1/*
2   Unix SMB/CIFS implementation.
3
4   Generic Authentication Interface for Samba Servers
5
6   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
7
8   This program is free software; you can redistribute it and/or modify
9   it under the terms of the GNU General Public License as published by
10   the Free Software Foundation; either version 3 of the License, or
11   (at your option) any later version.
12
13   This program is distributed in the hope that it will be useful,
14   but WITHOUT ANY WARRANTY; without even the implied warranty of
15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16   GNU General Public License for more details.
17
18   You should have received a copy of the GNU General Public License
19   along with this program.  If not, see <http://www.gnu.org/licenses/>.
20*/
21
22/* This code sets up GENSEC in the way that all Samba servers want
23 * (becaue they have presumed access to the sam.ldb etc */
24
25#include "includes.h"
26#include "auth/auth.h"
27#include "auth/gensec/gensec.h"
28#include "param/param.h"
29
30NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
31				   struct tevent_context *event_ctx,
32				   struct messaging_context *msg_ctx,
33				   struct loadparm_context *lp_ctx,
34				   struct cli_credentials *server_credentials,
35				   const char *target_service,
36				   struct gensec_security **gensec_context)
37{
38	NTSTATUS nt_status;
39	struct gensec_security *gensec_ctx;
40	struct auth_context *auth_context;
41
42	nt_status = auth_context_create(mem_ctx,
43					event_ctx,
44					msg_ctx,
45					lp_ctx,
46					&auth_context);
47
48	if (!NT_STATUS_IS_OK(nt_status)) {
49		DEBUG(1, ("Failed to start auth server code: %s\n", nt_errstr(nt_status)));
50		return nt_status;
51	}
52
53	nt_status = gensec_server_start(mem_ctx,
54					event_ctx,
55					lp_gensec_settings(mem_ctx, lp_ctx),
56					auth_context,
57					&gensec_ctx);
58	if (!NT_STATUS_IS_OK(nt_status)) {
59		talloc_free(auth_context);
60		DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(nt_status)));
61		return nt_status;
62	}
63
64	gensec_set_credentials(gensec_ctx, server_credentials);
65
66	if (target_service) {
67		gensec_set_target_service(gensec_ctx, target_service);
68	}
69	*gensec_context = gensec_ctx;
70	return nt_status;
71}
72