From 83a16a65b5c1bb8435505fe7f3b0cc805048821c Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 8 Aug 2014 09:47:19 -0400
Subject: Improve role management

A server can be standalone or domain member, improve role management
so we can autodetct which role we should assume as a server.
---
 src/gss_ntlmssp.c | 37 +++++++++++++++++++++++++++++++++----
 1 file changed, 33 insertions(+), 4 deletions(-)

(limited to 'src/gss_ntlmssp.c')

diff --git a/src/gss_ntlmssp.c b/src/gss_ntlmssp.c
index e4a6336..666508b 100644
--- a/src/gss_ntlmssp.c
+++ b/src/gss_ntlmssp.c
@@ -28,8 +28,7 @@ const gss_OID_desc gssntlm_oid = {
     .elements = discard_const(GSS_NTLMSSP_OID_STRING)
 };
 
-uint8_t gssntlm_required_security(int security_level,
-                                  enum gssntlm_role role)
+uint8_t gssntlm_required_security(int security_level, struct gssntlm_ctx *ctx)
 {
     uint8_t resp;
 
@@ -51,10 +50,10 @@ uint8_t gssntlm_required_security(int security_level,
         break;
     case 4:
         resp |= SEC_NTLM_OK | SEC_EXT_SEC_OK;
-        if (role == GSSNTLM_DOMAIN_CONTROLLER) resp &= ~SEC_DC_LM_OK;
+        if (ctx->role == GSSNTLM_DOMAIN_CONTROLLER) resp &= ~SEC_DC_LM_OK;
         break;
     case 5:
-        if (role == GSSNTLM_DOMAIN_CONTROLLER) resp = SEC_DC_V2_OK;
+        if (ctx->role == GSSNTLM_DOMAIN_CONTROLLER) resp = SEC_DC_V2_OK;
         resp |= SEC_V2_ONLY | SEC_EXT_SEC_OK;
         break;
     default:
@@ -65,6 +64,36 @@ uint8_t gssntlm_required_security(int security_level,
     return resp;
 }
 
+void gssntlm_set_role(struct gssntlm_ctx *ctx,
+                      int desired, char *nb_domain_name)
+{
+    if (desired == GSSNTLM_CLIENT) {
+        ctx->role = GSSNTLM_CLIENT;
+    } else if (nb_domain_name && *nb_domain_name) {
+        ctx->role = GSSNTLM_DOMAIN_SERVER;
+    } else {
+        ctx->role = GSSNTLM_SERVER;
+    }
+}
+
+bool gssntlm_role_is_client(struct gssntlm_ctx *ctx)
+{
+    return (ctx->role == GSSNTLM_CLIENT);
+}
+
+bool gssntlm_role_is_server(struct gssntlm_ctx *ctx)
+{
+    switch (ctx->role) {
+    case GSSNTLM_SERVER:
+    case GSSNTLM_DOMAIN_SERVER:
+    case GSSNTLM_DOMAIN_CONTROLLER:
+        return true;
+    default:
+        break;
+    }
+    return false;
+}
+
 bool gssntlm_sec_lm_ok(struct gssntlm_ctx *ctx)
 {
     switch (ctx->role) {
-- 
cgit