s4:gensec: pass down want_features to the spnego backend mech

metze

diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 0edb34d7403fc7d048314ac3d005bf2128bb202f..5d57383d2a853a3529ef4e16ceea4e90444d6778 100644 (file)
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -490,6 +490,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
        NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
 
        (*gensec_security)->ops = NULL;
+       (*gensec_security)->private_data = NULL;
 
        ZERO_STRUCT((*gensec_security)->target);
        ZERO_STRUCT((*gensec_security)->peer_addr);
@@ -525,6 +526,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
        (*gensec_security)->private_data = NULL;
 
        (*gensec_security)->subcontext = true;
+       (*gensec_security)->want_features = parent->want_features;
        (*gensec_security)->event_ctx = parent->event_ctx;
        (*gensec_security)->msg_ctx = parent->msg_ctx;
        (*gensec_security)->lp_ctx = parent->lp_ctx;
@@ -1015,7 +1017,11 @@ _PUBLIC_ NTSTATUS gensec_update_recv(struct gensec_update_request *req, TALLOC_C
 _PUBLIC_ void gensec_want_feature(struct gensec_security *gensec_security,
                         uint32_t feature) 
 {
-       gensec_security->want_features |= feature;
+       if (!gensec_security->ops || !gensec_security->ops->want_feature) {
+               gensec_security->want_features |= feature;
+               return;
+       }
+       gensec_security->ops->want_feature(gensec_security, feature);
 }
 
 /** 

diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 84fc26d1271fc778a62efb96b79cba91d55a3125..0b31882ddd6865d95b4f2fc63018393ce5a3de2b 100644 (file)
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -133,6 +133,8 @@ struct gensec_security_ops {
        NTSTATUS (*session_key)(struct gensec_security *gensec_security, DATA_BLOB *session_key);
        NTSTATUS (*session_info)(struct gensec_security *gensec_security, 
                                 struct auth_session_info **session_info); 
+       void (*want_feature)(struct gensec_security *gensec_security,
+                                   uint32_t feature);
        bool (*have_feature)(struct gensec_security *gensec_security,
                                    uint32_t feature); 
        bool enabled;

diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index 1855e0583d71af366fadd22b4f150ff15fc42076..bf991616bd06eeccf77e9ae671eb296079f3b15d 100644 (file)
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -1094,6 +1094,20 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
        return NT_STATUS_INVALID_PARAMETER;
 }
 
+static void gensec_spnego_want_feature(struct gensec_security *gensec_security,
+                                      uint32_t feature)
+{
+       struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
+
+       if (!spnego_state || !spnego_state->sub_sec_security) {
+               gensec_security->want_features |= feature;
+               return;
+       }
+
+       gensec_want_feature(spnego_state->sub_sec_security,
+                           feature);
+}
+
 static bool gensec_spnego_have_feature(struct gensec_security *gensec_security,
                                       uint32_t feature) 
 {
@@ -1133,6 +1147,7 @@ static const struct gensec_security_ops gensec_spnego_security_ops = {
        .unwrap_packets   = gensec_spnego_unwrap_packets,
        .session_key      = gensec_spnego_session_key,
        .session_info     = gensec_spnego_session_info,
+       .want_feature     = gensec_spnego_want_feature,
        .have_feature     = gensec_spnego_have_feature,
        .enabled          = true,
        .priority         = GENSEC_SPNEGO