summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-08-27 16:24:05 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-08-27 16:24:05 +1000
commit031d145e382fd545f43fa1cd72c10e1469034659 (patch)
treee20f3ec4d8368fb179957bc821f7831f5b1d80e2 /source4/auth
parentaa14b40c5ca583a615ce9f10f1bd8177f62444e7 (diff)
downloadsamba-031d145e382fd545f43fa1cd72c10e1469034659.tar.gz
samba-031d145e382fd545f43fa1cd72c10e1469034659.tar.bz2
samba-031d145e382fd545f43fa1cd72c10e1469034659.zip
Put the internal gensec_gssapi state into a header.
This will allow a torture suite to inspect some otherwise internal details. Andrew Bartlett (This used to be commit 9701149ef75f9771f42000e2b6f44963abfee938)
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c44
-rw-r--r--source4/auth/gensec/gensec_gssapi.h68
2 files changed, 69 insertions, 43 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 20d08078be..20576256c2 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -38,49 +38,7 @@
#include "auth/session_proto.h"
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_krb5.h>
-
-enum gensec_gssapi_sasl_state
-{
- STAGE_GSS_NEG,
- STAGE_SASL_SSF_NEG,
- STAGE_SASL_SSF_ACCEPT,
- STAGE_DONE
-};
-
-#define NEG_SEAL 0x4
-#define NEG_SIGN 0x2
-#define NEG_NONE 0x1
-
-struct gensec_gssapi_state {
- gss_ctx_id_t gssapi_context;
- struct gss_channel_bindings_struct *input_chan_bindings;
- gss_name_t server_name;
- gss_name_t client_name;
- OM_uint32 want_flags, got_flags;
- gss_OID gss_oid;
-
- DATA_BLOB session_key;
- DATA_BLOB pac;
-
- struct smb_krb5_context *smb_krb5_context;
- struct gssapi_creds_container *client_cred;
- struct gssapi_creds_container *server_cred;
- gss_krb5_lucid_context_v1_t *lucid;
-
- gss_cred_id_t delegated_cred_handle;
-
- bool sasl; /* We have two different mechs in this file: One
- * for SASL wrapped GSSAPI and another for normal
- * GSSAPI */
- enum gensec_gssapi_sasl_state sasl_state;
- uint8_t sasl_protection; /* What was negotiated at the SASL
- * layer, independent of the GSSAPI
- * layer... */
-
- size_t max_wrap_buf_size;
- int gss_exchange_count;
- size_t sig_size;
-};
+#include "auth/gensec/gensec_gssapi.h"
static size_t gensec_gssapi_max_input_size(struct gensec_security *gensec_security);
static size_t gensec_gssapi_max_wrapped_size(struct gensec_security *gensec_security);
diff --git a/source4/auth/gensec/gensec_gssapi.h b/source4/auth/gensec/gensec_gssapi.h
new file mode 100644
index 0000000000..b55b4391e0
--- /dev/null
+++ b/source4/auth/gensec/gensec_gssapi.h
@@ -0,0 +1,68 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Kerberos backend for GENSEC
+
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+ Copyright (C) Stefan Metzmacher <metze@samba.org> 2004-2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* This structure described here, so the RPC-PAC test can get at the PAC provided */
+
+enum gensec_gssapi_sasl_state
+{
+ STAGE_GSS_NEG,
+ STAGE_SASL_SSF_NEG,
+ STAGE_SASL_SSF_ACCEPT,
+ STAGE_DONE
+};
+
+#define NEG_SEAL 0x4
+#define NEG_SIGN 0x2
+#define NEG_NONE 0x1
+
+struct gensec_gssapi_state {
+ gss_ctx_id_t gssapi_context;
+ struct gss_channel_bindings_struct *input_chan_bindings;
+ gss_name_t server_name;
+ gss_name_t client_name;
+ OM_uint32 want_flags, got_flags;
+ gss_OID gss_oid;
+
+ DATA_BLOB session_key;
+ DATA_BLOB pac;
+
+ struct smb_krb5_context *smb_krb5_context;
+ struct gssapi_creds_container *client_cred;
+ struct gssapi_creds_container *server_cred;
+ gss_krb5_lucid_context_v1_t *lucid;
+
+ gss_cred_id_t delegated_cred_handle;
+
+ bool sasl; /* We have two different mechs in this file: One
+ * for SASL wrapped GSSAPI and another for normal
+ * GSSAPI */
+ enum gensec_gssapi_sasl_state sasl_state;
+ uint8_t sasl_protection; /* What was negotiated at the SASL
+ * layer, independent of the GSSAPI
+ * layer... */
+
+ size_t max_wrap_buf_size;
+ int gss_exchange_count;
+ size_t sig_size;
+};
+