mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
e9eb0f3cc5
This adds and uses the gensec_spnego_neg_loop() abstraction, which abstracts start, step and finish hooks. The start hook does the initial processing on the incoming paket and may start the first possible subcontext. It indicates that gensec_update() is required on the subcontext by returning NT_STATUS_MORE_PROCESSING_REQUIRED and return something useful in 'in_next'. Note that 'in_mem_ctx' is just passed as a hint, the caller should treat 'in_next' as const and don't attempt to free the content. NT_STATUS_OK indicates the finish hook should be invoked directly withing the need of gensec_update() on the subcontext. Every other error indicates an error that's returned to the caller. The step hook processes the result of a failed gensec_update() and can decide to ignore a failure or continue the negotiation by setting up the next possible subcontext. It indicates that gensec_update() is required on the subcontext by returning NT_STATUS_MORE_PROCESSING_REQUIRED and return something useful in 'in_next'. Note that 'in_mem_ctx' is just passed as a hint, the caller should treat 'in_next' as const and don't attempt to free the content. NT_STATUS_OK indicates the finish hook should be invoced directly withing the need of gensec_update() on the subcontext. Every other error indicated an error that's returned to the caller. The finish hook processes the result of a successful gensec_update() (NT_STATUS_OK or NT_STATUS_MORE_PROCESSING_REQUIRED). It forms the response pdu that will be returned from the toplevel gensec_update() together with NT_STATUS_OK or NT_STATUS_MORE_PROCESSING_REQUIRED. It may also alter the state machine to prepare receiving the next pdu from the peer. This is the start of using this abstraction for the initial client or server start with on empty input token from the peer. This abstraction will be applied to all four other spnego states, gensec_spnego_{client,server}_negToken{Init,Targ}() in the following commits. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> |
||
---|---|---|
.. | ||
credentials | ||
gensec | ||
kerberos | ||
ntlmssp | ||
auth_log.c | ||
auth_sam_reply.c | ||
auth_sam_reply.h | ||
common_auth.h | ||
wbc_auth_util.c | ||
wscript_build | ||
wscript_configure |