summaryrefslogtreecommitdiff
path: root/source4/kdc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-02-13 10:24:16 +1100
committerAndrew Bartlett <abartlet@samba.org>2009-02-13 10:24:16 +1100
commit71632a16977a93968b0d520a491a52f635e611a1 (patch)
tree75604f676004c10bdd9c4ee1cfdf917a90ddfc0b /source4/kdc
parent147a2e3440056ec30d8b386901754a58ea3947d1 (diff)
downloadsamba-71632a16977a93968b0d520a491a52f635e611a1.tar.gz
samba-71632a16977a93968b0d520a491a52f635e611a1.tar.bz2
samba-71632a16977a93968b0d520a491a52f635e611a1.zip
Remove auth/ntlm as a dependency of GENSEC by means of function pointers.
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
Diffstat (limited to 'source4/kdc')
-rw-r--r--source4/kdc/kpasswdd.c19
1 files changed, 10 insertions, 9 deletions
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 27968620e0..39817d922b 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -483,14 +483,6 @@ bool kpasswdd_process(struct kdc_server *kdc,
ap_req = data_blob_const(&input->data[header_len], ap_req_len);
krb_priv_req = data_blob_const(&input->data[header_len + ap_req_len], krb_priv_len);
- nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx,
- lp_gensec_settings(tmp_ctx, kdc->task->lp_ctx), kdc->task->msg_ctx,
- &gensec_security);
- if (!NT_STATUS_IS_OK(nt_status)) {
- talloc_free(tmp_ctx);
- return false;
- }
-
server_credentials = cli_credentials_init(tmp_ctx);
if (!server_credentials) {
DEBUG(1, ("Failed to init server credentials\n"));
@@ -517,7 +509,16 @@ bool kpasswdd_process(struct kdc_server *kdc,
return ret;
}
- nt_status = gensec_set_credentials(gensec_security, server_credentials);
+ /* We don't strictly need to call this wrapper, and could call
+ * gensec_server_start directly, as we have no need for NTLM
+ * and we have a PAC, but this ensures that the wrapper can be
+ * safely extended for other helpful things in future */
+ nt_status = samba_server_gensec_start(tmp_ctx, kdc->task->event_ctx,
+ kdc->task->msg_ctx,
+ kdc->task->lp_ctx,
+ server_credentials,
+ "kpasswd",
+ &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return false;