mirror of
https://github.com/samba-team/samba.git
synced 2025-02-01 05:47:28 +03:00
Add gensec_settings structure. This wraps loadparm_context for now, but
should in the future only contain some settings required for gensec.
This commit is contained in:
Jelmer Vernooij
parent
9265cb02d0
commit
b034c519f5
@ -477,7 +477,7 @@ const char **gensec_security_oids(struct gensec_security *gensec_security,
|
||||
*/
|
||||
static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
|
||||
struct event_context *ev,
|
||||
struct loadparm_context *lp_ctx,
|
||||
struct gensec_settings *settings,
|
||||
struct messaging_context *msg,
|
||||
struct gensec_security **gensec_security)
|
||||
{
|
||||
@ -501,7 +501,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
|
||||
|
||||
(*gensec_security)->event_ctx = ev;
|
||||
(*gensec_security)->msg_ctx = msg;
|
||||
(*gensec_security)->lp_ctx = lp_ctx;
|
||||
(*gensec_security)->settings = settings;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
@ -529,7 +529,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
|
||||
(*gensec_security)->want_features = parent->want_features;
|
||||
(*gensec_security)->event_ctx = parent->event_ctx;
|
||||
(*gensec_security)->msg_ctx = parent->msg_ctx;
|
||||
(*gensec_security)->lp_ctx = parent->lp_ctx;
|
||||
(*gensec_security)->settings = parent->settings;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
@ -543,11 +543,11 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
|
||||
_PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
|
||||
struct gensec_security **gensec_security,
|
||||
struct event_context *ev,
|
||||
struct loadparm_context *lp_ctx)
|
||||
struct gensec_settings *settings)
|
||||
{
|
||||
NTSTATUS status;
|
||||
|
||||
status = gensec_start(mem_ctx, ev, lp_ctx, NULL, gensec_security);
|
||||
status = gensec_start(mem_ctx, ev, settings, NULL, gensec_security);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
@ -564,7 +564,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
|
||||
*/
|
||||
_PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
|
||||
struct event_context *ev,
|
||||
struct loadparm_context *lp_ctx,
|
||||
struct gensec_settings *settings,
|
||||
struct messaging_context *msg,
|
||||
struct gensec_security **gensec_security)
|
||||
{
|
||||
@ -580,7 +580,7 @@ _PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
status = gensec_start(mem_ctx, ev, lp_ctx, msg, gensec_security);
|
||||
status = gensec_start(mem_ctx, ev, settings, msg, gensec_security);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
@ -1107,9 +1107,8 @@ _PUBLIC_ NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_secu
|
||||
_PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_security)
|
||||
{
|
||||
/* We allow the target hostname to be overriden for testing purposes */
|
||||
const char *target_hostname = lp_parm_string(gensec_security->lp_ctx, NULL, "gensec", "target_hostname");
|
||||
if (target_hostname) {
|
||||
return target_hostname;
|
||||
if (gensec_security->settings->target_hostname) {
|
||||
return gensec_security->settings->target_hostname;
|
||||
}
|
||||
|
||||
if (gensec_security->target.hostname) {
|
||||
@ -1255,6 +1254,16 @@ static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_
|
||||
return (*gs2)->priority - (*gs1)->priority;
|
||||
}
|
||||
|
||||
int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value)
|
||||
{
|
||||
return lp_parm_int(settings->lp_ctx, NULL, mechanism, name, default_value);
|
||||
}
|
||||
|
||||
bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value)
|
||||
{
|
||||
return lp_parm_bool(settings->lp_ctx, NULL, mechanism, name, default_value);
|
||||
}
|
||||
|
||||
/*
|
||||
initialise the GENSEC subsystem
|
||||
*/
|
||||
|
||||
@ -64,6 +64,7 @@ enum gensec_role
|
||||
|
||||
struct auth_session_info;
|
||||
struct cli_credentials;
|
||||
struct gensec_settings;
|
||||
|
||||
struct gensec_update_request {
|
||||
struct gensec_security *gensec_security;
|
||||
@ -77,6 +78,12 @@ struct gensec_update_request {
|
||||
} callback;
|
||||
};
|
||||
|
||||
struct gensec_settings {
|
||||
struct loadparm_context *lp_ctx;
|
||||
struct smb_iconv_convenience *iconv_convenience;
|
||||
const char *target_hostname;
|
||||
};
|
||||
|
||||
struct gensec_security_ops {
|
||||
const char *name;
|
||||
const char *sasl_name;
|
||||
@ -151,7 +158,6 @@ struct gensec_security_ops_wrapper {
|
||||
|
||||
struct gensec_security {
|
||||
const struct gensec_security_ops *ops;
|
||||
struct loadparm_context *lp_ctx;
|
||||
void *private_data;
|
||||
struct cli_credentials *credentials;
|
||||
struct gensec_target target;
|
||||
@ -161,6 +167,7 @@ struct gensec_security {
|
||||
struct event_context *event_ctx;
|
||||
struct messaging_context *msg_ctx; /* only valid as server */
|
||||
struct socket_address *my_addr, *peer_addr;
|
||||
struct gensec_settings *settings;
|
||||
};
|
||||
|
||||
/* this structure is used by backends to determine the size of some critical types */
|
||||
@ -210,7 +217,7 @@ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
|
||||
NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
|
||||
struct gensec_security **gensec_security,
|
||||
struct event_context *ev,
|
||||
struct loadparm_context *lp_ctx);
|
||||
struct gensec_settings *settings);
|
||||
NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security,
|
||||
const char **sasl_names);
|
||||
NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
|
||||
@ -262,7 +269,7 @@ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
|
||||
const char *gensec_get_name_by_authtype(uint8_t authtype);
|
||||
NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
|
||||
struct event_context *ev,
|
||||
struct loadparm_context *lp_ctx,
|
||||
struct gensec_settings *settings,
|
||||
struct messaging_context *msg,
|
||||
struct gensec_security **gensec_security);
|
||||
NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
|
||||
@ -295,5 +302,7 @@ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
|
||||
NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
|
||||
const char *sasl_name);
|
||||
|
||||
int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value);
|
||||
bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value);
|
||||
|
||||
#endif /* __GENSEC_H__ */
|
||||
|
||||
@ -154,7 +154,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
|
||||
|
||||
gensec_gssapi_state->gss_exchange_count = 0;
|
||||
gensec_gssapi_state->max_wrap_buf_size
|
||||
= lp_parm_int(gensec_security->lp_ctx, NULL, "gensec_gssapi", "max wrap buf size", 65536);
|
||||
= gensec_setting_int(gensec_security->settings, "gensec_gssapi", "max wrap buf size", 65536);
|
||||
|
||||
gensec_gssapi_state->sasl = false;
|
||||
gensec_gssapi_state->sasl_state = STAGE_GSS_NEG;
|
||||
@ -170,16 +170,16 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
|
||||
gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
|
||||
|
||||
gensec_gssapi_state->want_flags = 0;
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "mutual", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "mutual", true)) {
|
||||
gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG;
|
||||
}
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "delegation", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation", true)) {
|
||||
gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG;
|
||||
}
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "replay", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "replay", true)) {
|
||||
gensec_gssapi_state->want_flags |= GSS_C_REPLAY_FLAG;
|
||||
}
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "sequence", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "sequence", true)) {
|
||||
gensec_gssapi_state->want_flags |= GSS_C_SEQUENCE_FLAG;
|
||||
}
|
||||
|
||||
@ -214,10 +214,10 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
|
||||
talloc_free(gensec_gssapi_state);
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
if (lp_realm(gensec_security->lp_ctx) && *lp_realm(gensec_security->lp_ctx)) {
|
||||
char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(gensec_security->lp_ctx));
|
||||
if (lp_realm(gensec_security->settings->lp_ctx) && *lp_realm(gensec_security->settings->lp_ctx)) {
|
||||
char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(gensec_security->settings->lp_ctx));
|
||||
if (!upper_realm) {
|
||||
DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(gensec_security->lp_ctx)));
|
||||
DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(gensec_security->settings->lp_ctx)));
|
||||
talloc_free(gensec_gssapi_state);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -231,7 +231,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
|
||||
}
|
||||
|
||||
/* don't do DNS lookups of any kind, it might/will fail for a netbios name */
|
||||
ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(gensec_security->lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
|
||||
ret = gsskrb5_set_dns_canonicalize(gensec_setting_bool(gensec_security->settings, "krb5", "set_dns_canonicalize", false));
|
||||
if (ret) {
|
||||
DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n"));
|
||||
talloc_free(gensec_gssapi_state);
|
||||
@ -240,7 +240,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
|
||||
|
||||
ret = smb_krb5_init_context(gensec_gssapi_state,
|
||||
gensec_security->event_ctx,
|
||||
gensec_security->lp_ctx,
|
||||
gensec_security->settings->lp_ctx,
|
||||
&gensec_gssapi_state->smb_krb5_context);
|
||||
if (ret) {
|
||||
DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n",
|
||||
@ -274,7 +274,7 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi
|
||||
} else {
|
||||
ret = cli_credentials_get_server_gss_creds(machine_account,
|
||||
gensec_security->event_ctx,
|
||||
gensec_security->lp_ctx, &gcc);
|
||||
gensec_security->settings->lp_ctx, &gcc);
|
||||
if (ret) {
|
||||
DEBUG(1, ("Aquiring acceptor credentials failed: %s\n",
|
||||
error_message(ret)));
|
||||
@ -336,7 +336,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
|
||||
gensec_gssapi_state->gss_oid = gss_mech_krb5;
|
||||
|
||||
principal = gensec_get_target_principal(gensec_security);
|
||||
if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) {
|
||||
if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
|
||||
name_type = GSS_C_NULL_OID;
|
||||
} else {
|
||||
principal = talloc_asprintf(gensec_gssapi_state, "%s@%s",
|
||||
@ -362,7 +362,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
|
||||
|
||||
ret = cli_credentials_get_client_gss_creds(creds,
|
||||
gensec_security->event_ctx,
|
||||
gensec_security->lp_ctx, &gcc);
|
||||
gensec_security->settings->lp_ctx, &gcc);
|
||||
switch (ret) {
|
||||
case 0:
|
||||
break;
|
||||
@ -1142,10 +1142,10 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security,
|
||||
return false;
|
||||
}
|
||||
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "force_new_spnego", false)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "force_new_spnego", false)) {
|
||||
return true;
|
||||
}
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "disable_new_spnego", false)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "disable_new_spnego", false)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -1256,7 +1256,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
|
||||
*/
|
||||
if (pac_blob.length) {
|
||||
nt_status = kerberos_pac_blob_to_server_info(mem_ctx,
|
||||
lp_iconv_convenience(gensec_security->lp_ctx),
|
||||
gensec_security->settings->iconv_convenience,
|
||||
pac_blob,
|
||||
gensec_gssapi_state->smb_krb5_context->krb5_context,
|
||||
&server_info);
|
||||
@ -1290,11 +1290,11 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (!lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) {
|
||||
if (!gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) {
|
||||
DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n",
|
||||
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
|
||||
nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx,
|
||||
gensec_security->lp_ctx, principal_string,
|
||||
gensec_security->settings->lp_ctx, principal_string,
|
||||
&server_info);
|
||||
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
@ -1311,7 +1311,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
|
||||
|
||||
/* references the server_info into the session_info */
|
||||
nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx,
|
||||
gensec_security->lp_ctx, server_info, &session_info);
|
||||
gensec_security->settings->lp_ctx, server_info, &session_info);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
talloc_free(mem_ctx);
|
||||
return nt_status;
|
||||
@ -1334,13 +1334,13 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
cli_credentials_set_conf(session_info->credentials, gensec_security->lp_ctx);
|
||||
cli_credentials_set_conf(session_info->credentials, gensec_security->settings->lp_ctx);
|
||||
/* Just so we don't segfault trying to get at a username */
|
||||
cli_credentials_set_anonymous(session_info->credentials);
|
||||
|
||||
ret = cli_credentials_set_client_gss_creds(session_info->credentials,
|
||||
gensec_security->event_ctx,
|
||||
gensec_security->lp_ctx,
|
||||
gensec_security->settings->lp_ctx,
|
||||
gensec_gssapi_state->delegated_cred_handle,
|
||||
CRED_SPECIFIED);
|
||||
if (ret) {
|
||||
|
||||
@ -120,7 +120,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
|
||||
|
||||
if (cli_credentials_get_krb5_context(creds,
|
||||
gensec_security->event_ctx,
|
||||
gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
|
||||
gensec_security->settings->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
|
||||
talloc_free(gensec_krb5_state);
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
@ -252,7 +252,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
|
||||
|
||||
ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security),
|
||||
gensec_security->event_ctx,
|
||||
gensec_security->lp_ctx, &ccache_container);
|
||||
gensec_security->settings->lp_ctx, &ccache_container);
|
||||
switch (ret) {
|
||||
case 0:
|
||||
break;
|
||||
@ -267,7 +267,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
|
||||
}
|
||||
in_data.length = 0;
|
||||
|
||||
if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) {
|
||||
if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
|
||||
krb5_principal target_principal;
|
||||
ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal,
|
||||
&target_principal);
|
||||
@ -452,7 +452,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
|
||||
/* Grab the keytab, however generated */
|
||||
ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security),
|
||||
gensec_security->event_ctx,
|
||||
gensec_security->lp_ctx, &keytab);
|
||||
gensec_security->settings->lp_ctx, &keytab);
|
||||
if (ret) {
|
||||
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
@ -594,7 +594,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
|
||||
KRB5_AUTHDATA_WIN2K_PAC,
|
||||
&pac_data);
|
||||
|
||||
if (ret && lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) {
|
||||
if (ret && gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) {
|
||||
DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access: %s \n",
|
||||
principal_string,
|
||||
smb_get_krb5_error_message(context,
|
||||
@ -607,7 +607,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
|
||||
DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n",
|
||||
smb_get_krb5_error_message(context,
|
||||
ret, mem_ctx)));
|
||||
nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string,
|
||||
nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->settings->lp_ctx, principal_string,
|
||||
&server_info);
|
||||
krb5_free_principal(context, client_principal);
|
||||
free(principal_string);
|
||||
@ -630,7 +630,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
|
||||
|
||||
/* decode and verify the pac */
|
||||
nt_status = kerberos_pac_logon_info(gensec_krb5_state,
|
||||
lp_iconv_convenience(gensec_security->lp_ctx),
|
||||
gensec_security->settings->iconv_convenience,
|
||||
&logon_info, pac,
|
||||
gensec_krb5_state->smb_krb5_context->krb5_context,
|
||||
NULL, gensec_krb5_state->keyblock,
|
||||
@ -655,7 +655,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
|
||||
}
|
||||
|
||||
/* references the server_info into the session_info */
|
||||
nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info);
|
||||
nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->settings->lp_ctx, server_info, &session_info);
|
||||
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
talloc_free(mem_ctx);
|
||||
|
||||
@ -85,7 +85,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
|
||||
#endif
|
||||
|
||||
ndr_err = ndr_push_struct_blob(out, out_mem_ctx,
|
||||
lp_iconv_convenience(gensec_security->lp_ctx), &bind_schannel,
|
||||
gensec_security->settings->iconv_convenience, &bind_schannel,
|
||||
(ndr_push_flags_fn_t)ndr_push_schannel_bind);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
status = ndr_map_error2ntstatus(ndr_err);
|
||||
@ -106,7 +106,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
|
||||
|
||||
/* parse the schannel startup blob */
|
||||
ndr_err = ndr_pull_struct_blob(&in, out_mem_ctx,
|
||||
lp_iconv_convenience(gensec_security->lp_ctx),
|
||||
gensec_security->settings->iconv_convenience,
|
||||
&bind_schannel,
|
||||
(ndr_pull_flags_fn_t)ndr_pull_schannel_bind);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
@ -126,7 +126,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
|
||||
|
||||
/* pull the session key for this client */
|
||||
status = schannel_fetch_session_key(out_mem_ctx, gensec_security->event_ctx,
|
||||
gensec_security->lp_ctx, workstation,
|
||||
gensec_security->settings->lp_ctx, workstation,
|
||||
domain, &creds);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
|
||||
@ -144,7 +144,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
|
||||
bind_schannel_ack.unknown3 = 0x6c0000;
|
||||
|
||||
ndr_err = ndr_push_struct_blob(out, out_mem_ctx,
|
||||
lp_iconv_convenience(gensec_security->lp_ctx), &bind_schannel_ack,
|
||||
gensec_security->settings->iconv_convenience, &bind_schannel_ack,
|
||||
(ndr_push_flags_fn_t)ndr_push_schannel_bind_ack);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
status = ndr_map_error2ntstatus(ndr_err);
|
||||
@ -190,7 +190,7 @@ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security,
|
||||
struct auth_session_info **_session_info)
|
||||
{
|
||||
struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
|
||||
return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->lp_ctx, _session_info);
|
||||
return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->settings->lp_ctx, _session_info);
|
||||
}
|
||||
|
||||
static NTSTATUS schannel_start(struct gensec_security *gensec_security)
|
||||
|
||||
@ -146,6 +146,7 @@ static NTSTATUS server_check_password(struct auth_method_context *ctx,
|
||||
|
||||
session_setup.in.credentials = creds;
|
||||
session_setup.in.workgroup = ""; /* Only used with SPNEGO, which we are not doing */
|
||||
session_setup.in.gensec_settings = lp_gensec_settings(session, ctx->auth_ctx->lp_ctx);
|
||||
|
||||
/* Check password with remove server - this should be async some day */
|
||||
nt_status = smb_composite_sesssetup(session, &session_setup);
|
||||
|
||||
@ -192,7 +192,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
|
||||
if (gensec_ntlmssp_state->use_nt_response) {
|
||||
flags |= CLI_CRED_NTLM_AUTH;
|
||||
}
|
||||
if (lp_client_lanman_auth(gensec_security->lp_ctx)) {
|
||||
if (lp_client_lanman_auth(gensec_security->settings->lp_ctx)) {
|
||||
flags |= CLI_CRED_LANMAN_AUTH;
|
||||
}
|
||||
|
||||
@ -217,7 +217,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
|
||||
}
|
||||
|
||||
if ((gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
|
||||
&& lp_client_lanman_auth(gensec_security->lp_ctx) && lm_session_key.length == 16) {
|
||||
&& lp_client_lanman_auth(gensec_security->settings->lp_ctx) && lm_session_key.length == 16) {
|
||||
DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
|
||||
if (lm_response.length == 24) {
|
||||
SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data,
|
||||
@ -308,17 +308,17 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
|
||||
|
||||
gensec_ntlmssp_state->role = NTLMSSP_CLIENT;
|
||||
|
||||
gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->lp_ctx);
|
||||
gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->settings->lp_ctx);
|
||||
|
||||
gensec_ntlmssp_state->unicode = lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "unicode", true);
|
||||
gensec_ntlmssp_state->unicode = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "unicode", true);
|
||||
|
||||
gensec_ntlmssp_state->use_nt_response = lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "send_nt_reponse", true);
|
||||
gensec_ntlmssp_state->use_nt_response = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "send_nt_reponse", true);
|
||||
|
||||
gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(gensec_security->lp_ctx)
|
||||
&& (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "allow_lm_key", false)
|
||||
|| lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "lm_key", false)));
|
||||
gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(gensec_security->settings->lp_ctx)
|
||||
&& (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "allow_lm_key", false)
|
||||
|| gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false)));
|
||||
|
||||
gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(gensec_security->lp_ctx);
|
||||
gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(gensec_security->settings->lp_ctx);
|
||||
|
||||
gensec_ntlmssp_state->expected_state = NTLMSSP_INITIAL;
|
||||
|
||||
@ -326,27 +326,27 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
|
||||
NTLMSSP_NEGOTIATE_NTLM |
|
||||
NTLMSSP_REQUEST_TARGET;
|
||||
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "128bit", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "128bit", true)) {
|
||||
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
|
||||
}
|
||||
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "56bit", false)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "56bit", false)) {
|
||||
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
|
||||
}
|
||||
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "lm_key", false)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false)) {
|
||||
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
|
||||
}
|
||||
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "keyexchange", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "keyexchange", true)) {
|
||||
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
|
||||
}
|
||||
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "alwayssign", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "alwayssign", true)) {
|
||||
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
|
||||
}
|
||||
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "ntlm2", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "ntlm2", true)) {
|
||||
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
|
||||
} else {
|
||||
/* apparently we can't do ntlmv2 if we don't do ntlm2 */
|
||||
|
||||
@ -186,7 +186,7 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
|
||||
|
||||
/* Find out the DNS domain name */
|
||||
dnsdomname[0] = '\0';
|
||||
safe_strcpy(dnsdomname, lp_realm(gensec_security->lp_ctx), sizeof(dnsdomname) - 1);
|
||||
safe_strcpy(dnsdomname, lp_realm(gensec_security->settings->lp_ctx), sizeof(dnsdomname) - 1);
|
||||
strlower_m(dnsdomname);
|
||||
|
||||
/* Find out the DNS host name */
|
||||
@ -722,7 +722,7 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
|
||||
NTSTATUS nt_status;
|
||||
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
|
||||
|
||||
nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->lp_ctx, gensec_ntlmssp_state->server_info, session_info);
|
||||
nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->settings->lp_ctx, gensec_ntlmssp_state->server_info, session_info);
|
||||
NT_STATUS_NOT_OK_RETURN(nt_status);
|
||||
|
||||
(*session_info)->session_key = data_blob_talloc(*session_info,
|
||||
@ -749,14 +749,14 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
|
||||
gensec_ntlmssp_state->role = NTLMSSP_SERVER;
|
||||
|
||||
gensec_ntlmssp_state->workstation = NULL;
|
||||
gensec_ntlmssp_state->server_name = lp_netbios_name(gensec_security->lp_ctx);
|
||||
gensec_ntlmssp_state->server_name = lp_netbios_name(gensec_security->settings->lp_ctx);
|
||||
|
||||
gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->lp_ctx);
|
||||
gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->settings->lp_ctx);
|
||||
|
||||
gensec_ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
|
||||
|
||||
gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(gensec_security->lp_ctx)
|
||||
&& lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "allow_lm_key", false));
|
||||
gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(gensec_security->settings->lp_ctx)
|
||||
&& gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "allow_lm_key", false));
|
||||
|
||||
gensec_ntlmssp_state->server_multiple_authentications = false;
|
||||
|
||||
@ -767,23 +767,23 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
|
||||
gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0);
|
||||
gensec_ntlmssp_state->encrypted_session_key = data_blob(NULL, 0);
|
||||
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "128bit", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "128bit", true)) {
|
||||
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
|
||||
}
|
||||
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "56bit", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "56bit", true)) {
|
||||
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
|
||||
}
|
||||
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "keyexchange", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "keyexchange", true)) {
|
||||
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
|
||||
}
|
||||
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "alwayssign", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "alwayssign", true)) {
|
||||
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
|
||||
}
|
||||
|
||||
if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "ntlm2", true)) {
|
||||
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "ntlm2", true)) {
|
||||
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
|
||||
}
|
||||
|
||||
@ -797,7 +797,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
|
||||
nt_status = auth_context_create(gensec_ntlmssp_state,
|
||||
gensec_security->event_ctx,
|
||||
gensec_security->msg_ctx,
|
||||
gensec_security->lp_ctx,
|
||||
gensec_security->settings->lp_ctx,
|
||||
&gensec_ntlmssp_state->auth_context);
|
||||
NT_STATUS_NOT_OK_RETURN(nt_status);
|
||||
|
||||
@ -805,7 +805,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
|
||||
gensec_ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
|
||||
gensec_ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
|
||||
gensec_ntlmssp_state->check_password = auth_ntlmssp_check_password;
|
||||
gensec_ntlmssp_state->server_role = lp_server_role(gensec_security->lp_ctx);
|
||||
gensec_ntlmssp_state->server_role = lp_server_role(gensec_security->settings->lp_ctx);
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
@ -447,7 +447,8 @@ NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
sam_ctx = samdb_connect(tmp_ctx, event_ctx, lp_ctx, system_session(tmp_ctx, lp_ctx));
|
||||
sam_ctx = samdb_connect(tmp_ctx, event_ctx, lp_ctx,
|
||||
system_session(tmp_ctx, lp_ctx));
|
||||
if (sam_ctx == NULL) {
|
||||
talloc_free(tmp_ctx);
|
||||
return NT_STATUS_INVALID_SYSTEM_SERVICE;
|
||||
@ -459,7 +460,8 @@ NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx,
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
nt_status = authsam_make_server_info(tmp_ctx, sam_ctx, lp_netbios_name(lp_ctx),
|
||||
nt_status = authsam_make_server_info(tmp_ctx, sam_ctx,
|
||||
lp_netbios_name(lp_ctx),
|
||||
msgs[0], msgs_domain_ref[0],
|
||||
user_sess_key, lm_sess_key,
|
||||
server_info);
|
||||
|
||||
@ -483,7 +483,9 @@ bool kpasswdd_process(struct kdc_server *kdc,
|
||||
ap_req = data_blob_const(&input->data[header_len], ap_req_len);
|
||||
krb_priv_req = data_blob_const(&input->data[header_len + ap_req_len], krb_priv_len);
|
||||
|
||||
nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, kdc->task->msg_ctx, &gensec_security);
|
||||
nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx,
|
||||
lp_gensec_settings(tmp_ctx, kdc->task->lp_ctx), kdc->task->msg_ctx,
|
||||
&gensec_security);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
talloc_free(tmp_ctx);
|
||||
return false;
|
||||
|
||||
@ -142,7 +142,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
|
||||
|
||||
status = gensec_server_start(conn,
|
||||
conn->connection->event.ctx,
|
||||
conn->lp_ctx,
|
||||
lp_gensec_settings(conn, conn->lp_ctx),
|
||||
conn->connection->msg_ctx,
|
||||
&conn->gensec);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
|
||||
@ -73,7 +73,8 @@ NTSTATUS smbcli_negprot(struct smbcli_state *cli, bool unicode, int maxprotocol)
|
||||
NTSTATUS smbcli_session_setup(struct smbcli_state *cli,
|
||||
struct cli_credentials *credentials,
|
||||
const char *workgroup,
|
||||
struct smbcli_session_options options)
|
||||
struct smbcli_session_options options,
|
||||
struct gensec_settings *gensec_settings)
|
||||
{
|
||||
struct smb_composite_sesssetup setup;
|
||||
NTSTATUS status;
|
||||
@ -86,6 +87,7 @@ NTSTATUS smbcli_session_setup(struct smbcli_state *cli,
|
||||
setup.in.capabilities = cli->transport->negotiate.capabilities;
|
||||
setup.in.credentials = credentials;
|
||||
setup.in.workgroup = workgroup;
|
||||
setup.in.gensec_settings = gensec_settings;
|
||||
|
||||
status = smb_composite_sesssetup(cli->session, &setup);
|
||||
|
||||
@ -146,6 +148,7 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx,
|
||||
const char **ports,
|
||||
const char *sharename,
|
||||
const char *devtype,
|
||||
const char *socket_options,
|
||||
struct cli_credentials *credentials,
|
||||
struct resolve_context *resolve_ctx,
|
||||
struct event_context *ev,
|
||||
@ -161,6 +164,7 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx,
|
||||
status = smbcli_tree_full_connection(parent_ctx,
|
||||
&tree, host, ports,
|
||||
sharename, devtype,
|
||||
socket_options,
|
||||
credentials, resolve_ctx, ev,
|
||||
options,
|
||||
session_options,
|
||||
|
||||
@ -224,7 +224,8 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
|
||||
gensec_init(lp_ctx);
|
||||
|
||||
status = gensec_client_start(conn, &conn->gensec,
|
||||
conn->event.event_ctx, lp_ctx);
|
||||
conn->event.event_ctx,
|
||||
lp_gensec_settings(conn, lp_ctx));
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status)));
|
||||
goto failed;
|
||||
|
||||
@ -64,6 +64,7 @@ enum brl_type {
|
||||
|
||||
|
||||
#include "libcli/raw/libcliraw.h"
|
||||
struct gensec_settings;
|
||||
#include "libcli/libcli_proto.h"
|
||||
|
||||
#endif /* __LIBCLI_H__ */
|
||||
|
||||
@ -140,7 +140,7 @@ static void continue_negprot(struct smb2_request *req)
|
||||
break;
|
||||
}
|
||||
|
||||
state->session = smb2_session_init(transport, global_loadparm, state, true);
|
||||
state->session = smb2_session_init(transport, lp_gensec_settings(transport, global_loadparm), state, true);
|
||||
if (composite_nomem(state->session, c)) return;
|
||||
|
||||
creq = smb2_session_setup_spnego_send(state->session, state->credentials);
|
||||
@ -239,6 +239,7 @@ struct composite_context *smb2_connect_send(TALLOC_CTX *mem_ctx,
|
||||
const char *socket_options)
|
||||
{
|
||||
struct composite_context *c;
|
||||
const char *default_ports[] = { "445", NULL };
|
||||
struct smb2_connect_state *state;
|
||||
struct nbt_name name;
|
||||
struct composite_context *creq;
|
||||
|
||||
@ -25,13 +25,12 @@
|
||||
#include "libcli/smb2/smb2_calls.h"
|
||||
#include "libcli/composite/composite.h"
|
||||
#include "auth/gensec/gensec.h"
|
||||
#include "param/param.h"
|
||||
|
||||
/**
|
||||
initialise a smb2_session structure
|
||||
*/
|
||||
struct smb2_session *smb2_session_init(struct smb2_transport *transport,
|
||||
struct loadparm_context *lp_ctx,
|
||||
struct gensec_settings *settings,
|
||||
TALLOC_CTX *parent_ctx, bool primary)
|
||||
{
|
||||
struct smb2_session *session;
|
||||
@ -50,7 +49,7 @@ struct smb2_session *smb2_session_init(struct smb2_transport *transport,
|
||||
/* prepare a gensec context for later use */
|
||||
status = gensec_client_start(session, &session->gensec,
|
||||
session->transport->socket->event.ctx,
|
||||
lp_ctx);
|
||||
settings);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
talloc_free(session);
|
||||
return NULL;
|
||||
|
||||
@ -107,4 +107,5 @@ struct smb2_setinfo {
|
||||
struct cli_credentials;
|
||||
struct event_context;
|
||||
struct resolve_context;
|
||||
struct gensec_settings;
|
||||
#include "libcli/smb2/smb2_proto.h"
|
||||
|
||||
@ -257,6 +257,7 @@ static NTSTATUS connect_negprot(struct composite_context *c,
|
||||
state->io_setup->in.capabilities = state->transport->negotiate.capabilities;
|
||||
state->io_setup->in.credentials = io->in.credentials;
|
||||
state->io_setup->in.workgroup = io->in.workgroup;
|
||||
state->io_setup->in.gensec_settings = lp_gensec_settings(state->io_setup, global_loadparm);
|
||||
|
||||
state->creq = smb_composite_sesssetup_send(state->session, state->io_setup);
|
||||
NT_STATUS_HAVE_NO_MEMORY(state->creq);
|
||||
|
||||
@ -408,7 +408,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
|
||||
smbcli_temp_set_signing(session->transport);
|
||||
|
||||
status = gensec_client_start(session, &session->gensec, c->event_ctx,
|
||||
global_loadparm);
|
||||
io->in.gensec_settings);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
|
||||
return status;
|
||||
|
||||
@ -122,6 +122,7 @@ struct smb_composite_sesssetup {
|
||||
uint32_t capabilities;
|
||||
struct cli_credentials *credentials;
|
||||
const char *workgroup;
|
||||
struct gensec_settings *gensec_settings;
|
||||
} in;
|
||||
struct {
|
||||
uint16_t vuid;
|
||||
|
||||
@ -40,6 +40,7 @@ enum dcerpc_transport_t {
|
||||
this defines a generic security context for signed/sealed dcerpc pipes.
|
||||
*/
|
||||
struct dcerpc_connection;
|
||||
struct gensec_settings;
|
||||
struct dcerpc_security {
|
||||
struct dcerpc_auth *auth_info;
|
||||
struct gensec_security *generic_state;
|
||||
@ -322,7 +323,7 @@ NTSTATUS dcerpc_alter_context(struct dcerpc_pipe *p,
|
||||
NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
|
||||
const struct ndr_interface_table *table,
|
||||
struct cli_credentials *credentials,
|
||||
struct loadparm_context *lp_ctx,
|
||||
struct gensec_settings *gensec_settings,
|
||||
uint8_t auth_type, uint8_t auth_level,
|
||||
const char *service);
|
||||
struct composite_context* dcerpc_pipe_connect_send(TALLOC_CTX *parent_ctx,
|
||||
|
||||
@ -222,7 +222,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
|
||||
struct dcerpc_pipe *p,
|
||||
const struct ndr_interface_table *table,
|
||||
struct cli_credentials *credentials,
|
||||
struct loadparm_context *lp_ctx,
|
||||
struct gensec_settings *gensec_settings,
|
||||
uint8_t auth_type, uint8_t auth_level,
|
||||
const char *service)
|
||||
{
|
||||
@ -251,7 +251,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
|
||||
|
||||
c->status = gensec_client_start(p, &sec->generic_state,
|
||||
p->conn->event_ctx,
|
||||
lp_ctx);
|
||||
gensec_settings);
|
||||
if (!NT_STATUS_IS_OK(c->status)) {
|
||||
DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
|
||||
nt_errstr(c->status)));
|
||||
@ -387,12 +387,12 @@ NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
|
||||
_PUBLIC_ NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
|
||||
const struct ndr_interface_table *table,
|
||||
struct cli_credentials *credentials,
|
||||
struct loadparm_context *lp_ctx,
|
||||
struct gensec_settings *gensec_settings,
|
||||
uint8_t auth_type, uint8_t auth_level,
|
||||
const char *service)
|
||||
{
|
||||
struct composite_context *creq;
|
||||
creq = dcerpc_bind_auth_send(p, p, table, credentials, lp_ctx,
|
||||
creq = dcerpc_bind_auth_send(p, p, table, credentials, gensec_settings,
|
||||
auth_type, auth_level, service);
|
||||
return dcerpc_bind_auth_recv(creq);
|
||||
}
|
||||
|
||||
@ -29,6 +29,7 @@
|
||||
#include "librpc/gen_ndr/ndr_netlogon_c.h"
|
||||
#include "auth/credentials/credentials.h"
|
||||
#include "librpc/rpc/dcerpc_proto.h"
|
||||
#include "param/param.h"
|
||||
|
||||
struct schannel_key_state {
|
||||
struct dcerpc_pipe *pipe;
|
||||
@ -319,7 +320,7 @@ static void continue_schannel_key(struct composite_context *ctx)
|
||||
|
||||
/* send bind auth request with received creds */
|
||||
auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, s->credentials,
|
||||
s->lp_ctx,
|
||||
lp_gensec_settings(c, s->lp_ctx),
|
||||
DCERPC_AUTH_TYPE_SCHANNEL, s->auth_level,
|
||||
NULL);
|
||||
if (composite_nomem(auth_req, c)) return;
|
||||
|
||||
@ -421,7 +421,8 @@ static void continue_ntlmssp_connection(struct composite_context *ctx)
|
||||
|
||||
/* initiate a authenticated bind */
|
||||
auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
|
||||
s->credentials, s->lp_ctx,
|
||||
s->credentials,
|
||||
lp_gensec_settings(c, s->lp_ctx),
|
||||
DCERPC_AUTH_TYPE_NTLMSSP,
|
||||
dcerpc_auth_level(s->pipe->conn),
|
||||
s->table->authservices->names[0]);
|
||||
@ -453,7 +454,9 @@ static void continue_spnego_after_wrong_pass(struct composite_context *ctx)
|
||||
|
||||
/* initiate a authenticated bind */
|
||||
auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
|
||||
s->credentials, s->lp_ctx, DCERPC_AUTH_TYPE_SPNEGO,
|
||||
s->credentials,
|
||||
lp_gensec_settings(c, s->lp_ctx),
|
||||
DCERPC_AUTH_TYPE_SPNEGO,
|
||||
dcerpc_auth_level(s->pipe->conn),
|
||||
s->table->authservices->names[0]);
|
||||
composite_continue(c, auth_req, continue_auth, c);
|
||||
@ -572,7 +575,9 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
|
||||
} else {
|
||||
/* try SPNEGO with fallback to NTLMSSP */
|
||||
auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
|
||||
s->credentials, s->lp_ctx, DCERPC_AUTH_TYPE_SPNEGO,
|
||||
s->credentials,
|
||||
lp_gensec_settings(c, s->lp_ctx),
|
||||
DCERPC_AUTH_TYPE_SPNEGO,
|
||||
dcerpc_auth_level(conn),
|
||||
s->table->authservices->names[0]);
|
||||
composite_continue(c, auth_req, continue_auth_auto, c);
|
||||
@ -580,7 +585,9 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
|
||||
}
|
||||
|
||||
auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
|
||||
s->credentials, s->lp_ctx, auth_type,
|
||||
s->credentials,
|
||||
lp_gensec_settings(c, s->lp_ctx),
|
||||
auth_type,
|
||||
dcerpc_auth_level(conn),
|
||||
s->table->authservices->names[0]);
|
||||
composite_continue(c, auth_req, continue_auth, c);
|
||||
|
||||
@ -66,6 +66,7 @@
|
||||
#include "libcli/raw/libcliraw.h"
|
||||
#include "rpc_server/common/common.h"
|
||||
#include "lib/socket/socket.h"
|
||||
#include "auth/gensec/gensec.h"
|
||||
|
||||
#define standard_sub_basic talloc_strdup
|
||||
|
||||
@ -2674,3 +2675,14 @@ _PUBLIC_ struct dcerpc_server_info *lp_dcerpc_server_info(TALLOC_CTX *mem_ctx, s
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
struct gensec_settings *lp_gensec_settings(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
|
||||
{
|
||||
struct gensec_settings *settings = talloc(mem_ctx, struct gensec_settings);
|
||||
if (settings == NULL)
|
||||
return NULL;
|
||||
settings->lp_ctx = talloc_reference(settings, lp_ctx);
|
||||
settings->iconv_convenience = lp_iconv_convenience(lp_ctx);
|
||||
settings->target_hostname = lp_parm_string(lp_ctx, NULL, "gensec", "target_hostname");
|
||||
return settings;
|
||||
}
|
||||
|
||||
@ -67,6 +67,7 @@ struct loadparm_context;
|
||||
struct loadparm_service;
|
||||
struct smbcli_options;
|
||||
struct smbcli_session_options;
|
||||
struct gensec_settings;
|
||||
|
||||
void reload_charcnv(struct loadparm_context *lp_ctx);
|
||||
|
||||
@ -166,7 +167,6 @@ int lp_cli_minprotocol(struct loadparm_context *);
|
||||
int lp_security(struct loadparm_context *);
|
||||
bool lp_paranoid_server_security(struct loadparm_context *);
|
||||
int lp_announce_as(struct loadparm_context *);
|
||||
const char **lp_js_include(struct loadparm_context *);
|
||||
|
||||
const char *lp_servicename(const struct loadparm_service *service);
|
||||
const char *lp_pathname(struct loadparm_service *, struct loadparm_service *);
|
||||
@ -329,6 +329,7 @@ void lp_smbcli_options(struct loadparm_context *lp_ctx,
|
||||
void lp_smbcli_session_options(struct loadparm_context *lp_ctx,
|
||||
struct smbcli_session_options *options);
|
||||
struct dcerpc_server_info *lp_dcerpc_server_info(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
|
||||
struct gensec_settings *lp_gensec_settings(TALLOC_CTX *, struct loadparm_context *);
|
||||
|
||||
|
||||
/* The following definitions come from param/generic.c */
|
||||
|
||||
@ -61,7 +61,9 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
|
||||
return false;
|
||||
}
|
||||
|
||||
status = gensec_server_start(dce_conn, call->event_ctx, call->conn->dce_ctx->lp_ctx, call->msg_ctx, &auth->gensec_security);
|
||||
status = gensec_server_start(dce_conn, call->event_ctx,
|
||||
lp_gensec_settings(dce_conn, call->conn->dce_ctx->lp_ctx),
|
||||
call->msg_ctx, &auth->gensec_security);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to start GENSEC for DCERPC server: %s\n", nt_errstr(status)));
|
||||
return false;
|
||||
|
||||
@ -353,7 +353,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
|
||||
|
||||
nt_status = gensec_server_start(req->smb_conn,
|
||||
req->smb_conn->connection->event.ctx,
|
||||
req->smb_conn->lp_ctx,
|
||||
lp_gensec_settings(req->smb_conn, req->smb_conn->lp_ctx),
|
||||
req->smb_conn->connection->msg_ctx,
|
||||
&gensec_security);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
|
||||
@ -365,7 +365,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
|
||||
|
||||
status = gensec_server_start(req,
|
||||
req->smb_conn->connection->event.ctx,
|
||||
req->smb_conn->lp_ctx,
|
||||
lp_gensec_settings(req, req->smb_conn->lp_ctx),
|
||||
req->smb_conn->connection->msg_ctx,
|
||||
&gensec_ctx);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
|
||||
@ -42,7 +42,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
|
||||
|
||||
nt_status = gensec_server_start(req,
|
||||
req->smb_conn->connection->event.ctx,
|
||||
req->smb_conn->lp_ctx,
|
||||
lp_gensec_settings(req, req->smb_conn->lp_ctx),
|
||||
req->smb_conn->connection->msg_ctx,
|
||||
&gensec_security);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
|
||||
@ -126,7 +126,7 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses
|
||||
|
||||
status = gensec_server_start(req,
|
||||
req->smb_conn->connection->event.ctx,
|
||||
req->smb_conn->lp_ctx,
|
||||
lp_gensec_settings(req, req->smb_conn->lp_ctx),
|
||||
req->smb_conn->connection->msg_ctx,
|
||||
&gensec_ctx);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
|
||||
@ -23,6 +23,7 @@
|
||||
#include "auth/ntlmssp/ntlmssp.h"
|
||||
#include "lib/cmdline/popt_common.h"
|
||||
#include "torture/torture.h"
|
||||
#include "param/param.h"
|
||||
|
||||
static bool torture_ntlmssp_self_check(struct torture_context *tctx)
|
||||
{
|
||||
@ -34,7 +35,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
|
||||
|
||||
torture_assert_ntstatus_ok(tctx,
|
||||
gensec_client_start(mem_ctx, &gensec_security,
|
||||
tctx->ev, tctx->lp_ctx),
|
||||
tctx->ev, lp_gensec_settings(tctx, tctx->lp_ctx)),
|
||||
"gensec client start");
|
||||
|
||||
gensec_set_credentials(gensec_security, cmdline_credentials);
|
||||
@ -89,7 +90,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
|
||||
|
||||
torture_assert_ntstatus_ok(tctx,
|
||||
gensec_client_start(mem_ctx, &gensec_security,
|
||||
tctx->ev, tctx->lp_ctx),
|
||||
tctx->ev, lp_gensec_settings(tctx, tctx->lp_ctx)),
|
||||
"Failed to start GENSEC for NTLMSSP");
|
||||
|
||||
gensec_set_credentials(gensec_security, cmdline_credentials);
|
||||
|
||||
@ -44,8 +44,9 @@ static bool try_failed_login(struct torture_context *tctx, struct smbcli_state *
|
||||
setup.in.sesskey = cli->transport->negotiate.sesskey;
|
||||
setup.in.capabilities = cli->transport->negotiate.capabilities;
|
||||
setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
|
||||
|
||||
setup.in.credentials = cli_credentials_init(session);
|
||||
setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
|
||||
|
||||
cli_credentials_set_conf(setup.in.credentials, tctx->lp_ctx);
|
||||
cli_credentials_set_domain(setup.in.credentials, "INVALID-DOMAIN", CRED_SPECIFIED);
|
||||
cli_credentials_set_username(setup.in.credentials, "INVALID-USERNAME", CRED_SPECIFIED);
|
||||
|
||||
@ -74,6 +74,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
|
||||
struct smbcli_tree *tree;
|
||||
struct smb_composite_sesssetup setup;
|
||||
struct smb_composite_sesssetup setups[15];
|
||||
struct gensec_settings *gensec_settings;
|
||||
union smb_open io;
|
||||
union smb_write wr;
|
||||
union smb_close cl;
|
||||
@ -92,6 +93,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
|
||||
printf("create a second security context on the same transport\n");
|
||||
|
||||
lp_smbcli_session_options(tctx->lp_ctx, &options);
|
||||
gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
|
||||
|
||||
session = smbcli_session_init(cli->transport, tctx, false, options);
|
||||
|
||||
@ -100,6 +102,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
|
||||
setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
|
||||
|
||||
setup.in.credentials = cmdline_credentials;
|
||||
setup.in.gensec_settings = gensec_settings;
|
||||
|
||||
status = smb_composite_sesssetup(session, &setup);
|
||||
CHECK_STATUS(status, NT_STATUS_OK);
|
||||
@ -142,7 +145,6 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
|
||||
setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
|
||||
|
||||
setup.in.credentials = cmdline_credentials;
|
||||
|
||||
|
||||
status = smb_composite_sesssetup(session3, &setup);
|
||||
CHECK_STATUS(status, NT_STATUS_LOGON_FAILURE);
|
||||
@ -233,6 +235,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
|
||||
setups[i].in.workgroup = lp_workgroup(tctx->lp_ctx);
|
||||
|
||||
setups[i].in.credentials = cmdline_credentials;
|
||||
setups[i].in.gensec_settings = gensec_settings;
|
||||
|
||||
sessions[i] = smbcli_session_init(cli->transport, tctx, false, options);
|
||||
composite_contexts[i] = smb_composite_sesssetup_send(sessions[i], &setups[i]);
|
||||
@ -402,6 +405,7 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context *
|
||||
setup.in.capabilities = cli->transport->negotiate.capabilities;
|
||||
setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
|
||||
setup.in.credentials = cmdline_credentials;
|
||||
setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
|
||||
status = smb_composite_sesssetup(session1, &setup);
|
||||
CHECK_STATUS(status, NT_STATUS_OK);
|
||||
session1->vuid = setup.out.vuid;
|
||||
@ -458,6 +462,7 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context *
|
||||
setup.in.capabilities = cli->transport->negotiate.capabilities;
|
||||
setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
|
||||
setup.in.credentials = cmdline_credentials;
|
||||
setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
|
||||
status = smb_composite_sesssetup(session2, &setup);
|
||||
CHECK_STATUS(status, NT_STATUS_OK);
|
||||
session2->vuid = setup.out.vuid;
|
||||
@ -657,8 +662,8 @@ static bool test_pid_2sess(struct smbcli_state *cli, struct torture_context *tct
|
||||
setup.in.sesskey = cli->transport->negotiate.sesskey;
|
||||
setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
|
||||
setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
|
||||
|
||||
setup.in.credentials = cmdline_credentials;
|
||||
setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
|
||||
|
||||
status = smb_composite_sesssetup(session, &setup);
|
||||
CHECK_STATUS(status, NT_STATUS_OK);
|
||||
|
||||
@ -598,6 +598,7 @@ static bool test_async(struct torture_context *tctx,
|
||||
setup.in.capabilities = cli->transport->negotiate.capabilities;
|
||||
setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
|
||||
setup.in.credentials = cmdline_credentials;
|
||||
setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
|
||||
status = smb_composite_sesssetup(session, &setup);
|
||||
CHECK_STATUS(status, NT_STATUS_OK);
|
||||
session->vuid = setup.out.vuid;
|
||||
|
||||
@ -92,7 +92,8 @@ static bool test_PACVerify(struct torture_context *tctx,
|
||||
|
||||
torture_assert(tctx, msg_server_ctx != NULL, "Failed to init messaging context");
|
||||
|
||||
status = gensec_client_start(tctx, &gensec_client_context, tctx->ev, tctx->lp_ctx);
|
||||
status = gensec_client_start(tctx, &gensec_client_context, tctx->ev,
|
||||
lp_gensec_settings(tctx, tctx->lp_ctx));
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
|
||||
|
||||
status = gensec_set_target_hostname(gensec_client_context, TEST_MACHINE_NAME);
|
||||
@ -103,7 +104,9 @@ static bool test_PACVerify(struct torture_context *tctx,
|
||||
status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
|
||||
|
||||
status = gensec_server_start(tctx, tctx->ev, tctx->lp_ctx, msg_server_ctx, &gensec_server_context);
|
||||
status = gensec_server_start(tctx, tctx->ev,
|
||||
lp_gensec_settings(tctx, tctx->lp_ctx),
|
||||
msg_server_ctx, &gensec_server_context);
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
|
||||
|
||||
status = gensec_set_credentials(gensec_server_context, credentials);
|
||||
|
||||
@ -160,6 +160,7 @@ bool torture_bind_authcontext(struct torture_context *torture)
|
||||
setup.in.capabilities = cli->transport->negotiate.capabilities;
|
||||
setup.in.workgroup = "";
|
||||
setup.in.credentials = anon_creds;
|
||||
setup.in.gensec_settings = lp_gensec_settings(torture, torture->lp_ctx);
|
||||
|
||||
status = smb_composite_sesssetup(session2, &setup);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
@ -233,7 +234,7 @@ static bool bindtest(struct smbcli_state *cli,
|
||||
}
|
||||
|
||||
status = dcerpc_bind_auth(lsa_pipe, &ndr_table_lsarpc,
|
||||
credentials, lp_ctx, auth_type, auth_level,
|
||||
credentials, lp_gensec_settings(lp_ctx, lp_ctx), auth_type, auth_level,
|
||||
NULL);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
d_printf("dcerpc_bind_auth failed: %s\n", nt_errstr(status));
|
||||
@ -384,7 +385,7 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli,
|
||||
|
||||
if (admin_creds != NULL) {
|
||||
status = dcerpc_bind_auth(samr_pipe, &ndr_table_samr,
|
||||
admin_creds, lp_ctx, auth_type, auth_level,
|
||||
admin_creds, lp_gensec_settings(lp_ctx, lp_ctx), auth_type, auth_level,
|
||||
NULL);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
d_printf("dcerpc_bind_auth failed: %s\n",
|
||||
@ -1013,7 +1014,7 @@ static bool schan(struct smbcli_state *cli,
|
||||
#if 1
|
||||
net_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
|
||||
status = dcerpc_bind_auth(net_pipe, &ndr_table_netlogon,
|
||||
wks_creds, lp_ctx, DCERPC_AUTH_TYPE_SCHANNEL,
|
||||
wks_creds, lp_gensec_settings(lp_ctx, lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL,
|
||||
DCERPC_AUTH_LEVEL_PRIVACY,
|
||||
NULL);
|
||||
#else
|
||||
@ -1812,6 +1813,7 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture)
|
||||
setup.in.capabilities = cli->transport->negotiate.capabilities;
|
||||
setup.in.workgroup = "";
|
||||
setup.in.credentials = user_creds;
|
||||
setup.in.gensec_settings = lp_gensec_settings(torture, torture->lp_ctx);
|
||||
|
||||
status = smb_composite_sesssetup(session2, &setup);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
|
||||
@ -473,7 +473,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
|
||||
case NTLMSSP_CLIENT_1:
|
||||
/* setup the client side */
|
||||
|
||||
nt_status = gensec_client_start(NULL, &state->gensec_state, ev, lp_ctx);
|
||||
nt_status = gensec_client_start(NULL, &state->gensec_state, ev,
|
||||
lp_gensec_settings(NULL, lp_ctx));
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
exit(1);
|
||||
}
|
||||
@ -486,7 +487,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
|
||||
if (!msg) {
|
||||
exit(1);
|
||||
}
|
||||
if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, lp_ctx, msg, &state->gensec_state))) {
|
||||
if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, lp_gensec_settings(state, lp_ctx),
|
||||
msg, &state->gensec_state))) {
|
||||
exit(1);
|
||||
}
|
||||
break;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user