Line data Source code
1 : /* 2 : Unix SMB/CIFS implementation. 3 : 4 : SASL/EXTERNAL authentication. 5 : 6 : Copyright (C) Howard Chu <hyc@symas.com> 2013 7 : 8 : This program is free software; you can redistribute it and/or modify 9 : it under the terms of the GNU General Public License as published by 10 : the Free Software Foundation; either version 3 of the License, or 11 : (at your option) any later version. 12 : 13 : This program is distributed in the hope that it will be useful, 14 : but WITHOUT ANY WARRANTY; without even the implied warranty of 15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 : GNU General Public License for more details. 17 : 18 : You should have received a copy of the GNU General Public License 19 : along with this program. If not, see <http://www.gnu.org/licenses/>. 20 : */ 21 : 22 : #include "includes.h" 23 : #include <tevent.h> 24 : #include "lib/util/tevent_ntstatus.h" 25 : #include "auth/credentials/credentials.h" 26 : #include "auth/gensec/gensec.h" 27 : #include "auth/gensec/gensec_internal.h" 28 : #include "auth/gensec/gensec_proto.h" 29 : #include "auth/gensec/gensec_toplevel_proto.h" 30 : 31 : #undef DBGC_CLASS 32 : #define DBGC_CLASS DBGC_AUTH 33 : 34 : /* SASL/EXTERNAL is essentially a no-op; it is only usable when the transport 35 : * layer is already mutually authenticated. 36 : */ 37 : 38 : NTSTATUS gensec_external_init(TALLOC_CTX *ctx); 39 : 40 0 : static NTSTATUS gensec_external_start(struct gensec_security *gensec_security) 41 : { 42 0 : if (gensec_security->want_features & GENSEC_FEATURE_SIGN) 43 0 : return NT_STATUS_INVALID_PARAMETER; 44 0 : if (gensec_security->want_features & GENSEC_FEATURE_SEAL) 45 0 : return NT_STATUS_INVALID_PARAMETER; 46 : 47 0 : return NT_STATUS_OK; 48 : } 49 : 50 : struct gensec_external_update_state { 51 : DATA_BLOB out; 52 : }; 53 : 54 0 : static struct tevent_req *gensec_external_update_send(TALLOC_CTX *mem_ctx, 55 : struct tevent_context *ev, 56 : struct gensec_security *gensec_security, 57 : const DATA_BLOB in) 58 : { 59 0 : struct tevent_req *req; 60 0 : struct gensec_external_update_state *state = NULL; 61 : 62 0 : req = tevent_req_create(mem_ctx, &state, 63 : struct gensec_external_update_state); 64 0 : if (req == NULL) { 65 0 : return NULL; 66 : } 67 : 68 0 : state->out = data_blob_talloc(state, "", 0); 69 0 : if (tevent_req_nomem(state->out.data, req)) { 70 0 : return tevent_req_post(req, ev); 71 : } 72 : 73 0 : tevent_req_done(req); 74 0 : return tevent_req_post(req, ev); 75 : } 76 : 77 0 : static NTSTATUS gensec_external_update_recv(struct tevent_req *req, 78 : TALLOC_CTX *out_mem_ctx, 79 : DATA_BLOB *out) 80 : { 81 0 : struct gensec_external_update_state *state = 82 0 : tevent_req_data(req, 83 : struct gensec_external_update_state); 84 0 : NTSTATUS status; 85 : 86 0 : *out = data_blob_null; 87 : 88 0 : if (tevent_req_is_nterror(req, &status)) { 89 0 : tevent_req_received(req); 90 0 : return status; 91 : } 92 : 93 0 : *out = state->out; 94 0 : tevent_req_received(req); 95 0 : return NT_STATUS_OK; 96 : } 97 : 98 : /* We have no features */ 99 0 : static bool gensec_external_have_feature(struct gensec_security *gensec_security, 100 : uint32_t feature) 101 : { 102 0 : return false; 103 : } 104 : 105 : static const struct gensec_security_ops gensec_external_ops = { 106 : .name = "sasl-EXTERNAL", 107 : .sasl_name = "EXTERNAL", 108 : .client_start = gensec_external_start, 109 : .update_send = gensec_external_update_send, 110 : .update_recv = gensec_external_update_recv, 111 : .have_feature = gensec_external_have_feature, 112 : .enabled = true, 113 : .priority = GENSEC_EXTERNAL 114 : }; 115 : 116 : 117 51385 : NTSTATUS gensec_external_init(TALLOC_CTX *ctx) 118 : { 119 1174 : NTSTATUS ret; 120 : 121 51385 : ret = gensec_register(ctx, &gensec_external_ops); 122 51385 : if (!NT_STATUS_IS_OK(ret)) { 123 0 : DEBUG(0,("Failed to register '%s' gensec backend!\n", 124 : gensec_external_ops.name)); 125 : } 126 51385 : return ret; 127 : }