From 6bf59b03d72b94b71e53fc2404c11e0d237e41b2 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 17 Sep 2013 13:09:50 -0700 Subject: Add SASL/EXTERNAL gensec module Signed-off-by: Howard Chu Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova --- auth/gensec/external.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++ auth/gensec/gensec.h | 3 +- auth/gensec/wscript_build | 7 ++++ 3 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 auth/gensec/external.c diff --git a/auth/gensec/external.c b/auth/gensec/external.c new file mode 100644 index 0000000000..a26e435319 --- /dev/null +++ b/auth/gensec/external.c @@ -0,0 +1,82 @@ +/* + Unix SMB/CIFS implementation. + + SASL/EXTERNAL authentication. + + Copyright (C) Howard Chu 2013 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "auth/credentials/credentials.h" +#include "auth/gensec/gensec.h" +#include "auth/gensec/gensec_internal.h" +#include "auth/gensec/gensec_proto.h" +#include "auth/gensec/gensec_toplevel_proto.h" + +/* SASL/EXTERNAL is essentially a no-op; it is only usable when the transport + * layer is already mutually authenticated. + */ + +NTSTATUS gensec_external_init(void); + +static NTSTATUS gensec_external_start(struct gensec_security *gensec_security) +{ + if (gensec_security->want_features & GENSEC_FEATURE_SIGN) + return NT_STATUS_INVALID_PARAMETER; + if (gensec_security->want_features & GENSEC_FEATURE_SEAL) + return NT_STATUS_INVALID_PARAMETER; + + return NT_STATUS_OK; +} + +static NTSTATUS gensec_external_update(struct gensec_security *gensec_security, + TALLOC_CTX *out_mem_ctx, + struct tevent_context *ev, + const DATA_BLOB in, DATA_BLOB *out) +{ + *out = data_blob_talloc(out_mem_ctx, "", 0); + return NT_STATUS_OK; +} + +/* We have no features */ +static bool gensec_external_have_feature(struct gensec_security *gensec_security, + uint32_t feature) +{ + return false; +} + +static const struct gensec_security_ops gensec_external_ops = { + .name = "sasl-EXTERNAL", + .sasl_name = "EXTERNAL", + .client_start = gensec_external_start, + .update = gensec_external_update, + .have_feature = gensec_external_have_feature, + .enabled = true, + .priority = GENSEC_EXTERNAL +}; + + +NTSTATUS gensec_external_init(void) +{ + NTSTATUS ret; + + ret = gensec_register(&gensec_external_ops); + if (!NT_STATUS_IS_OK(ret)) { + DEBUG(0,("Failed to register '%s' gensec backend!\n", + gensec_external_ops.name)); + } + return ret; +} diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h index ac1fadfeef..6974f8708b 100644 --- a/auth/gensec/gensec.h +++ b/auth/gensec/gensec.h @@ -41,7 +41,8 @@ enum gensec_priority { GENSEC_SCHANNEL = 60, GENSEC_NTLMSSP = 50, GENSEC_SASL = 20, - GENSEC_OTHER = 0 + GENSEC_OTHER = 10, + GENSEC_EXTERNAL = 0 }; struct gensec_security; diff --git a/auth/gensec/wscript_build b/auth/gensec/wscript_build index fcd74a3a9d..71222f7b26 100755 --- a/auth/gensec/wscript_build +++ b/auth/gensec/wscript_build @@ -16,3 +16,10 @@ bld.SAMBA_MODULE('gensec_spnego', init_function='gensec_spnego_init', deps='asn1util samba-credentials SPNEGO_PARSE' ) + +bld.SAMBA_MODULE('gensec_external', + source='external.c', + autoproto='external_proto.h', + subsystem='gensec', + init_function='gensec_external_init' + ) -- cgit