Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : SASL/EXTERNAL authentication.
5 :
6 : Copyright (C) Howard Chu <hyc@symas.com> 2013
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include "includes.h"
23 : #include <tevent.h>
24 : #include "lib/util/tevent_ntstatus.h"
25 : #include "auth/credentials/credentials.h"
26 : #include "auth/gensec/gensec.h"
27 : #include "auth/gensec/gensec_internal.h"
28 : #include "auth/gensec/gensec_proto.h"
29 : #include "auth/gensec/gensec_toplevel_proto.h"
30 :
31 : #undef DBGC_CLASS
32 : #define DBGC_CLASS DBGC_AUTH
33 :
34 : /* SASL/EXTERNAL is essentially a no-op; it is only usable when the transport
35 : * layer is already mutually authenticated.
36 : */
37 :
38 : NTSTATUS gensec_external_init(TALLOC_CTX *ctx);
39 :
40 0 : static NTSTATUS gensec_external_start(struct gensec_security *gensec_security)
41 : {
42 0 : if (gensec_security->want_features & GENSEC_FEATURE_SIGN)
43 0 : return NT_STATUS_INVALID_PARAMETER;
44 0 : if (gensec_security->want_features & GENSEC_FEATURE_SEAL)
45 0 : return NT_STATUS_INVALID_PARAMETER;
46 :
47 0 : return NT_STATUS_OK;
48 : }
49 :
50 : struct gensec_external_update_state {
51 : DATA_BLOB out;
52 : };
53 :
54 0 : static struct tevent_req *gensec_external_update_send(TALLOC_CTX *mem_ctx,
55 : struct tevent_context *ev,
56 : struct gensec_security *gensec_security,
57 : const DATA_BLOB in)
58 : {
59 : struct tevent_req *req;
60 0 : struct gensec_external_update_state *state = NULL;
61 :
62 0 : req = tevent_req_create(mem_ctx, &state,
63 : struct gensec_external_update_state);
64 0 : if (req == NULL) {
65 0 : return NULL;
66 : }
67 :
68 0 : state->out = data_blob_talloc(state, "", 0);
69 0 : if (tevent_req_nomem(state->out.data, req)) {
70 0 : return tevent_req_post(req, ev);
71 : }
72 :
73 0 : tevent_req_done(req);
74 0 : return tevent_req_post(req, ev);
75 : }
76 :
77 0 : static NTSTATUS gensec_external_update_recv(struct tevent_req *req,
78 : TALLOC_CTX *out_mem_ctx,
79 : DATA_BLOB *out)
80 : {
81 0 : struct gensec_external_update_state *state =
82 0 : tevent_req_data(req,
83 : struct gensec_external_update_state);
84 : NTSTATUS status;
85 :
86 0 : *out = data_blob_null;
87 :
88 0 : if (tevent_req_is_nterror(req, &status)) {
89 0 : tevent_req_received(req);
90 0 : return status;
91 : }
92 :
93 0 : *out = state->out;
94 0 : tevent_req_received(req);
95 0 : return NT_STATUS_OK;
96 : }
97 :
98 : /* We have no features */
99 0 : static bool gensec_external_have_feature(struct gensec_security *gensec_security,
100 : uint32_t feature)
101 : {
102 0 : return false;
103 : }
104 :
105 : static const struct gensec_security_ops gensec_external_ops = {
106 : .name = "sasl-EXTERNAL",
107 : .sasl_name = "EXTERNAL",
108 : .client_start = gensec_external_start,
109 : .update_send = gensec_external_update_send,
110 : .update_recv = gensec_external_update_recv,
111 : .have_feature = gensec_external_have_feature,
112 : .enabled = true,
113 : .priority = GENSEC_EXTERNAL
114 : };
115 :
116 :
117 10467 : NTSTATUS gensec_external_init(TALLOC_CTX *ctx)
118 : {
119 : NTSTATUS ret;
120 :
121 10467 : ret = gensec_register(ctx, &gensec_external_ops);
122 10467 : if (!NT_STATUS_IS_OK(ret)) {
123 0 : DEBUG(0,("Failed to register '%s' gensec backend!\n",
124 : gensec_external_ops.name));
125 : }
126 10467 : return ret;
127 : }
|
