mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
auth: Allow auth_samba4 to be forced to run a specific auth module
This will allow new tests to be written to validate winbindd authentication results Andrew Bartlett Change-Id: I008eba1de349b17ee4eb9f11be08338557dffecc Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
parent
66c099cc58
commit
6c37cd6544
@ -163,7 +163,7 @@ NTSTATUS make_auth4_context(TALLOC_CTX *mem_ctx, struct auth4_context **auth4_co
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (auth_context->make_auth4_context) {
|
if (auth_context->make_auth4_context) {
|
||||||
nt_status = auth_context->make_auth4_context(mem_ctx, auth4_context_out);
|
nt_status = auth_context->make_auth4_context(auth_context, mem_ctx, auth4_context_out);
|
||||||
TALLOC_FREE(tmp_ctx);
|
TALLOC_FREE(tmp_ctx);
|
||||||
return nt_status;
|
return nt_status;
|
||||||
|
|
||||||
@ -197,7 +197,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (auth_context->prepare_gensec) {
|
if (auth_context->prepare_gensec) {
|
||||||
nt_status = auth_context->prepare_gensec(tmp_ctx,
|
nt_status = auth_context->prepare_gensec(auth_context, tmp_ctx,
|
||||||
&gensec_security);
|
&gensec_security);
|
||||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||||
TALLOC_FREE(tmp_ctx);
|
TALLOC_FREE(tmp_ctx);
|
||||||
|
@ -31,7 +31,8 @@
|
|||||||
#undef DBGC_CLASS
|
#undef DBGC_CLASS
|
||||||
#define DBGC_CLASS DBGC_AUTH
|
#define DBGC_CLASS DBGC_AUTH
|
||||||
|
|
||||||
static NTSTATUS make_auth4_context_s4(TALLOC_CTX *mem_ctx,
|
static NTSTATUS make_auth4_context_s4(const struct auth_context *auth_context,
|
||||||
|
TALLOC_CTX *mem_ctx,
|
||||||
struct auth4_context **auth4_context);
|
struct auth4_context **auth4_context);
|
||||||
|
|
||||||
static struct idr_context *task_id_tree;
|
static struct idr_context *task_id_tree;
|
||||||
@ -111,7 +112,7 @@ static NTSTATUS check_samba4_security(const struct auth_context *auth_context,
|
|||||||
struct auth_user_info_dc *user_info_dc;
|
struct auth_user_info_dc *user_info_dc;
|
||||||
struct auth4_context *auth4_context;
|
struct auth4_context *auth4_context;
|
||||||
|
|
||||||
nt_status = make_auth4_context_s4(mem_ctx, &auth4_context);
|
nt_status = make_auth4_context_s4(auth_context, mem_ctx, &auth4_context);
|
||||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||||
TALLOC_FREE(frame);
|
TALLOC_FREE(frame);
|
||||||
goto done;
|
goto done;
|
||||||
@ -178,7 +179,8 @@ static NTSTATUS check_samba4_security(const struct auth_context *auth_context,
|
|||||||
* token is generated and used in the SMB and LDAP servers, for NTLM
|
* token is generated and used in the SMB and LDAP servers, for NTLM
|
||||||
* and for Kerberos.
|
* and for Kerberos.
|
||||||
*/
|
*/
|
||||||
static NTSTATUS prepare_gensec(TALLOC_CTX *mem_ctx,
|
static NTSTATUS prepare_gensec(struct auth_context *auth_context,
|
||||||
|
TALLOC_CTX *mem_ctx,
|
||||||
struct gensec_security **gensec_context)
|
struct gensec_security **gensec_context)
|
||||||
{
|
{
|
||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
@ -270,7 +272,8 @@ static NTSTATUS prepare_gensec(TALLOC_CTX *mem_ctx,
|
|||||||
* consistency between NTLM logins and NTLMSSP logins, as NTLMSSP is
|
* consistency between NTLM logins and NTLMSSP logins, as NTLMSSP is
|
||||||
* handled by the hook above.
|
* handled by the hook above.
|
||||||
*/
|
*/
|
||||||
static NTSTATUS make_auth4_context_s4(TALLOC_CTX *mem_ctx,
|
static NTSTATUS make_auth4_context_s4(const struct auth_context *auth_context,
|
||||||
|
TALLOC_CTX *mem_ctx,
|
||||||
struct auth4_context **auth4_context)
|
struct auth4_context **auth4_context)
|
||||||
{
|
{
|
||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
@ -311,12 +314,17 @@ static NTSTATUS make_auth4_context_s4(TALLOC_CTX *mem_ctx,
|
|||||||
}
|
}
|
||||||
talloc_reparent(frame, msg_ctx, server_id);
|
talloc_reparent(frame, msg_ctx, server_id);
|
||||||
|
|
||||||
status = auth_context_create(mem_ctx,
|
/* Allow forcing a specific auth4 module */
|
||||||
event_ctx,
|
if (!auth_context->forced_samba4_methods) {
|
||||||
msg_ctx,
|
status = auth_context_create(mem_ctx,
|
||||||
lp_ctx,
|
event_ctx,
|
||||||
auth4_context);
|
msg_ctx,
|
||||||
|
lp_ctx,
|
||||||
|
auth4_context);
|
||||||
|
} else {
|
||||||
|
const char * const *forced_auth_methods = (const char * const *)str_list_make(mem_ctx, auth_context->forced_samba4_methods, NULL);
|
||||||
|
status = auth_context_create_methods(mem_ctx, forced_auth_methods, event_ctx, msg_ctx, lp_ctx, NULL, auth4_context);
|
||||||
|
}
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
DEBUG(1, ("Failed to start auth server code: %s\n", nt_errstr(status)));
|
DEBUG(1, ("Failed to start auth server code: %s\n", nt_errstr(status)));
|
||||||
TALLOC_FREE(frame);
|
TALLOC_FREE(frame);
|
||||||
@ -349,6 +357,13 @@ static NTSTATUS auth_init_samba4(struct auth_context *auth_context,
|
|||||||
result->prepare_gensec = prepare_gensec;
|
result->prepare_gensec = prepare_gensec;
|
||||||
result->make_auth4_context = make_auth4_context_s4;
|
result->make_auth4_context = make_auth4_context_s4;
|
||||||
|
|
||||||
|
if (param && *param) {
|
||||||
|
auth_context->forced_samba4_methods = talloc_strdup(result, param);
|
||||||
|
if (!auth_context->forced_samba4_methods) {
|
||||||
|
return NT_STATUS_NO_MEMORY;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
*auth_method = result;
|
*auth_method = result;
|
||||||
return NT_STATUS_OK;
|
return NT_STATUS_OK;
|
||||||
}
|
}
|
||||||
|
@ -66,10 +66,14 @@ struct auth_serversupplied_info {
|
|||||||
char *unix_name;
|
char *unix_name;
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef NTSTATUS (*prepare_gensec_fn)(TALLOC_CTX *mem_ctx,
|
struct auth_context;
|
||||||
|
|
||||||
|
typedef NTSTATUS (*prepare_gensec_fn)(const struct auth_context *auth_context,
|
||||||
|
TALLOC_CTX *mem_ctx,
|
||||||
struct gensec_security **gensec_context);
|
struct gensec_security **gensec_context);
|
||||||
|
|
||||||
typedef NTSTATUS (*make_auth4_context_fn)(TALLOC_CTX *mem_ctx,
|
typedef NTSTATUS (*make_auth4_context_fn)(const struct auth_context *auth_context,
|
||||||
|
TALLOC_CTX *mem_ctx,
|
||||||
struct auth4_context **auth4_context);
|
struct auth4_context **auth4_context);
|
||||||
|
|
||||||
struct auth_context {
|
struct auth_context {
|
||||||
@ -83,6 +87,7 @@ struct auth_context {
|
|||||||
|
|
||||||
prepare_gensec_fn prepare_gensec;
|
prepare_gensec_fn prepare_gensec;
|
||||||
make_auth4_context_fn make_auth4_context;
|
make_auth4_context_fn make_auth4_context;
|
||||||
|
const char *forced_samba4_methods;
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef struct auth_methods
|
typedef struct auth_methods
|
||||||
|
@ -130,7 +130,7 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
|
|||||||
struct loadparm_context *lp_ctx,
|
struct loadparm_context *lp_ctx,
|
||||||
struct auth_session_info **_session_info) ;
|
struct auth_session_info **_session_info) ;
|
||||||
|
|
||||||
NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
|
NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char * const *methods,
|
||||||
struct tevent_context *ev,
|
struct tevent_context *ev,
|
||||||
struct imessaging_context *msg,
|
struct imessaging_context *msg,
|
||||||
struct loadparm_context *lp_ctx,
|
struct loadparm_context *lp_ctx,
|
||||||
|
@ -520,7 +520,7 @@ static NTSTATUS auth_generate_session_info_pac(struct auth4_context *auth_ctx,
|
|||||||
Make a auth_info struct for the auth subsystem
|
Make a auth_info struct for the auth subsystem
|
||||||
- Allow the caller to specify the methods to use, including optionally the SAM to use
|
- Allow the caller to specify the methods to use, including optionally the SAM to use
|
||||||
***************************************************************************/
|
***************************************************************************/
|
||||||
_PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
|
_PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char * const *methods,
|
||||||
struct tevent_context *ev,
|
struct tevent_context *ev,
|
||||||
struct imessaging_context *msg,
|
struct imessaging_context *msg,
|
||||||
struct loadparm_context *lp_ctx,
|
struct loadparm_context *lp_ctx,
|
||||||
|
Loading…
Reference in New Issue
Block a user