summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r--source4/auth/gensec/config.mk2
-rw-r--r--source4/auth/gensec/cyrus_sasl.c1
-rw-r--r--source4/auth/gensec/gensec.c47
-rw-r--r--source4/auth/gensec/gensec.h92
-rw-r--r--source4/auth/gensec/gensec_gssapi.c2
-rw-r--r--source4/auth/gensec/gensec_krb5.c2
-rw-r--r--source4/auth/gensec/schannel.c2
-rw-r--r--source4/auth/gensec/socket.c1
-rw-r--r--source4/auth/gensec/spnego.c1
9 files changed, 125 insertions, 25 deletions
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk
index 243725b235..61663d9633 100644
--- a/source4/auth/gensec/config.mk
+++ b/source4/auth/gensec/config.mk
@@ -13,7 +13,7 @@ gensec_VERSION = 0.0.1
gensec_SOVERSION = 0
gensec_OBJ_FILES = $(addprefix auth/gensec/, gensec.o socket.o)
-PUBLIC_HEADERS += $(addprefix auth/gensec/, gensec.h spnego.h)
+PUBLIC_HEADERS += auth/gensec/gensec.h
################################################
# Start MODULE gensec_krb5
diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c
index cb7bcb71d8..06a7b8a382 100644
--- a/source4/auth/gensec/cyrus_sasl.c
+++ b/source4/auth/gensec/cyrus_sasl.c
@@ -23,6 +23,7 @@
#include "auth/auth.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
#include "lib/socket/socket.h"
#include <sasl/sasl.h>
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index b07a92d4d1..3393ce0178 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -26,6 +26,7 @@
#include "librpc/rpc/dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
#include "param/param.h"
/* the list of currently registered GENSEC backends */
@@ -34,7 +35,7 @@ static int gensec_num_backends;
/* Return all the registered mechs. Don't modify the return pointer,
* but you may talloc_reference it if convient */
-struct gensec_security_ops **gensec_security_all(void)
+_PUBLIC_ struct gensec_security_ops **gensec_security_all(void)
{
return generic_security_ops;
}
@@ -44,7 +45,7 @@ struct gensec_security_ops **gensec_security_all(void)
* gensec_security_all(), or from cli_credentials_gensec_list() (ie,
* an existing list we have trimmed down) */
-struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
+_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
struct gensec_security_ops **old_gensec_list,
struct cli_credentials *creds)
{
@@ -571,7 +572,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
@param gensec_security Returned GENSEC context pointer.
@note The mem_ctx is only a parent and may be NULL.
*/
-NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
+_PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct loadparm_context *lp_ctx,
struct messaging_context *msg,
@@ -636,7 +637,7 @@ static NTSTATUS gensec_start_mech(struct gensec_security *gensec_security)
* @param auth_level DCERPC auth level
*/
-NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
uint8_t auth_type, uint8_t auth_level)
{
gensec_security->ops = gensec_security_by_authtype(gensec_security, auth_type);
@@ -662,7 +663,7 @@ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
return gensec_start_mech(gensec_security);
}
-const char *gensec_get_name_by_authtype(uint8_t authtype)
+_PUBLIC_ const char *gensec_get_name_by_authtype(uint8_t authtype)
{
const struct gensec_security_ops *ops;
ops = gensec_security_by_authtype(NULL, authtype);
@@ -673,7 +674,7 @@ const char *gensec_get_name_by_authtype(uint8_t authtype)
}
-const char *gensec_get_name_by_oid(const char *oid_string)
+_PUBLIC_ const char *gensec_get_name_by_oid(const char *oid_string)
{
const struct gensec_security_ops *ops;
ops = gensec_security_by_oid(NULL, oid_string);
@@ -703,7 +704,7 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security,
* well-known #define to hook it in.
*/
-NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
const char *mech_oid)
{
gensec_security->ops = gensec_security_by_oid(gensec_security, mech_oid);
@@ -719,7 +720,7 @@ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
*
*/
-NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
const char *sasl_name)
{
gensec_security->ops = gensec_security_by_sasl_name(gensec_security, sasl_name);
@@ -768,7 +769,7 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_
*
*/
-NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security,
const char *name)
{
gensec_security->ops = gensec_security_by_name(gensec_security, name);
@@ -782,7 +783,7 @@ NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security,
/*
wrappers for the gensec function pointers
*/
-NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
@@ -801,7 +802,7 @@ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
sig);
}
-NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
@@ -817,7 +818,7 @@ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
return gensec_security->ops->check_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
}
-NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
@@ -833,7 +834,7 @@ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
}
-NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
@@ -849,7 +850,7 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
return gensec_security->ops->sign_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
}
-size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size)
+_PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size)
{
if (!gensec_security->ops->sig_size) {
return 0;
@@ -879,7 +880,7 @@ size_t gensec_max_input_size(struct gensec_security *gensec_security)
return gensec_security->ops->max_input_size(gensec_security);
}
-NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const DATA_BLOB *in,
DATA_BLOB *out)
@@ -890,7 +891,7 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
return gensec_security->ops->wrap(gensec_security, mem_ctx, in, out);
}
-NTSTATUS gensec_unwrap(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const DATA_BLOB *in,
DATA_BLOB *out)
@@ -901,7 +902,7 @@ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security,
return gensec_security->ops->unwrap(gensec_security, mem_ctx, in, out);
}
-NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
DATA_BLOB *session_key)
{
if (!gensec_security->ops->session_key) {
@@ -924,7 +925,7 @@ NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
*
*/
-NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
struct auth_session_info **session_info)
{
if (!gensec_security->ops->session_info) {
@@ -1064,7 +1065,7 @@ _PUBLIC_ NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security
*
*/
-struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security)
+_PUBLIC_ struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security)
{
if (!gensec_security) {
return NULL;
@@ -1134,7 +1135,7 @@ _PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_s
* cryptographic tokens, to avoid certain attacks.
*/
-NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr)
+_PUBLIC_ NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr)
{
gensec_security->my_addr = my_addr;
if (my_addr && !talloc_reference(gensec_security, my_addr)) {
@@ -1143,7 +1144,7 @@ NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct sock
return NT_STATUS_OK;
}
-NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr)
+_PUBLIC_ NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr)
{
gensec_security->peer_addr = peer_addr;
if (peer_addr && !talloc_reference(gensec_security, peer_addr)) {
@@ -1163,7 +1164,7 @@ struct socket_address *gensec_get_my_addr(struct gensec_security *gensec_securit
return NULL;
}
-struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security)
+_PUBLIC_ struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security)
{
if (gensec_security->peer_addr) {
return gensec_security->peer_addr;
@@ -1263,7 +1264,7 @@ static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_
/*
initialise the GENSEC subsystem
*/
-NTSTATUS gensec_init(struct loadparm_context *lp_ctx)
+_PUBLIC_ NTSTATUS gensec_init(struct loadparm_context *lp_ctx)
{
static bool initialized = false;
extern NTSTATUS gensec_sasl_init(void);
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 3413e5c8ce..7a1abfbc3b 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -199,6 +199,96 @@ NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
struct loadparm_context;
-#include "auth/gensec/gensec_proto.h"
+NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
+ struct gensec_security *parent,
+ struct gensec_security **gensec_security);
+NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
+ struct gensec_security **gensec_security,
+ struct event_context *ev,
+ struct loadparm_context *lp_ctx);
+NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security,
+ const char **sasl_names);
+NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
+ const DATA_BLOB in, DATA_BLOB *out);
+void gensec_update_send(struct gensec_security *gensec_security, const DATA_BLOB in,
+ void (*callback)(struct gensec_update_request *req, void *private_data),
+ void *private_data);
+NTSTATUS gensec_update_recv(struct gensec_update_request *req, TALLOC_CTX *out_mem_ctx, DATA_BLOB *out);
+void gensec_want_feature(struct gensec_security *gensec_security,
+ uint32_t feature);
+bool gensec_have_feature(struct gensec_security *gensec_security,
+ uint32_t feature);
+NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security, struct cli_credentials *credentials);
+NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, const char *service);
+const char *gensec_get_target_service(struct gensec_security *gensec_security);
+NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_security, const char *hostname);
+const char *gensec_get_target_hostname(struct gensec_security *gensec_security);
+NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
+ DATA_BLOB *session_key);
+NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
+ const char *mech_oid);
+const char *gensec_get_name_by_oid(const char *oid_string);
+struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security);
+struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security);
+NTSTATUS gensec_init(struct loadparm_context *lp_ctx);
+NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig);
+NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig);
+size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size);
+NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ DATA_BLOB *sig);
+NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ DATA_BLOB *sig);
+NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
+ uint8_t auth_type, uint8_t auth_level);
+const char *gensec_get_name_by_authtype(uint8_t authtype);
+NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct loadparm_context *lp_ctx,
+ struct messaging_context *msg,
+ struct gensec_security **gensec_security);
+NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
+ struct auth_session_info **session_info);
+NTSTATUS auth_nt_status_squash(NTSTATUS nt_status);
+struct creds_CredentialState;
+NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ struct creds_CredentialState **creds);
+NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr);
+NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr);
+
+NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security,
+ const char *name);
+
+NTSTATUS gensec_unwrap(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *in,
+ DATA_BLOB *out);
+NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *in,
+ DATA_BLOB *out);
+
+struct gensec_security_ops **gensec_security_all(void);
+struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
+ struct gensec_security_ops **old_gensec_list,
+ struct cli_credentials *creds);
+
+NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
+ const char *sasl_name);
+
#endif /* __GENSEC_H__ */
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index d8cdb90197..e7dcb4ea68 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -34,7 +34,9 @@
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
#include "param/param.h"
+#include "auth/session_proto.h"
enum gensec_gssapi_sasl_state
{
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 88432c7f89..ae601b19c2 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -36,7 +36,9 @@
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
#include "param/param.h"
+#include "auth/session_proto.h"
enum GENSEC_KRB5_STATE {
GENSEC_KRB5_SERVER_START,
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 96e3478982..b3117ee9b2 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -25,11 +25,13 @@
#include "auth/auth.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
#include "auth/gensec/schannel.h"
#include "auth/gensec/schannel_state.h"
#include "auth/gensec/schannel_proto.h"
#include "librpc/rpc/dcerpc.h"
#include "param/param.h"
+#include "auth/session_proto.h"
static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size)
{
diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c
index 4dc05e8cc4..27449bf610 100644
--- a/source4/auth/gensec/socket.c
+++ b/source4/auth/gensec/socket.c
@@ -24,6 +24,7 @@
#include "lib/socket/socket.h"
#include "lib/stream/packet.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
static const struct socket_ops gensec_socket_ops;
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index f593d17d4b..1544326bb1 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -26,6 +26,7 @@
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
enum spnego_state_position {
SPNEGO_SERVER_START,