summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth.c5
-rw-r--r--source3/auth/auth_ntlmssp.c14
-rw-r--r--source3/auth/auth_samba4.c16
-rw-r--r--source3/include/auth.h9
4 files changed, 23 insertions, 21 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index df93e0d27a..f2cd703297 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -462,8 +462,9 @@ static NTSTATUS make_auth_context_text_list(TALLOC_CTX *mem_ctx,
/* Look for the first module to provide a start_gensec hook, and set that if provided */
for (method = (*auth_context)->auth_method_list; method; method = method->next) {
- if (method->start_gensec) {
- (*auth_context)->start_gensec = method->start_gensec;
+ if (method->prepare_gensec && method->gensec_start_mech_by_oid) {
+ (*auth_context)->prepare_gensec = method->prepare_gensec;
+ (*auth_context)->gensec_start_mech_by_oid = method->gensec_start_mech_by_oid;
break;
}
}
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 64307bea48..c078416aad 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -212,14 +212,20 @@ NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
return nt_status;
}
- if (auth_context->start_gensec) {
- nt_status = auth_context->start_gensec(ans, GENSEC_OID_NTLMSSP, &ans->gensec_security);
+ if (auth_context->prepare_gensec) {
+ nt_status = auth_context->prepare_gensec(ans, &ans->gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(ans);
return nt_status;
} else {
- *auth_ntlmssp_state = ans;
- return NT_STATUS_OK;
+ nt_status = auth_context->gensec_start_mech_by_oid(ans->gensec_security, GENSEC_OID_NTLMSSP);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ } else {
+ *auth_ntlmssp_state = ans;
+ return NT_STATUS_OK;
+ }
}
}
diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c
index cf185f750a..2c9a6a0f8c 100644
--- a/source3/auth/auth_samba4.c
+++ b/source3/auth/auth_samba4.c
@@ -97,8 +97,8 @@ static NTSTATUS check_samba4_security(const struct auth_context *auth_context,
/* Hook to allow GENSEC to handle blob-based authentication
* mechanisms, without directly linking the mechansim code */
-static NTSTATUS start_gensec(TALLOC_CTX *mem_ctx, const char *oid_string,
- struct gensec_security **gensec_context)
+static NTSTATUS prepare_gensec(TALLOC_CTX *mem_ctx,
+ struct gensec_security **gensec_context)
{
NTSTATUS status;
struct loadparm_context *lp_ctx;
@@ -165,15 +165,8 @@ static NTSTATUS start_gensec(TALLOC_CTX *mem_ctx, const char *oid_string,
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_UNIX_TOKEN);
- status = gensec_start_mech_by_oid(gensec_ctx, oid_string);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to start GENSEC %s server code: %s\n",
- gensec_get_name_by_oid(gensec_ctx, oid_string), nt_errstr(status)));
- TALLOC_FREE(frame);
- return status;
- }
-
*gensec_context = gensec_ctx;
+ TALLOC_FREE(frame);
return status;
}
@@ -192,7 +185,8 @@ static NTSTATUS auth_init_samba4(struct auth_context *auth_context,
}
result->name = "samba4";
result->auth = check_samba4_security;
- result->start_gensec = start_gensec;
+ result->prepare_gensec = prepare_gensec;
+ result->gensec_start_mech_by_oid = gensec_start_mech_by_oid;
*auth_method = result;
return NT_STATUS_OK;
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 3545e27d20..5c842fd550 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -96,8 +96,9 @@ struct auth_context {
struct auth_serversupplied_info **server_info);
NTSTATUS (*nt_status_squash)(NTSTATUS nt_status);
- NTSTATUS (*start_gensec)(TALLOC_CTX *mem_ctx, const char *oid_string,
+ NTSTATUS (*prepare_gensec)(TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_context);
+ NTSTATUS (*gensec_start_mech_by_oid)(struct gensec_security *gensec_context, const char *oid_string);
};
typedef struct auth_methods
@@ -119,10 +120,10 @@ typedef struct auth_methods
void **my_private_data,
TALLOC_CTX *mem_ctx);
- /* Optional method allowing this module to provide a way to get a gensec context */
- NTSTATUS (*start_gensec)(TALLOC_CTX *mem_ctx, const char *oid_string,
+ /* Optional methods allowing this module to provide a way to get a gensec context */
+ NTSTATUS (*prepare_gensec)(TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_context);
-
+ NTSTATUS (*gensec_start_mech_by_oid)(struct gensec_security *gensec_context, const char *oid_string);
/* Used to keep tabs on things like the cli for SMB server authentication */
void *private_data;