auth/gensec: keep a pointer to a possible child/sub gensec_security context

This is a hack in order to temporary implement something like:
gensec_ntlmssp_server_domain(), which may be used within spnego.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5e913af833721733c4f79f2636fc3ae19d5f42f0)

diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h
index 45a66f8a4bc45c6bfbe32d29b56bf0910cf061f0..27511966ca9ad17fd64d49454a78b178b0400886 100644 (file)
--- a/auth/gensec/gensec_internal.h
+++ b/auth/gensec/gensec_internal.h
@@ -110,6 +110,8 @@ struct gensec_security {
         * NTLM authentication backend, and user lookup (such as if no
         * PAC is found) */
        struct auth4_context *auth_context;
+
+       struct gensec_security *child_security;
 };
 
 /* this structure is used by backends to determine the size of some critical types */

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 85b13e99d0f3011fd20a1761733dbc4ed4408cef..74ed23437dccf0f0645a98d43b966daeb6fe92ca 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1260,6 +1260,9 @@ static NTSTATUS gensec_spnego_update_wrapper(struct gensec_security *gensec_secu
                                      &spnego_state->out_frag);
        data_blob_free(&spnego_state->in_frag);
        spnego_state->in_needed = 0;
+       if (NT_STATUS_IS_OK(status)) {
+               gensec_security->child_security = spnego_state->sub_sec_security;
+       }
        if (!NT_STATUS_IS_OK(status) &&
            !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                return status;