diff options
-rw-r--r-- | source3/auth/auth.c | 5 | ||||
-rw-r--r-- | source3/auth/auth_ntlmssp.c | 14 | ||||
-rw-r--r-- | source3/auth/auth_samba4.c | 16 | ||||
-rw-r--r-- | source3/include/auth.h | 9 |
4 files changed, 23 insertions, 21 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index df93e0d27a..f2cd703297 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -462,8 +462,9 @@ static NTSTATUS make_auth_context_text_list(TALLOC_CTX *mem_ctx, /* Look for the first module to provide a start_gensec hook, and set that if provided */ for (method = (*auth_context)->auth_method_list; method; method = method->next) { - if (method->start_gensec) { - (*auth_context)->start_gensec = method->start_gensec; + if (method->prepare_gensec && method->gensec_start_mech_by_oid) { + (*auth_context)->prepare_gensec = method->prepare_gensec; + (*auth_context)->gensec_start_mech_by_oid = method->gensec_start_mech_by_oid; break; } } diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 64307bea48..c078416aad 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -212,14 +212,20 @@ NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address, return nt_status; } - if (auth_context->start_gensec) { - nt_status = auth_context->start_gensec(ans, GENSEC_OID_NTLMSSP, &ans->gensec_security); + if (auth_context->prepare_gensec) { + nt_status = auth_context->prepare_gensec(ans, &ans->gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(ans); return nt_status; } else { - *auth_ntlmssp_state = ans; - return NT_STATUS_OK; + nt_status = auth_context->gensec_start_mech_by_oid(ans->gensec_security, GENSEC_OID_NTLMSSP); + if (!NT_STATUS_IS_OK(nt_status)) { + TALLOC_FREE(ans); + return nt_status; + } else { + *auth_ntlmssp_state = ans; + return NT_STATUS_OK; + } } } diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c index cf185f750a..2c9a6a0f8c 100644 --- a/source3/auth/auth_samba4.c +++ b/source3/auth/auth_samba4.c @@ -97,8 +97,8 @@ static NTSTATUS check_samba4_security(const struct auth_context *auth_context, /* Hook to allow GENSEC to handle blob-based authentication * mechanisms, without directly linking the mechansim code */ -static NTSTATUS start_gensec(TALLOC_CTX *mem_ctx, const char *oid_string, - struct gensec_security **gensec_context) +static NTSTATUS prepare_gensec(TALLOC_CTX *mem_ctx, + struct gensec_security **gensec_context) { NTSTATUS status; struct loadparm_context *lp_ctx; @@ -165,15 +165,8 @@ static NTSTATUS start_gensec(TALLOC_CTX *mem_ctx, const char *oid_string, gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY); gensec_want_feature(gensec_ctx, GENSEC_FEATURE_UNIX_TOKEN); - status = gensec_start_mech_by_oid(gensec_ctx, oid_string); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to start GENSEC %s server code: %s\n", - gensec_get_name_by_oid(gensec_ctx, oid_string), nt_errstr(status))); - TALLOC_FREE(frame); - return status; - } - *gensec_context = gensec_ctx; + TALLOC_FREE(frame); return status; } @@ -192,7 +185,8 @@ static NTSTATUS auth_init_samba4(struct auth_context *auth_context, } result->name = "samba4"; result->auth = check_samba4_security; - result->start_gensec = start_gensec; + result->prepare_gensec = prepare_gensec; + result->gensec_start_mech_by_oid = gensec_start_mech_by_oid; *auth_method = result; return NT_STATUS_OK; diff --git a/source3/include/auth.h b/source3/include/auth.h index 3545e27d20..5c842fd550 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -96,8 +96,9 @@ struct auth_context { struct auth_serversupplied_info **server_info); NTSTATUS (*nt_status_squash)(NTSTATUS nt_status); - NTSTATUS (*start_gensec)(TALLOC_CTX *mem_ctx, const char *oid_string, + NTSTATUS (*prepare_gensec)(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_context); + NTSTATUS (*gensec_start_mech_by_oid)(struct gensec_security *gensec_context, const char *oid_string); }; typedef struct auth_methods @@ -119,10 +120,10 @@ typedef struct auth_methods void **my_private_data, TALLOC_CTX *mem_ctx); - /* Optional method allowing this module to provide a way to get a gensec context */ - NTSTATUS (*start_gensec)(TALLOC_CTX *mem_ctx, const char *oid_string, + /* Optional methods allowing this module to provide a way to get a gensec context */ + NTSTATUS (*prepare_gensec)(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_context); - + NTSTATUS (*gensec_start_mech_by_oid)(struct gensec_security *gensec_context, const char *oid_string); /* Used to keep tabs on things like the cli for SMB server authentication */ void *private_data; |