From b0d94c8e7d6ee223198600747c7e70028b2ff418 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 11 Jul 2004 10:29:54 +0000
Subject: r1440: GENSEC improvements:  - Infrustructure for kerberos  - Don't
 segfault on un-implemented backend functions  - Add comments.

Andrew Bartlett
(This used to be commit 1c31aa42710421917428d6ba86328ea5179751bd)
---
 source4/libcli/auth/gensec.c | 58 +++++++++++++++++++++++++++++++++++++++++++-
 source4/libcli/auth/gensec.h |  9 +++++++
 2 files changed, 66 insertions(+), 1 deletion(-)

(limited to 'source4/libcli')

diff --git a/source4/libcli/auth/gensec.c b/source4/libcli/auth/gensec.c
index 2491410494..83738109c6 100644
--- a/source4/libcli/auth/gensec.c
+++ b/source4/libcli/auth/gensec.c
@@ -242,6 +242,9 @@ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
 			      TALLOC_CTX *mem_ctx, 
 			      uint8_t *data, size_t length, DATA_BLOB *sig)
 {
+	if (!gensec_security->ops->unseal_packet) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
 	return gensec_security->ops->unseal_packet(gensec_security, mem_ctx, data, length, sig);
 }
 
@@ -250,6 +253,9 @@ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
 			     const uint8_t *data, size_t length, 
 			     const DATA_BLOB *sig)
 {
+	if (!gensec_security->ops->check_packet) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
 	return gensec_security->ops->check_packet(gensec_security, mem_ctx, data, length, sig);
 }
 
@@ -258,6 +264,9 @@ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
 			    uint8_t *data, size_t length, 
 			    DATA_BLOB *sig)
 {
+	if (!gensec_security->ops->seal_packet) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
 	return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, sig);
 }
 
@@ -266,15 +275,31 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
 			    const uint8_t *data, size_t length, 
 			    DATA_BLOB *sig)
 {
+	if (!gensec_security->ops->sign_packet) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
 	return gensec_security->ops->sign_packet(gensec_security, mem_ctx, data, length, sig);
 }
 
 NTSTATUS gensec_session_key(struct gensec_security *gensec_security, 
 			    DATA_BLOB *session_key)
 {
+	if (!gensec_security->ops->session_key) {
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
 	return gensec_security->ops->session_key(gensec_security, session_key);
 }
 
+/** 
+ * Return the credentials of a logged on user, including session keys
+ * etc.
+ *
+ * Only valid after a successful authentication
+ *
+ * May only be called once per authentication.
+ *
+ */
+
 NTSTATUS gensec_session_info(struct gensec_security *gensec_security, 
 			     struct auth_session_info **session_info)
 {
@@ -356,6 +381,34 @@ NTSTATUS gensec_set_password(struct gensec_security *gensec_security,
 	return NT_STATUS_OK;
 }
 
+/** 
+ * Set a kerberos realm on a GENSEC context - ensures it is talloc()ed 
+ *
+ */
+
+NTSTATUS gensec_set_realm(struct gensec_security *gensec_security, const char *realm) 
+{
+	gensec_security->user.realm = talloc_strdup(gensec_security->mem_ctx, realm);
+	if (!gensec_security->user.realm) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	return NT_STATUS_OK;
+}
+
+/** 
+ * Set the target principal name (if already known) on a GENSEC context - ensures it is talloc()ed 
+ *
+ */
+
+NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal) 
+{
+	gensec_security->target.principal = talloc_strdup(gensec_security->mem_ctx, principal);
+	if (!gensec_security->target.principal) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	return NT_STATUS_OK;
+}
+
 /** 
  * Set a password callback, if the gensec module we use demands a password
  */
@@ -457,7 +510,10 @@ BOOL gensec_init(void)
 
 	/* FIXME: Perhaps panic if a basic backend, such as NTLMSSP, fails to initialise? */
 	gensec_ntlmssp_init();
-	gensec_spengo_init();
+#if 0
+	gensec_krb5_init();
+#endif
+	gensec_spnego_init();
 	gensec_dcerpc_schannel_init();
 
 	initialised = True;
diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h
index e30369ba0b..7cd56936d2 100644
--- a/source4/libcli/auth/gensec.h
+++ b/source4/libcli/auth/gensec.h
@@ -25,10 +25,18 @@
 struct gensec_security;
 struct gensec_user {
 	const char *domain;
+	const char *realm;
 	const char *name;
 	const char *password;
 	char schan_session_key[16];
 };
+struct gensec_target {
+	const char *principal;
+	const char *hostname;
+	const struct sock_addr *addr;
+};
+		
+
 /* GENSEC mode */
 enum gensec_role
 {
@@ -71,6 +79,7 @@ struct gensec_security {
 	const struct gensec_security_ops *ops;
 	void *private_data;
 	struct gensec_user user;
+	struct gensec_target target;
 	enum gensec_role gensec_role;
 	BOOL subcontext;
 };
-- 
cgit