summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-01-02 13:06:29 +1100
committerStefan Metzmacher <metze@samba.org>2012-01-18 16:23:22 +0100
commite012ad9d8b7cea3a86841fe92b80627a6d07d459 (patch)
tree7ccd7a5650d5f6d3a21cc7e9846402002419cb12 /source3/auth
parent1b6356298ceeb21ebcb125e239316fb29ff623fc (diff)
downloadsamba-e012ad9d8b7cea3a86841fe92b80627a6d07d459.tar.gz
samba-e012ad9d8b7cea3a86841fe92b80627a6d07d459.tar.bz2
samba-e012ad9d8b7cea3a86841fe92b80627a6d07d459.zip
s3-librpc Call GSSAPI via the auth_generic layer and gensec
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped when required for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_generic.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index e73c27b5eb..b2b862ee1c 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -29,6 +29,7 @@
#ifdef HAVE_KRB5
#include "libcli/auth/krb5_wrap.h"
#endif
+#include "librpc/crypto/gse.h"
static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
@@ -196,7 +197,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- gensec_settings->backends = talloc_zero_array(gensec_settings, struct gensec_security_ops *, 2);
+ gensec_settings->backends = talloc_zero_array(gensec_settings, struct gensec_security_ops *, 3);
if (gensec_settings->backends == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
@@ -204,6 +205,10 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
gensec_settings->backends[0] = &gensec_ntlmssp3_server_ops;
+#if defined(HAVE_KRB5) && defined(HAVE_GSS_WRAP_IOV)
+ gensec_settings->backends[1] = &gensec_gse_krb5_security_ops;
+#endif
+
nt_status = gensec_server_start(tmp_ctx, gensec_settings,
auth4_context, &gensec_security);