diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-12-31 22:45:11 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:07:53 -0500 |
commit | 9a6671cf9529fd7817c5ef266da3d3bea46a88c0 (patch) | |
tree | e6e943be7351713665c90f962078ac0676c2d036 /source4/librpc | |
parent | be1bbf317b03b15c21ea0f41accfb285699e153f (diff) | |
download | samba-9a6671cf9529fd7817c5ef266da3d3bea46a88c0.tar.gz samba-9a6671cf9529fd7817c5ef266da3d3bea46a88c0.tar.bz2 samba-9a6671cf9529fd7817c5ef266da3d3bea46a88c0.zip |
r4459: GENSEC refinements:
In developing a GSSAPI plugin for GENSEC, it became clear that the API
needed to change:
- GSSAPI exposes only a wrap() and unwrap() interface, and determines
the location of the signature itself.
- The 'have feature' API did not correctly function in the recursive
SPNEGO environment.
As such, NTLMSSP has been updated to support these methods.
The LDAP client and server have been updated to use the new wrap() and
unwrap() methods, and now pass the LDAP-* tests in our smbtorture.
(Unfortunely I still get valgrind warnings, in the code that was
previously unreachable).
Andrew Bartlett
(This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6)
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 6df48b7dd3..d58f58625e 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -289,10 +289,6 @@ static NTSTATUS dcerpc_schannel_start(struct gensec_security *gensec_security) dce_schan_state->state = DCERPC_SCHANNEL_STATE_START; gensec_security->private_data = dce_schan_state; - gensec_security->have_features = - GENSEC_FEATURE_SESSION_KEY | - GENSEC_FEATURE_SIGN | - GENSEC_FEATURE_SEAL; talloc_set_destructor(dce_schan_state, dcerpc_schannel_destroy); @@ -513,6 +509,18 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, creds); } +static BOOL dcerpc_schannel_have_feature(struct gensec_security *gensec_security, + uint32 feature) +{ + if (feature & (GENSEC_FEATURE_SESSION_KEY | + GENSEC_FEATURE_SIGN | + GENSEC_FEATURE_SEAL)) { + return True; + } + return False; +} + + static const struct gensec_security_ops gensec_dcerpc_schannel_security_ops = { .name = "dcerpc_schannel", .auth_type = DCERPC_AUTH_TYPE_SCHANNEL, @@ -526,6 +534,7 @@ static const struct gensec_security_ops gensec_dcerpc_schannel_security_ops = { .session_key = dcerpc_schannel_session_key, .session_info = dcerpc_schannel_session_info, .sig_size = dcerpc_schannel_sig_size, + .have_feature = dcerpc_schannel_have_feature }; NTSTATUS gensec_dcerpc_schannel_init(void) |