From e22b1b4f9e1ec46cf7dffbce24a88240d6fa2a05 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 26 Dec 2011 12:26:43 +1100 Subject: s3-auth re-create the auth context in the s3 ntlmssp server module This removes the abstraction violation in auth_generic.c. Andrew Bartlett Signed-off-by: Stefan Metzmacher --- source3/auth/auth.c | 2 -- source3/auth/auth_generic.c | 60 +++------------------------------------------ source3/auth/auth_ntlmssp.c | 5 ++++ source3/auth/auth_samba4.c | 2 -- source3/include/auth.h | 9 ------- 5 files changed, 8 insertions(+), 70 deletions(-) (limited to 'source3') diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 4e413b1de5..1e1ede45a4 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -464,8 +464,6 @@ static NTSTATUS make_auth_context_text_list(TALLOC_CTX *mem_ctx, for (method = (*auth_context)->auth_method_list; method; method = method->next) { if (method->prepare_gensec) { (*auth_context)->prepare_gensec = method->prepare_gensec; - (*auth_context)->gensec_start_mech_by_oid = method->gensec_start_mech_by_oid; - (*auth_context)->gensec_start_mech_by_authtype = method->gensec_start_mech_by_authtype; break; } } diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c index 34a499895e..13246d642f 100644 --- a/source3/auth/auth_generic.c +++ b/source3/auth/auth_generic.c @@ -112,66 +112,12 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, NTSTATUS auth_generic_start(struct auth_generic_state *auth_ntlmssp_state, const char *oid) { - struct gensec_ntlmssp_context *gensec_ntlmssp; - NTSTATUS status; - - if (auth_ntlmssp_state->auth_context->gensec_start_mech_by_oid) { - return auth_ntlmssp_state->auth_context->gensec_start_mech_by_oid( - auth_ntlmssp_state->gensec_security, oid); - } - - if (strcmp(oid, GENSEC_OID_NTLMSSP) != 0) { - return NT_STATUS_NOT_IMPLEMENTED; - } - - status = gensec_start_mech_by_oid(auth_ntlmssp_state->gensec_security, oid); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - gensec_ntlmssp = - talloc_get_type_abort(auth_ntlmssp_state->gensec_security->private_data, - struct gensec_ntlmssp_context); - - gensec_ntlmssp->auth_context = talloc_move(gensec_ntlmssp, &auth_ntlmssp_state->auth_context); - - return NT_STATUS_OK; + return gensec_start_mech_by_oid(auth_ntlmssp_state->gensec_security, oid); } NTSTATUS auth_generic_authtype_start(struct auth_generic_state *auth_ntlmssp_state, uint8_t auth_type, uint8_t auth_level) { - struct gensec_ntlmssp_context *gensec_ntlmssp; - NTSTATUS status; - - if (auth_ntlmssp_state->auth_context->gensec_start_mech_by_authtype) { - return auth_ntlmssp_state->auth_context->gensec_start_mech_by_authtype( - auth_ntlmssp_state->gensec_security, - auth_type, auth_level); - } - - if (auth_type != DCERPC_AUTH_TYPE_NTLMSSP) { - /* The caller will then free the auth_ntlmssp_state, - * undoing what was done in auth_generic_prepare(). - * - * We can't do that logic here, as - * auth_ntlmssp_want_feature() may have been called in - * between. - */ - return NT_STATUS_NOT_IMPLEMENTED; - } - - status = gensec_start_mech_by_authtype(auth_ntlmssp_state->gensec_security, - auth_type, auth_level); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - gensec_ntlmssp = - talloc_get_type_abort(auth_ntlmssp_state->gensec_security->private_data, - struct gensec_ntlmssp_context); - - gensec_ntlmssp->auth_context = talloc_move(gensec_ntlmssp, &auth_ntlmssp_state->auth_context); - - return NT_STATUS_OK; + return gensec_start_mech_by_authtype(auth_ntlmssp_state->gensec_security, + auth_type, auth_level); } diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index a0deada9b8..f2b7fa4a19 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -242,6 +242,11 @@ static NTSTATUS gensec_ntlmssp3_server_start(struct gensec_security *gensec_secu talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); + nt_status = make_auth_context_subsystem(gensec_ntlmssp, &gensec_ntlmssp->auth_context); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + nt_status = ntlmssp_server_start(gensec_ntlmssp, is_standalone, netbios_name, diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c index 119099d5dd..971f9d6898 100644 --- a/source3/auth/auth_samba4.c +++ b/source3/auth/auth_samba4.c @@ -185,8 +185,6 @@ static NTSTATUS auth_init_samba4(struct auth_context *auth_context, result->name = "samba4"; result->auth = check_samba4_security; result->prepare_gensec = prepare_gensec; - result->gensec_start_mech_by_oid = gensec_start_mech_by_oid; - result->gensec_start_mech_by_authtype = gensec_start_mech_by_authtype; *auth_method = result; return NT_STATUS_OK; diff --git a/source3/include/auth.h b/source3/include/auth.h index 9d043bf54f..16bf1e6f14 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -68,11 +68,6 @@ struct auth_serversupplied_info { typedef NTSTATUS (*prepare_gensec_fn)(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_context); -typedef NTSTATUS (*gensec_start_mech_by_oid_fn)(struct gensec_security *gensec_context, - const char *oid_string); -typedef NTSTATUS (*gensec_start_mech_by_authtype_fn)(struct gensec_security *gensec_context, - uint8_t auth_type, - uint8_t auth_level); struct auth_context { DATA_BLOB challenge; @@ -94,8 +89,6 @@ struct auth_context { NTSTATUS (*nt_status_squash)(NTSTATUS nt_status); prepare_gensec_fn prepare_gensec; - gensec_start_mech_by_oid_fn gensec_start_mech_by_oid; - gensec_start_mech_by_authtype_fn gensec_start_mech_by_authtype; }; typedef struct auth_methods @@ -119,8 +112,6 @@ typedef struct auth_methods /* Optional methods allowing this module to provide a way to get a gensec context */ prepare_gensec_fn prepare_gensec; - gensec_start_mech_by_oid_fn gensec_start_mech_by_oid; - gensec_start_mech_by_authtype_fn gensec_start_mech_by_authtype; /* Used to keep tabs on things like the cli for SMB server authentication */ void *private_data; -- cgit