summaryrefslogtreecommitdiff
path: root/source4/auth/credentials
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-12-11 08:31:46 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:47:16 -0500
commit172a8b477eec45b016ddcf0d4b74eba220eaf30b (patch)
treeb9dbdcd90bcdb1cf0a3ccd8d14f07efade45a1f4 /source4/auth/credentials
parentf4f1d37b4843f1c529d72a4d0bb3df71c0e47dcb (diff)
downloadsamba-172a8b477eec45b016ddcf0d4b74eba220eaf30b.tar.gz
samba-172a8b477eec45b016ddcf0d4b74eba220eaf30b.tar.bz2
samba-172a8b477eec45b016ddcf0d4b74eba220eaf30b.zip
r12179: Allow our KDC to use LDAP to get to the backend database.
To avoid a circular depenency, it is not allowed to use Krb5 as an authentication mechanism, so this must be removed from the list. An extension to the credentials system allows this function. Also remove proto.h use for any of the KDC, and use NTSTATUS returns in more places. Andrew Bartlett (This used to be commit 5f9dddd02c9c821675d2ccd07561a55edcd7f5b4)
Diffstat (limited to 'source4/auth/credentials')
-rw-r--r--source4/auth/credentials/credentials_gensec.c47
1 files changed, 46 insertions, 1 deletions
diff --git a/source4/auth/credentials/credentials_gensec.c b/source4/auth/credentials/credentials_gensec.c
index 077e4689ec..fcaa760ed4 100644
--- a/source4/auth/credentials/credentials_gensec.c
+++ b/source4/auth/credentials/credentials_gensec.c
@@ -24,8 +24,53 @@
const struct gensec_security_ops **cli_credentials_gensec_list(struct cli_credentials *creds)
{
- if (!creds->gensec_list) {
+ if (!creds || !creds->gensec_list) {
return gensec_security_all();
}
return creds->gensec_list;
}
+
+static NTSTATUS cli_credentials_gensec_remove_mech(struct cli_credentials *creds,
+ const struct gensec_security_ops *remove_mech)
+{
+ const struct gensec_security_ops **gensec_list;
+ const struct gensec_security_ops **new_gensec_list;
+ int i, j;
+
+ gensec_list = cli_credentials_gensec_list(creds);
+
+ for (i=0; gensec_list && gensec_list[i]; i++) {
+ /* noop */
+ }
+
+ new_gensec_list = talloc_array(creds, const struct gensec_security_ops *, i + 1);
+ if (!new_gensec_list) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ j = 0;
+ for (i=0; gensec_list && gensec_list[i]; i++) {
+ if (gensec_list[i] != remove_mech) {
+ new_gensec_list[j] = gensec_list[i];
+ j++;
+ }
+ }
+ new_gensec_list[j] = NULL;
+
+ creds->gensec_list = new_gensec_list;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_credentials_gensec_remove_oid(struct cli_credentials *creds,
+ const char *oid)
+{
+ const struct gensec_security_ops *gensec_by_oid;
+
+ gensec_by_oid = gensec_security_by_oid(NULL, oid);
+ if (!gensec_by_oid) {
+ return NT_STATUS_OK;
+ }
+
+ return cli_credentials_gensec_remove_mech(creds, gensec_by_oid);
+}