diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-09-16 09:38:09 -0700 |
---|---|---|
committer | Nadezhda Ivanova <nivanova@symas.com> | 2013-09-16 14:44:28 -0700 |
commit | 3f464ca1f5672491edf5daf15389cf7f2dc68e2b (patch) | |
tree | f9dd6d6390632ac5968e084ef7c5cae7f5c12ec3 /auth/gensec | |
parent | 68f7cd1724480a9bae36692d19b94e10fb1b9e73 (diff) | |
download | samba-3f464ca1f5672491edf5daf15389cf7f2dc68e2b.tar.gz samba-3f464ca1f5672491edf5daf15389cf7f2dc68e2b.tar.bz2 samba-3f464ca1f5672491edf5daf15389cf7f2dc68e2b.zip |
auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech()
This will allow us to force the use of only DIGEST-MD5, for example, which is useful
to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Diffstat (limited to 'auth/gensec')
-rw-r--r-- | auth/gensec/gensec_start.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c index 3ae64d5683..81b6abc2a4 100644 --- a/auth/gensec/gensec_start.c +++ b/auth/gensec/gensec_start.c @@ -668,6 +668,20 @@ _PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, NTSTATUS gensec_start_mech(struct gensec_security *gensec_security) { NTSTATUS status; + + if (gensec_security->credentials) { + const char *forced_mech = cli_credentials_get_forced_sasl_mech(gensec_security->credentials); + if (forced_mech && + (gensec_security->ops->sasl_name == NULL || + strcasecmp(forced_mech, gensec_security->ops->sasl_name) != 0)) { + DEBUG(5, ("GENSEC mechanism %s (%s) skipped, as it " + "did not match forced mechanism %s\n", + gensec_security->ops->name, + gensec_security->ops->sasl_name, + forced_mech)); + return NT_STATUS_INVALID_PARAMETER; + } + } DEBUG(5, ("Starting GENSEC %smechanism %s\n", gensec_security->subcontext ? "sub" : "", gensec_security->ops->name)); |