summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-01-12 21:16:36 +1100
committerStefan Metzmacher <metze@samba.org>2012-01-18 16:23:25 +0100
commit67279780dd5742397918b532b4bc5e89072ab82d (patch)
tree3e5c57a92c1ebcd05611c2b534342f826bd37160 /source3
parent45ec777e0ea78a1194980624ac9127a42b4b29fe (diff)
downloadsamba-67279780dd5742397918b532b4bc5e89072ab82d.tar.gz
samba-67279780dd5742397918b532b4bc5e89072ab82d.tar.bz2
samba-67279780dd5742397918b532b4bc5e89072ab82d.zip
s3-gensec: Add hook to allow gensec to know if kerberos is permitted
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_generic.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index b2b862ee1c..6db761b0b9 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -30,6 +30,7 @@
#include "libcli/auth/krb5_wrap.h"
#endif
#include "librpc/crypto/gse.h"
+#include "auth/credentials/credentials.h"
static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
@@ -175,6 +176,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
struct gensec_settings *gensec_settings;
struct loadparm_context *lp_ctx;
+ struct cli_credentials *server_credentials;
struct auth4_context *auth4_context = talloc_zero(tmp_ctx, struct auth4_context);
if (auth4_context == NULL) {
DEBUG(10, ("failed to allocate auth4_context failed\n"));
@@ -209,6 +211,24 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
gensec_settings->backends[1] = &gensec_gse_krb5_security_ops;
#endif
+ /*
+ * This is anonymous for now, because we just use it
+ * to set the kerberos state at the moment
+ */
+ server_credentials = cli_credentials_init_anon(tmp_ctx);
+ if (!server_credentials) {
+ DEBUG(0, ("auth_generic_prepare: Failed to init server credentials\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ cli_credentials_set_conf(server_credentials, lp_ctx);
+
+ if (lp_security() == SEC_ADS || USE_KERBEROS_KEYTAB) {
+ cli_credentials_set_kerberos_state(server_credentials, CRED_AUTO_USE_KERBEROS);
+ } else {
+ cli_credentials_set_kerberos_state(server_credentials, CRED_DONT_USE_KERBEROS);
+ }
+
nt_status = gensec_server_start(tmp_ctx, gensec_settings,
auth4_context, &gensec_security);
@@ -216,7 +236,11 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
TALLOC_FREE(tmp_ctx);
return nt_status;
}
+
+ gensec_set_credentials(gensec_security, server_credentials);
+
talloc_unlink(tmp_ctx, lp_ctx);
+ talloc_unlink(tmp_ctx, server_credentials);
talloc_unlink(tmp_ctx, gensec_settings);
talloc_unlink(tmp_ctx, auth4_context);
}