In future we have get more backends that can negotiate other backends,
we should keep all of them even if we require kerberos.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
bool enabled;
bool kerberos;
enum gensec_priority priority;
+ bool glue;
};
struct gensec_security_ops_wrapper {
j = 0;
for (i=0; old_gensec_list && old_gensec_list[i]; i++) {
- int oid_idx;
bool keep = false;
- for (oid_idx = 0; old_gensec_list[i]->oid && old_gensec_list[i]->oid[oid_idx]; oid_idx++) {
- if (strcmp(old_gensec_list[i]->oid[oid_idx], GENSEC_OID_SPNEGO) == 0) {
- keep = true;
- break;
- }
- }
+ /*
+ * We want to keep SPNGEO and other backends
+ */
+ keep = old_gensec_list[i]->glue;
if (old_gensec_list[i]->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
keep = keep_schannel;
.expire_time = gensec_child_expire_time,
.final_auth_type = gensec_child_final_auth_type,
.enabled = true,
- .priority = GENSEC_SPNEGO
+ .priority = GENSEC_SPNEGO,
+ .glue = true,
};
_PUBLIC_ NTSTATUS gensec_spnego_init(TALLOC_CTX *ctx)