r13207: Use the new API for using/not using kerbeors in hdb-ldb.c

Update the rootdse module to use the new schema.

Andrew Bartlett
(This used to be commit b0b150d08ac39ed486071487826da2e306db6a0b)

diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 0bf63f30aecf6128bfcd5d5adb7e9630d4e6eba4..fc1bfa824e559272cc84b75be9125682d2a769e4 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -83,7 +83,11 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re
        server_creds = talloc_get_type(ldb_get_opaque(module->ldb, "server_credentials"), 
                                       struct cli_credentials);
        if (do_attribute(s->attrs, "supportedSASLMechanisms")) {
-               const struct gensec_security_ops **ops = cli_credentials_gensec_list(server_creds);
+               struct gensec_security_ops **backends = gensec_security_all();
+               enum credentials_use_kerberos use_kerberos
+                       = cli_credentials_get_kerberos_state(server_creds);
+               struct gensec_security_ops **ops
+                       = gensec_use_kerberos_mechs(req, backends, use_kerberos);
                int i;
                for (i = 0; ops && ops[i]; i++) {
                        if (ops[i]->sasl_name) {

diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index a155e24e7e565789f50c8c7cfdb6c4b301eaf587..86c1b048a7edde595cf6acb2f63b671d41823bba 100644 (file)
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -958,6 +958,7 @@ NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx,
 {
        NTSTATUS nt_status;
        struct auth_session_info *session_info;
+       struct gensec_security_ops **not_kerberos_list;
        *db = talloc(mem_ctx, HDB);
        if (!*db) {
                krb5_set_error_string(context, "malloc: out of memory");
@@ -980,11 +981,8 @@ NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx,
         * certificates, for now it will almost certainly be NTLMSSP
        */
        
-       nt_status = cli_credentials_gensec_remove_oid(session_info->credentials, 
-                                                     GENSEC_OID_KERBEROS5);
-       if (!NT_STATUS_IS_OK(nt_status)) {
-               return nt_status;
-       }
+       cli_credentials_set_kerberos_state(session_info->credentials, 
+                                          CRED_DONT_USE_KERBEROS);
 
        /* Setup the link to LDB */
        (*db)->hdb_db = samdb_connect(*db, session_info);