Put the internal gensec_gssapi state into a header.

This will allow a torture suite to inspect some otherwise internal
details.

Andrew Bartlett

2 files changed, 69 insertions, 43 deletions

diff --git a/source/auth/gensec/gensec_gssapi.c b/source/auth/gensec/gensec_gssapi.c
index 20d08078be4..20576256c28 100644
--- a/source/auth/gensec/gensec_gssapi.c
+++ b/source/auth/gensec/gensec_gssapi.c
@@ -38,49 +38,7 @@
 #include "auth/session_proto.h"
 #include <gssapi/gssapi.h>
 #include <gssapi/gssapi_krb5.h>
-
-enum gensec_gssapi_sasl_state 
-{
-	STAGE_GSS_NEG,
-	STAGE_SASL_SSF_NEG,
-	STAGE_SASL_SSF_ACCEPT,
-	STAGE_DONE
-};
-
-#define NEG_SEAL 0x4
-#define NEG_SIGN 0x2
-#define NEG_NONE 0x1
-
-struct gensec_gssapi_state {
-	gss_ctx_id_t gssapi_context;
-	struct gss_channel_bindings_struct *input_chan_bindings;
-	gss_name_t server_name;
-	gss_name_t client_name;
-	OM_uint32 want_flags, got_flags;
-	gss_OID gss_oid;
-
-	DATA_BLOB session_key;
-	DATA_BLOB pac;
-
-	struct smb_krb5_context *smb_krb5_context;
-	struct gssapi_creds_container *client_cred;
-	struct gssapi_creds_container *server_cred;
-	gss_krb5_lucid_context_v1_t *lucid;
-
-	gss_cred_id_t delegated_cred_handle;
-
-	bool sasl; /* We have two different mechs in this file: One
-		    * for SASL wrapped GSSAPI and another for normal
-		    * GSSAPI */
-	enum gensec_gssapi_sasl_state sasl_state;
-	uint8_t sasl_protection; /* What was negotiated at the SASL
-				  * layer, independent of the GSSAPI
-				  * layer... */
-
-	size_t max_wrap_buf_size;
-	int gss_exchange_count;
-	size_t sig_size;
-};
+#include "auth/gensec/gensec_gssapi.h"
 
 static size_t gensec_gssapi_max_input_size(struct gensec_security *gensec_security);
 static size_t gensec_gssapi_max_wrapped_size(struct gensec_security *gensec_security);
diff --git a/source/auth/gensec/gensec_gssapi.h b/source/auth/gensec/gensec_gssapi.h
new file mode 100644
index 00000000000..b55b4391e0c
--- /dev/null
+++ b/source/auth/gensec/gensec_gssapi.h
@@ -0,0 +1,68 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Kerberos backend for GENSEC
+   
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+   Copyright (C) Stefan Metzmacher <metze@samba.org> 2004-2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* This structure described here, so the RPC-PAC test can get at the PAC provided */
+
+enum gensec_gssapi_sasl_state 
+{
+	STAGE_GSS_NEG,
+	STAGE_SASL_SSF_NEG,
+	STAGE_SASL_SSF_ACCEPT,
+	STAGE_DONE
+};
+
+#define NEG_SEAL 0x4
+#define NEG_SIGN 0x2
+#define NEG_NONE 0x1
+
+struct gensec_gssapi_state {
+	gss_ctx_id_t gssapi_context;
+	struct gss_channel_bindings_struct *input_chan_bindings;
+	gss_name_t server_name;
+	gss_name_t client_name;
+	OM_uint32 want_flags, got_flags;
+	gss_OID gss_oid;
+
+	DATA_BLOB session_key;
+	DATA_BLOB pac;
+
+	struct smb_krb5_context *smb_krb5_context;
+	struct gssapi_creds_container *client_cred;
+	struct gssapi_creds_container *server_cred;
+	gss_krb5_lucid_context_v1_t *lucid;
+
+	gss_cred_id_t delegated_cred_handle;
+
+	bool sasl; /* We have two different mechs in this file: One
+		    * for SASL wrapped GSSAPI and another for normal
+		    * GSSAPI */
+	enum gensec_gssapi_sasl_state sasl_state;
+	uint8_t sasl_protection; /* What was negotiated at the SASL
+				  * layer, independent of the GSSAPI
+				  * layer... */
+
+	size_t max_wrap_buf_size;
+	int gss_exchange_count;
+	size_t sig_size;
+};
+