diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-07-11 10:29:54 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:56 -0500 |
commit | b0d94c8e7d6ee223198600747c7e70028b2ff418 (patch) | |
tree | 0de1787808ca991fd5db4329d7182e0ae13aa60b /source4/libcli/auth | |
parent | 43e7d4109f144e20d661fe0559cb47708b511978 (diff) | |
download | samba-b0d94c8e7d6ee223198600747c7e70028b2ff418.tar.gz samba-b0d94c8e7d6ee223198600747c7e70028b2ff418.tar.bz2 samba-b0d94c8e7d6ee223198600747c7e70028b2ff418.zip |
r1440: GENSEC improvements:
- Infrustructure for kerberos
- Don't segfault on un-implemented backend functions
- Add comments.
Andrew Bartlett
(This used to be commit 1c31aa42710421917428d6ba86328ea5179751bd)
Diffstat (limited to 'source4/libcli/auth')
-rw-r--r-- | source4/libcli/auth/gensec.c | 58 | ||||
-rw-r--r-- | source4/libcli/auth/gensec.h | 9 |
2 files changed, 66 insertions, 1 deletions
diff --git a/source4/libcli/auth/gensec.c b/source4/libcli/auth/gensec.c index 2491410494..83738109c6 100644 --- a/source4/libcli/auth/gensec.c +++ b/source4/libcli/auth/gensec.c @@ -242,6 +242,9 @@ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, uint8_t *data, size_t length, DATA_BLOB *sig) { + if (!gensec_security->ops->unseal_packet) { + return NT_STATUS_NOT_IMPLEMENTED; + } return gensec_security->ops->unseal_packet(gensec_security, mem_ctx, data, length, sig); } @@ -250,6 +253,9 @@ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, const uint8_t *data, size_t length, const DATA_BLOB *sig) { + if (!gensec_security->ops->check_packet) { + return NT_STATUS_NOT_IMPLEMENTED; + } return gensec_security->ops->check_packet(gensec_security, mem_ctx, data, length, sig); } @@ -258,6 +264,9 @@ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, uint8_t *data, size_t length, DATA_BLOB *sig) { + if (!gensec_security->ops->seal_packet) { + return NT_STATUS_NOT_IMPLEMENTED; + } return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, sig); } @@ -266,15 +275,31 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, const uint8_t *data, size_t length, DATA_BLOB *sig) { + if (!gensec_security->ops->sign_packet) { + return NT_STATUS_NOT_IMPLEMENTED; + } return gensec_security->ops->sign_packet(gensec_security, mem_ctx, data, length, sig); } NTSTATUS gensec_session_key(struct gensec_security *gensec_security, DATA_BLOB *session_key) { + if (!gensec_security->ops->session_key) { + return NT_STATUS_NOT_IMPLEMENTED; + } return gensec_security->ops->session_key(gensec_security, session_key); } +/** + * Return the credentials of a logged on user, including session keys + * etc. + * + * Only valid after a successful authentication + * + * May only be called once per authentication. + * + */ + NTSTATUS gensec_session_info(struct gensec_security *gensec_security, struct auth_session_info **session_info) { @@ -357,6 +382,34 @@ NTSTATUS gensec_set_password(struct gensec_security *gensec_security, } /** + * Set a kerberos realm on a GENSEC context - ensures it is talloc()ed + * + */ + +NTSTATUS gensec_set_realm(struct gensec_security *gensec_security, const char *realm) +{ + gensec_security->user.realm = talloc_strdup(gensec_security->mem_ctx, realm); + if (!gensec_security->user.realm) { + return NT_STATUS_NO_MEMORY; + } + return NT_STATUS_OK; +} + +/** + * Set the target principal name (if already known) on a GENSEC context - ensures it is talloc()ed + * + */ + +NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal) +{ + gensec_security->target.principal = talloc_strdup(gensec_security->mem_ctx, principal); + if (!gensec_security->target.principal) { + return NT_STATUS_NO_MEMORY; + } + return NT_STATUS_OK; +} + +/** * Set a password callback, if the gensec module we use demands a password */ @@ -457,7 +510,10 @@ BOOL gensec_init(void) /* FIXME: Perhaps panic if a basic backend, such as NTLMSSP, fails to initialise? */ gensec_ntlmssp_init(); - gensec_spengo_init(); +#if 0 + gensec_krb5_init(); +#endif + gensec_spnego_init(); gensec_dcerpc_schannel_init(); initialised = True; diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h index e30369ba0b..7cd56936d2 100644 --- a/source4/libcli/auth/gensec.h +++ b/source4/libcli/auth/gensec.h @@ -25,10 +25,18 @@ struct gensec_security; struct gensec_user { const char *domain; + const char *realm; const char *name; const char *password; char schan_session_key[16]; }; +struct gensec_target { + const char *principal; + const char *hostname; + const struct sock_addr *addr; +}; + + /* GENSEC mode */ enum gensec_role { @@ -71,6 +79,7 @@ struct gensec_security { const struct gensec_security_ops *ops; void *private_data; struct gensec_user user; + struct gensec_target target; enum gensec_role gensec_role; BOOL subcontext; }; |