7 files changed, 59 insertions, 85 deletions
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk
index 8ee942c63a..fea157c40b 100644
--- a/source4/auth/gensec/config.mk
+++ b/source4/auth/gensec/config.mk
@@ -6,9 +6,9 @@ SO_VERSION = 0
 DESCRIPTION = Generic Security Library
 PUBLIC_HEADERS = gensec.h spnego.h
 PUBLIC_PROTO_HEADER = gensec_proto.h
-OBJ_FILES = gensec.o
+OBJ_FILES = gensec.o socket.o
 PUBLIC_DEPENDENCIES = \
-		CREDENTIALS LIBSAMBA-UTIL LIBCRYPTO ASN1_UTIL 
+		CREDENTIALS LIBSAMBA-UTIL LIBCRYPTO ASN1_UTIL samba-socket LIBPACKET
 # End SUBSYSTEM gensec
 #################################
 
@@ -18,7 +18,7 @@ PUBLIC_DEPENDENCIES = \
 SUBSYSTEM = gensec
 INIT_FUNCTION = gensec_krb5_init
 OBJ_FILES = gensec_krb5.o 
-PRIVATE_DEPENDENCIES = CREDENTIALS_KRB5 KERBEROS auth auth_sam
+PRIVATE_DEPENDENCIES = CREDENTIALS KERBEROS auth auth_sam
 # End MODULE gensec_krb5
 ################################################
 
@@ -28,7 +28,7 @@ PRIVATE_DEPENDENCIES = CREDENTIALS_KRB5 KERBEROS auth auth_sam
 SUBSYSTEM = gensec
 INIT_FUNCTION = gensec_gssapi_init
 OBJ_FILES = gensec_gssapi.o 
-PRIVATE_DEPENDENCIES = HEIMDAL_GSSAPI CREDENTIALS_KRB5 KERBEROS 
+PRIVATE_DEPENDENCIES = HEIMDAL_GSSAPI CREDENTIALS KERBEROS 
 # End MODULE gensec_gssapi
 ################################################
 
@@ -48,7 +48,7 @@ PRIVATE_DEPENDENCIES = CREDENTIALS SASL
 SUBSYSTEM = gensec
 INIT_FUNCTION = gensec_spnego_init
 PRIVATE_PROTO_HEADER = spnego_proto.h
-PRIVATE_DEPENDENCIES = ASN1_UTIL GENSEC_SOCKET CREDENTIALS
+PRIVATE_DEPENDENCIES = ASN1_UTIL CREDENTIALS
 OBJ_FILES = spnego.o spnego_parse.o
 # End MODULE gensec_spnego
 ################################################
@@ -61,7 +61,7 @@ PRIVATE_PROTO_HEADER = schannel_proto.h
 INIT_FUNCTION = gensec_schannel_init
 OBJ_FILES = schannel.o \
 			schannel_sign.o
-PRIVATE_DEPENDENCIES = SCHANNELDB NDR_SCHANNEL CREDENTIALS
+PRIVATE_DEPENDENCIES = SCHANNELDB NDR_SCHANNEL CREDENTIALS LIBNDR
 OUTPUT_TYPE = INTEGRATED
 # End MODULE gensec_schannel
 ################################################
@@ -72,19 +72,8 @@ OUTPUT_TYPE = INTEGRATED
 PRIVATE_PROTO_HEADER = schannel_state.h
 OBJ_FILES = \
 		schannel_state.o
-PRIVATE_DEPENDENCIES = LDB_WRAP
+PRIVATE_DEPENDENCIES = LDB_WRAP SAMDB
 #
 # End SUBSYSTEM SCHANNELDB
 ################################################
 
-################################################
-# Start SUBSYSTEM GENSEC_SOCKET
-[SUBSYSTEM::GENSEC_SOCKET]
-OBJ_FILES = \
-		socket.o
-PUBLIC_DEPENDENCIES = samba-socket LIBPACKET
-#PUBLIC_DEPENDENCIES =  gensec
-#
-# End SUBSYSTEM GENSEC_SOCKET
-################################################
-
diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c
index 0bce35e1c5..64a0b2f0c7 100644
--- a/source4/auth/gensec/cyrus_sasl.c
+++ b/source4/auth/gensec/cyrus_sasl.c
@@ -101,7 +101,7 @@ static int gensec_sasl_get_password(sasl_conn_t *conn, void *context, int id,
 		return SASL_NOMEM;
 	}
 	secret->len = strlen(password);
-	safe_strcpy(secret->data, password, secret->len+1);
+	safe_strcpy((char*)secret->data, password, secret->len+1);
 	*psecret = secret;
 	return SASL_OK;
 }
@@ -213,8 +213,9 @@ static NTSTATUS gensec_sasl_update(struct gensec_security *gensec_security,
 		sasl_ret = sasl_client_start(gensec_sasl_state->conn, gensec_security->ops->sasl_name, 
 					     NULL, &out_data, &out_len, &mech);
 	} else {
-		sasl_ret = sasl_client_step(gensec_sasl_state->conn, 
-					    in.data, in.length, NULL, &out_data, &out_len);
+		sasl_ret = sasl_client_step(gensec_sasl_state->conn,
+					    (char*)in.data, in.length, NULL,
+					    &out_data, &out_len);
 	}
 	if (sasl_ret == SASL_OK || sasl_ret == SASL_CONTINUE) {
 		*out = data_blob_talloc(out_mem_ctx, out_data, out_len);
@@ -237,8 +238,9 @@ static NTSTATUS gensec_sasl_unwrap_packets(struct gensec_security *gensec_securi
 	const char *out_data;
 	unsigned int out_len;
 
-	int sasl_ret = sasl_decode(gensec_sasl_state->conn, 
-				   in->data, in->length, &out_data, &out_len);
+	int sasl_ret = sasl_decode(gensec_sasl_state->conn,
+				   (char*)in->data, in->length, &out_data,
+				   &out_len);
 	if (sasl_ret == SASL_OK) {
 		*out = data_blob_talloc(out_mem_ctx, out_data, out_len);
 		*len_processed = in->length;
@@ -260,8 +262,9 @@ static NTSTATUS gensec_sasl_wrap_packets(struct gensec_security *gensec_security
 	const char *out_data;
 	unsigned int out_len;
 
-	int sasl_ret = sasl_encode(gensec_sasl_state->conn, 
-				   in->data, in->length, &out_data, &out_len);
+	int sasl_ret = sasl_encode(gensec_sasl_state->conn,
+				   (char*)in->data, in->length, &out_data,
+				   &out_len);
 	if (sasl_ret == SASL_OK) {
 		*out = data_blob_talloc(out_mem_ctx, out_data, out_len);
 		*len_processed = in->length;
@@ -278,7 +281,8 @@ static bool gensec_sasl_have_feature(struct gensec_security *gensec_security,
 	struct gensec_sasl_state *gensec_sasl_state = talloc_get_type(gensec_security->private_data,
 								      struct gensec_sasl_state);
 	sasl_ssf_t ssf;
-	int sasl_ret = sasl_getprop(gensec_sasl_state->conn, SASL_SSF, &ssf);
+	int sasl_ret = sasl_getprop(gensec_sasl_state->conn, SASL_SSF,
+			(const void**)&ssf);
 	if (sasl_ret != SASL_OK) {
 		return false;
 	}
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index dbedcf091a..3413e5c8ce 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -166,6 +166,37 @@ struct gensec_critical_sizes {
 	int sizeof_gensec_security;
 };
 
+/* Socket wrapper */
+
+struct gensec_security;
+struct socket_context;
+
+NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
+			    struct socket_context *current_socket,
+			    struct event_context *ev,
+			    void (*recv_handler)(void *, uint16_t),
+			    void *recv_private,
+			    struct socket_context **new_socket);
+/* These functions are for use here only (public because SPNEGO must
+ * use them for recursion) */
+NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security, 
+			     TALLOC_CTX *mem_ctx, 
+			     const DATA_BLOB *in, 
+			     DATA_BLOB *out,
+			     size_t *len_processed);
+/* These functions are for use here only (public because SPNEGO must
+ * use them for recursion) */
+NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security, 
+			       TALLOC_CTX *mem_ctx, 
+			       const DATA_BLOB *in, 
+			       DATA_BLOB *out,
+			       size_t *len_processed);
+
+/* These functions are for use here only (public because SPNEGO must
+ * use them for recursion) */
+NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
+				    DATA_BLOB blob, size_t *size);
+
 struct loadparm_context;
 
 #include "auth/gensec/gensec_proto.h"
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index a0b42db141..87fa47646b 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -54,7 +54,7 @@ struct gensec_gssapi_state {
 	gss_name_t server_name;
 	gss_name_t client_name;
 	OM_uint32 want_flags, got_flags;
-	const gss_OID_desc *gss_oid;
+	gss_OID gss_oid;
 
 	DATA_BLOB session_key;
 	DATA_BLOB pac;
@@ -82,7 +82,7 @@ static size_t gensec_gssapi_max_wrapped_size(struct gensec_security *gensec_secu
 
 static char *gssapi_error_string(TALLOC_CTX *mem_ctx, 
 				 OM_uint32 maj_stat, OM_uint32 min_stat, 
-				 const gss_OID_desc *mech)
+				 const gss_OID mech)
 {
 	OM_uint32 disp_min_stat, disp_maj_stat;
 	gss_buffer_desc maj_error_message;
@@ -271,7 +271,7 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi
 		DEBUG(3, ("No machine account credentials specified\n"));
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 	} else {
-		ret = cli_credentials_get_server_gss_creds(machine_account, &gcc);
+		ret = cli_credentials_get_server_gss_creds(machine_account, gensec_security->lp_ctx, &gcc);
 		if (ret) {
 			DEBUG(1, ("Aquiring acceptor credentials failed: %s\n", 
 				  error_message(ret)));
@@ -357,7 +357,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	ret = cli_credentials_get_client_gss_creds(creds, &gcc);
+	ret = cli_credentials_get_client_gss_creds(creds, gensec_security->lp_ctx, &gcc);
 	switch (ret) {
 	case 0:
 		break;
@@ -448,7 +448,7 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
 							gensec_gssapi_state->client_cred->creds,
 							&gensec_gssapi_state->gssapi_context, 
 							gensec_gssapi_state->server_name, 
-							discard_const_p(gss_OID_desc, gensec_gssapi_state->gss_oid),
+							gensec_gssapi_state->gss_oid,
 							gensec_gssapi_state->want_flags, 
 							0, 
 							gensec_gssapi_state->input_chan_bindings,
@@ -1365,6 +1365,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
 		cli_credentials_set_anonymous(session_info->credentials);
 		
 		ret = cli_credentials_set_client_gss_creds(session_info->credentials, 
+							   gensec_security->lp_ctx, 
 							   gensec_gssapi_state->delegated_cred_handle,
 							   CRED_SPECIFIED);
 		if (ret) {
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 282be5a001..5cd0de1ceb 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -246,7 +246,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
 
 	principal = gensec_get_target_principal(gensec_security);
 
-	ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), &ccache_container);
+	ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &ccache_container);
 	switch (ret) {
 	case 0:
 		break;
@@ -444,7 +444,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
 		}	
 
 		/* Grab the keytab, however generated */
-		ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), &keytab);
+		ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &keytab);
 		if (ret) {
 			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 		}
@@ -779,7 +779,7 @@ NTSTATUS gensec_krb5_init(void)
 {
 	NTSTATUS ret;
 
-	auth_init(global_loadparm);
+	auth_init();
 
 	ret = gensec_register(&gensec_krb5_security_ops);
 	if (!NT_STATUS_IS_OK(ret)) {
diff --git a/source4/auth/gensec/socket.h b/source4/auth/gensec/socket.h
deleted file mode 100644
index 83100c65da..0000000000
--- a/source4/auth/gensec/socket.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
- 
-   Generic Authentication Interface (socket wrapper)
-
-   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-struct gensec_security;
-struct socket_context;
-
-NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
-			    struct socket_context *current_socket,
-			    struct event_context *ev,
-			    void (*recv_handler)(void *, uint16_t),
-			    void *recv_private,
-			    struct socket_context **new_socket);
-/* These functions are for use here only (public because SPNEGO must
- * use them for recursion) */
-NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security, 
-			     TALLOC_CTX *mem_ctx, 
-			     const DATA_BLOB *in, 
-			     DATA_BLOB *out,
-			     size_t *len_processed);
-/* These functions are for use here only (public because SPNEGO must
- * use them for recursion) */
-NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security, 
-			       TALLOC_CTX *mem_ctx, 
-			       const DATA_BLOB *in, 
-			       DATA_BLOB *out,
-			       size_t *len_processed);
-
-/* These functions are for use here only (public because SPNEGO must
- * use them for recursion) */
-NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
-				    DATA_BLOB blob, size_t *size);
-
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index 15dabb8033..782aa44c75 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -26,7 +26,6 @@
 #include "librpc/gen_ndr/ndr_dcerpc.h"
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
-#include "auth/gensec/socket.h"
 
 enum spnego_state_position {
 	SPNEGO_SERVER_START,