summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/auth.c17
-rw-r--r--source4/auth/auth.h59
-rw-r--r--source4/auth/auth_anonymous.c1
-rw-r--r--source4/auth/auth_developer.c1
-rw-r--r--source4/auth/auth_sam.c1
-rw-r--r--source4/auth/auth_simple.c1
-rw-r--r--source4/auth/auth_unix.c1
-rw-r--r--source4/auth/auth_util.c2
-rw-r--r--source4/auth/auth_winbind.c2
-rw-r--r--source4/auth/config.mk4
-rw-r--r--source4/auth/credentials/config.mk2
-rw-r--r--source4/auth/credentials/credentials.c70
-rw-r--r--source4/auth/credentials/credentials.h113
-rw-r--r--source4/auth/credentials/credentials.i13
-rw-r--r--source4/auth/credentials/credentials.py5
-rw-r--r--source4/auth/credentials/credentials_files.c14
-rw-r--r--source4/auth/credentials/credentials_krb5.c27
-rw-r--r--source4/auth/credentials/credentials_ntlm.c4
-rw-r--r--source4/auth/credentials/credentials_wrap.c106
-rw-r--r--source4/auth/credentials/tests/bindings.py2
-rw-r--r--source4/auth/gensec/config.mk2
-rw-r--r--source4/auth/gensec/cyrus_sasl.c1
-rw-r--r--source4/auth/gensec/gensec.c47
-rw-r--r--source4/auth/gensec/gensec.h92
-rw-r--r--source4/auth/gensec/gensec_gssapi.c2
-rw-r--r--source4/auth/gensec/gensec_krb5.c2
-rw-r--r--source4/auth/gensec/schannel.c2
-rw-r--r--source4/auth/gensec/socket.c1
-rw-r--r--source4/auth/gensec/spnego.c1
-rw-r--r--source4/auth/kerberos/kerberos_util.c3
-rw-r--r--source4/auth/ntlmssp/ntlmssp.c2
-rw-r--r--source4/auth/ntlmssp/ntlmssp.h1
-rw-r--r--source4/auth/ntlmssp/ntlmssp_server.c2
-rw-r--r--source4/auth/ntlmssp/ntlmssp_sign.c4
-rw-r--r--source4/auth/sam.c2
-rw-r--r--source4/auth/session.c11
-rw-r--r--source4/auth/session.h24
37 files changed, 523 insertions, 121 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c
index f5149286b9..c4cb42779b 100644
--- a/source4/auth/auth.c
+++ b/source4/auth/auth.c
@@ -21,13 +21,14 @@
#include "includes.h"
#include "lib/util/dlinklist.h"
#include "auth/auth.h"
+#include "auth/auth_proto.h"
#include "lib/events/events.h"
#include "param/param.h"
/***************************************************************************
Set a fixed challenge
***************************************************************************/
-NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by)
+_PUBLIC_ NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by)
{
auth_ctx->challenge.set_by = talloc_strdup(auth_ctx, set_by);
NT_STATUS_HAVE_NO_MEMORY(auth_ctx->challenge.set_by);
@@ -145,7 +146,7 @@ static void auth_check_password_sync_callback(struct auth_check_password_request
*
**/
-NTSTATUS auth_check_password(struct auth_context *auth_ctx,
+_PUBLIC_ NTSTATUS auth_check_password(struct auth_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
struct auth_serversupplied_info **server_info)
@@ -217,7 +218,7 @@ static void auth_check_password_async_timed_handler(struct event_context *ev, st
*
**/
-void auth_check_password_send(struct auth_context *auth_ctx,
+_PUBLIC_ void auth_check_password_send(struct auth_context *auth_ctx,
const struct auth_usersupplied_info *user_info,
void (*callback)(struct auth_check_password_request *req, void *private_data),
void *private_data)
@@ -319,7 +320,7 @@ failed:
*
**/
-NTSTATUS auth_check_password_recv(struct auth_check_password_request *req,
+_PUBLIC_ NTSTATUS auth_check_password_recv(struct auth_check_password_request *req,
TALLOC_CTX *mem_ctx,
struct auth_serversupplied_info **server_info)
{
@@ -349,7 +350,7 @@ NTSTATUS auth_check_password_recv(struct auth_check_password_request *req,
Make a auth_info struct for the auth subsystem
- Allow the caller to specify the methods to use
***************************************************************************/
-NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
+_PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
struct event_context *ev,
struct messaging_context *msg,
struct loadparm_context *lp_ctx,
@@ -412,7 +413,7 @@ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
Make a auth_info struct for the auth subsystem
- Uses default auth_methods, depending on server role and smb.conf settings
***************************************************************************/
-NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
+_PUBLIC_ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct messaging_context *msg,
struct loadparm_context *lp_ctx,
@@ -446,7 +447,7 @@ static int num_backends;
The 'name' can be later used by other backends to find the operations
structure for this backend.
*/
-NTSTATUS auth_register(const struct auth_operations *ops)
+_PUBLIC_ NTSTATUS auth_register(const struct auth_operations *ops)
{
struct auth_operations *new_ops;
@@ -511,7 +512,7 @@ const struct auth_critical_sizes *auth_interface_version(void)
return &critical_sizes;
}
-NTSTATUS auth_init(void)
+_PUBLIC_ NTSTATUS auth_init(void)
{
static bool initialized = false;
extern NTSTATUS auth_developer_init(void);
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index ff7132c3ff..da8aac48ef 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -190,6 +190,63 @@ struct auth_critical_sizes {
#include "auth/session.h"
#include "auth/system_session_proto.h"
-#include "auth/auth_proto.h"
+
+struct ldb_message;
+struct ldb_context;
+NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, const uint8_t **_chal);
+NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
+ struct ldb_context *sam_ctx,
+ uint32_t logon_parameters,
+ struct ldb_message *msg,
+ struct ldb_message *msg_domain_ref,
+ const char *logon_workstation,
+ const char *name_for_logs);
+struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
+NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
+ const char *netbios_name,
+ struct ldb_message *msg,
+ struct ldb_message *msg_domain_ref,
+ DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,
+ struct auth_serversupplied_info **_server_info);
+NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
+ struct loadparm_context *lp_ctx,
+ struct auth_session_info **_session_info) ;
+NTSTATUS auth_nt_status_squash(NTSTATUS nt_status);
+
+NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
+ struct event_context *ev,
+ struct messaging_context *msg,
+ struct loadparm_context *lp_ctx,
+ struct auth_context **auth_ctx);
+
+NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct messaging_context *msg,
+ struct loadparm_context *lp_ctx,
+ struct auth_context **auth_ctx);
+
+NTSTATUS auth_check_password(struct auth_context *auth_ctx,
+ TALLOC_CTX *mem_ctx,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info);
+NTSTATUS auth_init(void);
+NTSTATUS auth_register(const struct auth_operations *ops);
+NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct messaging_context *msg,
+ struct loadparm_context *lp_ctx,
+ const char *nt4_domain,
+ const char *nt4_username,
+ const char *password,
+ struct auth_session_info **session_info);
+NTSTATUS auth_check_password_recv(struct auth_check_password_request *req,
+ TALLOC_CTX *mem_ctx,
+ struct auth_serversupplied_info **server_info);
+
+void auth_check_password_send(struct auth_context *auth_ctx,
+ const struct auth_usersupplied_info *user_info,
+ void (*callback)(struct auth_check_password_request *req, void *private_data),
+ void *private_data);
+NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by);
#endif /* _SMBAUTH_H_ */
diff --git a/source4/auth/auth_anonymous.c b/source4/auth/auth_anonymous.c
index 38c13d4b65..b93c7c2008 100644
--- a/source4/auth/auth_anonymous.c
+++ b/source4/auth/auth_anonymous.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "auth/auth.h"
+#include "auth/auth_proto.h"
#include "param/param.h"
/**
diff --git a/source4/auth/auth_developer.c b/source4/auth/auth_developer.c
index 0da947b68d..a2c9cbc828 100644
--- a/source4/auth/auth_developer.c
+++ b/source4/auth/auth_developer.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "auth/auth.h"
+#include "auth/auth_proto.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_samr.h"
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 4cb8d2b304..4b467cee75 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -25,6 +25,7 @@
#include "lib/ldb/include/ldb.h"
#include "util/util_ldb.h"
#include "auth/auth.h"
+#include "auth/auth_proto.h"
#include "auth/auth_sam.h"
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
diff --git a/source4/auth/auth_simple.c b/source4/auth/auth_simple.c
index 3c7bf5433a..50be02a353 100644
--- a/source4/auth/auth_simple.c
+++ b/source4/auth/auth_simple.c
@@ -25,6 +25,7 @@
#include "auth/auth.h"
#include "lib/events/events.h"
#include "param/param.h"
+#include "auth/session_proto.h"
/*
It's allowed to pass NULL as session_info,
diff --git a/source4/auth/auth_unix.c b/source4/auth/auth_unix.c
index 20e198701d..a417107025 100644
--- a/source4/auth/auth_unix.c
+++ b/source4/auth/auth_unix.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "auth/auth.h"
+#include "auth/auth_proto.h"
#include "system/passwd.h" /* needed by some systems for struct passwd */
#include "lib/socket/socket.h"
#include "auth/pam_errors.h"
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index 5d2bc6bac0..1d86b858cf 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -246,7 +246,7 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex
* @param nt_status NTSTATUS input for squashing.
* @return the 'squashed' nt_status
**/
-NTSTATUS auth_nt_status_squash(NTSTATUS nt_status)
+_PUBLIC_ NTSTATUS auth_nt_status_squash(NTSTATUS nt_status)
{
if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) {
/* Match WinXP and don't give the game away */
diff --git a/source4/auth/auth_winbind.c b/source4/auth/auth_winbind.c
index 2f8074d3cb..149f549afa 100644
--- a/source4/auth/auth_winbind.c
+++ b/source4/auth/auth_winbind.c
@@ -23,6 +23,8 @@
#include "includes.h"
#include "auth/auth.h"
+#include "auth/auth_proto.h"
+#include "auth/session_proto.h"
#include "nsswitch/winbind_client.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "librpc/gen_ndr/ndr_winbind.h"
diff --git a/source4/auth/config.mk b/source4/auth/config.mk
index b82a1af8fa..14f5da0eb7 100644
--- a/source4/auth/config.mk
+++ b/source4/auth/config.mk
@@ -8,7 +8,7 @@ mkinclude credentials/config.mk
PRIVATE_PROTO_HEADER = session_proto.h
PUBLIC_DEPENDENCIES = CREDENTIALS
-PUBLIC_HEADERS += auth/session.h
+# PUBLIC_HEADERS += auth/session.h
auth_session_OBJ_FILES = $(addprefix auth/, session.o)
@@ -95,7 +95,7 @@ PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS
service_auth_OBJ_FILES = $(addprefix auth/, auth.o auth_util.o auth_simple.o)
-PUBLIC_HEADERS += auth/auth.h
+# PUBLIC_HEADERS += auth/auth.h
[PYTHON::swig_auth]
PUBLIC_DEPENDENCIES = auth_system_session
diff --git a/source4/auth/credentials/config.mk b/source4/auth/credentials/config.mk
index d8c02ebea8..6f3ec3997c 100644
--- a/source4/auth/credentials/config.mk
+++ b/source4/auth/credentials/config.mk
@@ -9,7 +9,7 @@ PRIVATE_DEPENDENCIES = \
CREDENTIALS_OBJ_FILES = $(addprefix auth/credentials/, credentials.o credentials_files.o credentials_ntlm.o credentials_krb5.o ../kerberos/kerberos_util.o)
-PUBLIC_HEADERS += $(addprefix auth/credentials/, credentials.h credentials_krb5.h)
+PUBLIC_HEADERS += auth/credentials/credentials.h
[PYTHON::swig_credentials]
PUBLIC_DEPENDENCIES = CREDENTIALS LIBCMDLINE_CREDENTIALS
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 6d5c1210c9..89dddc9e05 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -33,7 +33,7 @@
* Create a new credentials structure
* @param mem_ctx TALLOC_CTX parent for credentials structure
*/
-struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
+_PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
{
struct cli_credentials *cred = talloc(mem_ctx, struct cli_credentials);
if (!cred) {
@@ -77,7 +77,7 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
* Create a new anonymous credential
* @param mem_ctx TALLOC_CTX parent for credentials structure
*/
-struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx)
+_PUBLIC_ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx)
{
struct cli_credentials *anon_credentials;
@@ -87,23 +87,23 @@ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx)
return anon_credentials;
}
-void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
+_PUBLIC_ void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
enum credentials_use_kerberos use_kerberos)
{
creds->use_kerberos = use_kerberos;
}
-enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds)
+_PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds)
{
return creds->use_kerberos;
}
-void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features)
+_PUBLIC_ void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features)
{
creds->gensec_features = gensec_features;
}
-uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
+_PUBLIC_ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
{
return creds->gensec_features;
}
@@ -115,7 +115,7 @@ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
* @retval The username set on this context.
* @note Return value will never be NULL except by programmer error.
*/
-const char *cli_credentials_get_username(struct cli_credentials *cred)
+_PUBLIC_ const char *cli_credentials_get_username(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
cli_credentials_set_machine_account(cred,
@@ -134,7 +134,7 @@ const char *cli_credentials_get_username(struct cli_credentials *cred)
return cred->username;
}
-bool cli_credentials_set_username(struct cli_credentials *cred,
+_PUBLIC_ bool cli_credentials_set_username(struct cli_credentials *cred,
const char *val, enum credentials_obtained obtained)
{
if (obtained >= cred->username_obtained) {
@@ -159,7 +159,7 @@ bool cli_credentials_set_username_callback(struct cli_credentials *cred,
return false;
}
-bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
+_PUBLIC_ bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
const char *bind_dn)
{
cred->bind_dn = talloc_strdup(cred, bind_dn);
@@ -172,7 +172,7 @@ bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
* @retval The username set on this context.
* @note Return value will be NULL if not specified explictly
*/
-const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
+_PUBLIC_ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
{
return cred->bind_dn;
}
@@ -184,7 +184,7 @@ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
* @retval The username set on this context.
* @note Return value will never be NULL except by programmer error.
*/
-const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx)
+_PUBLIC_ const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx)
{
if (cred->machine_account_pending) {
cli_credentials_set_machine_account(cred,
@@ -246,7 +246,7 @@ bool cli_credentials_set_principal_callback(struct cli_credentials *cred,
* function to determine if authentication has been explicitly
* requested */
-bool cli_credentials_authentication_requested(struct cli_credentials *cred)
+_PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *cred)
{
if (cred->bind_dn) {
return true;
@@ -275,7 +275,7 @@ bool cli_credentials_authentication_requested(struct cli_credentials *cred)
* @param cred credentials context
* @retval If set, the cleartext password, otherwise NULL
*/
-const char *cli_credentials_get_password(struct cli_credentials *cred)
+_PUBLIC_ const char *cli_credentials_get_password(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
cli_credentials_set_machine_account(cred,
@@ -297,7 +297,7 @@ const char *cli_credentials_get_password(struct cli_credentials *cred)
/* Set a password on the credentials context, including an indication
* of 'how' the password was obtained */
-bool cli_credentials_set_password(struct cli_credentials *cred,
+_PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred,
const char *val,
enum credentials_obtained obtained)
{
@@ -313,7 +313,7 @@ bool cli_credentials_set_password(struct cli_credentials *cred,
return false;
}
-bool cli_credentials_set_password_callback(struct cli_credentials *cred,
+_PUBLIC_ bool cli_credentials_set_password_callback(struct cli_credentials *cred,
const char *(*password_cb) (struct cli_credentials *))
{
if (cred->password_obtained < CRED_CALLBACK) {
@@ -358,7 +358,7 @@ bool cli_credentials_set_old_password(struct cli_credentials *cred,
* @param cred credentials context
* @retval If set, the cleartext password, otherwise NULL
*/
-const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
+_PUBLIC_ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
TALLOC_CTX *mem_ctx)
{
const char *password = cli_credentials_get_password(cred);
@@ -377,7 +377,7 @@ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *
}
}
-bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
+_PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
const struct samr_Password *nt_hash,
enum credentials_obtained obtained)
{
@@ -401,7 +401,7 @@ bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
* @retval The domain set on this context.
* @note Return value will never be NULL except by programmer error.
*/
-const char *cli_credentials_get_domain(struct cli_credentials *cred)
+_PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
cli_credentials_set_machine_account(cred,
@@ -421,7 +421,7 @@ const char *cli_credentials_get_domain(struct cli_credentials *cred)
}
-bool cli_credentials_set_domain(struct cli_credentials *cred,
+_PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred,
const char *val,
enum credentials_obtained obtained)
{
@@ -456,7 +456,7 @@ bool cli_credentials_set_domain_callback(struct cli_credentials *cred,
* @retval The realm set on this context.
* @note Return value will never be NULL except by programmer error.
*/
-const char *cli_credentials_get_realm(struct cli_credentials *cred)
+_PUBLIC_ const char *cli_credentials_get_realm(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
cli_credentials_set_machine_account(cred,
@@ -479,7 +479,7 @@ const char *cli_credentials_get_realm(struct cli_credentials *cred)
* Set the realm for this credentials context, and force it to
* uppercase for the sainity of our local kerberos libraries
*/
-bool cli_credentials_set_realm(struct cli_credentials *cred,
+_PUBLIC_ bool cli_credentials_set_realm(struct cli_credentials *cred,
const char *val,
enum credentials_obtained obtained)
{
@@ -512,7 +512,7 @@ bool cli_credentials_set_realm_callback(struct cli_credentials *cred,
* @retval The workstation name set on this context.
* @note Return value will never be NULL except by programmer error.
*/
-const char *cli_credentials_get_workstation(struct cli_credentials *cred)
+_PUBLIC_ const char *cli_credentials_get_workstation(struct cli_credentials *cred)
{
if (cred->workstation_obtained == CRED_CALLBACK &&
!cred->callback_running) {
@@ -525,7 +525,7 @@ const char *cli_credentials_get_workstation(struct cli_credentials *cred)
return cred->workstation;
}
-bool cli_credentials_set_workstation(struct cli_credentials *cred,
+_PUBLIC_ bool cli_credentials_set_workstation(struct cli_credentials *cred,
const char *val,
enum credentials_obtained obtained)
{
@@ -560,7 +560,7 @@ bool cli_credentials_set_workstation_callback(struct cli_credentials *cred,
* @param obtained This enum describes how 'specified' this password is
*/
-void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained)
+_PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained)
{
char *uname, *p;
@@ -597,7 +597,7 @@ void cli_credentials_parse_string(struct cli_credentials *credentials, const cha
* @param mem_ctx The memory context to place the result on
*/
-const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx)
+_PUBLIC_ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx)
{
const char *bind_dn = cli_credentials_get_bind_dn(credentials);
const char *domain;
@@ -625,7 +625,7 @@ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credential
*
* @param cred Credentials structure to fill in
*/
-void cli_credentials_set_conf(struct cli_credentials *cred,
+_PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
struct loadparm_context *lp_ctx)
{
cli_credentials_set_username(cred, "", CRED_UNINITIALISED);
@@ -640,7 +640,7 @@ void cli_credentials_set_conf(struct cli_credentials *cred,
*
* @param cred Credentials structure to fill in
*/
-void cli_credentials_guess(struct cli_credentials *cred,
+_PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
struct loadparm_context *lp_ctx)
{
char *p;
@@ -683,7 +683,7 @@ void cli_credentials_guess(struct cli_credentials *cred,
* Attach NETLOGON credentials for use with SCHANNEL
*/
-void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
+_PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
struct creds_CredentialState *netlogon_creds)
{
cred->netlogon_creds = talloc_reference(cred, netlogon_creds);
@@ -702,7 +702,7 @@ struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_cred
* Set NETLOGON secure channel type
*/
-void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
+_PUBLIC_ void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
enum netr_SchannelType secure_channel_type)
{
cred->secure_channel_type = secure_channel_type;
@@ -712,7 +712,7 @@ void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
* Return NETLOGON secure chanel type
*/
-enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred)
+_PUBLIC_ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred)
{
return cred->secure_channel_type;
}
@@ -720,7 +720,7 @@ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_creden
/**
* Fill in a credentials structure as the anonymous user
*/
-void cli_credentials_set_anonymous(struct cli_credentials *cred)
+_PUBLIC_ void cli_credentials_set_anonymous(struct cli_credentials *cred)
{
cli_credentials_set_username(cred, "", CRED_SPECIFIED);
cli_credentials_set_domain(cred, "", CRED_SPECIFIED);
@@ -734,7 +734,7 @@ void cli_credentials_set_anonymous(struct cli_credentials *cred)
* @retval true if anonymous, false if a username is specified
*/
-bool cli_credentials_is_anonymous(struct cli_credentials *cred)
+_PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
{
const char *username;
@@ -763,7 +763,7 @@ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
*
* @retval whether the credentials struct is finished
*/
-bool cli_credentials_wrong_password(struct cli_credentials *cred)
+_PUBLIC_ bool cli_credentials_wrong_password(struct cli_credentials *cred)
{
if (cred->password_obtained != CRED_CALLBACK_RESULT) {
return false;
@@ -779,7 +779,7 @@ bool cli_credentials_wrong_password(struct cli_credentials *cred)
/*
set the common event context for this set of credentials
*/
-void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev)
+_PUBLIC_ void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev)
{
cred->ev = ev;
}
@@ -787,7 +787,7 @@ void cli_credentials_set_event_context(struct cli_credentials *cred, struct even
/*
set the common event context for this set of credentials
*/
-struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred)
+_PUBLIC_ struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred)
{
if (cred->ev == NULL) {
cred->ev = event_context_find(cred);
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index 1b205c61ce..afcb300638 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -132,6 +132,117 @@ struct ccache_container;
struct gssapi_creds_container;
-#include "auth/credentials/credentials_proto.h"
+const char *cli_credentials_get_workstation(struct cli_credentials *cred);
+bool cli_credentials_set_workstation(struct cli_credentials *cred,
+ const char *val,
+ enum credentials_obtained obtained);
+bool cli_credentials_is_anonymous(struct cli_credentials *cred);
+struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx);
+void cli_credentials_set_anonymous(struct cli_credentials *cred);
+bool cli_credentials_wrong_password(struct cli_credentials *cred);
+const char *cli_credentials_get_password(struct cli_credentials *cred);
+void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
+ const char **username,
+ const char **domain);
+NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
+ int *flags,
+ DATA_BLOB challenge, DATA_BLOB target_info,
+ DATA_BLOB *_lm_response, DATA_BLOB *_nt_response,
+ DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key);
+const char *cli_credentials_get_realm(struct cli_credentials *cred);
+const char *cli_credentials_get_username(struct cli_credentials *cred);
+int cli_credentials_get_krb5_context(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
+ struct smb_krb5_context **smb_krb5_context);
+int cli_credentials_get_ccache(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
+ struct ccache_container **ccc);
+int cli_credentials_get_keytab(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
+ struct keytab_container **_ktc);
+const char *cli_credentials_get_domain(struct cli_credentials *cred);
+struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
+void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx);
+void cli_credentials_set_conf(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx);
+const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx);
+int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
+ struct gssapi_creds_container **_gcc);
+int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
+ struct gssapi_creds_container **_gcc);
+void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev);
+void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
+ enum credentials_use_kerberos use_kerberos);
+struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred);
+bool cli_credentials_set_domain(struct cli_credentials *cred,
+ const char *val,
+ enum credentials_obtained obtained);
+bool cli_credentials_set_username(struct cli_credentials *cred,
+ const char *val, enum credentials_obtained obtained);
+bool cli_credentials_set_password(struct cli_credentials *cred,
+ const char *val,
+ enum credentials_obtained obtained);
+struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx);
+void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained);
+const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred,
+ TALLOC_CTX *mem_ctx);
+bool cli_credentials_set_realm(struct cli_credentials *cred,
+ const char *val,
+ enum credentials_obtained obtained);
+void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
+ enum netr_SchannelType secure_channel_type);
+void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
+ struct creds_CredentialState *netlogon_creds);
+NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
+ struct smb_krb5_context *smb_krb5_context);
+NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
+ const char *serviceprincipal);
+NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx);
+bool cli_credentials_authentication_requested(struct cli_credentials *cred);
+void cli_credentials_guess(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx);
+bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
+ const char *bind_dn);
+const char *cli_credentials_get_bind_dn(struct cli_credentials *cred);
+bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained);
+const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx);
+bool cli_credentials_set_password_callback(struct cli_credentials *cred,
+ const char *(*password_cb) (struct cli_credentials *));
+enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred);
+void cli_credentials_set_kvno(struct cli_credentials *cred,
+ int kvno);
+bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
+ const struct samr_Password *nt_hash,
+ enum credentials_obtained obtained);
+int cli_credentials_set_keytab_name(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
+ const char *keytab_name,
+ enum credentials_obtained obtained);
+int cli_credentials_update_keytab(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx);
+void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features);
+uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds);
+int cli_credentials_set_ccache(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
+ const char *name,
+ enum credentials_obtained obtained);
+bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained);
+bool cli_credentials_parse_password_fd(struct cli_credentials *credentials,
+ int fd, enum credentials_obtained obtained);
+void cli_credentials_invalidate_ccache(struct cli_credentials *cred,
+ enum credentials_obtained obtained);
+void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal);
+enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
+NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
+ struct ldb_context *ldb,
+ const char *base,
+ const char *filter);
+ int cli_credentials_get_kvno(struct cli_credentials *cred);
#endif /* __CREDENTIALS_H__ */
diff --git a/source4/auth/credentials/credentials.i b/source4/auth/credentials/credentials.i
index 41ec67580e..0a604cf002 100644
--- a/source4/auth/credentials/credentials.i
+++ b/source4/auth/credentials/credentials.i
@@ -39,6 +39,10 @@ typedef struct cli_credentials cli_credentials;
$1 = NULL;
}
+%constant int AUTO_USE_KERBEROS = CRED_AUTO_USE_KERBEROS;
+%constant int DONT_USE_KERBEROS = CRED_DONT_USE_KERBEROS;
+%constant int MUST_USE_KERBEROS = CRED_MUST_USE_KERBEROS;
+
%{
#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
%}
@@ -52,7 +56,7 @@ typedef struct cli_credentials cli_credentials;
typedef struct cli_credentials {
%extend {
cli_credentials(void) {
- return cli_credentials_init_anon(NULL);
+ return cli_credentials_init(NULL);
}
/* username */
const char *get_username(void);
@@ -74,13 +78,18 @@ typedef struct cli_credentials {
bool set_realm(const char *val,
enum credentials_obtained=CRED_SPECIFIED);
+ /* Kerberos */
+ void set_kerberos_state(enum credentials_use_kerberos use_kerberos);
+
void parse_string(const char *text,
- enum credentials_obtained=CRED_SPECIFIED);
+ enum credentials_obtained=CRED_SPECIFIED);
/* bind dn */
const char *get_bind_dn(void);
bool set_bind_dn(const char *bind_dn);
+ void set_anonymous();
+
/* workstation name */
const char *get_workstation(void);
bool set_workstation(const char *workstation,
diff --git a/source4/auth/credentials/credentials.py b/source4/auth/credentials/credentials.py
index 14526af910..2b40fbeead 100644
--- a/source4/auth/credentials/credentials.py
+++ b/source4/auth/credentials/credentials.py
@@ -58,6 +58,9 @@ def _swig_setattr_nondynamic_method(set):
import param
+AUTO_USE_KERBEROS = _credentials.AUTO_USE_KERBEROS
+DONT_USE_KERBEROS = _credentials.DONT_USE_KERBEROS
+MUST_USE_KERBEROS = _credentials.MUST_USE_KERBEROS
class Credentials(object):
thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag')
__repr__ = _swig_repr
@@ -72,9 +75,11 @@ Credentials.get_domain = new_instancemethod(_credentials.Credentials_get_domain,
Credentials.set_domain = new_instancemethod(_credentials.Credentials_set_domain,None,Credentials)
Credentials.get_realm = new_instancemethod(_credentials.Credentials_get_realm,None,Credentials)
Credentials.set_realm = new_instancemethod(_credentials.Credentials_set_realm,None,Credentials)
+Credentials.set_kerberos_state = new_instancemethod(_credentials.Credentials_set_kerberos_state,None,Credentials)
Credentials.parse_string = new_instancemethod(_credentials.Credentials_parse_string,None,Credentials)
Credentials.get_bind_dn = new_instancemethod(_credentials.Credentials_get_bind_dn,None,Credentials)
Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_dn,None,Credentials)
+Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials)
Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials)
Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials)
Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials)
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index c1001c9622..8bcbc65575 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -39,7 +39,7 @@
* @param obtained This enum describes how 'specified' this password is
*/
-bool cli_credentials_parse_password_fd(struct cli_credentials *credentials,
+_PUBLIC_ bool cli_credentials_parse_password_fd(struct cli_credentials *credentials,
int fd, enum credentials_obtained obtained)
{
char *p;
@@ -83,7 +83,7 @@ bool cli_credentials_parse_password_fd(struct cli_credentials *credentials,
* @param obtained This enum describes how 'specified' this password is
*/
-bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained)
+_PUBLIC_ bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained)
{
int fd = open(file, O_RDONLY, 0);
bool ret;
@@ -109,7 +109,7 @@ bool cli_credentials_parse_password_file(struct cli_credentials *credentials, co
* @param obtained This enum describes how 'specified' this password is
*/
-bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained)
+_PUBLIC_ bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained)
{
uint16_t len = 0;
char *ptr, *val, *param;
@@ -168,7 +168,7 @@ bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file,
* @param cred Credentials structure to fill in
* @retval NTSTATUS error detailing any failure
*/
-NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
+_PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct ldb_context *ldb,
const char *base,
@@ -326,7 +326,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
* @param cred Credentials structure to fill in
* @retval NTSTATUS error detailing any failure
*/
-NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
+_PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
struct loadparm_context *lp_ctx)
{
char *filter;
@@ -369,7 +369,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
* @param cred Credentials structure to fill in
* @retval NTSTATUS error detailing any failure
*/
-NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
+_PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
const char *serviceprincipal)
{
@@ -395,7 +395,7 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
* than during, popt processing.
*
*/
-void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
+_PUBLIC_ void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
struct loadparm_context *lp_ctx)
{
cred->machine_account_pending = true;
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index 52bf9f124f..cd9285b09d 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -25,10 +25,11 @@
#include "system/kerberos.h"
#include "auth/kerberos/kerberos.h"
#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_proto.h"
#include "auth/credentials/credentials_krb5.h"
#include "param/param.h"
-int cli_credentials_get_krb5_context(struct cli_credentials *cred,
+_PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context)
{
@@ -52,7 +53,7 @@ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
* otherwise we might have problems with the krb5 context already
* being here.
*/
-NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
+_PUBLIC_ NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
struct smb_krb5_context *smb_krb5_context)
{
if (!talloc_reference(cred, smb_krb5_context)) {
@@ -126,7 +127,7 @@ static int free_dccache(struct ccache_container *ccc) {
return 0;
}
-int cli_credentials_set_ccache(struct cli_credentials *cred,
+_PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
const char *name,
enum credentials_obtained obtained)
@@ -251,7 +252,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
return ret;
}
-int cli_credentials_get_ccache(struct cli_credentials *cred,
+_PUBLIC_ int cli_credentials_get_ccache(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct ccache_container **ccc)
{
@@ -315,7 +316,7 @@ void cli_credentials_invalidate_client_gss_creds(struct cli_credentials *cred,
}
}
-void cli_credentials_invalidate_ccache(struct cli_credentials *cred,
+_PUBLIC_ void cli_credentials_invalidate_ccache(struct cli_credentials *cred,
enum credentials_obtained obtained)
{
/* If the caller just changed the username/password etc, then
@@ -346,7 +347,7 @@ static int free_gssapi_creds(struct gssapi_creds_container *gcc)
return 0;
}
-int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
+_PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc)
{
@@ -454,7 +455,7 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
* attached to this context. If this hasn't been done or set before,
* it will be generated from the password.
*/
-int cli_credentials_get_keytab(struct cli_credentials *cred,
+_PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct keytab_container **_ktc)
{
@@ -508,7 +509,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
/* Given the name of a keytab (presumably in the format
* FILE:/etc/krb5.keytab), open it and attach it */
-int cli_credentials_set_keytab_name(struct cli_credentials *cred,
+_PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
const char *keytab_name,
enum credentials_obtained obtained)
@@ -547,7 +548,7 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
return ret;
}
-int cli_credentials_update_keytab(struct cli_credentials *cred,
+_PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred,
struct loadparm_context *lp_ctx)
{
krb5_error_code ret;
@@ -583,7 +584,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred,
/* Get server gss credentials (in gsskrb5, this means the keytab) */
-int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
+_PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc)
{
@@ -657,7 +658,7 @@ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
* Set Kerberos KVNO
*/
-void cli_credentials_set_kvno(struct cli_credentials *cred,
+_PUBLIC_ void cli_credentials_set_kvno(struct cli_credentials *cred,
int kvno)
{
cred->kvno = kvno;
@@ -667,7 +668,7 @@ void cli_credentials_set_kvno(struct cli_credentials *cred,
* Return Kerberos KVNO
*/
-int cli_credentials_get_kvno(struct cli_credentials *cred)
+_PUBLIC_ int cli_credentials_get_kvno(struct cli_credentials *cred)
{
return cred->kvno;
}
@@ -693,7 +694,7 @@ const char *cli_credentials_get_salt_principal(struct cli_credentials *cred)
return cred->salt_principal;
}
-void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal)
+_PUBLIC_ void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal)
{
cred->salt_principal = talloc_strdup(cred, principal);
}
diff --git a/source4/auth/credentials/credentials_ntlm.c b/source4/auth/credentials/credentials_ntlm.c
index 04f1d312e6..b88f2018df 100644
--- a/source4/auth/credentials/credentials_ntlm.c
+++ b/source4/auth/credentials/credentials_ntlm.c
@@ -27,7 +27,7 @@
#include "libcli/auth/libcli_auth.h"
#include "auth/credentials/credentials.h"
-void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
+_PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
const char **username,
const char **domain)
{
@@ -40,7 +40,7 @@ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALL
}
}
-NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
+_PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
int *flags,
DATA_BLOB challenge, DATA_BLOB target_info,
DATA_BLOB *_lm_response, DATA_BLOB *_nt_response,
diff --git a/source4/auth/credentials/credentials_wrap.c b/source4/auth/credentials/credentials_wrap.c
index b1b904c8a3..909233aaff 100644
--- a/source4/auth/credentials/credentials_wrap.c
+++ b/source4/auth/credentials/credentials_wrap.c
@@ -2462,7 +2462,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
#define SWIGTYPE_p_int swig_types[3]
#define SWIGTYPE_p_loadparm_context swig_types[4]
#define SWIGTYPE_p_loadparm_service swig_types[5]
-#define SWIGTYPE_p_long_long swig_types[6]
+#define SWIGTYPE_p_long swig_types[6]
#define SWIGTYPE_p_param_context swig_types[7]
#define SWIGTYPE_p_param_opt swig_types[8]
#define SWIGTYPE_p_param_section swig_types[9]
@@ -2470,7 +2470,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
#define SWIGTYPE_p_signed_char swig_types[11]
#define SWIGTYPE_p_unsigned_char swig_types[12]
#define SWIGTYPE_p_unsigned_int swig_types[13]
-#define SWIGTYPE_p_unsigned_long_long swig_types[14]
+#define SWIGTYPE_p_unsigned_long swig_types[14]
#define SWIGTYPE_p_unsigned_short swig_types[15]
static swig_type_info *swig_types[17];
static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
@@ -2525,10 +2525,20 @@ static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
typedef struct cli_credentials cli_credentials;
+ #define SWIG_From_long PyInt_FromLong
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_int (int value)
+{
+ return SWIG_From_long (value);
+}
+
+
#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
SWIGINTERN cli_credentials *new_cli_credentials(){
- return cli_credentials_init_anon(NULL);
+ return cli_credentials_init(NULL);
}
SWIGINTERN swig_type_info*
@@ -3131,6 +3141,44 @@ fail:
}
+SWIGINTERN PyObject *_wrap_Credentials_set_kerberos_state(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+ PyObject *resultobj = 0;
+ cli_credentials *arg1 = (cli_credentials *) 0 ;
+ enum credentials_use_kerberos arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ char * kwnames[] = {
+ (char *) "self",(char *) "use_kerberos", NULL
+ };
+
+ arg1 = NULL;
+ if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_kerberos_state",kwnames,&obj0,&obj1)) SWIG_fail;
+ if (obj0) {
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_kerberos_state" "', argument " "1"" of type '" "cli_credentials *""'");
+ }
+ arg1 = (cli_credentials *)(argp1);
+ }
+ if (obj1) {
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "Credentials_set_kerberos_state" "', argument " "2"" of type '" "enum credentials_use_kerberos""'");
+ }
+ arg2 = (enum credentials_use_kerberos)(val2);
+ }
+ cli_credentials_set_kerberos_state(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_Credentials_parse_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
PyObject *resultobj = 0;
cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3253,6 +3301,33 @@ fail:
}
+SWIGINTERN PyObject *_wrap_Credentials_set_anonymous(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+ PyObject *resultobj = 0;
+ cli_credentials *arg1 = (cli_credentials *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ char * kwnames[] = {
+ (char *) "self", NULL
+ };
+
+ arg1 = NULL;
+ if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|O:Credentials_set_anonymous",kwnames,&obj0)) SWIG_fail;
+ if (obj0) {
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_anonymous" "', argument " "1"" of type '" "cli_credentials *""'");
+ }
+ arg1 = (cli_credentials *)(argp1);
+ }
+ cli_credentials_set_anonymous(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_Credentials_get_workstation(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
PyObject *resultobj = 0;
cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3564,9 +3639,11 @@ static PyMethodDef SwigMethods[] = {
{ (char *)"Credentials_set_domain", (PyCFunction) _wrap_Credentials_set_domain, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_realm", (PyCFunction) _wrap_Credentials_get_realm, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_realm", (PyCFunction) _wrap_Credentials_set_realm, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"Credentials_set_kerberos_state", (PyCFunction) _wrap_Credentials_set_kerberos_state, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_parse_string", (PyCFunction) _wrap_Credentials_parse_string, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_bind_dn", (PyCFunction) _wrap_Credentials_get_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_bind_dn", (PyCFunction) _wrap_Credentials_set_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL},
@@ -3587,18 +3664,18 @@ static PyMethodDef SwigMethods[] = {
static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0};
static swig_type_info *swig_type_initial[] = {
@@ -3608,7 +3685,7 @@ static swig_type_info *swig_type_initial[] = {
&_swigt__p_int,
&_swigt__p_loadparm_context,
&_swigt__p_loadparm_service,
- &_swigt__p_long_long,
+ &_swigt__p_long,
&_swigt__p_param_context,
&_swigt__p_param_opt,
&_swigt__p_param_section,
@@ -3616,7 +3693,7 @@ static swig_type_info *swig_type_initial[] = {
&_swigt__p_signed_char,
&_swigt__p_unsigned_char,
&_swigt__p_unsigned_int,
- &_swigt__p_unsigned_long_long,
+ &_swigt__p_unsigned_long,
&_swigt__p_unsigned_short,
};
@@ -3626,7 +3703,7 @@ static swig_cast_info _swigc__p_cli_credentials[] = { {&_swigt__p_cli_credentia
static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}};
@@ -3634,7 +3711,7 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0,
static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info *swig_cast_initial[] = {
@@ -3644,7 +3721,7 @@ static swig_cast_info *swig_cast_initial[] = {
_swigc__p_int,
_swigc__p_loadparm_context,
_swigc__p_loadparm_service,
- _swigc__p_long_long,
+ _swigc__p_long,
_swigc__p_param_context,
_swigc__p_param_opt,
_swigc__p_param_section,
@@ -3652,7 +3729,7 @@ static swig_cast_info *swig_cast_initial[] = {
_swigc__p_signed_char,
_swigc__p_unsigned_char,
_swigc__p_unsigned_int,
- _swigc__p_unsigned_long_long,
+ _swigc__p_unsigned_long,
_swigc__p_unsigned_short,
};
@@ -4174,5 +4251,8 @@ SWIGEXPORT void SWIG_init(void) {
SWIG_InstallConstants(d,swig_const_table);
+ SWIG_Python_SetConstant(d, "AUTO_USE_KERBEROS",SWIG_From_int((int)(CRED_AUTO_USE_KERBEROS)));
+ SWIG_Python_SetConstant(d, "DONT_USE_KERBEROS",SWIG_From_int((int)(CRED_DONT_USE_KERBEROS)));
+ SWIG_Python_SetConstant(d, "MUST_USE_KERBEROS",SWIG_From_int((int)(CRED_MUST_USE_KERBEROS)));
}
diff --git a/source4/auth/credentials/tests/bindings.py b/source4/auth/credentials/tests/bindings.py
index d2ca68d115..d0a99502c1 100644
--- a/source4/auth/credentials/tests/bindings.py
+++ b/source4/auth/credentials/tests/bindings.py
@@ -67,6 +67,8 @@ class CredentialsTests(unittest.TestCase):
self.assertTrue(self.creds.is_anonymous())
self.creds.set_username("somebody")
self.assertFalse(self.creds.is_anonymous())
+ self.creds.set_anonymous()
+ self.assertTrue(self.creds.is_anonymous())
def test_workstation(self):
# FIXME: This is uninitialised, it should be None
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk
index 243725b235..61663d9633 100644
--- a/source4/auth/gensec/config.mk
+++ b/source4/auth/gensec/config.mk
@@ -13,7 +13,7 @@ gensec_VERSION = 0.0.1
gensec_SOVERSION = 0
gensec_OBJ_FILES = $(addprefix auth/gensec/, gensec.o socket.o)
-PUBLIC_HEADERS += $(addprefix auth/gensec/, gensec.h spnego.h)
+PUBLIC_HEADERS += auth/gensec/gensec.h
################################################
# Start MODULE gensec_krb5
diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c
index cb7bcb71d8..06a7b8a382 100644
--- a/source4/auth/gensec/cyrus_sasl.c
+++ b/source4/auth/gensec/cyrus_sasl.c
@@ -23,6 +23,7 @@
#include "auth/auth.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
#include "lib/socket/socket.h"
#include <sasl/sasl.h>
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index b07a92d4d1..3393ce0178 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -26,6 +26,7 @@
#include "librpc/rpc/dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
#include "param/param.h"
/* the list of currently registered GENSEC backends */
@@ -34,7 +35,7 @@ static int gensec_num_backends;
/* Return all the registered mechs. Don't modify the return pointer,
* but you may talloc_reference it if convient */
-struct gensec_security_ops **gensec_security_all(void)
+_PUBLIC_ struct gensec_security_ops **gensec_security_all(void)
{
return generic_security_ops;
}
@@ -44,7 +45,7 @@ struct gensec_security_ops **gensec_security_all(void)
* gensec_security_all(), or from cli_credentials_gensec_list() (ie,
* an existing list we have trimmed down) */
-struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
+_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
struct gensec_security_ops **old_gensec_list,
struct cli_credentials *creds)
{
@@ -571,7 +572,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
@param gensec_security Returned GENSEC context pointer.
@note The mem_ctx is only a parent and may be NULL.
*/
-NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
+_PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct loadparm_context *lp_ctx,
struct messaging_context *msg,
@@ -636,7 +637,7 @@ static NTSTATUS gensec_start_mech(struct gensec_security *gensec_security)
* @param auth_level DCERPC auth level
*/
-NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
uint8_t auth_type, uint8_t auth_level)
{
gensec_security->ops = gensec_security_by_authtype(gensec_security, auth_type);
@@ -662,7 +663,7 @@ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
return gensec_start_mech(gensec_security);
}
-const char *gensec_get_name_by_authtype(uint8_t authtype)
+_PUBLIC_ const char *gensec_get_name_by_authtype(uint8_t authtype)
{
const struct gensec_security_ops *ops;
ops = gensec_security_by_authtype(NULL, authtype);
@@ -673,7 +674,7 @@ const char *gensec_get_name_by_authtype(uint8_t authtype)
}
-const char *gensec_get_name_by_oid(const char *oid_string)
+_PUBLIC_ const char *gensec_get_name_by_oid(const char *oid_string)
{
const struct gensec_security_ops *ops;
ops = gensec_security_by_oid(NULL, oid_string);
@@ -703,7 +704,7 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security,
* well-known #define to hook it in.
*/
-NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
const char *mech_oid)
{
gensec_security->ops = gensec_security_by_oid(gensec_security, mech_oid);
@@ -719,7 +720,7 @@ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
*
*/
-NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
const char *sasl_name)
{
gensec_security->ops = gensec_security_by_sasl_name(gensec_security, sasl_name);
@@ -768,7 +769,7 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_
*
*/
-NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security,
const char *name)
{
gensec_security->ops = gensec_security_by_name(gensec_security, name);
@@ -782,7 +783,7 @@ NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security,
/*
wrappers for the gensec function pointers
*/
-NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
@@ -801,7 +802,7 @@ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
sig);
}
-NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
@@ -817,7 +818,7 @@ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
return gensec_security->ops->check_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
}
-NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
@@ -833,7 +834,7 @@ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
}
-NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
@@ -849,7 +850,7 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
return gensec_security->ops->sign_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
}
-size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size)
+_PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size)
{
if (!gensec_security->ops->sig_size) {
return 0;
@@ -879,7 +880,7 @@ size_t gensec_max_input_size(struct gensec_security *gensec_security)
return gensec_security->ops->max_input_size(gensec_security);
}
-NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const DATA_BLOB *in,
DATA_BLOB *out)
@@ -890,7 +891,7 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
return gensec_security->ops->wrap(gensec_security, mem_ctx, in, out);
}
-NTSTATUS gensec_unwrap(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const DATA_BLOB *in,
DATA_BLOB *out)
@@ -901,7 +902,7 @@ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security,
return gensec_security->ops->unwrap(gensec_security, mem_ctx, in, out);
}
-NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
DATA_BLOB *session_key)
{
if (!gensec_security->ops->session_key) {
@@ -924,7 +925,7 @@ NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
*
*/
-NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
+_PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
struct auth_session_info **session_info)
{
if (!gensec_security->ops->session_info) {
@@ -1064,7 +1065,7 @@ _PUBLIC_ NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security
*
*/
-struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security)
+_PUBLIC_ struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security)
{
if (!gensec_security) {
return NULL;
@@ -1134,7 +1135,7 @@ _PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_s
* cryptographic tokens, to avoid certain attacks.
*/
-NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr)
+_PUBLIC_ NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr)
{
gensec_security->my_addr = my_addr;
if (my_addr && !talloc_reference(gensec_security, my_addr)) {
@@ -1143,7 +1144,7 @@ NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct sock
return NT_STATUS_OK;
}
-NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr)
+_PUBLIC_ NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr)
{
gensec_security->peer_addr = peer_addr;
if (peer_addr && !talloc_reference(gensec_security, peer_addr)) {
@@ -1163,7 +1164,7 @@ struct socket_address *gensec_get_my_addr(struct gensec_security *gensec_securit
return NULL;
}
-struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security)
+_PUBLIC_ struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security)
{
if (gensec_security->peer_addr) {
return gensec_security->peer_addr;
@@ -1263,7 +1264,7 @@ static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_
/*
initialise the GENSEC subsystem
*/
-NTSTATUS gensec_init(struct loadparm_context *lp_ctx)
+_PUBLIC_ NTSTATUS gensec_init(struct loadparm_context *lp_ctx)
{
static bool initialized = false;
extern NTSTATUS gensec_sasl_init(void);
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 3413e5c8ce..7a1abfbc3b 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -199,6 +199,96 @@ NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
struct loadparm_context;
-#include "auth/gensec/gensec_proto.h"
+NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
+ struct gensec_security *parent,
+ struct gensec_security **gensec_security);
+NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
+ struct gensec_security **gensec_security,
+ struct event_context *ev,
+ struct loadparm_context *lp_ctx);
+NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security,
+ const char **sasl_names);
+NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
+ const DATA_BLOB in, DATA_BLOB *out);
+void gensec_update_send(struct gensec_security *gensec_security, const DATA_BLOB in,
+ void (*callback)(struct gensec_update_request *req, void *private_data),
+ void *private_data);
+NTSTATUS gensec_update_recv(struct gensec_update_request *req, TALLOC_CTX *out_mem_ctx, DATA_BLOB *out);
+void gensec_want_feature(struct gensec_security *gensec_security,
+ uint32_t feature);
+bool gensec_have_feature(struct gensec_security *gensec_security,
+ uint32_t feature);
+NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security, struct cli_credentials *credentials);
+NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, const char *service);
+const char *gensec_get_target_service(struct gensec_security *gensec_security);
+NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_security, const char *hostname);
+const char *gensec_get_target_hostname(struct gensec_security *gensec_security);
+NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
+ DATA_BLOB *session_key);
+NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
+ const char *mech_oid);
+const char *gensec_get_name_by_oid(const char *oid_string);
+struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security);
+struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security);
+NTSTATUS gensec_init(struct loadparm_context *lp_ctx);
+NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig);
+NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig);
+size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size);
+NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ DATA_BLOB *sig);
+NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ DATA_BLOB *sig);
+NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
+ uint8_t auth_type, uint8_t auth_level);
+const char *gensec_get_name_by_authtype(uint8_t authtype);
+NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct loadparm_context *lp_ctx,
+ struct messaging_context *msg,
+ struct gensec_security **gensec_security);
+NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
+ struct auth_session_info **session_info);
+NTSTATUS auth_nt_status_squash(NTSTATUS nt_status);
+struct creds_CredentialState;
+NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ struct creds_CredentialState **creds);
+NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr);
+NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr);
+
+NTSTATUS gensec_start_mech_by_name(struct gensec_security *gensec_security,
+ const char *name);
+
+NTSTATUS gensec_unwrap(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *in,
+ DATA_BLOB *out);
+NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *in,
+ DATA_BLOB *out);
+
+struct gensec_security_ops **gensec_security_all(void);
+struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
+ struct gensec_security_ops **old_gensec_list,
+ struct cli_credentials *creds);
+
+NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
+ const char *sasl_name);
+
#endif /* __GENSEC_H__ */
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index d8cdb90197..e7dcb4ea68 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -34,7 +34,9 @@
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
#include "param/param.h"
+#include "auth/session_proto.h"
enum gensec_gssapi_sasl_state
{
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 88432c7f89..ae601b19c2 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -36,7 +36,9 @@
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
#include "param/param.h"
+#include "auth/session_proto.h"
enum GENSEC_KRB5_STATE {
GENSEC_KRB5_SERVER_START,
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 96e3478982..b3117ee9b2 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -25,11 +25,13 @@
#include "auth/auth.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
#include "auth/gensec/schannel.h"
#include "auth/gensec/schannel_state.h"
#include "auth/gensec/schannel_proto.h"
#include "librpc/rpc/dcerpc.h"
#include "param/param.h"
+#include "auth/session_proto.h"
static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size)
{
diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c
index 4dc05e8cc4..27449bf610 100644
--- a/source4/auth/gensec/socket.c
+++ b/source4/auth/gensec/socket.c
@@ -24,6 +24,7 @@
#include "lib/socket/socket.h"
#include "lib/stream/packet.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
static const struct socket_ops gensec_socket_ops;
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index f593d17d4b..1544326bb1 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -26,6 +26,7 @@
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
enum spnego_state_position {
SPNEGO_SERVER_START,
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index e905e3e704..9002715065 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -24,6 +24,7 @@
#include "system/kerberos.h"
#include "auth/kerberos/kerberos.h"
#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_proto.h"
#include "auth/credentials/credentials_krb5.h"
struct principal_container {
@@ -634,7 +635,7 @@ int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
return ret;
}
-_PUBLIC_ int smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx,
+int smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx,
struct cli_credentials *machine_account,
struct smb_krb5_context *smb_krb5_context,
const char **enctype_strings,
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index 8901488004..64bfebd3d1 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -27,7 +27,9 @@
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
#include "auth/auth.h"
+#include "auth/auth_proto.h"
#include "param/param.h"
/**
diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index 5efc0a2eb1..df950e4756 100644
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -186,4 +186,5 @@ struct gensec_ntlmssp_state
struct loadparm_context;
struct auth_session_info;
+
#include "auth/ntlmssp/proto.h"
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index eb6dbc5bca..12802b7e79 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -30,7 +30,9 @@
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
#include "auth/auth.h"
+#include "auth/auth_proto.h"
#include "param/param.h"
+#include "auth/session_proto.h"
/**
* Set a username on an NTLMSSP context - ensures it is talloc()ed
diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index b003dc865f..063b16f539 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -134,7 +134,7 @@ static NTSTATUS ntlmssp_make_packet_signature(struct gensec_ntlmssp_state *gense
}
/* TODO: make this non-public */
-_PUBLIC_ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security,
+NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security,
TALLOC_CTX *sig_mem_ctx,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
@@ -306,7 +306,7 @@ NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security,
Initialise the state for NTLMSSP signing.
*/
/* TODO: make this non-public */
-_PUBLIC_ NTSTATUS ntlmssp_sign_init(struct gensec_ntlmssp_state *gensec_ntlmssp_state)
+NTSTATUS ntlmssp_sign_init(struct gensec_ntlmssp_state *gensec_ntlmssp_state)
{
TALLOC_CTX *mem_ctx = talloc_new(gensec_ntlmssp_state);
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index b171fc57b9..ed44754993 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -383,7 +383,7 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_conte
return NT_STATUS_OK;
}
-_PUBLIC_ NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx,
+NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx, const char *principal,
struct ldb_message ***msgs,
struct ldb_message ***msgs_domain_ref)
diff --git a/source4/auth/session.c b/source4/auth/session.c
index c86fff90df..112eac95d8 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -28,8 +28,9 @@
#include "dsdb/samdb/samdb.h"
#include "auth/credentials/credentials.h"
#include "param/param.h"
+#include "auth/session_proto.h"
-struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
+_PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx)
{
NTSTATUS nt_status;
@@ -41,7 +42,7 @@ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
return session_info;
}
-NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
+_PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
struct loadparm_context *lp_ctx,
struct auth_session_info **_session_info)
{
@@ -77,7 +78,7 @@ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
return NT_STATUS_OK;
}
-NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
+_PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
const char *netbios_name,
struct auth_serversupplied_info **_server_info)
{
@@ -149,7 +150,7 @@ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
+_PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
struct auth_serversupplied_info *server_info,
struct auth_session_info **_session_info)
@@ -199,7 +200,7 @@ void auth_session_info_debug(int dbg_lev,
/**
* Make a server_info struct from the info3 returned by a domain logon
*/
-NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
+_PUBLIC_ NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
const char *account_name,
uint16_t validation_level,
union netr_Validation *validation,
diff --git a/source4/auth/session.h b/source4/auth/session.h
index 039c005bb0..87fc47791a 100644
--- a/source4/auth/session.h
+++ b/source4/auth/session.h
@@ -29,6 +29,28 @@ struct auth_session_info {
};
#include "librpc/gen_ndr/netlogon.h"
-#include "auth/session_proto.h"
+
+struct auth_session_info *system_session_anon(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
+struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) ;
+NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
+ const char *netbios_name,
+ struct auth_serversupplied_info **_server_info) ;
+NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
+ struct auth_serversupplied_info *server_info,
+ struct auth_session_info **_session_info) ;
+
+NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
+ const char *account_name,
+ uint16_t validation_level,
+ union netr_Validation *validation,
+ struct auth_serversupplied_info **_server_info);
+NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
+ struct loadparm_context *lp_ctx,
+ struct auth_session_info **_session_info);
+
+struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx);
+
#endif /* _SAMBA_AUTH_SESSION_H */