diff options
author | Andrew Bartlett <abartlet@samba.org> | 2014-05-16 14:29:43 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2014-05-16 10:23:26 +0200 |
commit | 6c37cd65445f3acf4f41f375017ae7f5f1e34bde (patch) | |
tree | ef35b6947e8f0087d03fc6eeb6b8d0f507eca2d3 /source3 | |
parent | 66c099cc58e3140d08ef0890550c647e51a4a641 (diff) | |
download | samba-6c37cd65445f3acf4f41f375017ae7f5f1e34bde.tar.gz samba-6c37cd65445f3acf4f41f375017ae7f5f1e34bde.tar.xz samba-6c37cd65445f3acf4f41f375017ae7f5f1e34bde.zip |
auth: Allow auth_samba4 to be forced to run a specific auth module
This will allow new tests to be written to validate winbindd authentication results
Andrew Bartlett
Change-Id: I008eba1de349b17ee4eb9f11be08338557dffecc
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source3')
-rw-r--r-- | source3/auth/auth_generic.c | 4 | ||||
-rw-r--r-- | source3/auth/auth_samba4.c | 35 | ||||
-rw-r--r-- | source3/include/auth.h | 9 |
3 files changed, 34 insertions, 14 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c index e1c6475ecab..05c4ddcede4 100644 --- a/source3/auth/auth_generic.c +++ b/source3/auth/auth_generic.c @@ -163,7 +163,7 @@ NTSTATUS make_auth4_context(TALLOC_CTX *mem_ctx, struct auth4_context **auth4_co } if (auth_context->make_auth4_context) { - nt_status = auth_context->make_auth4_context(mem_ctx, auth4_context_out); + nt_status = auth_context->make_auth4_context(auth_context, mem_ctx, auth4_context_out); TALLOC_FREE(tmp_ctx); return nt_status; @@ -197,7 +197,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, } if (auth_context->prepare_gensec) { - nt_status = auth_context->prepare_gensec(tmp_ctx, + nt_status = auth_context->prepare_gensec(auth_context, tmp_ctx, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(tmp_ctx); diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c index fcc4c285ea8..d9d71512a2b 100644 --- a/source3/auth/auth_samba4.c +++ b/source3/auth/auth_samba4.c @@ -31,7 +31,8 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH -static NTSTATUS make_auth4_context_s4(TALLOC_CTX *mem_ctx, +static NTSTATUS make_auth4_context_s4(const struct auth_context *auth_context, + TALLOC_CTX *mem_ctx, struct auth4_context **auth4_context); static struct idr_context *task_id_tree; @@ -111,7 +112,7 @@ static NTSTATUS check_samba4_security(const struct auth_context *auth_context, struct auth_user_info_dc *user_info_dc; struct auth4_context *auth4_context; - nt_status = make_auth4_context_s4(mem_ctx, &auth4_context); + nt_status = make_auth4_context_s4(auth_context, mem_ctx, &auth4_context); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(frame); goto done; @@ -178,7 +179,8 @@ static NTSTATUS check_samba4_security(const struct auth_context *auth_context, * token is generated and used in the SMB and LDAP servers, for NTLM * and for Kerberos. */ -static NTSTATUS prepare_gensec(TALLOC_CTX *mem_ctx, +static NTSTATUS prepare_gensec(struct auth_context *auth_context, + TALLOC_CTX *mem_ctx, struct gensec_security **gensec_context) { NTSTATUS status; @@ -270,7 +272,8 @@ static NTSTATUS prepare_gensec(TALLOC_CTX *mem_ctx, * consistency between NTLM logins and NTLMSSP logins, as NTLMSSP is * handled by the hook above. */ -static NTSTATUS make_auth4_context_s4(TALLOC_CTX *mem_ctx, +static NTSTATUS make_auth4_context_s4(const struct auth_context *auth_context, + TALLOC_CTX *mem_ctx, struct auth4_context **auth4_context) { NTSTATUS status; @@ -311,12 +314,17 @@ static NTSTATUS make_auth4_context_s4(TALLOC_CTX *mem_ctx, } talloc_reparent(frame, msg_ctx, server_id); - status = auth_context_create(mem_ctx, - event_ctx, - msg_ctx, - lp_ctx, - auth4_context); - + /* Allow forcing a specific auth4 module */ + if (!auth_context->forced_samba4_methods) { + status = auth_context_create(mem_ctx, + event_ctx, + msg_ctx, + lp_ctx, + auth4_context); + } else { + const char * const *forced_auth_methods = (const char * const *)str_list_make(mem_ctx, auth_context->forced_samba4_methods, NULL); + status = auth_context_create_methods(mem_ctx, forced_auth_methods, event_ctx, msg_ctx, lp_ctx, NULL, auth4_context); + } if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start auth server code: %s\n", nt_errstr(status))); TALLOC_FREE(frame); @@ -349,6 +357,13 @@ static NTSTATUS auth_init_samba4(struct auth_context *auth_context, result->prepare_gensec = prepare_gensec; result->make_auth4_context = make_auth4_context_s4; + if (param && *param) { + auth_context->forced_samba4_methods = talloc_strdup(result, param); + if (!auth_context->forced_samba4_methods) { + return NT_STATUS_NO_MEMORY; + } + } + *auth_method = result; return NT_STATUS_OK; } diff --git a/source3/include/auth.h b/source3/include/auth.h index 07f8b9eee1a..acae5a83c6c 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -66,10 +66,14 @@ struct auth_serversupplied_info { char *unix_name; }; -typedef NTSTATUS (*prepare_gensec_fn)(TALLOC_CTX *mem_ctx, +struct auth_context; + +typedef NTSTATUS (*prepare_gensec_fn)(const struct auth_context *auth_context, + TALLOC_CTX *mem_ctx, struct gensec_security **gensec_context); -typedef NTSTATUS (*make_auth4_context_fn)(TALLOC_CTX *mem_ctx, +typedef NTSTATUS (*make_auth4_context_fn)(const struct auth_context *auth_context, + TALLOC_CTX *mem_ctx, struct auth4_context **auth4_context); struct auth_context { @@ -83,6 +87,7 @@ struct auth_context { prepare_gensec_fn prepare_gensec; make_auth4_context_fn make_auth4_context; + const char *forced_samba4_methods; }; typedef struct auth_methods |