From 6c37cd65445f3acf4f41f375017ae7f5f1e34bde Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 16 May 2014 14:29:43 +1200
Subject: [PATCH] auth: Allow auth_samba4 to be forced to run a specific auth
 module

This will allow new tests to be written to validate winbindd authentication results

Andrew Bartlett

Change-Id: I008eba1de349b17ee4eb9f11be08338557dffecc
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source3/auth/auth_generic.c |  4 ++--
 source3/auth/auth_samba4.c  | 35 +++++++++++++++++++++++++----------
 source3/include/auth.h      |  9 +++++++--
 source4/auth/auth.h         |  2 +-
 source4/auth/ntlm/auth.c    |  2 +-
 5 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index e1c6475ecab..05c4ddcede4 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -163,7 +163,7 @@ NTSTATUS make_auth4_context(TALLOC_CTX *mem_ctx, struct auth4_context **auth4_co
 	}
 
 	if (auth_context->make_auth4_context) {
-		nt_status = auth_context->make_auth4_context(mem_ctx, auth4_context_out);
+		nt_status = auth_context->make_auth4_context(auth_context, mem_ctx, auth4_context_out);
 		TALLOC_FREE(tmp_ctx);
 		return nt_status;
 
@@ -197,7 +197,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
 	}
 
 	if (auth_context->prepare_gensec) {
-		nt_status = auth_context->prepare_gensec(tmp_ctx,
+		nt_status = auth_context->prepare_gensec(auth_context, tmp_ctx,
 							 &gensec_security);
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			TALLOC_FREE(tmp_ctx);
diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c
index fcc4c285ea8..d9d71512a2b 100644
--- a/source3/auth/auth_samba4.c
+++ b/source3/auth/auth_samba4.c
@@ -31,7 +31,8 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
-static NTSTATUS make_auth4_context_s4(TALLOC_CTX *mem_ctx,
+static NTSTATUS make_auth4_context_s4(const struct auth_context *auth_context,
+				      TALLOC_CTX *mem_ctx,
 				      struct auth4_context **auth4_context);
 
 static struct idr_context *task_id_tree;
@@ -111,7 +112,7 @@ static NTSTATUS check_samba4_security(const struct auth_context *auth_context,
 	struct auth_user_info_dc *user_info_dc;
 	struct auth4_context *auth4_context;
 
-	nt_status = make_auth4_context_s4(mem_ctx, &auth4_context);
+	nt_status = make_auth4_context_s4(auth_context, mem_ctx, &auth4_context);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		TALLOC_FREE(frame);
 		goto done;
@@ -178,7 +179,8 @@ static NTSTATUS check_samba4_security(const struct auth_context *auth_context,
  * token is generated and used in the SMB and LDAP servers, for NTLM
  * and for Kerberos.
  */
-static NTSTATUS prepare_gensec(TALLOC_CTX *mem_ctx,
+static NTSTATUS prepare_gensec(struct auth_context *auth_context,
+			       TALLOC_CTX *mem_ctx,
 			       struct gensec_security **gensec_context)
 {
 	NTSTATUS status;
@@ -270,7 +272,8 @@ static NTSTATUS prepare_gensec(TALLOC_CTX *mem_ctx,
  * consistency between NTLM logins and NTLMSSP logins, as NTLMSSP is
  * handled by the hook above.
  */
-static NTSTATUS make_auth4_context_s4(TALLOC_CTX *mem_ctx,
+static NTSTATUS make_auth4_context_s4(const struct auth_context *auth_context,
+				      TALLOC_CTX *mem_ctx,
 				      struct auth4_context **auth4_context)
 {
 	NTSTATUS status;
@@ -311,12 +314,17 @@ static NTSTATUS make_auth4_context_s4(TALLOC_CTX *mem_ctx,
 	}
 	talloc_reparent(frame, msg_ctx, server_id);
 
-	status = auth_context_create(mem_ctx,
-					event_ctx,
-					msg_ctx,
-					lp_ctx,
-					auth4_context);
-
+	/* Allow forcing a specific auth4 module */
+	if (!auth_context->forced_samba4_methods) {
+		status = auth_context_create(mem_ctx,
+					     event_ctx,
+					     msg_ctx,
+					     lp_ctx,
+					     auth4_context);
+	} else {
+		const char * const *forced_auth_methods = (const char * const *)str_list_make(mem_ctx, auth_context->forced_samba4_methods, NULL);
+		status = auth_context_create_methods(mem_ctx, forced_auth_methods, event_ctx, msg_ctx, lp_ctx, NULL, auth4_context);
+	}
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to start auth server code: %s\n", nt_errstr(status)));
 		TALLOC_FREE(frame);
@@ -349,6 +357,13 @@ static NTSTATUS auth_init_samba4(struct auth_context *auth_context,
 	result->prepare_gensec = prepare_gensec;
 	result->make_auth4_context = make_auth4_context_s4;
 
+	if (param && *param) {
+		auth_context->forced_samba4_methods = talloc_strdup(result, param);
+		if (!auth_context->forced_samba4_methods) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
         *auth_method = result;
 	return NT_STATUS_OK;
 }
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 07f8b9eee1a..acae5a83c6c 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -66,10 +66,14 @@ struct auth_serversupplied_info {
 	char *unix_name;
 };
 
-typedef NTSTATUS (*prepare_gensec_fn)(TALLOC_CTX *mem_ctx,
+struct auth_context;
+
+typedef NTSTATUS (*prepare_gensec_fn)(const struct auth_context *auth_context, 
+				      TALLOC_CTX *mem_ctx,
 				      struct gensec_security **gensec_context);
 
-typedef NTSTATUS (*make_auth4_context_fn)(TALLOC_CTX *mem_ctx,
+typedef NTSTATUS (*make_auth4_context_fn)(const struct auth_context *auth_context, 
+					  TALLOC_CTX *mem_ctx,
 					  struct auth4_context **auth4_context);
 
 struct auth_context {
@@ -83,6 +87,7 @@ struct auth_context {
 
 	prepare_gensec_fn prepare_gensec;
 	make_auth4_context_fn make_auth4_context;
+	const char *forced_samba4_methods;
 };
 
 typedef struct auth_methods
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 129f58d31c4..0b6b1d35831 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -130,7 +130,7 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
 					   struct loadparm_context *lp_ctx,
 					   struct auth_session_info **_session_info) ;
 
-NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
+NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char * const *methods,
 				     struct tevent_context *ev,
 				     struct imessaging_context *msg,
 				     struct loadparm_context *lp_ctx,
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 16c9666c0a2..642d8684e59 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -520,7 +520,7 @@ static NTSTATUS auth_generate_session_info_pac(struct auth4_context *auth_ctx,
  Make a auth_info struct for the auth subsystem
  - Allow the caller to specify the methods to use, including optionally the SAM to use
 ***************************************************************************/
-_PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, 
+_PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char * const *methods, 
 					      struct tevent_context *ev,
 					      struct imessaging_context *msg,
 					      struct loadparm_context *lp_ctx,