From 172a8b477eec45b016ddcf0d4b74eba220eaf30b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 11 Dec 2005 08:31:46 +0000 Subject: r12179: Allow our KDC to use LDAP to get to the backend database. To avoid a circular depenency, it is not allowed to use Krb5 as an authentication mechanism, so this must be removed from the list. An extension to the credentials system allows this function. Also remove proto.h use for any of the KDC, and use NTSTATUS returns in more places. Andrew Bartlett (This used to be commit 5f9dddd02c9c821675d2ccd07561a55edcd7f5b4) --- source4/auth/credentials/credentials_gensec.c | 47 ++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) (limited to 'source4/auth/credentials') diff --git a/source4/auth/credentials/credentials_gensec.c b/source4/auth/credentials/credentials_gensec.c index 077e4689ec..fcaa760ed4 100644 --- a/source4/auth/credentials/credentials_gensec.c +++ b/source4/auth/credentials/credentials_gensec.c @@ -24,8 +24,53 @@ const struct gensec_security_ops **cli_credentials_gensec_list(struct cli_credentials *creds) { - if (!creds->gensec_list) { + if (!creds || !creds->gensec_list) { return gensec_security_all(); } return creds->gensec_list; } + +static NTSTATUS cli_credentials_gensec_remove_mech(struct cli_credentials *creds, + const struct gensec_security_ops *remove_mech) +{ + const struct gensec_security_ops **gensec_list; + const struct gensec_security_ops **new_gensec_list; + int i, j; + + gensec_list = cli_credentials_gensec_list(creds); + + for (i=0; gensec_list && gensec_list[i]; i++) { + /* noop */ + } + + new_gensec_list = talloc_array(creds, const struct gensec_security_ops *, i + 1); + if (!new_gensec_list) { + return NT_STATUS_NO_MEMORY; + } + + j = 0; + for (i=0; gensec_list && gensec_list[i]; i++) { + if (gensec_list[i] != remove_mech) { + new_gensec_list[j] = gensec_list[i]; + j++; + } + } + new_gensec_list[j] = NULL; + + creds->gensec_list = new_gensec_list; + + return NT_STATUS_OK; +} + +NTSTATUS cli_credentials_gensec_remove_oid(struct cli_credentials *creds, + const char *oid) +{ + const struct gensec_security_ops *gensec_by_oid; + + gensec_by_oid = gensec_security_by_oid(NULL, oid); + if (!gensec_by_oid) { + return NT_STATUS_OK; + } + + return cli_credentials_gensec_remove_mech(creds, gensec_by_oid); +} -- cgit