + + +SWIGINTERNINLINE PyObject * +SWIG_From_int (int value) +{ + return SWIG_From_long (value); +} + + #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */ SWIGINTERN cli_credentials *new_cli_credentials(){ - return cli_credentials_init_anon(NULL); + return cli_credentials_init(NULL); } SWIGINTERN swig_type_info* @@ -3131,6 +3141,44 @@ fail: } +SWIGINTERN PyObject *_wrap_Credentials_set_kerberos_state(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { + PyObject *resultobj = 0; + cli_credentials *arg1 = (cli_credentials *) 0 ; + enum credentials_use_kerberos arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + char * kwnames[] = { + (char *) "self",(char *) "use_kerberos", NULL + }; + + arg1 = NULL; + if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_kerberos_state",kwnames,&obj0,&obj1)) SWIG_fail; + if (obj0) { + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_kerberos_state" "', argument " "1"" of type '" "cli_credentials *""'"); + } + arg1 = (cli_credentials *)(argp1); + } + if (obj1) { + ecode2 = SWIG_AsVal_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "Credentials_set_kerberos_state" "', argument " "2"" of type '" "enum credentials_use_kerberos""'"); + } + arg2 = (enum credentials_use_kerberos)(val2); + } + cli_credentials_set_kerberos_state(arg1,arg2); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + SWIGINTERN PyObject *_wrap_Credentials_parse_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { PyObject *resultobj = 0; cli_credentials *arg1 = (cli_credentials *) 0 ; @@ -3253,6 +3301,33 @@ fail: } +SWIGINTERN PyObject *_wrap_Credentials_set_anonymous(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { + PyObject *resultobj = 0; + cli_credentials *arg1 = (cli_credentials *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + char * kwnames[] = { + (char *) "self", NULL + }; + + arg1 = NULL; + if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|O:Credentials_set_anonymous",kwnames,&obj0)) SWIG_fail; + if (obj0) { + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_anonymous" "', argument " "1"" of type '" "cli_credentials *""'"); + } + arg1 = (cli_credentials *)(argp1); + } + cli_credentials_set_anonymous(arg1); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + SWIGINTERN PyObject *_wrap_Credentials_get_workstation(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { PyObject *resultobj = 0; cli_credentials *arg1 = (cli_credentials *) 0 ; @@ -3564,9 +3639,11 @@ static PyMethodDef SwigMethods[] = { { (char *)"Credentials_set_domain", (PyCFunction) _wrap_Credentials_set_domain, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_get_realm", (PyCFunction) _wrap_Credentials_get_realm, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_set_realm", (PyCFunction) _wrap_Credentials_set_realm, METH_VARARGS | METH_KEYWORDS, NULL}, + { (char *)"Credentials_set_kerberos_state", (PyCFunction) _wrap_Credentials_set_kerberos_state, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_parse_string", (PyCFunction) _wrap_Credentials_parse_string, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_get_bind_dn", (PyCFunction) _wrap_Credentials_get_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_set_bind_dn", (PyCFunction) _wrap_Credentials_set_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL}, + { (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL}, @@ -3587,18 +3664,18 @@ static PyMethodDef SwigMethods[] = { static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0}; static swig_type_info *swig_type_initial[] = { @@ -3608,7 +3685,7 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_int, &_swigt__p_loadparm_context, &_swigt__p_loadparm_service, - &_swigt__p_long_long, + &_swigt__p_long, &_swigt__p_param_context, &_swigt__p_param_opt, &_swigt__p_param_section, @@ -3616,7 +3693,7 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_signed_char, &_swigt__p_unsigned_char, &_swigt__p_unsigned_int, - &_swigt__p_unsigned_long_long, + &_swigt__p_unsigned_long, &_swigt__p_unsigned_short, }; @@ -3626,7 +3703,7 @@ static swig_cast_info _swigc__p_cli_credentials[] = { {&_swigt__p_cli_credentia static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}}; @@ -3634,7 +3711,7 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0, static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info *swig_cast_initial[] = { @@ -3644,7 +3721,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_int, _swigc__p_loadparm_context, _swigc__p_loadparm_service, - _swigc__p_long_long, + _swigc__p_long, _swigc__p_param_context, _swigc__p_param_opt, _swigc__p_param_section, @@ -3652,7 +3729,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_signed_char, _swigc__p_unsigned_char, _swigc__p_unsigned_int, - _swigc__p_unsigned_long_long, + _swigc__p_unsigned_long, _swigc__p_unsigned_short, }; @@ -4174,5 +4251,8 @@ SWIGEXPORT void SWIG_init(void) { SWIG_InstallConstants(d,swig_const_table); + SWIG_Python_SetConstant(d, "AUTO_USE_KERBEROS",SWIG_From_int((int)(CRED_AUTO_USE_KERBEROS))); + SWIG_Python_SetConstant(d, "DONT_USE_KERBEROS",SWIG_From_int((int)(CRED_DONT_USE_KERBEROS))); + SWIG_Python_SetConstant(d, "MUST_USE_KERBEROS",SWIG_From_int((int)(CRED_MUST_USE_KERBEROS))); } diff --git a/source4/auth/credentials/tests/bindings.py b/source4/auth/credentials/tests/bindings.py index d2ca68d115..d0a99502c1 100644 --- a/source4/auth/credentials/tests/bindings.py +++ b/source4/auth/credentials/tests/bindings.py @@ -67,6 +67,8 @@ class CredentialsTests(unittest.TestCase): self.assertTrue(self.creds.is_anonymous()) self.creds.set_username("somebody") self.assertFalse(self.creds.is_anonymous()) + self.creds.set_anonymous() + self.assertTrue(self.creds.is_anonymous()) def test_workstation(self): # FIXME: This is uninitialised, it should be None diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk index 243725b235..61663d9633 100644 --- a/source4/auth/gensec/config.mk +++ b/source4/auth/gensec/config.mk @@ -13,7 +13,7 @@ gensec_VERSION = 0.0.1 gensec_SOVERSION = 0 gensec_OBJ_FILES = $(addprefix auth/gensec/, gensec.o socket.o) -PUBLIC_HEADERS += $(addprefix auth/gensec/, gensec.h spnego.h) +PUBLIC_HEADERS += auth/gensec/gensec.h ################################################ # Start MODULE gensec_krb5 diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c index cb7bcb71d8..06a7b8a382 100644 --- a/source4/auth/gensec/cyrus_sasl.c +++ b/source4/auth/gensec/cyrus_sasl.c @@ -23,6 +23,7 @@ #include "auth/auth.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "lib/socket/socket.h" #include <sasl/sasl.h> diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index b07a92d4d1..3393ce0178 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -26,6 +26,7 @@ #include "librpc/rpc/dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "param/param.h" /* the list of currently registered GENSEC backends */ @@ -34,7 +35,7 @@ static int gensec_num_backends; /* Return all the registered mechs. Don't modify the return pointer, * but you may talloc_reference it if convient */ -struct gensec_security_ops **gensec_security_all(void) +_PUBLIC_ struct gensec_security_ops **gensec_security_all(void) { return generic_security_ops; } @@ -44,7 +45,7 @@ struct gensec_security_ops **gensec_security_all(void) * gensec_security_all(), or from cli_credentials_gensec_list() (ie, * an existing list we have trimmed down) */ -struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, +_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, struct gensec_security_ops **old_gensec_list, struct cli_credentials *creds) { @@ -571,7 +572,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, @param gensec_security Returned GENSEC context pointer. @note The mem_ctx is only a parent and may be NULL. */ -NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct event_context *ev, struct loadparm_context *lp_ctx, struct messaging_context *msg, @@ -636,7 +637,7 @@ static NTSTATUS gensec_start_mech(struct gensec_security *gensec_security) * @param auth_level DCERPC auth level */ -NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, uint8_t auth_type, uint8_t auth_level) { gensec_security->ops = gensec_security_by_authtype(gensec_security, auth_type); @@ -662,7 +663,7 @@ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, return gensec_start_mech(gensec_security); } -const char *gensec_get_name_by_authtype(uint8_t authtype) +_PUBLIC_ const char *gensec_get_name_by_authtype(uint8_t authtype) { const struct gensec_security_ops *ops; ops = gensec_security_by_authtype(NULL, authtype); @@ -673,7 +674,7 @@ const char *gensec_get_name_by_authtype(uint8_t authtype) } -const char *gensec_get_name_by_oid(const char *oid_string) +_PUBLIC_ const char *gensec_get_name_by_oid(const char *oid_string) { const struct gensec_security_ops *ops; ops = gensec_security_by_oid(NULL, oid_string); @@ -703,7 +704,7 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security, * well-known #define to hook it in. */ -NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, const char *mech_oid) { gensec_security->ops = gensec_security_by_oid(gensec_security, mech_oid); @@ -719,7 +720,7 @@ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, * */ -NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, const char *sasl_name) { gensec_security->ops = gensec_security_by_sasl_name(gensec_security, sasl_name); @@ -768,7 +769,7 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_ * */ -NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security, const char *name) { gensec_security->ops = gensec_security_by_name(gensec_security, name); @@ -782,7 +783,7 @@ NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security, /* wrappers for the gensec function pointers */ -NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -801,7 +802,7 @@ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, sig); } -NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -817,7 +818,7 @@ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, return gensec_security->ops->check_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig); } -NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -833,7 +834,7 @@ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig); } -NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -849,7 +850,7 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, return gensec_security->ops->sign_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig); } -size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size) +_PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size) { if (!gensec_security->ops->sig_size) { return 0; @@ -879,7 +880,7 @@ size_t gensec_max_input_size(struct gensec_security *gensec_security) return gensec_security->ops->max_input_size(gensec_security); } -NTSTATUS gensec_wrap(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_wrap(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const DATA_BLOB *in, DATA_BLOB *out) @@ -890,7 +891,7 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security, return gensec_security->ops->wrap(gensec_security, mem_ctx, in, out); } -NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const DATA_BLOB *in, DATA_BLOB *out) @@ -901,7 +902,7 @@ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, return gensec_security->ops->unwrap(gensec_security, mem_ctx, in, out); } -NTSTATUS gensec_session_key(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security, DATA_BLOB *session_key) { if (!gensec_security->ops->session_key) { @@ -924,7 +925,7 @@ NTSTATUS gensec_session_key(struct gensec_security *gensec_security, * */ -NTSTATUS gensec_session_info(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security, struct auth_session_info **session_info) { if (!gensec_security->ops->session_info) { @@ -1064,7 +1065,7 @@ _PUBLIC_ NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security * */ -struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security) +_PUBLIC_ struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security) { if (!gensec_security) { return NULL; @@ -1134,7 +1135,7 @@ _PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_s * cryptographic tokens, to avoid certain attacks. */ -NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr) +_PUBLIC_ NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr) { gensec_security->my_addr = my_addr; if (my_addr && !talloc_reference(gensec_security, my_addr)) { @@ -1143,7 +1144,7 @@ NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct sock return NT_STATUS_OK; } -NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr) +_PUBLIC_ NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr) { gensec_security->peer_addr = peer_addr; if (peer_addr && !talloc_reference(gensec_security, peer_addr)) { @@ -1163,7 +1164,7 @@ struct socket_address *gensec_get_my_addr(struct gensec_security *gensec_securit return NULL; } -struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security) +_PUBLIC_ struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security) { if (gensec_security->peer_addr) { return gensec_security->peer_addr; @@ -1263,7 +1264,7 @@ static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_ /* initialise the GENSEC subsystem */ -NTSTATUS gensec_init(struct loadparm_context *lp_ctx) +_PUBLIC_ NTSTATUS gensec_init(struct loadparm_context *lp_ctx) { static bool initialized = false; extern NTSTATUS gensec_sasl_init(void); diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 3413e5c8ce..7a1abfbc3b 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -199,6 +199,96 @@ NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security, struct loadparm_context; -#include "auth/gensec/gensec_proto.h" +NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, + struct gensec_security *parent, + struct gensec_security **gensec_security); +NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, + struct gensec_security **gensec_security, + struct event_context *ev, + struct loadparm_context *lp_ctx); +NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security, + const char **sasl_names); +NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, + const DATA_BLOB in, DATA_BLOB *out); +void gensec_update_send(struct gensec_security *gensec_security, const DATA_BLOB in, + void (*callback)(struct gensec_update_request *req, void *private_data), + void *private_data); +NTSTATUS gensec_update_recv(struct gensec_update_request *req, TALLOC_CTX *out_mem_ctx, DATA_BLOB *out); +void gensec_want_feature(struct gensec_security *gensec_security, + uint32_t feature); +bool gensec_have_feature(struct gensec_security *gensec_security, + uint32_t feature); +NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security, struct cli_credentials *credentials); +NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, const char *service); +const char *gensec_get_target_service(struct gensec_security *gensec_security); +NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_security, const char *hostname); +const char *gensec_get_target_hostname(struct gensec_security *gensec_security); +NTSTATUS gensec_session_key(struct gensec_security *gensec_security, + DATA_BLOB *session_key); +NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, + const char *mech_oid); +const char *gensec_get_name_by_oid(const char *oid_string); +struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security); +struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security); +NTSTATUS gensec_init(struct loadparm_context *lp_ctx); +NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig); +NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig); +size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size); +NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig); +NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig); +NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, + uint8_t auth_type, uint8_t auth_level); +const char *gensec_get_name_by_authtype(uint8_t authtype); +NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct loadparm_context *lp_ctx, + struct messaging_context *msg, + struct gensec_security **gensec_security); +NTSTATUS gensec_session_info(struct gensec_security *gensec_security, + struct auth_session_info **session_info); +NTSTATUS auth_nt_status_squash(NTSTATUS nt_status); +struct creds_CredentialState; +NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + struct creds_CredentialState **creds); +NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr); +NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr); + +NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security, + const char *name); + +NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out); +NTSTATUS gensec_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out); + +struct gensec_security_ops **gensec_security_all(void); +struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, + struct gensec_security_ops **old_gensec_list, + struct cli_credentials *creds); + +NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, + const char *sasl_name); + #endif /* __GENSEC_H__ */ diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index d8cdb90197..e7dcb4ea68 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -34,7 +34,9 @@ #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "param/param.h" +#include "auth/session_proto.h" enum gensec_gssapi_sasl_state { diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 88432c7f89..ae601b19c2 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -36,7 +36,9 @@ #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "param/param.h" +#include "auth/session_proto.h" enum GENSEC_KRB5_STATE { GENSEC_KRB5_SERVER_START, diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 96e3478982..b3117ee9b2 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -25,11 +25,13 @@ #include "auth/auth.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "auth/gensec/schannel.h" #include "auth/gensec/schannel_state.h" #include "auth/gensec/schannel_proto.h" #include "librpc/rpc/dcerpc.h" #include "param/param.h" +#include "auth/session_proto.h" static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size) { diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c index 4dc05e8cc4..27449bf610 100644 --- a/source4/auth/gensec/socket.c +++ b/source4/auth/gensec/socket.c @@ -24,6 +24,7 @@ #include "lib/socket/socket.h" #include "lib/stream/packet.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" static const struct socket_ops gensec_socket_ops; diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index f593d17d4b..1544326bb1 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -26,6 +26,7 @@ #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" enum spnego_state_position { SPNEGO_SERVER_START, diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index e905e3e704..9002715065 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -24,6 +24,7 @@ #include "system/kerberos.h" #include "auth/kerberos/kerberos.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_proto.h" #include "auth/credentials/credentials_krb5.h" struct principal_container { @@ -634,7 +635,7 @@ int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, return ret; } -_PUBLIC_ int smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, +int smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, const char **enctype_strings, diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index 8901488004..64bfebd3d1 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -27,7 +27,9 @@ #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "param/param.h" /** diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h index 5efc0a2eb1..df950e4756 100644 --- a/source4/auth/ntlmssp/ntlmssp.h +++ b/source4/auth/ntlmssp/ntlmssp.h @@ -186,4 +186,5 @@ struct gensec_ntlmssp_state struct loadparm_context; struct auth_session_info; + #include "auth/ntlmssp/proto.h" diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index eb6dbc5bca..12802b7e79 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -30,7 +30,9 @@ #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" #include "auth/auth.h" +#include "auth/auth_proto.h" #include "param/param.h" +#include "auth/session_proto.h" /** * Set a username on an NTLMSSP context - ensures it is talloc()ed diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c index b003dc865f..063b16f539 100644 --- a/source4/auth/ntlmssp/ntlmssp_sign.c +++ b/source4/auth/ntlmssp/ntlmssp_sign.c @@ -134,7 +134,7 @@ static NTSTATUS ntlmssp_make_packet_signature(struct gensec_ntlmssp_state *gense } /* TODO: make this non-public */ -_PUBLIC_ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, +NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx, const uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -306,7 +306,7 @@ NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, Initialise the state for NTLMSSP signing. */ /* TODO: make this non-public */ -_PUBLIC_ NTSTATUS ntlmssp_sign_init(struct gensec_ntlmssp_state *gensec_ntlmssp_state) +NTSTATUS ntlmssp_sign_init(struct gensec_ntlmssp_state *gensec_ntlmssp_state) { TALLOC_CTX *mem_ctx = talloc_new(gensec_ntlmssp_state); diff --git a/source4/auth/sam.c b/source4/auth/sam.c index b171fc57b9..ed44754993 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -383,7 +383,7 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_conte return NT_STATUS_OK; } -_PUBLIC_ NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx, +NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, const char *principal, struct ldb_message ***msgs, struct ldb_message ***msgs_domain_ref) diff --git a/source4/auth/session.c b/source4/auth/session.c index c86fff90df..112eac95d8 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -28,8 +28,9 @@ #include "dsdb/samdb/samdb.h" #include "auth/credentials/credentials.h" #include "param/param.h" +#include "auth/session_proto.h" -struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, +_PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) { NTSTATUS nt_status; @@ -41,7 +42,7 @@ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, return session_info; } -NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, +_PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, struct loadparm_context *lp_ctx, struct auth_session_info **_session_info) { @@ -77,7 +78,7 @@ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, return NT_STATUS_OK; } -NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, const char *netbios_name, struct auth_serversupplied_info **_server_info) { @@ -149,7 +150,7 @@ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, struct auth_serversupplied_info *server_info, struct auth_session_info **_session_info) @@ -199,7 +200,7 @@ void auth_session_info_debug(int dbg_lev, /** * Make a server_info struct from the info3 returned by a domain logon */ -NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx, const char *account_name, uint16_t validation_level, union netr_Validation *validation, diff --git a/source4/auth/session.h b/source4/auth/session.h index 039c005bb0..87fc47791a 100644 --- a/source4/auth/session.h +++ b/source4/auth/session.h @@ -29,6 +29,28 @@ struct auth_session_info { }; #include "librpc/gen_ndr/netlogon.h" -#include "auth/session_proto.h" + +struct auth_session_info *system_session_anon(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); +struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) ; +NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, + const char *netbios_name, + struct auth_serversupplied_info **_server_info) ; +NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + struct auth_serversupplied_info *server_info, + struct auth_session_info **_session_info) ; + +NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx, + const char *account_name, + uint16_t validation_level, + union netr_Validation *validation, + struct auth_serversupplied_info **_server_info); +NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, + struct loadparm_context *lp_ctx, + struct auth_session_info **_session_info); + +struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx); + #endif /* _SAMBA_AUTH_SESSION_H */ |