/* Look for the first module to provide a start_gensec hook, and set that if provided */
for (method = (*auth_context)->auth_method_list; method; method = method->next) {
- if (method->start_gensec) {
- (*auth_context)->start_gensec = method->start_gensec;
+ if (method->prepare_gensec && method->gensec_start_mech_by_oid) {
+ (*auth_context)->prepare_gensec = method->prepare_gensec;
+ (*auth_context)->gensec_start_mech_by_oid = method->gensec_start_mech_by_oid;
break;
}
}
return nt_status;
}
- if (auth_context->start_gensec) {
- nt_status = auth_context->start_gensec(ans, GENSEC_OID_NTLMSSP, &ans->gensec_security);
+ if (auth_context->prepare_gensec) {
+ nt_status = auth_context->prepare_gensec(ans, &ans->gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(ans);
return nt_status;
} else {
- *auth_ntlmssp_state = ans;
- return NT_STATUS_OK;
+ nt_status = auth_context->gensec_start_mech_by_oid(ans->gensec_security, GENSEC_OID_NTLMSSP);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ } else {
+ *auth_ntlmssp_state = ans;
+ return NT_STATUS_OK;
+ }
}
}
/* Hook to allow GENSEC to handle blob-based authentication
* mechanisms, without directly linking the mechansim code */
-static NTSTATUS start_gensec(TALLOC_CTX *mem_ctx, const char *oid_string,
- struct gensec_security **gensec_context)
+static NTSTATUS prepare_gensec(TALLOC_CTX *mem_ctx,
+ struct gensec_security **gensec_context)
{
NTSTATUS status;
struct loadparm_context *lp_ctx;
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
gensec_want_feature(gensec_ctx, GENSEC_FEATURE_UNIX_TOKEN);
- status = gensec_start_mech_by_oid(gensec_ctx, oid_string);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to start GENSEC %s server code: %s\n",
- gensec_get_name_by_oid(gensec_ctx, oid_string), nt_errstr(status)));
- TALLOC_FREE(frame);
- return status;
- }
-
*gensec_context = gensec_ctx;
+ TALLOC_FREE(frame);
return status;
}
}
result->name = "samba4";
result->auth = check_samba4_security;
- result->start_gensec = start_gensec;
+ result->prepare_gensec = prepare_gensec;
+ result->gensec_start_mech_by_oid = gensec_start_mech_by_oid;
*auth_method = result;
return NT_STATUS_OK;
struct auth_serversupplied_info **server_info);
NTSTATUS (*nt_status_squash)(NTSTATUS nt_status);
- NTSTATUS (*start_gensec)(TALLOC_CTX *mem_ctx, const char *oid_string,
+ NTSTATUS (*prepare_gensec)(TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_context);
+ NTSTATUS (*gensec_start_mech_by_oid)(struct gensec_security *gensec_context, const char *oid_string);
};
typedef struct auth_methods
void **my_private_data,
TALLOC_CTX *mem_ctx);
- /* Optional method allowing this module to provide a way to get a gensec context */
- NTSTATUS (*start_gensec)(TALLOC_CTX *mem_ctx, const char *oid_string,
+ /* Optional methods allowing this module to provide a way to get a gensec context */
+ NTSTATUS (*prepare_gensec)(TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_context);
-
+ NTSTATUS (*gensec_start_mech_by_oid)(struct gensec_security *gensec_context, const char *oid_string);
/* Used to keep tabs on things like the cli for SMB server authentication */
void *private_data;