diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-07-06 02:59:05 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:53 -0500 |
commit | 93665a132dd76a4012db2ffcf14e861edbb1f755 (patch) | |
tree | 4b854412dead01c142570a5a42d9f25a5afed7bb /source4/libcli/auth | |
parent | 66ac77dd124c0a3a65ef3ef835015433366d3e44 (diff) | |
download | samba-93665a132dd76a4012db2ffcf14e861edbb1f755.tar.gz samba-93665a132dd76a4012db2ffcf14e861edbb1f755.tar.bz2 samba-93665a132dd76a4012db2ffcf14e861edbb1f755.zip |
r1357: Work on GENSEC:
- Add the concept of a 'subcontext' into gensec, so that the spengo
code doesn't have to figure out how to make one.
(A subcontext inherits the username, domain, password (or callback)
from the main context).
- Add comments to some other routines, and explain a bit about what
the various 'start' functions are for.
Andrew Bartlett
(This used to be commit 7aedbfbdd92b4ca93cbd0babff16e7526201ee88)
Diffstat (limited to 'source4/libcli/auth')
-rw-r--r-- | source4/libcli/auth/gensec.c | 55 | ||||
-rw-r--r-- | source4/libcli/auth/gensec.h | 1 |
2 files changed, 51 insertions, 5 deletions
diff --git a/source4/libcli/auth/gensec.c b/source4/libcli/auth/gensec.c index f6d6db9e62..7ccaf4acc3 100644 --- a/source4/libcli/auth/gensec.c +++ b/source4/libcli/auth/gensec.c @@ -106,9 +106,35 @@ static NTSTATUS gensec_start(struct gensec_security **gensec_security) (*gensec_security)->mem_ctx = mem_ctx; (*gensec_security)->ops = NULL; + (*gensec_security)->subcontext = False; return NT_STATUS_OK; } +/** + * Start a GENSEC subcontext, with a copy of the properties of the parent + * + * @note Used by SPENGO in particular, for the actual implementation mechanism + */ + +NTSTATUS gensec_subcontext_start(struct gensec_security *parent, + struct gensec_security **gensec_security) +{ + NTSTATUS status; + + (*gensec_security) = talloc_p(parent->mem_ctx, struct gensec_security); + if (!(*gensec_security)) { + return NT_STATUS_NO_MEMORY; + } + + (**gensec_security) = *parent; + (*gensec_security)->ops = NULL; + (*gensec_security)->private_data = NULL; + + (*gensec_security)->subcontext = True; + + return status; +} + NTSTATUS gensec_client_start(struct gensec_security **gensec_security) { NTSTATUS status; @@ -162,34 +188,50 @@ static NTSTATUS gensec_start_mech(struct gensec_security *gensec_security) return NT_STATUS_INVALID_PARAMETER; } +/** + * Start a GENSEC sub-mechanism by DCERPC allocated 'auth type' number + */ + NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, uint8_t authtype) { gensec_security->ops = gensec_security_by_authtype(authtype); if (!gensec_security->ops) { - DEBUG(1, ("Could not find GENSEC backend for authtype=%d\n", (int)authtype)); + DEBUG(3, ("Could not find GENSEC backend for authtype=%d\n", (int)authtype)); return NT_STATUS_INVALID_PARAMETER; } return gensec_start_mech(gensec_security); } +/** + * Start a GENSEC sub-mechanism by OID, used in SPNEGO + * + * @note This should also be used when you wish to just start NLTMSSP (for example), as it uses a + * well-known #define to hook it in. + */ + NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, const char *mech_oid) { gensec_security->ops = gensec_security_by_oid(mech_oid); if (!gensec_security->ops) { - DEBUG(1, ("Could not find GENSEC backend for oid=%s\n", mech_oid)); + DEBUG(3, ("Could not find GENSEC backend for oid=%s\n", mech_oid)); return NT_STATUS_INVALID_PARAMETER; } return gensec_start_mech(gensec_security); } +/** + * Start a GENSEC sub-mechanism by a well know SASL name + * + */ + NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, const char *sasl_name) { gensec_security->ops = gensec_security_by_sasl_name(sasl_name); if (!gensec_security->ops) { - DEBUG(1, ("Could not find GENSEC backend for sasl_name=%s\n", sasl_name)); + DEBUG(3, ("Could not find GENSEC backend for sasl_name=%s\n", sasl_name)); return NT_STATUS_INVALID_PARAMETER; } return gensec_start_mech(gensec_security); @@ -264,8 +306,11 @@ void gensec_end(struct gensec_security **gensec_security) (*gensec_security)->ops->end(*gensec_security); } (*gensec_security)->private_data = NULL; - talloc_destroy((*gensec_security)->mem_ctx); - + + if (!(*gensec_security)->subcontext) { + /* don't destory this if this is a subcontext - it belongs to the parent */ + talloc_destroy((*gensec_security)->mem_ctx); + } gensec_security = NULL; } diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h index 463b484a7f..e30369ba0b 100644 --- a/source4/libcli/auth/gensec.h +++ b/source4/libcli/auth/gensec.h @@ -72,6 +72,7 @@ struct gensec_security { void *private_data; struct gensec_user user; enum gensec_role gensec_role; + BOOL subcontext; }; /* this structure is used by backends to determine the size of some critical types */ |