diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/gensec/gensec.c | 51 | ||||
-rw-r--r-- | source4/auth/gensec/gensec.h | 4 | ||||
-rw-r--r-- | source4/auth/gensec/spnego.c | 7 | ||||
-rw-r--r-- | source4/libcli/smb_composite/connect.c | 1 | ||||
-rw-r--r-- | source4/libcli/smb_composite/sesssetup.c | 10 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 2 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_connect.c | 2 | ||||
-rw-r--r-- | source4/param/loadparm.c | 5 | ||||
-rw-r--r-- | source4/smb_server/smb/sesssetup.c | 2 | ||||
-rw-r--r-- | source4/torture/rpc/mgmt.c | 2 | ||||
-rw-r--r-- | source4/torture/smbtorture.c | 3 |
11 files changed, 60 insertions, 29 deletions
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index b970549e6c..7a8da71a7d 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -147,7 +147,8 @@ static const struct gensec_security_ops *gensec_security_by_authtype(struct gens } backends = gensec_security_mechs(gensec_security, mem_ctx); for (i=0; backends && backends[i]; i++) { - if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) + if (!gensec_security_ops_enabled(backends[i], + gensec_security->settings->lp_ctx)) continue; if (backends[i]->auth_type == auth_type) { backend = backends[i]; @@ -172,7 +173,9 @@ const struct gensec_security_ops *gensec_security_by_oid(struct gensec_security } backends = gensec_security_mechs(gensec_security, mem_ctx); for (i=0; backends && backends[i]; i++) { - if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) + if (gensec_security != NULL && + !gensec_security_ops_enabled(backends[i], + gensec_security->settings->lp_ctx)) continue; if (backends[i]->oid) { for (j=0; backends[i]->oid[j]; j++) { @@ -202,7 +205,7 @@ const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_sec } backends = gensec_security_mechs(gensec_security, mem_ctx); for (i=0; backends && backends[i]; i++) { - if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) + if (!gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) continue; if (backends[i]->sasl_name && (strcmp(backends[i]->sasl_name, sasl_name) == 0)) { @@ -228,7 +231,8 @@ static const struct gensec_security_ops *gensec_security_by_name(struct gensec_s } backends = gensec_security_mechs(gensec_security, mem_ctx); for (i=0; backends && backends[i]; i++) { - if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) + if (gensec_security != NULL && + !gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) continue; if (backends[i]->name && (strcmp(backends[i]->name, name) == 0)) { @@ -273,7 +277,8 @@ const struct gensec_security_ops **gensec_security_by_sasl_list(struct gensec_se /* Find backends in our preferred order, by walking our list, * then looking in the supplied list */ for (i=0; backends && backends[i]; i++) { - if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) + if (gensec_security != NULL && + !gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) continue; for (sasl_idx = 0; sasl_names[sasl_idx]; sasl_idx++) { if (!backends[i]->sasl_name || @@ -343,7 +348,8 @@ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(struct gen /* Find backends in our preferred order, by walking our list, * then looking in the supplied list */ for (i=0; backends && backends[i]; i++) { - if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) + if (gensec_security != NULL && + !gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) continue; if (!backends[i]->oid) { continue; @@ -393,7 +399,8 @@ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(struct gen * Return OIDS from the security subsystems listed */ -const char **gensec_security_oids_from_ops(TALLOC_CTX *mem_ctx, +const char **gensec_security_oids_from_ops(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, struct gensec_security_ops **ops, const char *skip) { @@ -410,6 +417,10 @@ const char **gensec_security_oids_from_ops(TALLOC_CTX *mem_ctx, } for (i=0; ops && ops[i]; i++) { + if (gensec_security != NULL && + !gensec_security_ops_enabled(ops[i], gensec_security->settings->lp_ctx)) { + continue; + } if (!ops[i]->oid) { continue; } @@ -483,7 +494,7 @@ const char **gensec_security_oids(struct gensec_security *gensec_security, { struct gensec_security_ops **ops = gensec_security_mechs(gensec_security, mem_ctx); - return gensec_security_oids_from_ops(mem_ctx, ops, skip); + return gensec_security_oids_from_ops(gensec_security, mem_ctx, ops, skip); } @@ -520,6 +531,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, (*gensec_security)->event_ctx = ev; (*gensec_security)->msg_ctx = msg; + SMB_ASSERT(settings->lp_ctx != NULL); (*gensec_security)->settings = talloc_reference(*gensec_security, settings); return NT_STATUS_OK; @@ -566,6 +578,11 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, { NTSTATUS status; + if (settings == NULL) { + DEBUG(0,("gensec_client_start: no settings given!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + status = gensec_start(mem_ctx, ev, settings, NULL, gensec_security); if (!NT_STATUS_IS_OK(status)) { return status; @@ -599,6 +616,11 @@ _PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_ERROR; } + if (!settings) { + DEBUG(0,("gensec_server_start: no settings given!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + status = gensec_start(mem_ctx, ev, settings, msg, gensec_security); if (!NT_STATUS_IS_OK(status)) { return status; @@ -672,10 +694,10 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s return gensec_start_mech(gensec_security); } -_PUBLIC_ const char *gensec_get_name_by_authtype(uint8_t authtype) +_PUBLIC_ const char *gensec_get_name_by_authtype(struct gensec_security *gensec_security, uint8_t authtype) { const struct gensec_security_ops *ops; - ops = gensec_security_by_authtype(NULL, authtype); + ops = gensec_security_by_authtype(gensec_security, authtype); if (ops) { return ops->name; } @@ -683,10 +705,11 @@ _PUBLIC_ const char *gensec_get_name_by_authtype(uint8_t authtype) } -_PUBLIC_ const char *gensec_get_name_by_oid(const char *oid_string) +_PUBLIC_ const char *gensec_get_name_by_oid(struct gensec_security *gensec_security, + const char *oid_string) { const struct gensec_security_ops *ops; - ops = gensec_security_by_oid(NULL, oid_string); + ops = gensec_security_by_oid(gensec_security, oid_string); if (ops) { return ops->name; } @@ -716,6 +739,8 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security, _PUBLIC_ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, const char *mech_oid) { + SMB_ASSERT(gensec_security != NULL); + gensec_security->ops = gensec_security_by_oid(gensec_security, mech_oid); if (!gensec_security->ops) { DEBUG(3, ("Could not find GENSEC backend for oid=%s\n", mech_oid)); @@ -1223,8 +1248,6 @@ const char *gensec_get_target_principal(struct gensec_security *gensec_security) */ NTSTATUS gensec_register(const struct gensec_security_ops *ops) { - - if (gensec_security_by_name(NULL, ops->name) != NULL) { /* its already registered! */ DEBUG(0,("GENSEC backend '%s' already registered\n", diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 2e020e3434..cb7f3aec99 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -239,7 +239,7 @@ NTSTATUS gensec_session_key(struct gensec_security *gensec_security, DATA_BLOB *session_key); NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, const char *mech_oid); -const char *gensec_get_name_by_oid(const char *oid_string); +const char *gensec_get_name_by_oid(struct gensec_security *gensec_security, const char *oid_string); struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security); struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security); NTSTATUS gensec_init(struct loadparm_context *lp_ctx); @@ -266,7 +266,7 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, DATA_BLOB *sig); NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, uint8_t auth_type, uint8_t auth_level); -const char *gensec_get_name_by_authtype(uint8_t authtype); +const char *gensec_get_name_by_authtype(struct gensec_security *gensec_security, uint8_t authtype); NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct event_context *ev, struct gensec_settings *settings, diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index 5733cb9004..e51b215807 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -337,7 +337,8 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec bool is_spnego; NTSTATUS nt_status; - if (gensec_security_ops_enabled(all_ops[i], gensec_security->settings->lp_ctx)) + if (gensec_security != NULL && + !gensec_security_ops_enabled(all_ops[i], gensec_security->settings->lp_ctx)) continue; if (!all_ops[i]->oid) { @@ -973,8 +974,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA spnego.negTokenTarg.supportedMech && strcmp(spnego.negTokenTarg.supportedMech, spnego_state->neg_oid) != 0) { DEBUG(3,("GENSEC SPNEGO: client preferred mech (%s) not accepted, server wants: %s\n", - gensec_get_name_by_oid(spnego.negTokenTarg.supportedMech), - gensec_get_name_by_oid(spnego_state->neg_oid))); + gensec_get_name_by_oid(gensec_security, spnego.negTokenTarg.supportedMech), + gensec_get_name_by_oid(gensec_security, spnego_state->neg_oid))); talloc_free(spnego_state->sub_sec_security); nt_status = gensec_subcontext_start(spnego_state, diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index 416863bbe1..980a418619 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -470,6 +470,7 @@ struct composite_context *smb_composite_connect_send(struct smb_composite_connec state = talloc_zero(c, struct connect_state); if (state == NULL) goto failed; + if (io->in.gensec_settings == NULL) goto failed; state->io = io; c->state = COMPOSITE_STATE_IN_PROGRESS; diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 10f84a5dba..7c9d1fb731 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -442,12 +442,13 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, status = gensec_start_mech_by_oid(session->gensec, chosen_oid); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n", - gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + gensec_get_name_by_oid(session->gensec, chosen_oid), nt_errstr(status))); chosen_oid = GENSEC_OID_NTLMSSP; status = gensec_start_mech_by_oid(session->gensec, chosen_oid); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n", - gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + gensec_get_name_by_oid(session->gensec, chosen_oid), + nt_errstr(status))); return status; } } @@ -457,7 +458,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, status = gensec_start_mech_by_oid(session->gensec, chosen_oid); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n", - gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + gensec_get_name_by_oid(session->gensec, chosen_oid), nt_errstr(status))); } } @@ -475,7 +476,8 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed initial gensec_update with mechanism %s: %s\n", - gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + gensec_get_name_by_oid(session->gensec, chosen_oid), + nt_errstr(status))); return status; } state->gensec_status = status; diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 7c9d04eeb4..14f0f9deb4 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -291,7 +291,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, auth_type, auth_level); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n", - gensec_get_name_by_authtype(auth_type), + gensec_get_name_by_authtype(sec->generic_state, auth_type), nt_errstr(c->status))); composite_error(c, c->status); return c; diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 59bcca0046..32485f5653 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -120,7 +120,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT conn->in.service = "IPC$"; conn->in.service_type = NULL; conn->in.workgroup = lp_workgroup(lp_ctx); - + conn->in.gensec_settings = lp_gensec_settings(conn, lp_ctx); conn->in.iconv_convenience = lp_iconv_convenience(lp_ctx); lp_smbcli_options(lp_ctx, &conn->in.options); diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 766194570c..1ab842c8f8 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -2478,7 +2478,7 @@ bool lp_load(struct loadparm_context *lp_ctx, const char *filename) reload_charcnv(lp_ctx); - ntstatus_check_dos_mapping = lp_nt_status_support(lp_ctx); + /* FIXME: ntstatus_check_dos_mapping = lp_nt_status_support(lp_ctx); */ /* FIXME: This is a bit of a hack, but we can't use a global, since * not everything that uses lp also uses the socket library */ @@ -2687,9 +2687,10 @@ _PUBLIC_ struct dcerpc_server_info *lp_dcerpc_server_info(TALLOC_CTX *mem_ctx, s struct gensec_settings *lp_gensec_settings(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) { - struct gensec_settings *settings = talloc(mem_ctx, struct gensec_settings); + struct gensec_settings *settings = talloc(NULL, struct gensec_settings); if (settings == NULL) return NULL; + SMB_ASSERT(lp_ctx != NULL); settings->lp_ctx = talloc_reference(settings, lp_ctx); settings->iconv_convenience = lp_iconv_convenience(lp_ctx); settings->target_hostname = lp_parm_string(lp_ctx, NULL, "gensec", "target_hostname"); diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index f34124b1a0..0767a187e5 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -382,7 +382,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se status = gensec_start_mech_by_oid(gensec_ctx, req->smb_conn->negotiate.oid); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC %s server code: %s\n", - gensec_get_name_by_oid(req->smb_conn->negotiate.oid), nt_errstr(status))); + gensec_get_name_by_oid(gensec_ctx, req->smb_conn->negotiate.oid), nt_errstr(status))); goto failed; } diff --git a/source4/torture/rpc/mgmt.c b/source4/torture/rpc/mgmt.c index fed432f31c..7f618ab776 100644 --- a/source4/torture/rpc/mgmt.c +++ b/source4/torture/rpc/mgmt.c @@ -128,7 +128,7 @@ static bool test_inq_princ_name(struct dcerpc_pipe *p, continue; } if (W_ERROR_IS_OK(r.out.result)) { - const char *name = gensec_get_name_by_authtype(i); + const char *name = gensec_get_name_by_authtype(NULL, i); ret = true; if (name) { printf("\tprinciple name for proto %u (%s) is '%s'\n", diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c index bfe6d0503d..0c2c8c0f6b 100644 --- a/source4/torture/smbtorture.c +++ b/source4/torture/smbtorture.c @@ -33,6 +33,7 @@ #include "torture/smbtorture.h" #include "../lib/util/dlinklist.h" #include "librpc/rpc/dcerpc.h" +#include "auth/gensec/gensec.h" #include "param/param.h" #include "auth/credentials/credentials.h" @@ -648,6 +649,8 @@ int main(int argc,char *argv[]) torture->lp_ctx = cmdline_lp_ctx; + gensec_init(cmdline_lp_ctx); + if (argc_new == 0) { printf("You must specify a test to run, or 'ALL'\n"); } else if (shell) { |