summaryrefslogtreecommitdiff
path: root/source4/librpc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-12-31 22:45:11 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:07:53 -0500
commit9a6671cf9529fd7817c5ef266da3d3bea46a88c0 (patch)
treee6e943be7351713665c90f962078ac0676c2d036 /source4/librpc
parentbe1bbf317b03b15c21ea0f41accfb285699e153f (diff)
downloadsamba-9a6671cf9529fd7817c5ef266da3d3bea46a88c0.tar.gz
samba-9a6671cf9529fd7817c5ef266da3d3bea46a88c0.tar.bz2
samba-9a6671cf9529fd7817c5ef266da3d3bea46a88c0.zip
r4459: GENSEC refinements:
In developing a GSSAPI plugin for GENSEC, it became clear that the API needed to change: - GSSAPI exposes only a wrap() and unwrap() interface, and determines the location of the signature itself. - The 'have feature' API did not correctly function in the recursive SPNEGO environment. As such, NTLMSSP has been updated to support these methods. The LDAP client and server have been updated to use the new wrap() and unwrap() methods, and now pass the LDAP-* tests in our smbtorture. (Unfortunely I still get valgrind warnings, in the code that was previously unreachable). Andrew Bartlett (This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6)
Diffstat (limited to 'source4/librpc')
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c17
1 files changed, 13 insertions, 4 deletions
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 6df48b7dd3..d58f58625e 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -289,10 +289,6 @@ static NTSTATUS dcerpc_schannel_start(struct gensec_security *gensec_security)
dce_schan_state->state = DCERPC_SCHANNEL_STATE_START;
gensec_security->private_data = dce_schan_state;
- gensec_security->have_features =
- GENSEC_FEATURE_SESSION_KEY |
- GENSEC_FEATURE_SIGN |
- GENSEC_FEATURE_SEAL;
talloc_set_destructor(dce_schan_state, dcerpc_schannel_destroy);
@@ -513,6 +509,18 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p,
creds);
}
+static BOOL dcerpc_schannel_have_feature(struct gensec_security *gensec_security,
+ uint32 feature)
+{
+ if (feature & (GENSEC_FEATURE_SESSION_KEY |
+ GENSEC_FEATURE_SIGN |
+ GENSEC_FEATURE_SEAL)) {
+ return True;
+ }
+ return False;
+}
+
+
static const struct gensec_security_ops gensec_dcerpc_schannel_security_ops = {
.name = "dcerpc_schannel",
.auth_type = DCERPC_AUTH_TYPE_SCHANNEL,
@@ -526,6 +534,7 @@ static const struct gensec_security_ops gensec_dcerpc_schannel_security_ops = {
.session_key = dcerpc_schannel_session_key,
.session_info = dcerpc_schannel_session_info,
.sig_size = dcerpc_schannel_sig_size,
+ .have_feature = dcerpc_schannel_have_feature
};
NTSTATUS gensec_dcerpc_schannel_init(void)