summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/auth.c27
-rw-r--r--source4/auth/auth.h3
-rw-r--r--source4/auth/auth_simple.c17
-rw-r--r--source4/auth/gensec/gensec.c37
-rw-r--r--source4/auth/gensec/gensec.h1
-rw-r--r--source4/auth/ntlmssp/ntlmssp_server.c5
-rw-r--r--source4/kdc/kpasswdd.c5
-rw-r--r--source4/ldap_server/ldap_bind.c14
-rw-r--r--source4/rpc_server/dcesrv_auth.c2
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c10
-rw-r--r--source4/scripting/ejs/smbcalls_auth.c6
-rw-r--r--source4/smb_server/smb/negprot.c15
-rw-r--r--source4/smb_server/smb/sesssetup.c11
-rw-r--r--source4/smb_server/smb2/negprot.c6
-rw-r--r--source4/smb_server/smb2/sesssetup.c6
-rw-r--r--source4/utils/config.mk4
-rw-r--r--source4/utils/ntlm_auth.c15
17 files changed, 128 insertions, 56 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c
index d3b9e28f7b..e478ac250b 100644
--- a/source4/auth/auth.c
+++ b/source4/auth/auth.c
@@ -360,8 +360,9 @@ NTSTATUS auth_check_password_recv(struct auth_check_password_request *req,
Make a auth_info struct for the auth subsystem
***************************************************************************/
NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, const char **methods,
- struct auth_context **auth_ctx,
- struct event_context *ev)
+ struct event_context *ev,
+ struct messaging_context *msg,
+ struct auth_context **auth_ctx)
{
int i;
struct auth_context *ctx;
@@ -371,22 +372,24 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, const char **methods,
return NT_STATUS_INTERNAL_ERROR;
}
+ if (!ev) {
+ DEBUG(0,("auth_context_create: called with out event context\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ if (!msg) {
+ DEBUG(0,("auth_context_create: called with out messaging context\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
ctx = talloc(mem_ctx, struct auth_context);
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->challenge.set_by = NULL;
ctx->challenge.may_be_modified = False;
ctx->challenge.data = data_blob(NULL, 0);
ctx->methods = NULL;
-
- if (ev == NULL) {
- ev = event_context_init(ctx);
- if (ev == NULL) {
- talloc_free(ctx);
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- ctx->event_ctx = ev;
+ ctx->event_ctx = ev;
+ ctx->msg_ctx = msg;
for (i=0; methods[i] ; i++) {
struct auth_method_context *method;
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 7ebab9c8e1..badfe14762 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -171,6 +171,9 @@ struct auth_context {
/* the event context to use for calls that can block */
struct event_context *event_ctx;
+
+ /* the messaging context which can be used by backends */
+ struct messaging_context *msg_ctx;
};
/* this structure is used by backends to determine the size of some critical types */
diff --git a/source4/auth/auth_simple.c b/source4/auth/auth_simple.c
index 4448e227e7..a0bb636bb6 100644
--- a/source4/auth/auth_simple.c
+++ b/source4/auth/auth_simple.c
@@ -26,11 +26,13 @@
#include "auth/auth.h"
#include "lib/events/events.h"
-_PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
- const char *nt4_domain,
- const char *nt4_username,
- const char *password,
- struct auth_session_info **session_info)
+_PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct messaging_context *msg,
+ const char *nt4_domain,
+ const char *nt4_username,
+ const char *password,
+ struct auth_session_info **session_info)
{
struct auth_context *auth_context;
struct auth_usersupplied_info *user_info;
@@ -42,8 +44,9 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- nt_status = auth_context_create(tmp_ctx, lp_auth_methods(), &auth_context,
- event_context_find(mem_ctx));
+ nt_status = auth_context_create(tmp_ctx, lp_auth_methods(),
+ ev, msg,
+ &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return nt_status;
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index c0aba3924c..ecdac8564a 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -465,8 +465,9 @@ const char **gensec_security_oids(struct gensec_security *gensec_security,
@note The mem_ctx is only a parent and may be NULL.
*/
static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
- struct gensec_security **gensec_security,
- struct event_context *ev)
+ struct event_context *ev,
+ struct messaging_context *msg,
+ struct gensec_security **gensec_security)
{
(*gensec_security) = talloc(mem_ctx, struct gensec_security);
NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
@@ -489,6 +490,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
}
(*gensec_security)->event_ctx = ev;
+ (*gensec_security)->msg_ctx = msg;
return NT_STATUS_OK;
}
@@ -514,6 +516,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
(*gensec_security)->subcontext = True;
(*gensec_security)->event_ctx = parent->event_ctx;
+ (*gensec_security)->msg_ctx = parent->msg_ctx;
return NT_STATUS_OK;
}
@@ -529,10 +532,20 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
struct event_context *ev)
{
NTSTATUS status;
- status = gensec_start(mem_ctx, gensec_security, ev);
+ struct event_context *new_ev = NULL;
+
+ if (ev == NULL) {
+ new_ev = event_context_init(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(new_ev);
+ ev = new_ev;
+ }
+
+ status = gensec_start(mem_ctx, ev, NULL, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(new_ev);
return status;
}
+ talloc_steal((*gensec_security), new_ev);
(*gensec_security)->gensec_role = GENSEC_CLIENT;
return status;
@@ -545,11 +558,23 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
@note The mem_ctx is only a parent and may be NULL.
*/
NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
- struct gensec_security **gensec_security,
- struct event_context *ev)
+ struct event_context *ev,
+ struct messaging_context *msg,
+ struct gensec_security **gensec_security)
{
NTSTATUS status;
- status = gensec_start(mem_ctx, gensec_security, ev);
+
+ if (!ev) {
+ DEBUG(0,("gensec_server_start: no event context given!\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ if (!msg) {
+ DEBUG(0,("gensec_server_start: no messaging context given!\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = gensec_start(mem_ctx, ev, msg, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index be5e900188..ce015086f6 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -122,6 +122,7 @@ struct gensec_security {
BOOL subcontext;
uint32_t want_features;
struct event_context *event_ctx;
+ struct messaging_context *msg_ctx; /* only valid as server */
struct socket_address *my_addr, *peer_addr;
};
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index b574622bbe..eab5838113 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -830,8 +830,9 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
}
nt_status = auth_context_create(gensec_ntlmssp_state, lp_auth_methods(),
- &gensec_ntlmssp_state->auth_context,
- gensec_security->event_ctx);
+ gensec_security->event_ctx,
+ gensec_security->msg_ctx,
+ &gensec_ntlmssp_state->auth_context);
NT_STATUS_NOT_OK_RETURN(nt_status);
gensec_ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 48955e2ca7..65e7ac1c00 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -451,14 +451,13 @@ BOOL kpasswdd_process(struct kdc_server *kdc,
ap_req = data_blob_const(&input->data[header_len], ap_req_len);
krb_priv_req = data_blob_const(&input->data[header_len + ap_req_len], krb_priv_len);
- nt_status = gensec_server_start(tmp_ctx, &gensec_security, kdc->task->event_ctx);
+ nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->msg_ctx, &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return False;
}
- server_credentials
- = cli_credentials_init(tmp_ctx);
+ server_credentials = cli_credentials_init(tmp_ctx);
if (!server_credentials) {
DEBUG(1, ("Failed to init server credentials\n"));
return False;
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 60783df4df..fe23d55d1d 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -46,8 +46,12 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
status = crack_dn_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account);
if (NT_STATUS_IS_OK(status)) {
- status = authenticate_username_pw(call, nt4_domain, nt4_account,
- req->creds.password, &session_info);
+ status = authenticate_username_pw(call,
+ call->conn->connection->event.ctx,
+ call->conn->connection->msg_ctx,
+ nt4_domain, nt4_account,
+ req->creds.password,
+ &session_info);
}
reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
@@ -135,8 +139,10 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
if (!conn->gensec) {
conn->session_info = NULL;
- status = gensec_server_start(conn, &conn->gensec,
- conn->connection->event.ctx);
+ status = gensec_server_start(conn,
+ conn->connection->event.ctx,
+ conn->connection->msg_ctx,
+ &conn->gensec);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
result = LDAP_OPERATIONS_ERROR;
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index a054c5fad9..3f848ca381 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -57,7 +57,7 @@ BOOL dcesrv_auth_bind(struct dcesrv_call_state *call)
return False;
}
- status = gensec_server_start(dce_conn, &auth->gensec_security, call->event_ctx);
+ status = gensec_server_start(dce_conn, call->event_ctx, call->msg_ctx, &auth->gensec_security);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC for DCERPC server: %s\n", nt_errstr(status)));
return False;
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 93ae7a18ed..569ec9f2b3 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -431,8 +431,9 @@ static NTSTATUS netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALL
}
/* TODO: we need to deny anonymous access here */
- nt_status = auth_context_create(mem_ctx, lp_auth_methods(), &auth_context,
- dce_call->event_ctx);
+ nt_status = auth_context_create(mem_ctx, lp_auth_methods(),
+ dce_call->event_ctx, dce_call->msg_ctx,
+ &auth_context);
NT_STATUS_NOT_OK_RETURN(nt_status);
user_info->logon_parameters = r->in.logon.password->identity_info.parameter_control;
@@ -456,8 +457,9 @@ static NTSTATUS netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALL
case 6:
/* TODO: we need to deny anonymous access here */
- nt_status = auth_context_create(mem_ctx, lp_auth_methods(), &auth_context,
- dce_call->event_ctx);
+ nt_status = auth_context_create(mem_ctx, lp_auth_methods(),
+ dce_call->event_ctx, dce_call->msg_ctx,
+ &auth_context);
NT_STATUS_NOT_OK_RETURN(nt_status);
nt_status = auth_context_set_challenge(auth_context, r->in.logon.network->challenge, "netr_LogonSamLogonWithFlags");
diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c
index 678d3c6a7f..281f35bb20 100644
--- a/source4/scripting/ejs/smbcalls_auth.c
+++ b/source4/scripting/ejs/smbcalls_auth.c
@@ -26,6 +26,7 @@
#include "auth/auth.h"
#include "scripting/ejs/smbcalls.h"
#include "lib/events/events.h"
+#include "lib/messaging/irpc.h"
static int ejs_doauth(MprVarHandle eid,
TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username,
@@ -41,17 +42,20 @@ static int ejs_doauth(MprVarHandle eid,
struct smbcalls_context *c;
struct event_context *ev;
+ struct messaging_context *msg;
/* Hope we can find an smbcalls_context somewhere up there... */
c = talloc_find_parent_bytype(tmp_ctx, struct smbcalls_context);
if (c) {
ev = c->event_ctx;
+ msg = c->msg_ctx;
} else {
/* Hope we can find the event context somewhere up there... */
ev = event_context_find(tmp_ctx);
+ msg = messaging_client_init(tmp_ctx, ev);
}
- nt_status = auth_context_create(tmp_ctx, auth_types, &auth_context, ev);
+ nt_status = auth_context_create(tmp_ctx, auth_types, ev, msg, &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
mprSetPropertyValue(auth, "result", mprCreateBoolVar(False));
mprSetPropertyValue(auth, "report", mprString("Auth System Failure"));
diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c
index 0f55aaeae7..25684bee27 100644
--- a/source4/smb_server/smb/negprot.c
+++ b/source4/smb_server/smb/negprot.c
@@ -43,8 +43,9 @@ static NTSTATUS get_challenge(struct smbsrv_connection *smb_conn, uint8_t buff[8
DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
nt_status = auth_context_create(smb_conn, lp_auth_methods(),
- &smb_conn->negotiate.auth_context,
- smb_conn->connection->event.ctx);
+ smb_conn->connection->event.ctx,
+ smb_conn->connection->msg_ctx,
+ &smb_conn->negotiate.auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("auth_context_create() returned %s", nt_errstr(nt_status)));
return nt_status;
@@ -340,10 +341,12 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
DATA_BLOB null_data_blob = data_blob(NULL, 0);
DATA_BLOB blob;
const char *oid;
- NTSTATUS nt_status = gensec_server_start(req->smb_conn,
- &gensec_security,
- req->smb_conn->connection->event.ctx);
-
+ NTSTATUS nt_status;
+
+ nt_status = gensec_server_start(req->smb_conn,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
index fe75cce17e..25655fc14f 100644
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -240,8 +240,9 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
/* TODO: should we use just "anonymous" here? */
status = auth_context_create(req, lp_auth_methods(),
- &auth_context,
- req->smb_conn->connection->event.ctx);
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ &auth_context);
if (!NT_STATUS_IS_OK(status)) goto failed;
} else {
auth_context = req->smb_conn->negotiate.auth_context;
@@ -368,8 +369,10 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
if (!smb_sess) {
struct gensec_security *gensec_ctx;
- status = gensec_server_start(req, &gensec_ctx,
- req->smb_conn->connection->event.ctx);
+ status = gensec_server_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ &gensec_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
goto failed;
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c
index 957bb9204a..8e3f6156ea 100644
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -36,8 +36,10 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
NTSTATUS nt_status;
struct cli_credentials *server_credentials;
- nt_status = gensec_server_start(req, &gensec_security,
- req->smb_conn->connection->event.ctx);
+ nt_status = gensec_server_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");
diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c
index 44425b9070..2615eed683 100644
--- a/source4/smb_server/smb2/sesssetup.c
+++ b/source4/smb_server/smb2/sesssetup.c
@@ -114,8 +114,10 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses
if (vuid == 0) {
struct gensec_security *gensec_ctx;
- status = gensec_server_start(req, &gensec_ctx,
- req->smb_conn->connection->event.ctx);
+ status = gensec_server_start(req,
+ req->smb_conn->connection->event.ctx,
+ req->smb_conn->connection->msg_ctx,
+ &gensec_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
goto failed;
diff --git a/source4/utils/config.mk b/source4/utils/config.mk
index 2dbf26940e..69d5a3b77f 100644
--- a/source4/utils/config.mk
+++ b/source4/utils/config.mk
@@ -31,7 +31,9 @@ PRIVATE_DEPENDENCIES = \
POPT_CREDENTIALS \
gensec \
LIBCLI_RESOLVE \
- auth
+ auth \
+ MESSAGING \
+ LIBEVENTS
MANPAGE = man/ntlm_auth.1
# End BINARY ntlm_auth
#################################
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
index 55aa4e65a9..9609ce59da 100644
--- a/source4/utils/ntlm_auth.c
+++ b/source4/utils/ntlm_auth.c
@@ -31,6 +31,9 @@
#include "libcli/auth/libcli_auth.h"
#include "libcli/security/security.h"
#include "lib/ldb/include/ldb.h"
+#include "lib/events/events.h"
+#include "lib/messaging/messaging.h"
+#include "lib/messaging/irpc.h"
#define SQUID_BUFFER_SIZE 2010
@@ -329,6 +332,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
const char *set_password;
};
struct gensec_ntlm_state *state;
+ struct event_context *ev;
+ struct messaging_context *msg;
NTSTATUS nt_status;
BOOL first = False;
@@ -399,7 +404,15 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
break;
case GSS_SPNEGO_SERVER:
case SQUID_2_5_NTLMSSP:
- if (!NT_STATUS_IS_OK(gensec_server_start(NULL, &state->gensec_state, NULL))) {
+ ev = event_context_init(state);
+ if (!ev) {
+ exit(1);
+ }
+ msg = messaging_client_init(state, ev);
+ if (!msg) {
+ exit(1);
+ }
+ if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, msg, &state->gensec_state))) {
exit(1);
}
break;