From f256a9c55e4785e4383a0546e75bba355a51fa04 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 4 Feb 2006 09:53:50 +0000 Subject: r13342: Make the GSSAPI SASL mech actually work, by (shock horror) reading the spec. GSSAPI differs from GSS-SPNEGO in an additional 3 packets, negotiating a buffer size and what integrity protection/privacy should be used. I worked off draft-ietf-sasl-gssapi-03, and this works against Win2k3. I'm doing this in the hope that Apple clients as well as SASL-based LDAP tools may get a bit further. I still can't get ldapsearch to work, it fails with the ever-helpful 'Local error'. Andrew Bartlett (This used to be commit 3e462897754b30306c1983af2d137329dd937ad6) --- source4/auth/gensec/gensec.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) (limited to 'source4/auth/gensec/gensec.c') diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 0832f2b07a..72c7f96cf6 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -221,9 +221,9 @@ static const struct gensec_security_ops *gensec_security_by_name(struct gensec_s * attached to the gensec_security, and return in our preferred order. */ -const struct gensec_security_ops **gensec_security_by_sasl(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const char **sasl_names) +const struct gensec_security_ops **gensec_security_by_sasl_list(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const char **sasl_names) { const struct gensec_security_ops **backends_out; struct gensec_security_ops **backends; @@ -686,6 +686,33 @@ NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, return gensec_start_mech(gensec_security); } +/** + * Start a GENSEC sub-mechanism with the preferred option from a SASL name list + * + */ + +NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security, + const char **sasl_names) +{ + NTSTATUS nt_status; + TALLOC_CTX *mem_ctx = talloc_new(gensec_security); + const struct gensec_security_ops **ops; + if (!mem_ctx) { + return NT_STATUS_NO_MEMORY; + } + ops = gensec_security_by_sasl_list(gensec_security, mem_ctx, sasl_names); + if (!ops || !*ops) { + DEBUG(3, ("Could not find GENSEC backend for any of sasl_name = %s\n", + str_list_join(mem_ctx, + sasl_names, ' '))); + talloc_free(mem_ctx); + return NT_STATUS_INVALID_PARAMETER; + } + nt_status = gensec_start_mech_by_ops(gensec_security, ops[0]); + talloc_free(mem_ctx); + return nt_status; +} + /** * Start a GENSEC sub-mechanism by an internal name * -- cgit