svn commit: samba r13207 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules kdc

Sat Jan 28 12:19:21 GMT 2006

Author: abartlet
Date: 2006-01-28 12:19:20 +0000 (Sat, 28 Jan 2006)
New Revision: 13207

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13207

Log:
Use the new API for using/not using kerbeors in hdb-ldb.c

Update the rootdse module to use the new schema.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c
   branches/SAMBA_4_0/source/kdc/hdb-ldb.c


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c
===================================================================

--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c	2006-01-28 12:15:24 UTC (rev 13206)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c	2006-01-28 12:19:20 UTC (rev 13207)
@@ -83,7 +83,11 @@
 	server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"), 
 				       struct cli_credentials);
 	if (do_attribute(s->attrs, "supportedSASLMechanisms")) {
-		const struct gensec_security_ops **ops = cli_credentials_gensec_list(server_creds);
+		struct gensec_security_ops **backends = gensec_security_all();
+		enum credentials_use_kerberos use_kerberos
+			= cli_credentials_get_kerberos_state(server_creds);
+		struct gensec_security_ops **ops
+			= gensec_use_kerberos_mechs(req, backends, use_kerberos);
 		int i;
 		for (i = 0; ops && ops[i]; i++) {
 			if (ops[i]->sasl_name) {

Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c	2006-01-28 12:15:24 UTC (rev 13206)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c	2006-01-28 12:19:20 UTC (rev 13207)
@@ -958,6 +958,7 @@
 {
 	NTSTATUS nt_status;
 	struct auth_session_info *session_info;
+	struct gensec_security_ops **not_kerberos_list;
 	*db = talloc(mem_ctx, HDB);
 	if (!*db) {
 		krb5_set_error_string(context, "malloc: out of memory");
@@ -980,11 +981,8 @@
 	 * certificates, for now it will almost certainly be NTLMSSP
 	*/
 	
-	nt_status = cli_credentials_gensec_remove_oid(session_info->credentials, 
-						      GENSEC_OID_KERBEROS5);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		return nt_status;
-	}
+	cli_credentials_set_kerberos_state(session_info->credentials, 
+					   CRED_DONT_USE_KERBEROS);
 
 	/* Setup the link to LDB */
 	(*db)->hdb_db = samdb_connect(*db, session_info);

