diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-02-03 16:14:42 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-02-24 11:23:18 +1100 |
| commit | 8a9b6fe26dc347afd6dc17570354e0af391b351d (patch) | |
| tree | b53bed5dc786897fdca800b84ad2eba6afd5fe3a /source3/auth/auth_samba4.c | |
| parent | aed0735862f9517c49918bb4e4b444427d924b2e (diff) | |
| download | samba-8a9b6fe26dc347afd6dc17570354e0af391b351d.tar.gz samba-8a9b6fe26dc347afd6dc17570354e0af391b351d.tar.xz samba-8a9b6fe26dc347afd6dc17570354e0af391b351d.zip | |
s3-auth: Add a way to get an auth4_context from the auth stack
This will allow us to use the same layer that auth_ntlmssp does
in the non-SPNEGO session setup, which will in turn make the
authentication code more consistent in the AD server case.
Andrew Bartlett
Diffstat (limited to 'source3/auth/auth_samba4.c')
| -rw-r--r-- | source3/auth/auth_samba4.c | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c index 971f9d6898..6692f187be 100644 --- a/source3/auth/auth_samba4.c +++ b/source3/auth/auth_samba4.c @@ -169,6 +169,59 @@ static NTSTATUS prepare_gensec(TALLOC_CTX *mem_ctx, return status; } +/* Hook to allow handling of NTLM authentication for AD operation + * without directly linking the s4 auth stack */ +static NTSTATUS make_auth4_context_s4(TALLOC_CTX *mem_ctx, + struct auth4_context **auth4_context) +{ + NTSTATUS status; + struct loadparm_context *lp_ctx; + struct tevent_context *event_ctx; + TALLOC_CTX *frame = talloc_stackframe(); + struct imessaging_context *msg_ctx; + + lp_ctx = loadparm_init_s3(frame, loadparm_s3_context()); + if (lp_ctx == NULL) { + DEBUG(1, ("loadparm_init_s3 failed\n")); + TALLOC_FREE(frame); + return NT_STATUS_INVALID_SERVER_STATE; + } + event_ctx = s4_event_context_init(frame); + if (event_ctx == NULL) { + DEBUG(1, ("s4_event_context_init failed\n")); + TALLOC_FREE(frame); + return NT_STATUS_INVALID_SERVER_STATE; + } + + msg_ctx = imessaging_client_init(frame, + lp_ctx, + event_ctx); + if (msg_ctx == NULL) { + DEBUG(1, ("imessaging_init failed\n")); + TALLOC_FREE(frame); + return NT_STATUS_INVALID_SERVER_STATE; + } + + status = auth_context_create(mem_ctx, + event_ctx, + msg_ctx, + lp_ctx, + auth4_context); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start auth server code: %s\n", nt_errstr(status))); + TALLOC_FREE(frame); + return status; + } + + talloc_reparent(frame, *auth4_context, msg_ctx); + talloc_reparent(frame, *auth4_context, event_ctx); + talloc_reparent(frame, *auth4_context, lp_ctx); + + TALLOC_FREE(frame); + return status; +} + /* module initialisation */ static NTSTATUS auth_init_samba4(struct auth_context *auth_context, const char *param, @@ -185,6 +238,7 @@ static NTSTATUS auth_init_samba4(struct auth_context *auth_context, result->name = "samba4"; result->auth = check_samba4_security; result->prepare_gensec = prepare_gensec; + result->make_auth4_context = make_auth4_context_s4; *auth_method = result; return NT_STATUS_OK; |