diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-01-12 21:16:36 +1100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2012-01-18 16:23:25 +0100 |
| commit | 67279780dd5742397918b532b4bc5e89072ab82d (patch) | |
| tree | 3e5c57a92c1ebcd05611c2b534342f826bd37160 /source3/auth | |
| parent | 45ec777e0ea78a1194980624ac9127a42b4b29fe (diff) | |
| download | samba-67279780dd5742397918b532b4bc5e89072ab82d.tar.gz samba-67279780dd5742397918b532b4bc5e89072ab82d.tar.xz samba-67279780dd5742397918b532b4bc5e89072ab82d.zip | |
s3-gensec: Add hook to allow gensec to know if kerberos is permitted
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_generic.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c index b2b862ee1c..6db761b0b9 100644 --- a/source3/auth/auth_generic.c +++ b/source3/auth/auth_generic.c @@ -30,6 +30,7 @@ #include "libcli/auth/krb5_wrap.h" #endif #include "librpc/crypto/gse.h" +#include "auth/credentials/credentials.h" static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, TALLOC_CTX *mem_ctx, @@ -175,6 +176,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, struct gensec_settings *gensec_settings; struct loadparm_context *lp_ctx; + struct cli_credentials *server_credentials; struct auth4_context *auth4_context = talloc_zero(tmp_ctx, struct auth4_context); if (auth4_context == NULL) { DEBUG(10, ("failed to allocate auth4_context failed\n")); @@ -209,6 +211,24 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, gensec_settings->backends[1] = &gensec_gse_krb5_security_ops; #endif + /* + * This is anonymous for now, because we just use it + * to set the kerberos state at the moment + */ + server_credentials = cli_credentials_init_anon(tmp_ctx); + if (!server_credentials) { + DEBUG(0, ("auth_generic_prepare: Failed to init server credentials\n")); + return NT_STATUS_NO_MEMORY; + } + + cli_credentials_set_conf(server_credentials, lp_ctx); + + if (lp_security() == SEC_ADS || USE_KERBEROS_KEYTAB) { + cli_credentials_set_kerberos_state(server_credentials, CRED_AUTO_USE_KERBEROS); + } else { + cli_credentials_set_kerberos_state(server_credentials, CRED_DONT_USE_KERBEROS); + } + nt_status = gensec_server_start(tmp_ctx, gensec_settings, auth4_context, &gensec_security); @@ -216,7 +236,11 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, TALLOC_FREE(tmp_ctx); return nt_status; } + + gensec_set_credentials(gensec_security, server_credentials); + talloc_unlink(tmp_ctx, lp_ctx); + talloc_unlink(tmp_ctx, server_credentials); talloc_unlink(tmp_ctx, gensec_settings); talloc_unlink(tmp_ctx, auth4_context); } |