summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/gensec/gensec.c51
-rw-r--r--source4/auth/gensec/gensec.h4
-rw-r--r--source4/auth/gensec/spnego.c7
-rw-r--r--source4/libcli/smb_composite/connect.c1
-rw-r--r--source4/libcli/smb_composite/sesssetup.c10
-rw-r--r--source4/librpc/rpc/dcerpc_auth.c2
-rw-r--r--source4/librpc/rpc/dcerpc_connect.c2
-rw-r--r--source4/param/loadparm.c5
-rw-r--r--source4/smb_server/smb/sesssetup.c2
-rw-r--r--source4/torture/rpc/mgmt.c2
-rw-r--r--source4/torture/smbtorture.c3
11 files changed, 60 insertions, 29 deletions
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index b970549e6c..7a8da71a7d 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -147,7 +147,8 @@ static const struct gensec_security_ops *gensec_security_by_authtype(struct gens
}
backends = gensec_security_mechs(gensec_security, mem_ctx);
for (i=0; backends && backends[i]; i++) {
- if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
+ if (!gensec_security_ops_enabled(backends[i],
+ gensec_security->settings->lp_ctx))
continue;
if (backends[i]->auth_type == auth_type) {
backend = backends[i];
@@ -172,7 +173,9 @@ const struct gensec_security_ops *gensec_security_by_oid(struct gensec_security
}
backends = gensec_security_mechs(gensec_security, mem_ctx);
for (i=0; backends && backends[i]; i++) {
- if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
+ if (gensec_security != NULL &&
+ !gensec_security_ops_enabled(backends[i],
+ gensec_security->settings->lp_ctx))
continue;
if (backends[i]->oid) {
for (j=0; backends[i]->oid[j]; j++) {
@@ -202,7 +205,7 @@ const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_sec
}
backends = gensec_security_mechs(gensec_security, mem_ctx);
for (i=0; backends && backends[i]; i++) {
- if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
+ if (!gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
continue;
if (backends[i]->sasl_name
&& (strcmp(backends[i]->sasl_name, sasl_name) == 0)) {
@@ -228,7 +231,8 @@ static const struct gensec_security_ops *gensec_security_by_name(struct gensec_s
}
backends = gensec_security_mechs(gensec_security, mem_ctx);
for (i=0; backends && backends[i]; i++) {
- if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
+ if (gensec_security != NULL &&
+ !gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
continue;
if (backends[i]->name
&& (strcmp(backends[i]->name, name) == 0)) {
@@ -273,7 +277,8 @@ const struct gensec_security_ops **gensec_security_by_sasl_list(struct gensec_se
/* Find backends in our preferred order, by walking our list,
* then looking in the supplied list */
for (i=0; backends && backends[i]; i++) {
- if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
+ if (gensec_security != NULL &&
+ !gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
continue;
for (sasl_idx = 0; sasl_names[sasl_idx]; sasl_idx++) {
if (!backends[i]->sasl_name ||
@@ -343,7 +348,8 @@ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(struct gen
/* Find backends in our preferred order, by walking our list,
* then looking in the supplied list */
for (i=0; backends && backends[i]; i++) {
- if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
+ if (gensec_security != NULL &&
+ !gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
continue;
if (!backends[i]->oid) {
continue;
@@ -393,7 +399,8 @@ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(struct gen
* Return OIDS from the security subsystems listed
*/
-const char **gensec_security_oids_from_ops(TALLOC_CTX *mem_ctx,
+const char **gensec_security_oids_from_ops(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
struct gensec_security_ops **ops,
const char *skip)
{
@@ -410,6 +417,10 @@ const char **gensec_security_oids_from_ops(TALLOC_CTX *mem_ctx,
}
for (i=0; ops && ops[i]; i++) {
+ if (gensec_security != NULL &&
+ !gensec_security_ops_enabled(ops[i], gensec_security->settings->lp_ctx)) {
+ continue;
+ }
if (!ops[i]->oid) {
continue;
}
@@ -483,7 +494,7 @@ const char **gensec_security_oids(struct gensec_security *gensec_security,
{
struct gensec_security_ops **ops
= gensec_security_mechs(gensec_security, mem_ctx);
- return gensec_security_oids_from_ops(mem_ctx, ops, skip);
+ return gensec_security_oids_from_ops(gensec_security, mem_ctx, ops, skip);
}
@@ -520,6 +531,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
(*gensec_security)->event_ctx = ev;
(*gensec_security)->msg_ctx = msg;
+ SMB_ASSERT(settings->lp_ctx != NULL);
(*gensec_security)->settings = talloc_reference(*gensec_security, settings);
return NT_STATUS_OK;
@@ -566,6 +578,11 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
{
NTSTATUS status;
+ if (settings == NULL) {
+ DEBUG(0,("gensec_client_start: no settings given!\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
status = gensec_start(mem_ctx, ev, settings, NULL, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -599,6 +616,11 @@ _PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
return NT_STATUS_INTERNAL_ERROR;
}
+ if (!settings) {
+ DEBUG(0,("gensec_server_start: no settings given!\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
status = gensec_start(mem_ctx, ev, settings, msg, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -672,10 +694,10 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s
return gensec_start_mech(gensec_security);
}
-_PUBLIC_ const char *gensec_get_name_by_authtype(uint8_t authtype)
+_PUBLIC_ const char *gensec_get_name_by_authtype(struct gensec_security *gensec_security, uint8_t authtype)
{
const struct gensec_security_ops *ops;
- ops = gensec_security_by_authtype(NULL, authtype);
+ ops = gensec_security_by_authtype(gensec_security, authtype);
if (ops) {
return ops->name;
}
@@ -683,10 +705,11 @@ _PUBLIC_ const char *gensec_get_name_by_authtype(uint8_t authtype)
}
-_PUBLIC_ const char *gensec_get_name_by_oid(const char *oid_string)
+_PUBLIC_ const char *gensec_get_name_by_oid(struct gensec_security *gensec_security,
+ const char *oid_string)
{
const struct gensec_security_ops *ops;
- ops = gensec_security_by_oid(NULL, oid_string);
+ ops = gensec_security_by_oid(gensec_security, oid_string);
if (ops) {
return ops->name;
}
@@ -716,6 +739,8 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security,
_PUBLIC_ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
const char *mech_oid)
{
+ SMB_ASSERT(gensec_security != NULL);
+
gensec_security->ops = gensec_security_by_oid(gensec_security, mech_oid);
if (!gensec_security->ops) {
DEBUG(3, ("Could not find GENSEC backend for oid=%s\n", mech_oid));
@@ -1223,8 +1248,6 @@ const char *gensec_get_target_principal(struct gensec_security *gensec_security)
*/
NTSTATUS gensec_register(const struct gensec_security_ops *ops)
{
-
-
if (gensec_security_by_name(NULL, ops->name) != NULL) {
/* its already registered! */
DEBUG(0,("GENSEC backend '%s' already registered\n",
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 2e020e3434..cb7f3aec99 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -239,7 +239,7 @@ NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
DATA_BLOB *session_key);
NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
const char *mech_oid);
-const char *gensec_get_name_by_oid(const char *oid_string);
+const char *gensec_get_name_by_oid(struct gensec_security *gensec_security, const char *oid_string);
struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security);
struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security);
NTSTATUS gensec_init(struct loadparm_context *lp_ctx);
@@ -266,7 +266,7 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
DATA_BLOB *sig);
NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
uint8_t auth_type, uint8_t auth_level);
-const char *gensec_get_name_by_authtype(uint8_t authtype);
+const char *gensec_get_name_by_authtype(struct gensec_security *gensec_security, uint8_t authtype);
NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct gensec_settings *settings,
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index 5733cb9004..e51b215807 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -337,7 +337,8 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
bool is_spnego;
NTSTATUS nt_status;
- if (gensec_security_ops_enabled(all_ops[i], gensec_security->settings->lp_ctx))
+ if (gensec_security != NULL &&
+ !gensec_security_ops_enabled(all_ops[i], gensec_security->settings->lp_ctx))
continue;
if (!all_ops[i]->oid) {
@@ -973,8 +974,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
spnego.negTokenTarg.supportedMech &&
strcmp(spnego.negTokenTarg.supportedMech, spnego_state->neg_oid) != 0) {
DEBUG(3,("GENSEC SPNEGO: client preferred mech (%s) not accepted, server wants: %s\n",
- gensec_get_name_by_oid(spnego.negTokenTarg.supportedMech),
- gensec_get_name_by_oid(spnego_state->neg_oid)));
+ gensec_get_name_by_oid(gensec_security, spnego.negTokenTarg.supportedMech),
+ gensec_get_name_by_oid(gensec_security, spnego_state->neg_oid)));
talloc_free(spnego_state->sub_sec_security);
nt_status = gensec_subcontext_start(spnego_state,
diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c
index 416863bbe1..980a418619 100644
--- a/source4/libcli/smb_composite/connect.c
+++ b/source4/libcli/smb_composite/connect.c
@@ -470,6 +470,7 @@ struct composite_context *smb_composite_connect_send(struct smb_composite_connec
state = talloc_zero(c, struct connect_state);
if (state == NULL) goto failed;
+ if (io->in.gensec_settings == NULL) goto failed;
state->io = io;
c->state = COMPOSITE_STATE_IN_PROGRESS;
diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c
index 10f84a5dba..7c9d1fb731 100644
--- a/source4/libcli/smb_composite/sesssetup.c
+++ b/source4/libcli/smb_composite/sesssetup.c
@@ -442,12 +442,13 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
- gensec_get_name_by_oid(chosen_oid), nt_errstr(status)));
+ gensec_get_name_by_oid(session->gensec, chosen_oid), nt_errstr(status)));
chosen_oid = GENSEC_OID_NTLMSSP;
status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n",
- gensec_get_name_by_oid(chosen_oid), nt_errstr(status)));
+ gensec_get_name_by_oid(session->gensec, chosen_oid),
+ nt_errstr(status)));
return status;
}
}
@@ -457,7 +458,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
- gensec_get_name_by_oid(chosen_oid), nt_errstr(status)));
+ gensec_get_name_by_oid(session->gensec, chosen_oid), nt_errstr(status)));
}
}
@@ -475,7 +476,8 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed initial gensec_update with mechanism %s: %s\n",
- gensec_get_name_by_oid(chosen_oid), nt_errstr(status)));
+ gensec_get_name_by_oid(session->gensec, chosen_oid),
+ nt_errstr(status)));
return status;
}
state->gensec_status = status;
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index 7c9d04eeb4..14f0f9deb4 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -291,7 +291,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
auth_type, auth_level);
if (!NT_STATUS_IS_OK(c->status)) {
DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
- gensec_get_name_by_authtype(auth_type),
+ gensec_get_name_by_authtype(sec->generic_state, auth_type),
nt_errstr(c->status)));
composite_error(c, c->status);
return c;
diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c
index 59bcca0046..32485f5653 100644
--- a/source4/librpc/rpc/dcerpc_connect.c
+++ b/source4/librpc/rpc/dcerpc_connect.c
@@ -120,7 +120,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT
conn->in.service = "IPC$";
conn->in.service_type = NULL;
conn->in.workgroup = lp_workgroup(lp_ctx);
-
+ conn->in.gensec_settings = lp_gensec_settings(conn, lp_ctx);
conn->in.iconv_convenience = lp_iconv_convenience(lp_ctx);
lp_smbcli_options(lp_ctx, &conn->in.options);
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 766194570c..1ab842c8f8 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -2478,7 +2478,7 @@ bool lp_load(struct loadparm_context *lp_ctx, const char *filename)
reload_charcnv(lp_ctx);
- ntstatus_check_dos_mapping = lp_nt_status_support(lp_ctx);
+ /* FIXME: ntstatus_check_dos_mapping = lp_nt_status_support(lp_ctx); */
/* FIXME: This is a bit of a hack, but we can't use a global, since
* not everything that uses lp also uses the socket library */
@@ -2687,9 +2687,10 @@ _PUBLIC_ struct dcerpc_server_info *lp_dcerpc_server_info(TALLOC_CTX *mem_ctx, s
struct gensec_settings *lp_gensec_settings(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
{
- struct gensec_settings *settings = talloc(mem_ctx, struct gensec_settings);
+ struct gensec_settings *settings = talloc(NULL, struct gensec_settings);
if (settings == NULL)
return NULL;
+ SMB_ASSERT(lp_ctx != NULL);
settings->lp_ctx = talloc_reference(settings, lp_ctx);
settings->iconv_convenience = lp_iconv_convenience(lp_ctx);
settings->target_hostname = lp_parm_string(lp_ctx, NULL, "gensec", "target_hostname");
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
index f34124b1a0..0767a187e5 100644
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -382,7 +382,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
status = gensec_start_mech_by_oid(gensec_ctx, req->smb_conn->negotiate.oid);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC %s server code: %s\n",
- gensec_get_name_by_oid(req->smb_conn->negotiate.oid), nt_errstr(status)));
+ gensec_get_name_by_oid(gensec_ctx, req->smb_conn->negotiate.oid), nt_errstr(status)));
goto failed;
}
diff --git a/source4/torture/rpc/mgmt.c b/source4/torture/rpc/mgmt.c
index fed432f31c..7f618ab776 100644
--- a/source4/torture/rpc/mgmt.c
+++ b/source4/torture/rpc/mgmt.c
@@ -128,7 +128,7 @@ static bool test_inq_princ_name(struct dcerpc_pipe *p,
continue;
}
if (W_ERROR_IS_OK(r.out.result)) {
- const char *name = gensec_get_name_by_authtype(i);
+ const char *name = gensec_get_name_by_authtype(NULL, i);
ret = true;
if (name) {
printf("\tprinciple name for proto %u (%s) is '%s'\n",
diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c
index bfe6d0503d..0c2c8c0f6b 100644
--- a/source4/torture/smbtorture.c
+++ b/source4/torture/smbtorture.c
@@ -33,6 +33,7 @@
#include "torture/smbtorture.h"
#include "../lib/util/dlinklist.h"
#include "librpc/rpc/dcerpc.h"
+#include "auth/gensec/gensec.h"
#include "param/param.h"
#include "auth/credentials/credentials.h"
@@ -648,6 +649,8 @@ int main(int argc,char *argv[])
torture->lp_ctx = cmdline_lp_ctx;
+ gensec_init(cmdline_lp_ctx);
+
if (argc_new == 0) {
printf("You must specify a test to run, or 'ALL'\n");
} else if (shell) {