Line data Source code
1 : /*
2 : NLTMSSP wrappers
3 :
4 : Copyright (C) Andrew Tridgell 2001
5 : Copyright (C) Andrew Bartlett 2001-2003,2011
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include "includes.h"
22 : #include "auth/ntlmssp/ntlmssp.h"
23 : #include "auth_generic.h"
24 : #include "auth/gensec/gensec.h"
25 : #include "auth/credentials/credentials.h"
26 : #include "librpc/rpc/dcerpc.h"
27 : #include "lib/param/param.h"
28 : #include "librpc/crypto/gse.h"
29 :
30 10424 : NTSTATUS auth_generic_set_username(struct auth_generic_state *ans,
31 : const char *user)
32 : {
33 10424 : cli_credentials_set_username(ans->credentials, user, CRED_SPECIFIED);
34 10424 : return NT_STATUS_OK;
35 : }
36 :
37 10424 : NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans,
38 : const char *domain)
39 : {
40 10424 : cli_credentials_set_domain(ans->credentials, domain, CRED_SPECIFIED);
41 10424 : return NT_STATUS_OK;
42 : }
43 :
44 949 : NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
45 : const char *password)
46 : {
47 949 : cli_credentials_set_password(ans->credentials, password, CRED_SPECIFIED);
48 949 : return NT_STATUS_OK;
49 : }
50 :
51 15215 : NTSTATUS auth_generic_set_creds(struct auth_generic_state *ans,
52 : struct cli_credentials *creds)
53 : {
54 15215 : talloc_unlink(ans->credentials, creds);
55 15215 : ans->credentials = creds;
56 15215 : return NT_STATUS_OK;
57 : }
58 :
59 25639 : NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_generic_state)
60 : {
61 : struct auth_generic_state *ans;
62 : NTSTATUS nt_status;
63 25639 : size_t idx = 0;
64 : struct gensec_settings *gensec_settings;
65 25639 : const struct gensec_security_ops **backends = NULL;
66 : struct loadparm_context *lp_ctx;
67 : bool ok;
68 :
69 25639 : ans = talloc_zero(mem_ctx, struct auth_generic_state);
70 25639 : if (!ans) {
71 0 : DEBUG(0,("auth_generic_start: talloc failed!\n"));
72 0 : return NT_STATUS_NO_MEMORY;
73 : }
74 :
75 25639 : lp_ctx = loadparm_init_s3(ans, loadparm_s3_helpers());
76 25639 : if (lp_ctx == NULL) {
77 0 : DEBUG(10, ("loadparm_init_s3 failed\n"));
78 0 : TALLOC_FREE(ans);
79 0 : return NT_STATUS_INVALID_SERVER_STATE;
80 : }
81 :
82 25639 : gensec_settings = lpcfg_gensec_settings(ans, lp_ctx);
83 25639 : if (lp_ctx == NULL) {
84 0 : DEBUG(10, ("lpcfg_gensec_settings failed\n"));
85 0 : TALLOC_FREE(ans);
86 0 : return NT_STATUS_NO_MEMORY;
87 : }
88 :
89 25639 : backends = talloc_zero_array(gensec_settings,
90 : const struct gensec_security_ops *, 7);
91 25639 : if (backends == NULL) {
92 0 : TALLOC_FREE(ans);
93 0 : return NT_STATUS_NO_MEMORY;
94 : }
95 25639 : gensec_settings->backends = backends;
96 :
97 25639 : gensec_init();
98 :
99 : /* These need to be in priority order, krb5 before NTLMSSP */
100 : #if defined(HAVE_KRB5)
101 25639 : backends[idx++] = &gensec_gse_krb5_security_ops;
102 : #endif
103 :
104 25639 : backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
105 25639 : backends[idx++] = gensec_security_by_name(NULL, "ntlmssp_resume_ccache");
106 :
107 25639 : backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
108 25639 : backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_SCHANNEL);
109 25639 : backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM);
110 :
111 25639 : nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
112 :
113 25639 : if (!NT_STATUS_IS_OK(nt_status)) {
114 0 : TALLOC_FREE(ans);
115 0 : return nt_status;
116 : }
117 :
118 25639 : ans->credentials = cli_credentials_init(ans);
119 25639 : if (!ans->credentials) {
120 0 : TALLOC_FREE(ans);
121 0 : return NT_STATUS_NO_MEMORY;
122 : }
123 :
124 25639 : ok = cli_credentials_guess(ans->credentials, lp_ctx);
125 25639 : if (!ok) {
126 0 : TALLOC_FREE(ans);
127 0 : return NT_STATUS_INTERNAL_ERROR;
128 : }
129 :
130 25639 : talloc_unlink(ans, lp_ctx);
131 25639 : talloc_unlink(ans, gensec_settings);
132 :
133 25639 : *auth_generic_state = ans;
134 25639 : return NT_STATUS_OK;
135 : }
136 :
137 14976 : NTSTATUS auth_generic_client_start(struct auth_generic_state *ans, const char *oid)
138 : {
139 : NTSTATUS status;
140 :
141 : /* Transfer the credentials to gensec */
142 14976 : status = gensec_set_credentials(ans->gensec_security, ans->credentials);
143 14976 : if (!NT_STATUS_IS_OK(status)) {
144 0 : DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
145 : nt_errstr(status)));
146 0 : return status;
147 : }
148 14976 : talloc_unlink(ans, ans->credentials);
149 14976 : ans->credentials = NULL;
150 :
151 14976 : status = gensec_start_mech_by_oid(ans->gensec_security,
152 : oid);
153 14976 : if (!NT_STATUS_IS_OK(status)) {
154 0 : return status;
155 : }
156 :
157 14976 : return NT_STATUS_OK;
158 : }
159 :
160 53 : NTSTATUS auth_generic_client_start_by_name(struct auth_generic_state *ans,
161 : const char *name)
162 : {
163 : NTSTATUS status;
164 :
165 : /* Transfer the credentials to gensec */
166 53 : status = gensec_set_credentials(ans->gensec_security, ans->credentials);
167 53 : if (!NT_STATUS_IS_OK(status)) {
168 0 : DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
169 : nt_errstr(status)));
170 0 : return status;
171 : }
172 53 : talloc_unlink(ans, ans->credentials);
173 53 : ans->credentials = NULL;
174 :
175 53 : status = gensec_start_mech_by_name(ans->gensec_security, name);
176 53 : if (!NT_STATUS_IS_OK(status)) {
177 0 : return status;
178 : }
179 :
180 53 : return NT_STATUS_OK;
181 : }
182 :
183 793 : NTSTATUS auth_generic_client_start_by_authtype(struct auth_generic_state *ans,
184 : uint8_t auth_type,
185 : uint8_t auth_level)
186 : {
187 : NTSTATUS status;
188 :
189 : /* Transfer the credentials to gensec */
190 793 : status = gensec_set_credentials(ans->gensec_security, ans->credentials);
191 793 : if (!NT_STATUS_IS_OK(status)) {
192 0 : DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
193 : nt_errstr(status)));
194 0 : return status;
195 : }
196 793 : talloc_unlink(ans, ans->credentials);
197 793 : ans->credentials = NULL;
198 :
199 793 : status = gensec_start_mech_by_authtype(ans->gensec_security,
200 : auth_type, auth_level);
201 793 : if (!NT_STATUS_IS_OK(status)) {
202 0 : return status;
203 : }
204 :
205 793 : return NT_STATUS_OK;
206 : }
207 :
208 342 : NTSTATUS auth_generic_client_start_by_sasl(struct auth_generic_state *ans,
209 : const char **sasl_list)
210 : {
211 : NTSTATUS status;
212 :
213 : /* Transfer the credentials to gensec */
214 342 : status = gensec_set_credentials(ans->gensec_security, ans->credentials);
215 342 : if (!NT_STATUS_IS_OK(status)) {
216 0 : DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
217 : nt_errstr(status)));
218 0 : return status;
219 : }
220 342 : talloc_unlink(ans, ans->credentials);
221 342 : ans->credentials = NULL;
222 :
223 342 : status = gensec_start_mech_by_sasl_list(ans->gensec_security, sasl_list);
224 342 : if (!NT_STATUS_IS_OK(status)) {
225 0 : return status;
226 : }
227 :
228 342 : return NT_STATUS_OK;
229 : }
|
