diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-08-27 16:24:05 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-08-27 16:24:05 +1000 |
commit | 031d145e382fd545f43fa1cd72c10e1469034659 (patch) | |
tree | e20f3ec4d8368fb179957bc821f7831f5b1d80e2 /source4/auth | |
parent | aa14b40c5ca583a615ce9f10f1bd8177f62444e7 (diff) | |
download | samba-031d145e382fd545f43fa1cd72c10e1469034659.tar.gz samba-031d145e382fd545f43fa1cd72c10e1469034659.tar.bz2 samba-031d145e382fd545f43fa1cd72c10e1469034659.zip |
Put the internal gensec_gssapi state into a header.
This will allow a torture suite to inspect some otherwise internal
details.
Andrew Bartlett
(This used to be commit 9701149ef75f9771f42000e2b6f44963abfee938)
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 44 | ||||
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.h | 68 |
2 files changed, 69 insertions, 43 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 20d08078be..20576256c2 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -38,49 +38,7 @@ #include "auth/session_proto.h" #include <gssapi/gssapi.h> #include <gssapi/gssapi_krb5.h> - -enum gensec_gssapi_sasl_state -{ - STAGE_GSS_NEG, - STAGE_SASL_SSF_NEG, - STAGE_SASL_SSF_ACCEPT, - STAGE_DONE -}; - -#define NEG_SEAL 0x4 -#define NEG_SIGN 0x2 -#define NEG_NONE 0x1 - -struct gensec_gssapi_state { - gss_ctx_id_t gssapi_context; - struct gss_channel_bindings_struct *input_chan_bindings; - gss_name_t server_name; - gss_name_t client_name; - OM_uint32 want_flags, got_flags; - gss_OID gss_oid; - - DATA_BLOB session_key; - DATA_BLOB pac; - - struct smb_krb5_context *smb_krb5_context; - struct gssapi_creds_container *client_cred; - struct gssapi_creds_container *server_cred; - gss_krb5_lucid_context_v1_t *lucid; - - gss_cred_id_t delegated_cred_handle; - - bool sasl; /* We have two different mechs in this file: One - * for SASL wrapped GSSAPI and another for normal - * GSSAPI */ - enum gensec_gssapi_sasl_state sasl_state; - uint8_t sasl_protection; /* What was negotiated at the SASL - * layer, independent of the GSSAPI - * layer... */ - - size_t max_wrap_buf_size; - int gss_exchange_count; - size_t sig_size; -}; +#include "auth/gensec/gensec_gssapi.h" static size_t gensec_gssapi_max_input_size(struct gensec_security *gensec_security); static size_t gensec_gssapi_max_wrapped_size(struct gensec_security *gensec_security); diff --git a/source4/auth/gensec/gensec_gssapi.h b/source4/auth/gensec/gensec_gssapi.h new file mode 100644 index 0000000000..b55b4391e0 --- /dev/null +++ b/source4/auth/gensec/gensec_gssapi.h @@ -0,0 +1,68 @@ +/* + Unix SMB/CIFS implementation. + + Kerberos backend for GENSEC + + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005 + Copyright (C) Stefan Metzmacher <metze@samba.org> 2004-2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* This structure described here, so the RPC-PAC test can get at the PAC provided */ + +enum gensec_gssapi_sasl_state +{ + STAGE_GSS_NEG, + STAGE_SASL_SSF_NEG, + STAGE_SASL_SSF_ACCEPT, + STAGE_DONE +}; + +#define NEG_SEAL 0x4 +#define NEG_SIGN 0x2 +#define NEG_NONE 0x1 + +struct gensec_gssapi_state { + gss_ctx_id_t gssapi_context; + struct gss_channel_bindings_struct *input_chan_bindings; + gss_name_t server_name; + gss_name_t client_name; + OM_uint32 want_flags, got_flags; + gss_OID gss_oid; + + DATA_BLOB session_key; + DATA_BLOB pac; + + struct smb_krb5_context *smb_krb5_context; + struct gssapi_creds_container *client_cred; + struct gssapi_creds_container *server_cred; + gss_krb5_lucid_context_v1_t *lucid; + + gss_cred_id_t delegated_cred_handle; + + bool sasl; /* We have two different mechs in this file: One + * for SASL wrapped GSSAPI and another for normal + * GSSAPI */ + enum gensec_gssapi_sasl_state sasl_state; + uint8_t sasl_protection; /* What was negotiated at the SASL + * layer, independent of the GSSAPI + * layer... */ + + size_t max_wrap_buf_size; + int gss_exchange_count; + size_t sig_size; +}; + |