summaryrefslogtreecommitdiffstats
path: root/auth/gensec
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-01-11 11:14:54 +1100
committerStefan Metzmacher <metze@samba.org>2012-01-11 09:10:02 +0100
commit226c3ef7a604086295bc717a64fcfacbe60df45d (patch)
tree99fc99a3474c91d23ae2955362b0a1bf588197af /auth/gensec
parent49bafcfa48f2d440101c0634d934528cbee69bf1 (diff)
downloadsamba-226c3ef7a604086295bc717a64fcfacbe60df45d.tar.gz
samba-226c3ef7a604086295bc717a64fcfacbe60df45d.tar.xz
samba-226c3ef7a604086295bc717a64fcfacbe60df45d.zip
gensec: make gensec_gssapi.h common
This will make it easier to share elements of the GSSAPI gensec mechs, in much the same way elements of the NTLMSSP mech are shared. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'auth/gensec')
-rw-r--r--auth/gensec/gensec_gssapi.h67
1 files changed, 67 insertions, 0 deletions
diff --git a/auth/gensec/gensec_gssapi.h b/auth/gensec/gensec_gssapi.h
new file mode 100644
index 00000000000..246fc99a722
--- /dev/null
+++ b/auth/gensec/gensec_gssapi.h
@@ -0,0 +1,67 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Kerberos backend for GENSEC
+
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+ Copyright (C) Stefan Metzmacher <metze@samba.org> 2004-2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* This structure described here, so the RPC-PAC test can get at the PAC provided */
+
+enum gensec_gssapi_sasl_state
+{
+ STAGE_GSS_NEG,
+ STAGE_SASL_SSF_NEG,
+ STAGE_SASL_SSF_ACCEPT,
+ STAGE_DONE
+};
+
+#define NEG_SEAL 0x4
+#define NEG_SIGN 0x2
+#define NEG_NONE 0x1
+
+struct gensec_gssapi_state {
+ gss_ctx_id_t gssapi_context;
+ struct gss_channel_bindings_struct *input_chan_bindings;
+ gss_name_t server_name;
+ gss_name_t client_name;
+ OM_uint32 want_flags, got_flags;
+ gss_OID gss_oid;
+
+ struct smb_krb5_context *smb_krb5_context;
+ struct gssapi_creds_container *client_cred;
+ struct gssapi_creds_container *server_cred;
+ gss_krb5_lucid_context_v1_t *lucid;
+
+ gss_cred_id_t delegated_cred_handle;
+
+ bool sasl; /* We have two different mechs in this file: One
+ * for SASL wrapped GSSAPI and another for normal
+ * GSSAPI */
+ enum gensec_gssapi_sasl_state sasl_state;
+ uint8_t sasl_protection; /* What was negotiated at the SASL
+ * layer, independent of the GSSAPI
+ * layer... */
+
+ size_t max_wrap_buf_size;
+ int gss_exchange_count;
+ size_t sig_size;
+
+ const char *target_principal;
+};
+