auth/gensec: keep a pointer to a possible child/sub gensec_security context

This is a hack in order to temporary implement something like:
gensec_ntlmssp_server_domain(), which may be used within spnego.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h
index 45a66f8a4bc45c6bfbe32d29b56bf0910cf061f0..27511966ca9ad17fd64d49454a78b178b0400886 100644 (file)
--- a/auth/gensec/gensec_internal.h
+++ b/auth/gensec/gensec_internal.h
@@ -110,6 +110,8 @@ struct gensec_security {
         * NTLM authentication backend, and user lookup (such as if no
         * PAC is found) */
        struct auth4_context *auth_context;
+
+       struct gensec_security *child_security;
 };
 
 /* this structure is used by backends to determine the size of some critical types */

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 079a2bc79e366b4f482337bacd877f996e63a19c..0079bb8d509a9c5017fd9151d326cdeee4607cf7 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1265,6 +1265,9 @@ static NTSTATUS gensec_spnego_update_wrapper(struct gensec_security *gensec_secu
                                      &spnego_state->out_frag);
        data_blob_free(&spnego_state->in_frag);
        spnego_state->in_needed = 0;
+       if (NT_STATUS_IS_OK(status)) {
+               gensec_security->child_security = spnego_state->sub_sec_security;
+       }
        if (!NT_STATUS_IS_OK(status) &&
            !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                return status;