diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/auth.c | 27 | ||||
-rw-r--r-- | source4/auth/auth.h | 3 | ||||
-rw-r--r-- | source4/auth/auth_simple.c | 17 | ||||
-rw-r--r-- | source4/auth/gensec/gensec.c | 37 | ||||
-rw-r--r-- | source4/auth/gensec/gensec.h | 1 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_server.c | 5 | ||||
-rw-r--r-- | source4/kdc/kpasswdd.c | 5 | ||||
-rw-r--r-- | source4/ldap_server/ldap_bind.c | 14 | ||||
-rw-r--r-- | source4/rpc_server/dcesrv_auth.c | 2 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 10 | ||||
-rw-r--r-- | source4/scripting/ejs/smbcalls_auth.c | 6 | ||||
-rw-r--r-- | source4/smb_server/smb/negprot.c | 15 | ||||
-rw-r--r-- | source4/smb_server/smb/sesssetup.c | 11 | ||||
-rw-r--r-- | source4/smb_server/smb2/negprot.c | 6 | ||||
-rw-r--r-- | source4/smb_server/smb2/sesssetup.c | 6 | ||||
-rw-r--r-- | source4/utils/config.mk | 4 | ||||
-rw-r--r-- | source4/utils/ntlm_auth.c | 15 |
17 files changed, 128 insertions, 56 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c index d3b9e28f7b..e478ac250b 100644 --- a/source4/auth/auth.c +++ b/source4/auth/auth.c @@ -360,8 +360,9 @@ NTSTATUS auth_check_password_recv(struct auth_check_password_request *req, Make a auth_info struct for the auth subsystem ***************************************************************************/ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, const char **methods, - struct auth_context **auth_ctx, - struct event_context *ev) + struct event_context *ev, + struct messaging_context *msg, + struct auth_context **auth_ctx) { int i; struct auth_context *ctx; @@ -371,22 +372,24 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, const char **methods, return NT_STATUS_INTERNAL_ERROR; } + if (!ev) { + DEBUG(0,("auth_context_create: called with out event context\n")); + return NT_STATUS_INTERNAL_ERROR; + } + + if (!msg) { + DEBUG(0,("auth_context_create: called with out messaging context\n")); + return NT_STATUS_INTERNAL_ERROR; + } + ctx = talloc(mem_ctx, struct auth_context); NT_STATUS_HAVE_NO_MEMORY(ctx); ctx->challenge.set_by = NULL; ctx->challenge.may_be_modified = False; ctx->challenge.data = data_blob(NULL, 0); ctx->methods = NULL; - - if (ev == NULL) { - ev = event_context_init(ctx); - if (ev == NULL) { - talloc_free(ctx); - return NT_STATUS_NO_MEMORY; - } - } - - ctx->event_ctx = ev; + ctx->event_ctx = ev; + ctx->msg_ctx = msg; for (i=0; methods[i] ; i++) { struct auth_method_context *method; diff --git a/source4/auth/auth.h b/source4/auth/auth.h index 7ebab9c8e1..badfe14762 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -171,6 +171,9 @@ struct auth_context { /* the event context to use for calls that can block */ struct event_context *event_ctx; + + /* the messaging context which can be used by backends */ + struct messaging_context *msg_ctx; }; /* this structure is used by backends to determine the size of some critical types */ diff --git a/source4/auth/auth_simple.c b/source4/auth/auth_simple.c index 4448e227e7..a0bb636bb6 100644 --- a/source4/auth/auth_simple.c +++ b/source4/auth/auth_simple.c @@ -26,11 +26,13 @@ #include "auth/auth.h" #include "lib/events/events.h" -_PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, - const char *nt4_domain, - const char *nt4_username, - const char *password, - struct auth_session_info **session_info) +_PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct messaging_context *msg, + const char *nt4_domain, + const char *nt4_username, + const char *password, + struct auth_session_info **session_info) { struct auth_context *auth_context; struct auth_usersupplied_info *user_info; @@ -42,8 +44,9 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - nt_status = auth_context_create(tmp_ctx, lp_auth_methods(), &auth_context, - event_context_find(mem_ctx)); + nt_status = auth_context_create(tmp_ctx, lp_auth_methods(), + ev, msg, + &auth_context); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return nt_status; diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index c0aba3924c..ecdac8564a 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -465,8 +465,9 @@ const char **gensec_security_oids(struct gensec_security *gensec_security, @note The mem_ctx is only a parent and may be NULL. */ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, - struct gensec_security **gensec_security, - struct event_context *ev) + struct event_context *ev, + struct messaging_context *msg, + struct gensec_security **gensec_security) { (*gensec_security) = talloc(mem_ctx, struct gensec_security); NT_STATUS_HAVE_NO_MEMORY(*gensec_security); @@ -489,6 +490,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, } (*gensec_security)->event_ctx = ev; + (*gensec_security)->msg_ctx = msg; return NT_STATUS_OK; } @@ -514,6 +516,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, (*gensec_security)->subcontext = True; (*gensec_security)->event_ctx = parent->event_ctx; + (*gensec_security)->msg_ctx = parent->msg_ctx; return NT_STATUS_OK; } @@ -529,10 +532,20 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, struct event_context *ev) { NTSTATUS status; - status = gensec_start(mem_ctx, gensec_security, ev); + struct event_context *new_ev = NULL; + + if (ev == NULL) { + new_ev = event_context_init(mem_ctx); + NT_STATUS_HAVE_NO_MEMORY(new_ev); + ev = new_ev; + } + + status = gensec_start(mem_ctx, ev, NULL, gensec_security); if (!NT_STATUS_IS_OK(status)) { + talloc_free(new_ev); return status; } + talloc_steal((*gensec_security), new_ev); (*gensec_security)->gensec_role = GENSEC_CLIENT; return status; @@ -545,11 +558,23 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, @note The mem_ctx is only a parent and may be NULL. */ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, - struct gensec_security **gensec_security, - struct event_context *ev) + struct event_context *ev, + struct messaging_context *msg, + struct gensec_security **gensec_security) { NTSTATUS status; - status = gensec_start(mem_ctx, gensec_security, ev); + + if (!ev) { + DEBUG(0,("gensec_server_start: no event context given!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + + if (!msg) { + DEBUG(0,("gensec_server_start: no messaging context given!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + + status = gensec_start(mem_ctx, ev, msg, gensec_security); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index be5e900188..ce015086f6 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -122,6 +122,7 @@ struct gensec_security { BOOL subcontext; uint32_t want_features; struct event_context *event_ctx; + struct messaging_context *msg_ctx; /* only valid as server */ struct socket_address *my_addr, *peer_addr; }; diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index b574622bbe..eab5838113 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -830,8 +830,9 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) } nt_status = auth_context_create(gensec_ntlmssp_state, lp_auth_methods(), - &gensec_ntlmssp_state->auth_context, - gensec_security->event_ctx); + gensec_security->event_ctx, + gensec_security->msg_ctx, + &gensec_ntlmssp_state->auth_context); NT_STATUS_NOT_OK_RETURN(nt_status); gensec_ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge; diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 48955e2ca7..65e7ac1c00 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -451,14 +451,13 @@ BOOL kpasswdd_process(struct kdc_server *kdc, ap_req = data_blob_const(&input->data[header_len], ap_req_len); krb_priv_req = data_blob_const(&input->data[header_len + ap_req_len], krb_priv_len); - nt_status = gensec_server_start(tmp_ctx, &gensec_security, kdc->task->event_ctx); + nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->msg_ctx, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return False; } - server_credentials - = cli_credentials_init(tmp_ctx); + server_credentials = cli_credentials_init(tmp_ctx); if (!server_credentials) { DEBUG(1, ("Failed to init server credentials\n")); return False; diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 60783df4df..fe23d55d1d 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -46,8 +46,12 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) status = crack_dn_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account); if (NT_STATUS_IS_OK(status)) { - status = authenticate_username_pw(call, nt4_domain, nt4_account, - req->creds.password, &session_info); + status = authenticate_username_pw(call, + call->conn->connection->event.ctx, + call->conn->connection->msg_ctx, + nt4_domain, nt4_account, + req->creds.password, + &session_info); } reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse); @@ -135,8 +139,10 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) if (!conn->gensec) { conn->session_info = NULL; - status = gensec_server_start(conn, &conn->gensec, - conn->connection->event.ctx); + status = gensec_server_start(conn, + conn->connection->event.ctx, + conn->connection->msg_ctx, + &conn->gensec); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status))); result = LDAP_OPERATIONS_ERROR; diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index a054c5fad9..3f848ca381 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -57,7 +57,7 @@ BOOL dcesrv_auth_bind(struct dcesrv_call_state *call) return False; } - status = gensec_server_start(dce_conn, &auth->gensec_security, call->event_ctx); + status = gensec_server_start(dce_conn, call->event_ctx, call->msg_ctx, &auth->gensec_security); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC for DCERPC server: %s\n", nt_errstr(status))); return False; diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 93ae7a18ed..569ec9f2b3 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -431,8 +431,9 @@ static NTSTATUS netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALL } /* TODO: we need to deny anonymous access here */ - nt_status = auth_context_create(mem_ctx, lp_auth_methods(), &auth_context, - dce_call->event_ctx); + nt_status = auth_context_create(mem_ctx, lp_auth_methods(), + dce_call->event_ctx, dce_call->msg_ctx, + &auth_context); NT_STATUS_NOT_OK_RETURN(nt_status); user_info->logon_parameters = r->in.logon.password->identity_info.parameter_control; @@ -456,8 +457,9 @@ static NTSTATUS netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALL case 6: /* TODO: we need to deny anonymous access here */ - nt_status = auth_context_create(mem_ctx, lp_auth_methods(), &auth_context, - dce_call->event_ctx); + nt_status = auth_context_create(mem_ctx, lp_auth_methods(), + dce_call->event_ctx, dce_call->msg_ctx, + &auth_context); NT_STATUS_NOT_OK_RETURN(nt_status); nt_status = auth_context_set_challenge(auth_context, r->in.logon.network->challenge, "netr_LogonSamLogonWithFlags"); diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 678d3c6a7f..281f35bb20 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -26,6 +26,7 @@ #include "auth/auth.h" #include "scripting/ejs/smbcalls.h" #include "lib/events/events.h" +#include "lib/messaging/irpc.h" static int ejs_doauth(MprVarHandle eid, TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, @@ -41,17 +42,20 @@ static int ejs_doauth(MprVarHandle eid, struct smbcalls_context *c; struct event_context *ev; + struct messaging_context *msg; /* Hope we can find an smbcalls_context somewhere up there... */ c = talloc_find_parent_bytype(tmp_ctx, struct smbcalls_context); if (c) { ev = c->event_ctx; + msg = c->msg_ctx; } else { /* Hope we can find the event context somewhere up there... */ ev = event_context_find(tmp_ctx); + msg = messaging_client_init(tmp_ctx, ev); } - nt_status = auth_context_create(tmp_ctx, auth_types, &auth_context, ev); + nt_status = auth_context_create(tmp_ctx, auth_types, ev, msg, &auth_context); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); mprSetPropertyValue(auth, "report", mprString("Auth System Failure")); diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c index 0f55aaeae7..25684bee27 100644 --- a/source4/smb_server/smb/negprot.c +++ b/source4/smb_server/smb/negprot.c @@ -43,8 +43,9 @@ static NTSTATUS get_challenge(struct smbsrv_connection *smb_conn, uint8_t buff[8 DEBUG(10, ("get challenge: creating negprot_global_auth_context\n")); nt_status = auth_context_create(smb_conn, lp_auth_methods(), - &smb_conn->negotiate.auth_context, - smb_conn->connection->event.ctx); + smb_conn->connection->event.ctx, + smb_conn->connection->msg_ctx, + &smb_conn->negotiate.auth_context); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("auth_context_create() returned %s", nt_errstr(nt_status))); return nt_status; @@ -340,10 +341,12 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) DATA_BLOB null_data_blob = data_blob(NULL, 0); DATA_BLOB blob; const char *oid; - NTSTATUS nt_status = gensec_server_start(req->smb_conn, - &gensec_security, - req->smb_conn->connection->event.ctx); - + NTSTATUS nt_status; + + nt_status = gensec_server_start(req->smb_conn, + req->smb_conn->connection->event.ctx, + req->smb_conn->connection->msg_ctx, + &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status))); smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n"); diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index fe75cce17e..25655fc14f 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -240,8 +240,9 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess) /* TODO: should we use just "anonymous" here? */ status = auth_context_create(req, lp_auth_methods(), - &auth_context, - req->smb_conn->connection->event.ctx); + req->smb_conn->connection->event.ctx, + req->smb_conn->connection->msg_ctx, + &auth_context); if (!NT_STATUS_IS_OK(status)) goto failed; } else { auth_context = req->smb_conn->negotiate.auth_context; @@ -368,8 +369,10 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se if (!smb_sess) { struct gensec_security *gensec_ctx; - status = gensec_server_start(req, &gensec_ctx, - req->smb_conn->connection->event.ctx); + status = gensec_server_start(req, + req->smb_conn->connection->event.ctx, + req->smb_conn->connection->msg_ctx, + &gensec_ctx); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status))); goto failed; diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 957bb9204a..8e3f6156ea 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -36,8 +36,10 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB * NTSTATUS nt_status; struct cli_credentials *server_credentials; - nt_status = gensec_server_start(req, &gensec_security, - req->smb_conn->connection->event.ctx); + nt_status = gensec_server_start(req, + req->smb_conn->connection->event.ctx, + req->smb_conn->connection->msg_ctx, + &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status))); smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n"); diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c index 44425b9070..2615eed683 100644 --- a/source4/smb_server/smb2/sesssetup.c +++ b/source4/smb_server/smb2/sesssetup.c @@ -114,8 +114,10 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses if (vuid == 0) { struct gensec_security *gensec_ctx; - status = gensec_server_start(req, &gensec_ctx, - req->smb_conn->connection->event.ctx); + status = gensec_server_start(req, + req->smb_conn->connection->event.ctx, + req->smb_conn->connection->msg_ctx, + &gensec_ctx); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status))); goto failed; diff --git a/source4/utils/config.mk b/source4/utils/config.mk index 2dbf26940e..69d5a3b77f 100644 --- a/source4/utils/config.mk +++ b/source4/utils/config.mk @@ -31,7 +31,9 @@ PRIVATE_DEPENDENCIES = \ POPT_CREDENTIALS \ gensec \ LIBCLI_RESOLVE \ - auth + auth \ + MESSAGING \ + LIBEVENTS MANPAGE = man/ntlm_auth.1 # End BINARY ntlm_auth ################################# diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index 55aa4e65a9..9609ce59da 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -31,6 +31,9 @@ #include "libcli/auth/libcli_auth.h" #include "libcli/security/security.h" #include "lib/ldb/include/ldb.h" +#include "lib/events/events.h" +#include "lib/messaging/messaging.h" +#include "lib/messaging/irpc.h" #define SQUID_BUFFER_SIZE 2010 @@ -329,6 +332,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, const char *set_password; }; struct gensec_ntlm_state *state; + struct event_context *ev; + struct messaging_context *msg; NTSTATUS nt_status; BOOL first = False; @@ -399,7 +404,15 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, break; case GSS_SPNEGO_SERVER: case SQUID_2_5_NTLMSSP: - if (!NT_STATUS_IS_OK(gensec_server_start(NULL, &state->gensec_state, NULL))) { + ev = event_context_init(state); + if (!ev) { + exit(1); + } + msg = messaging_client_init(state, ev); + if (!msg) { + exit(1); + } + if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, msg, &state->gensec_state))) { exit(1); } break; |