Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Generic Authentication Interface for Samba Servers
5 :
6 : Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : /* This code sets up GENSEC in the way that all Samba servers want
23 : * (because they have presumed access to the sam.ldb etc */
24 :
25 : #include "includes.h"
26 : #include "auth/auth.h"
27 : #include "auth/gensec/gensec.h"
28 : #include "param/param.h"
29 :
30 117191 : static NTSTATUS samba_server_gensec_start_settings(TALLOC_CTX *mem_ctx,
31 : struct tevent_context *event_ctx,
32 : struct imessaging_context *msg_ctx,
33 : struct loadparm_context *lp_ctx,
34 : struct gensec_settings *settings,
35 : struct cli_credentials *server_credentials,
36 : const char *target_service,
37 : struct gensec_security **gensec_context)
38 : {
39 2877 : NTSTATUS nt_status;
40 2877 : struct gensec_security *gensec_ctx;
41 2877 : struct auth4_context *auth_context;
42 :
43 117191 : TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
44 117191 : if (!tmp_ctx) {
45 0 : return NT_STATUS_NO_MEMORY;
46 : }
47 :
48 117191 : nt_status = auth_context_create(tmp_ctx,
49 : event_ctx,
50 : msg_ctx,
51 : lp_ctx,
52 : &auth_context);
53 :
54 117191 : if (!NT_STATUS_IS_OK(nt_status)) {
55 0 : DEBUG(1, ("Failed to start auth server code: %s\n", nt_errstr(nt_status)));
56 0 : talloc_free(tmp_ctx);
57 0 : return nt_status;
58 : }
59 :
60 117191 : nt_status = gensec_server_start(tmp_ctx,
61 : settings,
62 : auth_context,
63 : &gensec_ctx);
64 117191 : if (!NT_STATUS_IS_OK(nt_status)) {
65 0 : talloc_free(tmp_ctx);
66 0 : DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(nt_status)));
67 0 : return nt_status;
68 : }
69 :
70 117191 : gensec_set_credentials(gensec_ctx, server_credentials);
71 :
72 117191 : if (target_service) {
73 108637 : gensec_set_target_service(gensec_ctx, target_service);
74 : }
75 117191 : *gensec_context = talloc_steal(mem_ctx, gensec_ctx);
76 117191 : talloc_free(tmp_ctx);
77 117191 : return nt_status;
78 : }
79 :
80 117123 : NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
81 : struct tevent_context *event_ctx,
82 : struct imessaging_context *msg_ctx,
83 : struct loadparm_context *lp_ctx,
84 : struct cli_credentials *server_credentials,
85 : const char *target_service,
86 : struct gensec_security **gensec_context)
87 : {
88 117123 : struct gensec_settings *settings = NULL;
89 2877 : NTSTATUS status;
90 :
91 117123 : settings = lpcfg_gensec_settings(mem_ctx, lp_ctx);
92 117123 : if (settings == NULL) {
93 0 : return NT_STATUS_NO_MEMORY;
94 : }
95 117123 : status = samba_server_gensec_start_settings(mem_ctx, event_ctx,
96 : msg_ctx, lp_ctx,
97 : settings, server_credentials,
98 : target_service,
99 : gensec_context);
100 117123 : if (!NT_STATUS_IS_OK(status)) {
101 0 : TALLOC_FREE(settings);
102 0 : return status;
103 : }
104 :
105 117123 : talloc_reparent(mem_ctx, *gensec_context, settings);
106 117123 : return NT_STATUS_OK;
107 : }
108 :
109 68 : NTSTATUS samba_server_gensec_krb5_start(TALLOC_CTX *mem_ctx,
110 : struct tevent_context *event_ctx,
111 : struct imessaging_context *msg_ctx,
112 : struct loadparm_context *lp_ctx,
113 : struct cli_credentials *server_credentials,
114 : const char *target_service,
115 : struct gensec_security **gensec_context)
116 : {
117 68 : struct gensec_settings *settings = NULL;
118 68 : const struct gensec_security_ops **backends = NULL;
119 68 : size_t idx = 0;
120 0 : NTSTATUS status;
121 :
122 68 : settings = lpcfg_gensec_settings(mem_ctx, lp_ctx);
123 68 : if (settings == NULL) {
124 0 : return NT_STATUS_NO_MEMORY;
125 : }
126 68 : backends = talloc_zero_array(settings,
127 : const struct gensec_security_ops *, 3);
128 68 : if (backends == NULL) {
129 0 : TALLOC_FREE(settings);
130 0 : return NT_STATUS_NO_MEMORY;
131 : }
132 68 : settings->backends = backends;
133 :
134 68 : gensec_init();
135 :
136 68 : backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_KERBEROS5);
137 :
138 68 : backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
139 :
140 68 : status = samba_server_gensec_start_settings(mem_ctx, event_ctx,
141 : msg_ctx, lp_ctx,
142 : settings, server_credentials,
143 : target_service,
144 : gensec_context);
145 68 : if (!NT_STATUS_IS_OK(status)) {
146 0 : TALLOC_FREE(settings);
147 0 : return status;
148 : }
149 :
150 68 : talloc_reparent(mem_ctx, *gensec_context, settings);
151 68 : return NT_STATUS_OK;
152 : }
|
