diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-02-04 09:53:50 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:51:46 -0500 |
commit | f256a9c55e4785e4383a0546e75bba355a51fa04 (patch) | |
tree | f64770ce0ce0ed7577c754e455f52f828ddf7365 /source4/auth/gensec/gensec.c | |
parent | cc23a9ba6247fd1c648bffdf29c17358d941ef69 (diff) | |
download | samba-f256a9c55e4785e4383a0546e75bba355a51fa04.tar.gz samba-f256a9c55e4785e4383a0546e75bba355a51fa04.tar.bz2 samba-f256a9c55e4785e4383a0546e75bba355a51fa04.zip |
r13342: Make the GSSAPI SASL mech actually work, by (shock horror) reading the spec.
GSSAPI differs from GSS-SPNEGO in an additional 3 packets, negotiating
a buffer size and what integrity protection/privacy should be used.
I worked off draft-ietf-sasl-gssapi-03, and this works against Win2k3.
I'm doing this in the hope that Apple clients as well as SASL-based
LDAP tools may get a bit further.
I still can't get ldapsearch to work, it fails with the ever-helpful
'Local error'.
Andrew Bartlett
(This used to be commit 3e462897754b30306c1983af2d137329dd937ad6)
Diffstat (limited to 'source4/auth/gensec/gensec.c')
-rw-r--r-- | source4/auth/gensec/gensec.c | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 0832f2b07a..72c7f96cf6 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -221,9 +221,9 @@ static const struct gensec_security_ops *gensec_security_by_name(struct gensec_s * attached to the gensec_security, and return in our preferred order. */ -const struct gensec_security_ops **gensec_security_by_sasl(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const char **sasl_names) +const struct gensec_security_ops **gensec_security_by_sasl_list(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const char **sasl_names) { const struct gensec_security_ops **backends_out; struct gensec_security_ops **backends; @@ -687,6 +687,33 @@ NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, } /** + * Start a GENSEC sub-mechanism with the preferred option from a SASL name list + * + */ + +NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security, + const char **sasl_names) +{ + NTSTATUS nt_status; + TALLOC_CTX *mem_ctx = talloc_new(gensec_security); + const struct gensec_security_ops **ops; + if (!mem_ctx) { + return NT_STATUS_NO_MEMORY; + } + ops = gensec_security_by_sasl_list(gensec_security, mem_ctx, sasl_names); + if (!ops || !*ops) { + DEBUG(3, ("Could not find GENSEC backend for any of sasl_name = %s\n", + str_list_join(mem_ctx, + sasl_names, ' '))); + talloc_free(mem_ctx); + return NT_STATUS_INVALID_PARAMETER; + } + nt_status = gensec_start_mech_by_ops(gensec_security, ops[0]); + talloc_free(mem_ctx); + return nt_status; +} + +/** * Start a GENSEC sub-mechanism by an internal name * */ |