auth:kerberos: Fix resource leak in parse_principal()
[samba4-gss.git] / source4 / auth / samba_server_gensec.c
blobf2b0551afe83faf073351e8903d0867899ec5e59
1 /*
2 Unix SMB/CIFS implementation.
4 Generic Authentication Interface for Samba Servers
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 /* This code sets up GENSEC in the way that all Samba servers want
23 * (becaue they have presumed access to the sam.ldb etc */
25 #include "includes.h"
26 #include "auth/auth.h"
27 #include "auth/gensec/gensec.h"
28 #include "param/param.h"
30 static NTSTATUS samba_server_gensec_start_settings(TALLOC_CTX *mem_ctx,
31 struct tevent_context *event_ctx,
32 struct imessaging_context *msg_ctx,
33 struct loadparm_context *lp_ctx,
34 struct gensec_settings *settings,
35 struct cli_credentials *server_credentials,
36 const char *target_service,
37 struct gensec_security **gensec_context)
39 NTSTATUS nt_status;
40 struct gensec_security *gensec_ctx;
41 struct auth4_context *auth_context;
43 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
44 if (!tmp_ctx) {
45 return NT_STATUS_NO_MEMORY;
48 nt_status = auth_context_create(tmp_ctx,
49 event_ctx,
50 msg_ctx,
51 lp_ctx,
52 &auth_context);
54 if (!NT_STATUS_IS_OK(nt_status)) {
55 DEBUG(1, ("Failed to start auth server code: %s\n", nt_errstr(nt_status)));
56 talloc_free(tmp_ctx);
57 return nt_status;
60 nt_status = gensec_server_start(tmp_ctx,
61 settings,
62 auth_context,
63 &gensec_ctx);
64 if (!NT_STATUS_IS_OK(nt_status)) {
65 talloc_free(tmp_ctx);
66 DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(nt_status)));
67 return nt_status;
70 gensec_set_credentials(gensec_ctx, server_credentials);
72 if (target_service) {
73 gensec_set_target_service(gensec_ctx, target_service);
75 *gensec_context = talloc_steal(mem_ctx, gensec_ctx);
76 talloc_free(tmp_ctx);
77 return nt_status;
80 NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
81 struct tevent_context *event_ctx,
82 struct imessaging_context *msg_ctx,
83 struct loadparm_context *lp_ctx,
84 struct cli_credentials *server_credentials,
85 const char *target_service,
86 struct gensec_security **gensec_context)
88 struct gensec_settings *settings = NULL;
89 NTSTATUS status;
91 settings = lpcfg_gensec_settings(mem_ctx, lp_ctx);
92 if (settings == NULL) {
93 return NT_STATUS_NO_MEMORY;
95 status = samba_server_gensec_start_settings(mem_ctx, event_ctx,
96 msg_ctx, lp_ctx,
97 settings, server_credentials,
98 target_service,
99 gensec_context);
100 if (!NT_STATUS_IS_OK(status)) {
101 TALLOC_FREE(settings);
102 return status;
105 talloc_reparent(mem_ctx, *gensec_context, settings);
106 return NT_STATUS_OK;
109 NTSTATUS samba_server_gensec_krb5_start(TALLOC_CTX *mem_ctx,
110 struct tevent_context *event_ctx,
111 struct imessaging_context *msg_ctx,
112 struct loadparm_context *lp_ctx,
113 struct cli_credentials *server_credentials,
114 const char *target_service,
115 struct gensec_security **gensec_context)
117 struct gensec_settings *settings = NULL;
118 const struct gensec_security_ops **backends = NULL;
119 size_t idx = 0;
120 NTSTATUS status;
122 settings = lpcfg_gensec_settings(mem_ctx, lp_ctx);
123 if (settings == NULL) {
124 return NT_STATUS_NO_MEMORY;
126 backends = talloc_zero_array(settings,
127 const struct gensec_security_ops *, 3);
128 if (backends == NULL) {
129 TALLOC_FREE(settings);
130 return NT_STATUS_NO_MEMORY;
132 settings->backends = backends;
134 gensec_init();
136 backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_KERBEROS5);
138 backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
140 status = samba_server_gensec_start_settings(mem_ctx, event_ctx,
141 msg_ctx, lp_ctx,
142 settings, server_credentials,
143 target_service,
144 gensec_context);
145 if (!NT_STATUS_IS_OK(status)) {
146 TALLOC_FREE(settings);
147 return status;
150 talloc_reparent(mem_ctx, *gensec_context, settings);
151 return NT_STATUS_OK;