s3-librpc Call GSSAPI via the auth_generic layer and gensec

This simplifies a lot of code, as we know we are always dealing with a
struct gensec_security, and allows the gensec module being used to
implement GSSAPI to be swapped when required for AD-server operation.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>

1 files changed, 6 insertions, 1 deletions

diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index e73c27b5eb..b2b862ee1c 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -29,6 +29,7 @@
 #ifdef HAVE_KRB5
 #include "libcli/auth/krb5_wrap.h"
 #endif
+#include "librpc/crypto/gse.h"
 
 static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
 						TALLOC_CTX *mem_ctx,
@@ -196,7 +197,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		gensec_settings->backends = talloc_zero_array(gensec_settings, struct gensec_security_ops *, 2);
+		gensec_settings->backends = talloc_zero_array(gensec_settings, struct gensec_security_ops *, 3);
 		if (gensec_settings->backends == NULL) {
 			TALLOC_FREE(tmp_ctx);
 			return NT_STATUS_NO_MEMORY;
@@ -204,6 +205,10 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
 
 		gensec_settings->backends[0] = &gensec_ntlmssp3_server_ops;
 
+#if defined(HAVE_KRB5) && defined(HAVE_GSS_WRAP_IOV)
+		gensec_settings->backends[1] = &gensec_gse_krb5_security_ops;
+#endif
+
 		nt_status = gensec_server_start(tmp_ctx, gensec_settings,
 						auth4_context, &gensec_security);