diff options
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r-- | source4/auth/gensec/config.mk | 2 | ||||
-rw-r--r-- | source4/auth/gensec/cyrus_sasl.c | 1 | ||||
-rw-r--r-- | source4/auth/gensec/gensec.c | 47 | ||||
-rw-r--r-- | source4/auth/gensec/gensec.h | 92 | ||||
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 2 | ||||
-rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 2 | ||||
-rw-r--r-- | source4/auth/gensec/schannel.c | 2 | ||||
-rw-r--r-- | source4/auth/gensec/socket.c | 1 | ||||
-rw-r--r-- | source4/auth/gensec/spnego.c | 1 |
9 files changed, 125 insertions, 25 deletions
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk index 243725b235..61663d9633 100644 --- a/source4/auth/gensec/config.mk +++ b/source4/auth/gensec/config.mk @@ -13,7 +13,7 @@ gensec_VERSION = 0.0.1 gensec_SOVERSION = 0 gensec_OBJ_FILES = $(addprefix auth/gensec/, gensec.o socket.o) -PUBLIC_HEADERS += $(addprefix auth/gensec/, gensec.h spnego.h) +PUBLIC_HEADERS += auth/gensec/gensec.h ################################################ # Start MODULE gensec_krb5 diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c index cb7bcb71d8..06a7b8a382 100644 --- a/source4/auth/gensec/cyrus_sasl.c +++ b/source4/auth/gensec/cyrus_sasl.c @@ -23,6 +23,7 @@ #include "auth/auth.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "lib/socket/socket.h" #include <sasl/sasl.h> diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index b07a92d4d1..3393ce0178 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -26,6 +26,7 @@ #include "librpc/rpc/dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "param/param.h" /* the list of currently registered GENSEC backends */ @@ -34,7 +35,7 @@ static int gensec_num_backends; /* Return all the registered mechs. Don't modify the return pointer, * but you may talloc_reference it if convient */ -struct gensec_security_ops **gensec_security_all(void) +_PUBLIC_ struct gensec_security_ops **gensec_security_all(void) { return generic_security_ops; } @@ -44,7 +45,7 @@ struct gensec_security_ops **gensec_security_all(void) * gensec_security_all(), or from cli_credentials_gensec_list() (ie, * an existing list we have trimmed down) */ -struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, +_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, struct gensec_security_ops **old_gensec_list, struct cli_credentials *creds) { @@ -571,7 +572,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, @param gensec_security Returned GENSEC context pointer. @note The mem_ctx is only a parent and may be NULL. */ -NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct event_context *ev, struct loadparm_context *lp_ctx, struct messaging_context *msg, @@ -636,7 +637,7 @@ static NTSTATUS gensec_start_mech(struct gensec_security *gensec_security) * @param auth_level DCERPC auth level */ -NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, uint8_t auth_type, uint8_t auth_level) { gensec_security->ops = gensec_security_by_authtype(gensec_security, auth_type); @@ -662,7 +663,7 @@ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, return gensec_start_mech(gensec_security); } -const char *gensec_get_name_by_authtype(uint8_t authtype) +_PUBLIC_ const char *gensec_get_name_by_authtype(uint8_t authtype) { const struct gensec_security_ops *ops; ops = gensec_security_by_authtype(NULL, authtype); @@ -673,7 +674,7 @@ const char *gensec_get_name_by_authtype(uint8_t authtype) } -const char *gensec_get_name_by_oid(const char *oid_string) +_PUBLIC_ const char *gensec_get_name_by_oid(const char *oid_string) { const struct gensec_security_ops *ops; ops = gensec_security_by_oid(NULL, oid_string); @@ -703,7 +704,7 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security, * well-known #define to hook it in. */ -NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, const char *mech_oid) { gensec_security->ops = gensec_security_by_oid(gensec_security, mech_oid); @@ -719,7 +720,7 @@ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, * */ -NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, const char *sasl_name) { gensec_security->ops = gensec_security_by_sasl_name(gensec_security, sasl_name); @@ -768,7 +769,7 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_ * */ -NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security, const char *name) { gensec_security->ops = gensec_security_by_name(gensec_security, name); @@ -782,7 +783,7 @@ NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security, /* wrappers for the gensec function pointers */ -NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -801,7 +802,7 @@ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, sig); } -NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -817,7 +818,7 @@ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, return gensec_security->ops->check_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig); } -NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -833,7 +834,7 @@ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig); } -NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, @@ -849,7 +850,7 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, return gensec_security->ops->sign_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig); } -size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size) +_PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size) { if (!gensec_security->ops->sig_size) { return 0; @@ -879,7 +880,7 @@ size_t gensec_max_input_size(struct gensec_security *gensec_security) return gensec_security->ops->max_input_size(gensec_security); } -NTSTATUS gensec_wrap(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_wrap(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const DATA_BLOB *in, DATA_BLOB *out) @@ -890,7 +891,7 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security, return gensec_security->ops->wrap(gensec_security, mem_ctx, in, out); } -NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const DATA_BLOB *in, DATA_BLOB *out) @@ -901,7 +902,7 @@ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, return gensec_security->ops->unwrap(gensec_security, mem_ctx, in, out); } -NTSTATUS gensec_session_key(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security, DATA_BLOB *session_key) { if (!gensec_security->ops->session_key) { @@ -924,7 +925,7 @@ NTSTATUS gensec_session_key(struct gensec_security *gensec_security, * */ -NTSTATUS gensec_session_info(struct gensec_security *gensec_security, +_PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security, struct auth_session_info **session_info) { if (!gensec_security->ops->session_info) { @@ -1064,7 +1065,7 @@ _PUBLIC_ NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security * */ -struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security) +_PUBLIC_ struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security) { if (!gensec_security) { return NULL; @@ -1134,7 +1135,7 @@ _PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_s * cryptographic tokens, to avoid certain attacks. */ -NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr) +_PUBLIC_ NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr) { gensec_security->my_addr = my_addr; if (my_addr && !talloc_reference(gensec_security, my_addr)) { @@ -1143,7 +1144,7 @@ NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct sock return NT_STATUS_OK; } -NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr) +_PUBLIC_ NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr) { gensec_security->peer_addr = peer_addr; if (peer_addr && !talloc_reference(gensec_security, peer_addr)) { @@ -1163,7 +1164,7 @@ struct socket_address *gensec_get_my_addr(struct gensec_security *gensec_securit return NULL; } -struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security) +_PUBLIC_ struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security) { if (gensec_security->peer_addr) { return gensec_security->peer_addr; @@ -1263,7 +1264,7 @@ static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_ /* initialise the GENSEC subsystem */ -NTSTATUS gensec_init(struct loadparm_context *lp_ctx) +_PUBLIC_ NTSTATUS gensec_init(struct loadparm_context *lp_ctx) { static bool initialized = false; extern NTSTATUS gensec_sasl_init(void); diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 3413e5c8ce..7a1abfbc3b 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -199,6 +199,96 @@ NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security, struct loadparm_context; -#include "auth/gensec/gensec_proto.h" +NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, + struct gensec_security *parent, + struct gensec_security **gensec_security); +NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, + struct gensec_security **gensec_security, + struct event_context *ev, + struct loadparm_context *lp_ctx); +NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security, + const char **sasl_names); +NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, + const DATA_BLOB in, DATA_BLOB *out); +void gensec_update_send(struct gensec_security *gensec_security, const DATA_BLOB in, + void (*callback)(struct gensec_update_request *req, void *private_data), + void *private_data); +NTSTATUS gensec_update_recv(struct gensec_update_request *req, TALLOC_CTX *out_mem_ctx, DATA_BLOB *out); +void gensec_want_feature(struct gensec_security *gensec_security, + uint32_t feature); +bool gensec_have_feature(struct gensec_security *gensec_security, + uint32_t feature); +NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security, struct cli_credentials *credentials); +NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, const char *service); +const char *gensec_get_target_service(struct gensec_security *gensec_security); +NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_security, const char *hostname); +const char *gensec_get_target_hostname(struct gensec_security *gensec_security); +NTSTATUS gensec_session_key(struct gensec_security *gensec_security, + DATA_BLOB *session_key); +NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, + const char *mech_oid); +const char *gensec_get_name_by_oid(const char *oid_string); +struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security); +struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security); +NTSTATUS gensec_init(struct loadparm_context *lp_ctx); +NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig); +NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig); +size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size); +NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig); +NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig); +NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, + uint8_t auth_type, uint8_t auth_level); +const char *gensec_get_name_by_authtype(uint8_t authtype); +NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct loadparm_context *lp_ctx, + struct messaging_context *msg, + struct gensec_security **gensec_security); +NTSTATUS gensec_session_info(struct gensec_security *gensec_security, + struct auth_session_info **session_info); +NTSTATUS auth_nt_status_squash(NTSTATUS nt_status); +struct creds_CredentialState; +NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + struct creds_CredentialState **creds); +NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr); +NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr); + +NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security, + const char *name); + +NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out); +NTSTATUS gensec_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out); + +struct gensec_security_ops **gensec_security_all(void); +struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, + struct gensec_security_ops **old_gensec_list, + struct cli_credentials *creds); + +NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, + const char *sasl_name); + #endif /* __GENSEC_H__ */ diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index d8cdb90197..e7dcb4ea68 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -34,7 +34,9 @@ #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "param/param.h" +#include "auth/session_proto.h" enum gensec_gssapi_sasl_state { diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 88432c7f89..ae601b19c2 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -36,7 +36,9 @@ #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "param/param.h" +#include "auth/session_proto.h" enum GENSEC_KRB5_STATE { GENSEC_KRB5_SERVER_START, diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 96e3478982..b3117ee9b2 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -25,11 +25,13 @@ #include "auth/auth.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" #include "auth/gensec/schannel.h" #include "auth/gensec/schannel_state.h" #include "auth/gensec/schannel_proto.h" #include "librpc/rpc/dcerpc.h" #include "param/param.h" +#include "auth/session_proto.h" static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size) { diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c index 4dc05e8cc4..27449bf610 100644 --- a/source4/auth/gensec/socket.c +++ b/source4/auth/gensec/socket.c @@ -24,6 +24,7 @@ #include "lib/socket/socket.h" #include "lib/stream/packet.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" static const struct socket_ops gensec_socket_ops; diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index f593d17d4b..1544326bb1 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -26,6 +26,7 @@ #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_proto.h" enum spnego_state_position { SPNEGO_SERVER_START, |