r1200: Add 'gensec', our generic security layer.

This layer is used for DCERPC security, as well as ntlm_auth at this
time.  It expect things like SASL and the CIFS layer to use it as
well.

The particular purpose of this layer is to introduce SPENGO, which
needs generic access to the actual implementation mechanisms.

Schannel, due to it's 'interesting' setup properties is in GENSEC, but
is only in the RPC code.

Andrew Bartlett
(This used to be commit 902af49006fb8cfecaadd3cc0c10e2e542083fb1)

1 files changed, 30 insertions, 3 deletions

diff --git a/source4/libcli/auth/spnego.h b/source4/libcli/auth/spnego.h
index e30fa13d26..890301314b 100644
--- a/source4/libcli/auth/spnego.h
+++ b/source4/libcli/auth/spnego.h
@@ -23,6 +23,12 @@
 
 #ifndef SAMBA_SPNEGO_H
 #define SAMBA_SPNEGO_H
+/* SPNEGO mode */
+enum spnego_role
+{
+	SPNEGO_SERVER,
+	SPNEGO_CLIENT
+};
 
 #define SPNEGO_DELEG_FLAG    0x01
 #define SPNEGO_MUTUAL_FLAG   0x02
@@ -33,9 +39,6 @@
 #define SPNEGO_INTEG_FLAG    0x40
 #define SPNEGO_REQ_FLAG      0x80
 
-#define SPNEGO_NEG_TOKEN_INIT 0
-#define SPNEGO_NEG_TOKEN_TARG 1
-
 typedef enum _spnego_negResult {
 	SPNEGO_ACCEPT_COMPLETED = 0,
 	SPNEGO_ACCEPT_INCOMPLETE = 1,
@@ -62,4 +65,28 @@ struct spnego_data {
 	struct spnego_negTokenTarg negTokenTarg;
 };
 
+enum spnego_message_type {
+	SPNEGO_NEG_TOKEN_INIT = 0, 
+	SPNEGO_NEG_TOKEN_TARG = 1,
+};
+
+enum spnego_state_position {
+	SPNEGO_SERVER_START,
+	SPNEGO_CLIENT_GET_MECHS,
+	SPNEGO_CLIENT_SEND_MECHS,
+	SPNEGO_TARG,
+	SPNEGO_FALLBACK,
+	SPNEGO_DONE
+};
+
+struct spnego_state {
+	TALLOC_CTX *mem_ctx;
+	uint_t ref_count;
+	enum spnego_role role;
+	enum spnego_message_type expected_packet;
+	enum spnego_message_type state_position;
+	negResult_t result;
+	struct gensec_security sub_sec_security;
+};
+
 #endif