summaryrefslogtreecommitdiff
path: root/source4/smb_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-02-13 10:24:16 +1100
committerAndrew Bartlett <abartlet@samba.org>2009-02-13 10:24:16 +1100
commit71632a16977a93968b0d520a491a52f635e611a1 (patch)
tree75604f676004c10bdd9c4ee1cfdf917a90ddfc0b /source4/smb_server
parent147a2e3440056ec30d8b386901754a58ea3947d1 (diff)
downloadsamba-71632a16977a93968b0d520a491a52f635e611a1.tar.gz
samba-71632a16977a93968b0d520a491a52f635e611a1.tar.bz2
samba-71632a16977a93968b0d520a491a52f635e611a1.zip
Remove auth/ntlm as a dependency of GENSEC by means of function pointers.
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
Diffstat (limited to 'source4/smb_server')
-rw-r--r--source4/smb_server/smb/config.mk2
-rw-r--r--source4/smb_server/smb/negprot.c36
-rw-r--r--source4/smb_server/smb/sesssetup.c16
-rw-r--r--source4/smb_server/smb2/config.mk2
-rw-r--r--source4/smb_server/smb2/negprot.c25
-rw-r--r--source4/smb_server/smb2/sesssetup.c16
6 files changed, 49 insertions, 48 deletions
diff --git a/source4/smb_server/smb/config.mk b/source4/smb_server/smb/config.mk
index 9adf334850..eadc122831 100644
--- a/source4/smb_server/smb/config.mk
+++ b/source4/smb_server/smb/config.mk
@@ -2,7 +2,7 @@
# Start SUBSYSTEM SMB_PROTOCOL
[SUBSYSTEM::SMB_PROTOCOL]
PUBLIC_DEPENDENCIES = \
- ntvfs LIBPACKET CREDENTIALS
+ ntvfs LIBPACKET CREDENTIALS samba_server_gensec
# End SUBSYSTEM SMB_PROTOCOL
#######################
diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c
index 71ee82d162..c3399fdd48 100644
--- a/source4/smb_server/smb/negprot.c
+++ b/source4/smb_server/smb/negprot.c
@@ -350,23 +350,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
DATA_BLOB blob;
const char *oid;
NTSTATUS nt_status;
-
- nt_status = gensec_server_start(req->smb_conn,
- req->smb_conn->connection->event.ctx,
- lp_gensec_settings(req->smb_conn, req->smb_conn->lp_ctx),
- req->smb_conn->connection->msg_ctx,
- &gensec_security);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
- smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
- return;
- }
-
- if (req->smb_conn->negotiate.auth_context) {
- smbsrv_terminate_connection(req->smb_conn, "reply_nt1: is this a secondary negprot? auth_context is non-NULL!\n");
- return;
- }
-
+
server_credentials
= cli_credentials_init(req);
if (!server_credentials) {
@@ -382,6 +366,24 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
server_credentials = NULL;
}
+ nt_status = samba_server_gensec_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ req->smb_conn->lp_ctx,
+ server_credentials,
+ "cifs",
+ &gensec_security);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
+ smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
+ return;
+ }
+
+ if (req->smb_conn->negotiate.auth_context) {
+ smbsrv_terminate_connection(req->smb_conn, "reply_nt1: is this a secondary negprot? auth_context is non-NULL!\n");
+ return;
+ }
req->smb_conn->negotiate.server_credentials = talloc_steal(req->smb_conn, server_credentials);
gensec_set_target_service(gensec_security, "cifs");
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
index 0767a187e5..e38447703b 100644
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -363,20 +363,18 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
if (!smb_sess) {
struct gensec_security *gensec_ctx;
- status = gensec_server_start(req,
- req->smb_conn->connection->event.ctx,
- lp_gensec_settings(req, req->smb_conn->lp_ctx),
- req->smb_conn->connection->msg_ctx,
- &gensec_ctx);
+ status = samba_server_gensec_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ req->smb_conn->lp_ctx,
+ req->smb_conn->negotiate.server_credentials,
+ "cifs",
+ &gensec_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
goto failed;
}
- gensec_set_credentials(gensec_ctx, req->smb_conn->negotiate.server_credentials);
-
- gensec_set_target_service(gensec_ctx, "cifs");
-
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
status = gensec_start_mech_by_oid(gensec_ctx, req->smb_conn->negotiate.oid);
diff --git a/source4/smb_server/smb2/config.mk b/source4/smb_server/smb2/config.mk
index 68ee6e58f6..f0c3739926 100644
--- a/source4/smb_server/smb2/config.mk
+++ b/source4/smb_server/smb2/config.mk
@@ -2,7 +2,7 @@
# Start SUBSYSTEM SMB2_PROTOCOL
[SUBSYSTEM::SMB2_PROTOCOL]
PUBLIC_DEPENDENCIES = \
- ntvfs LIBPACKET LIBCLI_SMB2
+ ntvfs LIBPACKET LIBCLI_SMB2 samba_server_gensec
# End SUBSYSTEM SMB2_PROTOCOL
#######################
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c
index 03e5c9356d..0b65a19634 100644
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "auth/credentials/credentials.h"
+#include "auth/auth.h"
#include "auth/gensec/gensec.h"
#include "libcli/raw/libcliraw.h"
#include "libcli/raw/raw_proto.h"
@@ -40,17 +41,6 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
NTSTATUS nt_status;
struct cli_credentials *server_credentials;
- nt_status = gensec_server_start(req,
- req->smb_conn->connection->event.ctx,
- lp_gensec_settings(req, req->smb_conn->lp_ctx),
- req->smb_conn->connection->msg_ctx,
- &gensec_security);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
- smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
- return nt_status;
- }
-
server_credentials = cli_credentials_init(req);
if (!server_credentials) {
smbsrv_terminate_connection(req->smb_conn, "Failed to init server credentials\n");
@@ -67,6 +57,19 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
req->smb_conn->negotiate.server_credentials = talloc_steal(req->smb_conn, server_credentials);
+ nt_status = samba_server_gensec_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ req->smb_conn->lp_ctx,
+ server_credentials,
+ "cifs",
+ &gensec_security);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
+ smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
+ return nt_status;
+ }
+
gensec_set_target_service(gensec_security, "cifs");
gensec_set_credentials(gensec_security, server_credentials);
diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c
index 176be0b3ea..9a8c1bfaa9 100644
--- a/source4/smb_server/smb2/sesssetup.c
+++ b/source4/smb_server/smb2/sesssetup.c
@@ -124,20 +124,18 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses
if (vuid == 0) {
struct gensec_security *gensec_ctx;
- status = gensec_server_start(req,
- req->smb_conn->connection->event.ctx,
- lp_gensec_settings(req, req->smb_conn->lp_ctx),
- req->smb_conn->connection->msg_ctx,
- &gensec_ctx);
+ status = samba_server_gensec_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ req->smb_conn->lp_ctx,
+ req->smb_conn->negotiate.server_credentials,
+ "cifs",
+ &gensec_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
goto failed;
}
- gensec_set_credentials(gensec_ctx, req->smb_conn->negotiate.server_credentials);
-
- gensec_set_target_service(gensec_ctx, "cifs");
-
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
status = gensec_start_mech_by_oid(gensec_ctx, GENSEC_OID_SPNEGO);