mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
r1357: Work on GENSEC:
- Add the concept of a 'subcontext' into gensec, so that the spengo
code doesn't have to figure out how to make one.
(A subcontext inherits the username, domain, password (or callback)
from the main context).
- Add comments to some other routines, and explain a bit about what
the various 'start' functions are for.
Andrew Bartlett
(This used to be commit 7aedbfbdd9
)
This commit is contained in:
parent
66ac77dd12
commit
93665a132d
@ -106,9 +106,35 @@ static NTSTATUS gensec_start(struct gensec_security **gensec_security)
|
||||
(*gensec_security)->mem_ctx = mem_ctx;
|
||||
(*gensec_security)->ops = NULL;
|
||||
|
||||
(*gensec_security)->subcontext = False;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
* Start a GENSEC subcontext, with a copy of the properties of the parent
|
||||
*
|
||||
* @note Used by SPENGO in particular, for the actual implementation mechanism
|
||||
*/
|
||||
|
||||
NTSTATUS gensec_subcontext_start(struct gensec_security *parent,
|
||||
struct gensec_security **gensec_security)
|
||||
{
|
||||
NTSTATUS status;
|
||||
|
||||
(*gensec_security) = talloc_p(parent->mem_ctx, struct gensec_security);
|
||||
if (!(*gensec_security)) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
(**gensec_security) = *parent;
|
||||
(*gensec_security)->ops = NULL;
|
||||
(*gensec_security)->private_data = NULL;
|
||||
|
||||
(*gensec_security)->subcontext = True;
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
NTSTATUS gensec_client_start(struct gensec_security **gensec_security)
|
||||
{
|
||||
NTSTATUS status;
|
||||
@ -162,34 +188,50 @@ static NTSTATUS gensec_start_mech(struct gensec_security *gensec_security)
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
/**
|
||||
* Start a GENSEC sub-mechanism by DCERPC allocated 'auth type' number
|
||||
*/
|
||||
|
||||
NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
|
||||
uint8_t authtype)
|
||||
{
|
||||
gensec_security->ops = gensec_security_by_authtype(authtype);
|
||||
if (!gensec_security->ops) {
|
||||
DEBUG(1, ("Could not find GENSEC backend for authtype=%d\n", (int)authtype));
|
||||
DEBUG(3, ("Could not find GENSEC backend for authtype=%d\n", (int)authtype));
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
return gensec_start_mech(gensec_security);
|
||||
}
|
||||
|
||||
/**
|
||||
* Start a GENSEC sub-mechanism by OID, used in SPNEGO
|
||||
*
|
||||
* @note This should also be used when you wish to just start NLTMSSP (for example), as it uses a
|
||||
* well-known #define to hook it in.
|
||||
*/
|
||||
|
||||
NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
|
||||
const char *mech_oid)
|
||||
{
|
||||
gensec_security->ops = gensec_security_by_oid(mech_oid);
|
||||
if (!gensec_security->ops) {
|
||||
DEBUG(1, ("Could not find GENSEC backend for oid=%s\n", mech_oid));
|
||||
DEBUG(3, ("Could not find GENSEC backend for oid=%s\n", mech_oid));
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
return gensec_start_mech(gensec_security);
|
||||
}
|
||||
|
||||
/**
|
||||
* Start a GENSEC sub-mechanism by a well know SASL name
|
||||
*
|
||||
*/
|
||||
|
||||
NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
|
||||
const char *sasl_name)
|
||||
{
|
||||
gensec_security->ops = gensec_security_by_sasl_name(sasl_name);
|
||||
if (!gensec_security->ops) {
|
||||
DEBUG(1, ("Could not find GENSEC backend for sasl_name=%s\n", sasl_name));
|
||||
DEBUG(3, ("Could not find GENSEC backend for sasl_name=%s\n", sasl_name));
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
return gensec_start_mech(gensec_security);
|
||||
@ -264,8 +306,11 @@ void gensec_end(struct gensec_security **gensec_security)
|
||||
(*gensec_security)->ops->end(*gensec_security);
|
||||
}
|
||||
(*gensec_security)->private_data = NULL;
|
||||
talloc_destroy((*gensec_security)->mem_ctx);
|
||||
|
||||
|
||||
if (!(*gensec_security)->subcontext) {
|
||||
/* don't destory this if this is a subcontext - it belongs to the parent */
|
||||
talloc_destroy((*gensec_security)->mem_ctx);
|
||||
}
|
||||
gensec_security = NULL;
|
||||
}
|
||||
|
||||
|
@ -72,6 +72,7 @@ struct gensec_security {
|
||||
void *private_data;
|
||||
struct gensec_user user;
|
||||
enum gensec_role gensec_role;
|
||||
BOOL subcontext;
|
||||
};
|
||||
|
||||
/* this structure is used by backends to determine the size of some critical types */
|
||||
|
Loading…
Reference in New Issue
Block a user