diff options
author | Simo Sorce <simo@redhat.com> | 2014-08-08 09:47:19 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-08-08 10:11:05 -0400 |
commit | 83a16a65b5c1bb8435505fe7f3b0cc805048821c (patch) | |
tree | de24440ea5cb48cbd2bfac97722a37257495de64 /src/gss_sec_ctx.c | |
parent | 77b7dd9436db7f1b3a2f2110a58e90341de420c9 (diff) | |
download | gss-ntlmssp-83a16a65b5c1bb8435505fe7f3b0cc805048821c.tar.gz gss-ntlmssp-83a16a65b5c1bb8435505fe7f3b0cc805048821c.tar.xz gss-ntlmssp-83a16a65b5c1bb8435505fe7f3b0cc805048821c.zip |
Improve role managementwinbind
A server can be standalone or domain member, improve role management
so we can autodetct which role we should assume as a server.
Diffstat (limited to 'src/gss_sec_ctx.c')
-rw-r--r-- | src/gss_sec_ctx.c | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 40817b8..4802567 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -127,8 +127,6 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, ctx->gss_flags = req_flags; - ctx->role = GSSNTLM_CLIENT; - ctx->neg_flags = NTLMSSP_DEFAULT_CLIENT_FLAGS; /* @@ -204,10 +202,12 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, goto done; } + gssntlm_set_role(ctx, GSSNTLM_CLIENT, nb_domain_name); + ctx->neg_flags |= NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED; lm_compat_lvl = gssntlm_get_lm_compatibility_level(); - ctx->sec_req = gssntlm_required_security(lm_compat_lvl, ctx->role); + ctx->sec_req = gssntlm_required_security(lm_compat_lvl, ctx); if (ctx->sec_req == 0xff) { retmaj = GSS_S_FAILURE; goto done; @@ -285,7 +285,7 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, } else { - if (ctx->role != GSSNTLM_CLIENT) { + if (!gssntlm_role_is_client(ctx)) { retmaj = GSS_S_NO_CONTEXT; goto done; } @@ -631,13 +631,10 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, goto done; } - /* FIXME: add call to determine if we are any other type of - * server, including setting up callbacks to perform validation - * against a remote DC */ - ctx->role = GSSNTLM_SERVER; + gssntlm_set_role(ctx, GSSNTLM_SERVER, nb_domain_name); lm_compat_lvl = gssntlm_get_lm_compatibility_level(); - ctx->sec_req = gssntlm_required_security(lm_compat_lvl, ctx->role); + ctx->sec_req = gssntlm_required_security(lm_compat_lvl, ctx); if (ctx->sec_req == 0xff) { retmaj = GSS_S_FAILURE; goto done; @@ -779,7 +776,8 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, } else { ctx = (struct gssntlm_ctx *)(*context_handle); - if (ctx->role != GSSNTLM_SERVER) { + if (!gssntlm_role_is_server(ctx)) { + retmin = EINVAL; retmaj = GSS_S_NO_CONTEXT; goto done; } @@ -1060,7 +1058,7 @@ uint32_t gssntlm_inquire_context(uint32_t *minor_status, } if (locally_initiated) { - if (ctx->role == GSSNTLM_CLIENT) { + if (gssntlm_role_is_client(ctx)) { *locally_initiated = 1; } else { *locally_initiated = 0; |