}
if (auth_context->make_auth4_context) {
- nt_status = auth_context->make_auth4_context(mem_ctx, auth4_context_out);
+ nt_status = auth_context->make_auth4_context(auth_context, mem_ctx, auth4_context_out);
TALLOC_FREE(tmp_ctx);
return nt_status;
}
if (auth_context->prepare_gensec) {
- nt_status = auth_context->prepare_gensec(tmp_ctx,
+ nt_status = auth_context->prepare_gensec(auth_context, tmp_ctx,
&gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(tmp_ctx);
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
-static NTSTATUS make_auth4_context_s4(TALLOC_CTX *mem_ctx,
+static NTSTATUS make_auth4_context_s4(const struct auth_context *auth_context,
+ TALLOC_CTX *mem_ctx,
struct auth4_context **auth4_context);
static struct idr_context *task_id_tree;
struct auth_user_info_dc *user_info_dc;
struct auth4_context *auth4_context;
- nt_status = make_auth4_context_s4(mem_ctx, &auth4_context);
+ nt_status = make_auth4_context_s4(auth_context, mem_ctx, &auth4_context);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(frame);
goto done;
* token is generated and used in the SMB and LDAP servers, for NTLM
* and for Kerberos.
*/
-static NTSTATUS prepare_gensec(TALLOC_CTX *mem_ctx,
+static NTSTATUS prepare_gensec(struct auth_context *auth_context,
+ TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_context)
{
NTSTATUS status;
* consistency between NTLM logins and NTLMSSP logins, as NTLMSSP is
* handled by the hook above.
*/
-static NTSTATUS make_auth4_context_s4(TALLOC_CTX *mem_ctx,
+static NTSTATUS make_auth4_context_s4(const struct auth_context *auth_context,
+ TALLOC_CTX *mem_ctx,
struct auth4_context **auth4_context)
{
NTSTATUS status;
}
talloc_reparent(frame, msg_ctx, server_id);
- status = auth_context_create(mem_ctx,
- event_ctx,
- msg_ctx,
- lp_ctx,
- auth4_context);
-
+ /* Allow forcing a specific auth4 module */
+ if (!auth_context->forced_samba4_methods) {
+ status = auth_context_create(mem_ctx,
+ event_ctx,
+ msg_ctx,
+ lp_ctx,
+ auth4_context);
+ } else {
+ const char * const *forced_auth_methods = (const char * const *)str_list_make(mem_ctx, auth_context->forced_samba4_methods, NULL);
+ status = auth_context_create_methods(mem_ctx, forced_auth_methods, event_ctx, msg_ctx, lp_ctx, NULL, auth4_context);
+ }
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start auth server code: %s\n", nt_errstr(status)));
TALLOC_FREE(frame);
result->prepare_gensec = prepare_gensec;
result->make_auth4_context = make_auth4_context_s4;
+ if (param && *param) {
+ auth_context->forced_samba4_methods = talloc_strdup(result, param);
+ if (!auth_context->forced_samba4_methods) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
*auth_method = result;
return NT_STATUS_OK;
}
char *unix_name;
};
-typedef NTSTATUS (*prepare_gensec_fn)(TALLOC_CTX *mem_ctx,
+struct auth_context;
+
+typedef NTSTATUS (*prepare_gensec_fn)(const struct auth_context *auth_context,
+ TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_context);
-typedef NTSTATUS (*make_auth4_context_fn)(TALLOC_CTX *mem_ctx,
+typedef NTSTATUS (*make_auth4_context_fn)(const struct auth_context *auth_context,
+ TALLOC_CTX *mem_ctx,
struct auth4_context **auth4_context);
struct auth_context {
prepare_gensec_fn prepare_gensec;
make_auth4_context_fn make_auth4_context;
+ const char *forced_samba4_methods;
};
typedef struct auth_methods
struct loadparm_context *lp_ctx,
struct auth_session_info **_session_info) ;
-NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
+NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char * const *methods,
struct tevent_context *ev,
struct imessaging_context *msg,
struct loadparm_context *lp_ctx,
Make a auth_info struct for the auth subsystem
- Allow the caller to specify the methods to use, including optionally the SAM to use
***************************************************************************/
-_PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
+_PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char * const *methods,
struct tevent_context *ev,
struct imessaging_context *msg,
struct loadparm_context *lp_ctx,