diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-12-11 08:31:46 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:47:16 -0500 |
commit | 172a8b477eec45b016ddcf0d4b74eba220eaf30b (patch) | |
tree | b9dbdcd90bcdb1cf0a3ccd8d14f07efade45a1f4 /source4/auth/credentials | |
parent | f4f1d37b4843f1c529d72a4d0bb3df71c0e47dcb (diff) | |
download | samba-172a8b477eec45b016ddcf0d4b74eba220eaf30b.tar.gz samba-172a8b477eec45b016ddcf0d4b74eba220eaf30b.tar.bz2 samba-172a8b477eec45b016ddcf0d4b74eba220eaf30b.zip |
r12179: Allow our KDC to use LDAP to get to the backend database.
To avoid a circular depenency, it is not allowed to use Krb5 as an
authentication mechanism, so this must be removed from the list. An
extension to the credentials system allows this function.
Also remove proto.h use for any of the KDC, and use NTSTATUS returns
in more places.
Andrew Bartlett
(This used to be commit 5f9dddd02c9c821675d2ccd07561a55edcd7f5b4)
Diffstat (limited to 'source4/auth/credentials')
-rw-r--r-- | source4/auth/credentials/credentials_gensec.c | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/source4/auth/credentials/credentials_gensec.c b/source4/auth/credentials/credentials_gensec.c index 077e4689ec..fcaa760ed4 100644 --- a/source4/auth/credentials/credentials_gensec.c +++ b/source4/auth/credentials/credentials_gensec.c @@ -24,8 +24,53 @@ const struct gensec_security_ops **cli_credentials_gensec_list(struct cli_credentials *creds) { - if (!creds->gensec_list) { + if (!creds || !creds->gensec_list) { return gensec_security_all(); } return creds->gensec_list; } + +static NTSTATUS cli_credentials_gensec_remove_mech(struct cli_credentials *creds, + const struct gensec_security_ops *remove_mech) +{ + const struct gensec_security_ops **gensec_list; + const struct gensec_security_ops **new_gensec_list; + int i, j; + + gensec_list = cli_credentials_gensec_list(creds); + + for (i=0; gensec_list && gensec_list[i]; i++) { + /* noop */ + } + + new_gensec_list = talloc_array(creds, const struct gensec_security_ops *, i + 1); + if (!new_gensec_list) { + return NT_STATUS_NO_MEMORY; + } + + j = 0; + for (i=0; gensec_list && gensec_list[i]; i++) { + if (gensec_list[i] != remove_mech) { + new_gensec_list[j] = gensec_list[i]; + j++; + } + } + new_gensec_list[j] = NULL; + + creds->gensec_list = new_gensec_list; + + return NT_STATUS_OK; +} + +NTSTATUS cli_credentials_gensec_remove_oid(struct cli_credentials *creds, + const char *oid) +{ + const struct gensec_security_ops *gensec_by_oid; + + gensec_by_oid = gensec_security_by_oid(NULL, oid); + if (!gensec_by_oid) { + return NT_STATUS_OK; + } + + return cli_credentials_gensec_remove_mech(creds, gensec_by_oid); +} |