summaryrefslogtreecommitdiff
path: root/source4/libcli/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-07-11 10:29:54 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:56:56 -0500
commitb0d94c8e7d6ee223198600747c7e70028b2ff418 (patch)
tree0de1787808ca991fd5db4329d7182e0ae13aa60b /source4/libcli/auth
parent43e7d4109f144e20d661fe0559cb47708b511978 (diff)
downloadsamba-b0d94c8e7d6ee223198600747c7e70028b2ff418.tar.gz
samba-b0d94c8e7d6ee223198600747c7e70028b2ff418.tar.bz2
samba-b0d94c8e7d6ee223198600747c7e70028b2ff418.zip
r1440: GENSEC improvements:
- Infrustructure for kerberos - Don't segfault on un-implemented backend functions - Add comments. Andrew Bartlett (This used to be commit 1c31aa42710421917428d6ba86328ea5179751bd)
Diffstat (limited to 'source4/libcli/auth')
-rw-r--r--source4/libcli/auth/gensec.c58
-rw-r--r--source4/libcli/auth/gensec.h9
2 files changed, 66 insertions, 1 deletions
diff --git a/source4/libcli/auth/gensec.c b/source4/libcli/auth/gensec.c
index 2491410494..83738109c6 100644
--- a/source4/libcli/auth/gensec.c
+++ b/source4/libcli/auth/gensec.c
@@ -242,6 +242,9 @@ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length, DATA_BLOB *sig)
{
+ if (!gensec_security->ops->unseal_packet) {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
return gensec_security->ops->unseal_packet(gensec_security, mem_ctx, data, length, sig);
}
@@ -250,6 +253,9 @@ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
const uint8_t *data, size_t length,
const DATA_BLOB *sig)
{
+ if (!gensec_security->ops->check_packet) {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
return gensec_security->ops->check_packet(gensec_security, mem_ctx, data, length, sig);
}
@@ -258,6 +264,9 @@ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
uint8_t *data, size_t length,
DATA_BLOB *sig)
{
+ if (!gensec_security->ops->seal_packet) {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, sig);
}
@@ -266,15 +275,31 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
const uint8_t *data, size_t length,
DATA_BLOB *sig)
{
+ if (!gensec_security->ops->sign_packet) {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
return gensec_security->ops->sign_packet(gensec_security, mem_ctx, data, length, sig);
}
NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
DATA_BLOB *session_key)
{
+ if (!gensec_security->ops->session_key) {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
return gensec_security->ops->session_key(gensec_security, session_key);
}
+/**
+ * Return the credentials of a logged on user, including session keys
+ * etc.
+ *
+ * Only valid after a successful authentication
+ *
+ * May only be called once per authentication.
+ *
+ */
+
NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
struct auth_session_info **session_info)
{
@@ -357,6 +382,34 @@ NTSTATUS gensec_set_password(struct gensec_security *gensec_security,
}
/**
+ * Set a kerberos realm on a GENSEC context - ensures it is talloc()ed
+ *
+ */
+
+NTSTATUS gensec_set_realm(struct gensec_security *gensec_security, const char *realm)
+{
+ gensec_security->user.realm = talloc_strdup(gensec_security->mem_ctx, realm);
+ if (!gensec_security->user.realm) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ return NT_STATUS_OK;
+}
+
+/**
+ * Set the target principal name (if already known) on a GENSEC context - ensures it is talloc()ed
+ *
+ */
+
+NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal)
+{
+ gensec_security->target.principal = talloc_strdup(gensec_security->mem_ctx, principal);
+ if (!gensec_security->target.principal) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ return NT_STATUS_OK;
+}
+
+/**
* Set a password callback, if the gensec module we use demands a password
*/
@@ -457,7 +510,10 @@ BOOL gensec_init(void)
/* FIXME: Perhaps panic if a basic backend, such as NTLMSSP, fails to initialise? */
gensec_ntlmssp_init();
- gensec_spengo_init();
+#if 0
+ gensec_krb5_init();
+#endif
+ gensec_spnego_init();
gensec_dcerpc_schannel_init();
initialised = True;
diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h
index e30369ba0b..7cd56936d2 100644
--- a/source4/libcli/auth/gensec.h
+++ b/source4/libcli/auth/gensec.h
@@ -25,10 +25,18 @@
struct gensec_security;
struct gensec_user {
const char *domain;
+ const char *realm;
const char *name;
const char *password;
char schan_session_key[16];
};
+struct gensec_target {
+ const char *principal;
+ const char *hostname;
+ const struct sock_addr *addr;
+};
+
+
/* GENSEC mode */
enum gensec_role
{
@@ -71,6 +79,7 @@ struct gensec_security {
const struct gensec_security_ops *ops;
void *private_data;
struct gensec_user user;
+ struct gensec_target target;
enum gensec_role gensec_role;
BOOL subcontext;
};