r12060: Work towards allowing the credentials system to allow/deny certain

GENSEC mechansims.  This will allow a machine join to an NT4 domain to
avoid even trying kerberos, or a sensitive operation to require it.

Andrew Bartlett
(This used to be commit 11c7a89e523f85afd728d5e5f03bb084dc620244)

3 files changed, 8 insertions, 3 deletions

diff --git a/source4/auth/credentials/config.mk b/source4/auth/credentials/config.mk
index 5e3299784e..00d8319739 100644
--- a/source4/auth/credentials/config.mk
+++ b/source4/auth/credentials/config.mk
@@ -4,9 +4,10 @@
 INIT_OBJ_FILES = credentials.o
 ADD_OBJ_FILES = credentials_files.o \
 		credentials_krb5.o \
-		credentials_ntlm.o
+		credentials_ntlm.o \
+		credentials_gensec.o 
 REQUIRED_SUBSYSTEMS = \
-		HEIMDAL
-# End SUBSYSTEM GENSEC
+		HEIMDAL GENSEC
+# End SUBSYSTEM CREDENTIALS
 #################################
 
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 75c6795e73..22b7772182 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -55,6 +55,7 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
 	cred->smb_krb5_context = NULL;
 	cred->salt_principal = NULL;
 	cred->machine_account = False;
+	cred->gensec_list = NULL;
 
 	return cred;
 }
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index 81773aa70a..ec6f1aa619 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -91,4 +91,7 @@ struct cli_credentials {
 	
 	/* Is this a machine account? */
 	BOOL machine_account;
+
+	/* A list of valid GENSEC mechanisms for use on this account */
+	struct gensec_security_ops **gensec_list;
 };