1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/auth
Stefan Metzmacher e9eb0f3cc5 auth/spnego: split gensec_spnego_create_negTokenInit() into subfunctions
This adds and uses the gensec_spnego_neg_loop() abstraction, which
abstracts start, step and finish hooks.

The start hook does the initial processing on the incoming paket and
may start the first possible subcontext. It indicates that
gensec_update() is required on the subcontext by returning
NT_STATUS_MORE_PROCESSING_REQUIRED and return something useful in
'in_next'. Note that 'in_mem_ctx' is just passed as a hint, the
caller should treat 'in_next' as const and don't attempt to free the
content.  NT_STATUS_OK indicates the finish hook should be invoked
directly withing the need of gensec_update() on the subcontext.
Every other error indicates an error that's returned to the caller.

The step hook processes the result of a failed gensec_update() and
can decide to ignore a failure or continue the negotiation by
setting up the next possible subcontext. It indicates that
gensec_update() is required on the subcontext by returning
NT_STATUS_MORE_PROCESSING_REQUIRED and return something useful in
'in_next'. Note that 'in_mem_ctx' is just passed as a hint, the
caller should treat 'in_next' as const and don't attempt to free the
content.  NT_STATUS_OK indicates the finish hook should be invoced
directly withing the need of gensec_update() on the subcontext.
Every other error indicated an error that's returned to the caller.

The finish hook processes the result of a successful gensec_update()
(NT_STATUS_OK or NT_STATUS_MORE_PROCESSING_REQUIRED). It forms the
response pdu that will be returned from the toplevel gensec_update()
together with NT_STATUS_OK or NT_STATUS_MORE_PROCESSING_REQUIRED. It
may also alter the state machine to prepare receiving the next pdu
from the peer.

This is the start of using this abstraction for the initial client or server
start with on empty input token from the peer.

This abstraction will be applied to all four other spnego states,
gensec_spnego_{client,server}_negToken{Init,Targ}() in the following
commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-07-25 13:51:11 +02:00
..
credentials auth/credentials: remove unused smb_krb5_create_salt_principal() 2017-06-27 16:57:47 +02:00
gensec auth/spnego: split gensec_spnego_create_negTokenInit() into subfunctions 2017-07-25 13:51:11 +02:00
kerberos wscript: remove executable bits for all wscript* files 2017-01-11 20:21:01 +01:00
ntlmssp auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case 2017-06-26 23:16:13 +02:00
auth_log.c source4 netlogon: Add authentication logging for ServerAuthenticate3 2017-07-24 23:29:23 +02:00
auth_sam_reply.c auth/auth_sam_reply: fill user_principal_* and dns_domain_name in make_user_info_dc_pac() 2016-07-22 23:34:22 +02:00
auth_sam_reply.h auth: One const is enough... 2016-09-09 20:33:10 +02:00
common_auth.h heimdal: Pass extra information to hdb_auth_status() to log success and failures 2017-03-29 02:37:28 +02:00
wbc_auth_util.c auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6 2016-06-30 03:30:26 +02:00
wscript_build auth: Add hooks for notification of authentication events over the message bus 2017-03-29 02:37:28 +02:00
wscript_configure auth_log: Add JSON logging of Authorisation and Authentications 2017-03-29 02:37:27 +02:00