/src/samba/source4/auth/samba_server_gensec.c
Line | Count | Source |
1 | | /* |
2 | | Unix SMB/CIFS implementation. |
3 | | |
4 | | Generic Authentication Interface for Samba Servers |
5 | | |
6 | | Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009 |
7 | | |
8 | | This program is free software; you can redistribute it and/or modify |
9 | | it under the terms of the GNU General Public License as published by |
10 | | the Free Software Foundation; either version 3 of the License, or |
11 | | (at your option) any later version. |
12 | | |
13 | | This program is distributed in the hope that it will be useful, |
14 | | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | | GNU General Public License for more details. |
17 | | |
18 | | You should have received a copy of the GNU General Public License |
19 | | along with this program. If not, see <http://www.gnu.org/licenses/>. |
20 | | */ |
21 | | |
22 | | /* This code sets up GENSEC in the way that all Samba servers want |
23 | | * (because they have presumed access to the sam.ldb etc */ |
24 | | |
25 | | #include "includes.h" |
26 | | #include "auth/auth.h" |
27 | | #include "auth/gensec/gensec.h" |
28 | | #include "param/param.h" |
29 | | |
30 | | static NTSTATUS samba_server_gensec_start_settings(TALLOC_CTX *mem_ctx, |
31 | | struct tevent_context *event_ctx, |
32 | | struct imessaging_context *msg_ctx, |
33 | | struct loadparm_context *lp_ctx, |
34 | | struct gensec_settings *settings, |
35 | | struct cli_credentials *server_credentials, |
36 | | const char *target_service, |
37 | | struct gensec_security **gensec_context) |
38 | 0 | { |
39 | 0 | NTSTATUS nt_status; |
40 | 0 | struct gensec_security *gensec_ctx; |
41 | 0 | struct auth4_context *auth_context; |
42 | |
|
43 | 0 | TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); |
44 | 0 | if (!tmp_ctx) { |
45 | 0 | return NT_STATUS_NO_MEMORY; |
46 | 0 | } |
47 | | |
48 | 0 | nt_status = auth_context_create(tmp_ctx, |
49 | 0 | event_ctx, |
50 | 0 | msg_ctx, |
51 | 0 | lp_ctx, |
52 | 0 | &auth_context); |
53 | | |
54 | 0 | if (!NT_STATUS_IS_OK(nt_status)) { |
55 | 0 | DEBUG(1, ("Failed to start auth server code: %s\n", nt_errstr(nt_status))); |
56 | 0 | talloc_free(tmp_ctx); |
57 | 0 | return nt_status; |
58 | 0 | } |
59 | | |
60 | 0 | nt_status = gensec_server_start(tmp_ctx, |
61 | 0 | settings, |
62 | 0 | auth_context, |
63 | 0 | &gensec_ctx); |
64 | 0 | if (!NT_STATUS_IS_OK(nt_status)) { |
65 | 0 | talloc_free(tmp_ctx); |
66 | 0 | DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(nt_status))); |
67 | 0 | return nt_status; |
68 | 0 | } |
69 | | |
70 | 0 | gensec_set_credentials(gensec_ctx, server_credentials); |
71 | |
|
72 | 0 | if (target_service) { |
73 | 0 | gensec_set_target_service(gensec_ctx, target_service); |
74 | 0 | } |
75 | 0 | *gensec_context = talloc_steal(mem_ctx, gensec_ctx); |
76 | 0 | talloc_free(tmp_ctx); |
77 | 0 | return nt_status; |
78 | 0 | } |
79 | | |
80 | | NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx, |
81 | | struct tevent_context *event_ctx, |
82 | | struct imessaging_context *msg_ctx, |
83 | | struct loadparm_context *lp_ctx, |
84 | | struct cli_credentials *server_credentials, |
85 | | const char *target_service, |
86 | | struct gensec_security **gensec_context) |
87 | 0 | { |
88 | 0 | struct gensec_settings *settings = NULL; |
89 | 0 | NTSTATUS status; |
90 | |
|
91 | 0 | settings = lpcfg_gensec_settings(mem_ctx, lp_ctx); |
92 | 0 | if (settings == NULL) { |
93 | 0 | return NT_STATUS_NO_MEMORY; |
94 | 0 | } |
95 | 0 | status = samba_server_gensec_start_settings(mem_ctx, event_ctx, |
96 | 0 | msg_ctx, lp_ctx, |
97 | 0 | settings, server_credentials, |
98 | 0 | target_service, |
99 | 0 | gensec_context); |
100 | 0 | if (!NT_STATUS_IS_OK(status)) { |
101 | 0 | TALLOC_FREE(settings); |
102 | 0 | return status; |
103 | 0 | } |
104 | | |
105 | 0 | talloc_reparent(mem_ctx, *gensec_context, settings); |
106 | 0 | return NT_STATUS_OK; |
107 | 0 | } |
108 | | |
109 | | NTSTATUS samba_server_gensec_krb5_start(TALLOC_CTX *mem_ctx, |
110 | | struct tevent_context *event_ctx, |
111 | | struct imessaging_context *msg_ctx, |
112 | | struct loadparm_context *lp_ctx, |
113 | | struct cli_credentials *server_credentials, |
114 | | const char *target_service, |
115 | | struct gensec_security **gensec_context) |
116 | 0 | { |
117 | 0 | struct gensec_settings *settings = NULL; |
118 | 0 | const struct gensec_security_ops **backends = NULL; |
119 | 0 | size_t idx = 0; |
120 | 0 | NTSTATUS status; |
121 | |
|
122 | 0 | settings = lpcfg_gensec_settings(mem_ctx, lp_ctx); |
123 | 0 | if (settings == NULL) { |
124 | 0 | return NT_STATUS_NO_MEMORY; |
125 | 0 | } |
126 | 0 | backends = talloc_zero_array(settings, |
127 | 0 | const struct gensec_security_ops *, 3); |
128 | 0 | if (backends == NULL) { |
129 | 0 | TALLOC_FREE(settings); |
130 | 0 | return NT_STATUS_NO_MEMORY; |
131 | 0 | } |
132 | 0 | settings->backends = backends; |
133 | |
|
134 | 0 | gensec_init(); |
135 | |
|
136 | 0 | backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_KERBEROS5); |
137 | |
|
138 | 0 | backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO); |
139 | |
|
140 | 0 | status = samba_server_gensec_start_settings(mem_ctx, event_ctx, |
141 | 0 | msg_ctx, lp_ctx, |
142 | 0 | settings, server_credentials, |
143 | 0 | target_service, |
144 | 0 | gensec_context); |
145 | 0 | if (!NT_STATUS_IS_OK(status)) { |
146 | 0 | TALLOC_FREE(settings); |
147 | 0 | return status; |
148 | 0 | } |
149 | | |
150 | 0 | talloc_reparent(mem_ctx, *gensec_context, settings); |
151 | 0 | return NT_STATUS_OK; |
152 | 0 | } |