mirror of
https://github.com/samba-team/samba.git
synced 2025-02-22 05:57:43 +03:00
auth:creds: Add obtained arg to cli_credentials_set_gensec_features()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider
Andrew Bartlett
parent
7accd90035
commit
2fbc63cacc
@ -150,9 +150,18 @@ _PUBLIC_ enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(st
|
||||
return creds->krb_forwardable;
|
||||
}
|
||||
|
||||
_PUBLIC_ void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features)
|
||||
_PUBLIC_ bool cli_credentials_set_gensec_features(struct cli_credentials *creds,
|
||||
uint32_t gensec_features,
|
||||
enum credentials_obtained obtained)
|
||||
{
|
||||
creds->gensec_features = gensec_features;
|
||||
if (obtained >= creds->gensec_features_obtained) {
|
||||
creds->gensec_features_obtained = obtained;
|
||||
creds->gensec_features = gensec_features;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
_PUBLIC_ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
|
||||
@ -1017,8 +1026,6 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
cred->encryption_state_obtained = CRED_SMB_CONF;
|
||||
}
|
||||
|
||||
if (cred->kerberos_state_obtained <= CRED_SMB_CONF) {
|
||||
@ -1026,6 +1033,24 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
|
||||
cred->kerberos_state = lpcfg_client_use_kerberos(lp_ctx);
|
||||
cred->kerberos_state_obtained = CRED_SMB_CONF;
|
||||
}
|
||||
|
||||
if (cred->gensec_features_obtained <= CRED_SMB_CONF) {
|
||||
switch (protection) {
|
||||
case CRED_CLIENT_PROTECTION_DEFAULT:
|
||||
break;
|
||||
case CRED_CLIENT_PROTECTION_PLAIN:
|
||||
cred->gensec_features = 0;
|
||||
break;
|
||||
case CRED_CLIENT_PROTECTION_SIGN:
|
||||
cred->gensec_features = GENSEC_FEATURE_SIGN;
|
||||
break;
|
||||
case CRED_CLIENT_PROTECTION_ENCRYPT:
|
||||
cred->gensec_features =
|
||||
GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL;
|
||||
break;
|
||||
}
|
||||
cred->gensec_features_obtained = CRED_SMB_CONF;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -233,7 +233,9 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
|
||||
struct loadparm_context *lp_ctx,
|
||||
const char *keytab_name,
|
||||
enum credentials_obtained obtained);
|
||||
void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features);
|
||||
bool cli_credentials_set_gensec_features(struct cli_credentials *creds,
|
||||
uint32_t gensec_features,
|
||||
enum credentials_obtained obtained);
|
||||
uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds);
|
||||
int cli_credentials_set_ccache(struct cli_credentials *cred,
|
||||
struct loadparm_context *lp_ctx,
|
||||
|
||||
@ -41,6 +41,7 @@ struct cli_credentials {
|
||||
enum credentials_obtained ipc_signing_state_obtained;
|
||||
enum credentials_obtained encryption_state_obtained;
|
||||
enum credentials_obtained kerberos_state_obtained;
|
||||
enum credentials_obtained gensec_features_obtained;
|
||||
|
||||
/* Threshold values (essentially a MAX() over a number of the
|
||||
* above) for the ccache and GSS credentials, to ensure we
|
||||
|
||||
@ -842,7 +842,9 @@ static PyObject *py_creds_set_gensec_features(PyObject *self, PyObject *args)
|
||||
if (!PyArg_ParseTuple(args, "I", &gensec_features))
|
||||
return NULL;
|
||||
|
||||
cli_credentials_set_gensec_features(creds, gensec_features);
|
||||
cli_credentials_set_gensec_features(creds,
|
||||
gensec_features,
|
||||
CRED_SPECIFIED);
|
||||
|
||||
Py_RETURN_NONE;
|
||||
}
|
||||
|
||||
@ -357,7 +357,9 @@ NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx)
|
||||
|
||||
gensec_features = cli_credentials_get_gensec_features(ctx->creds);
|
||||
gensec_features |= GENSEC_FEATURE_NTLM_CCACHE;
|
||||
cli_credentials_set_gensec_features(ctx->creds, gensec_features);
|
||||
cli_credentials_set_gensec_features(ctx->creds,
|
||||
gensec_features,
|
||||
CRED_SPECIFIED);
|
||||
|
||||
return NET_API_STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
@ -272,7 +272,9 @@ void set_cmdline_auth_info_use_ccache(struct user_auth_info *auth_info, bool b)
|
||||
|
||||
gensec_features = cli_credentials_get_gensec_features(auth_info->creds);
|
||||
gensec_features |= GENSEC_FEATURE_NTLM_CCACHE;
|
||||
cli_credentials_set_gensec_features(auth_info->creds, gensec_features);
|
||||
cli_credentials_set_gensec_features(auth_info->creds,
|
||||
gensec_features,
|
||||
CRED_SPECIFIED);
|
||||
}
|
||||
|
||||
bool get_cmdline_auth_info_use_ccache(const struct user_auth_info *auth_info)
|
||||
|
||||
@ -140,7 +140,9 @@ struct cli_credentials *cli_session_creds_init(TALLOC_CTX *mem_ctx,
|
||||
|
||||
features = cli_credentials_get_gensec_features(creds);
|
||||
features |= GENSEC_FEATURE_NTLM_CCACHE;
|
||||
cli_credentials_set_gensec_features(creds, features);
|
||||
cli_credentials_set_gensec_features(creds,
|
||||
features,
|
||||
CRED_SPECIFIED);
|
||||
|
||||
if (password != NULL && strlen(password) == 0) {
|
||||
/*
|
||||
|
||||
@ -516,7 +516,9 @@ struct cli_credentials *net_context_creds(struct net_context *c,
|
||||
|
||||
features = cli_credentials_get_gensec_features(creds);
|
||||
features |= GENSEC_FEATURE_NTLM_CCACHE;
|
||||
cli_credentials_set_gensec_features(creds, features);
|
||||
cli_credentials_set_gensec_features(creds,
|
||||
features,
|
||||
CRED_SPECIFIED);
|
||||
|
||||
if (c->opt_password != NULL && strlen(c->opt_password) == 0) {
|
||||
/*
|
||||
|
||||
@ -154,7 +154,8 @@ static void popt_common_credentials_callback(poptContext con,
|
||||
gensec_features |= GENSEC_FEATURE_SIGN;
|
||||
cli_credentials_set_gensec_features(
|
||||
popt_get_cmdline_credentials(),
|
||||
gensec_features);
|
||||
gensec_features,
|
||||
CRED_SPECIFIED);
|
||||
break;
|
||||
}
|
||||
case OPT_ENCRYPT:
|
||||
@ -167,7 +168,8 @@ static void popt_common_credentials_callback(poptContext con,
|
||||
gensec_features |= GENSEC_FEATURE_SEAL;
|
||||
cli_credentials_set_gensec_features(
|
||||
popt_get_cmdline_credentials(),
|
||||
gensec_features);
|
||||
gensec_features,
|
||||
CRED_SPECIFIED);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -319,7 +319,9 @@ try_logon_again:
|
||||
|
||||
old_gensec_features = cli_credentials_get_gensec_features(creds);
|
||||
if (wrap_flags == 0) {
|
||||
cli_credentials_set_gensec_features(creds, old_gensec_features & ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL));
|
||||
cli_credentials_set_gensec_features(creds,
|
||||
old_gensec_features & ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL),
|
||||
CRED_SPECIFIED);
|
||||
}
|
||||
|
||||
/* this call also sets the gensec_want_features */
|
||||
@ -332,7 +334,9 @@ try_logon_again:
|
||||
|
||||
/* reset the original gensec_features (on the credentials
|
||||
* context, so we don't tatoo it ) */
|
||||
cli_credentials_set_gensec_features(creds, old_gensec_features);
|
||||
cli_credentials_set_gensec_features(creds,
|
||||
old_gensec_features,
|
||||
CRED_SPECIFIED);
|
||||
|
||||
if (wrap_flags & ADS_AUTH_SASL_SEAL) {
|
||||
gensec_want_feature(conn->gensec, GENSEC_FEATURE_SIGN);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user