summaryrefslogtreecommitdiff
path: root/auth/gensec
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-12-24 01:14:26 +0100
committerStefan Metzmacher <metze@samba.org>2012-01-12 13:15:08 +0100
commit6eea2c33c797065f7b189d32648d2cfde5d2e3b9 (patch)
tree9e4e714d6a7a1c65b714891ea1a2c192a435288e /auth/gensec
parent17986097a39bf2479f244abf40acafa84dfbcd1d (diff)
downloadsamba-6eea2c33c797065f7b189d32648d2cfde5d2e3b9.tar.gz
auth/gensec: add gensec_*max_update_size()
This is only a hint for the backend, which may want to fragment update tokens. metze
Diffstat (limited to 'auth/gensec')
-rw-r--r--auth/gensec/gensec.c15
-rw-r--r--auth/gensec/gensec.h4
-rw-r--r--auth/gensec/gensec_start.c3
3 files changed, 22 insertions, 0 deletions
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index ec104a7f75b..d1dcc75eafc 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -185,6 +185,21 @@ _PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
return gensec_security->ops->session_info(gensec_security, mem_ctx, session_info);
}
+void gensec_set_max_update_size(struct gensec_security *gensec_security,
+ uint32_t max_update_size)
+{
+ gensec_security->max_update_size = max_update_size;
+}
+
+size_t gensec_max_update_size(struct gensec_security *gensec_security)
+{
+ if (gensec_security->max_update_size == 0) {
+ return UINT32_MAX;
+ }
+
+ return gensec_security->max_update_size;
+}
+
/**
* Next state function for the GENSEC state machine
*
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index a1ae634bf88..9982718b0a0 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -167,6 +167,7 @@ struct gensec_security {
enum gensec_role gensec_role;
bool subcontext;
uint32_t want_features;
+ uint32_t max_update_size;
uint8_t dcerpc_auth_level;
struct tsocket_address *local_addr, *remote_addr;
struct gensec_settings *settings;
@@ -223,6 +224,9 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security,
const struct gensec_security_ops *ops);
NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security,
const char **sasl_names);
+void gensec_set_max_update_size(struct gensec_security *gensec_security,
+ uint32_t max_update_size);
+size_t gensec_max_update_size(struct gensec_security *gensec_security);
NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
struct tevent_context *ev,
const DATA_BLOB in, DATA_BLOB *out);
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 9576e53ec68..b09a76b3450 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -518,6 +518,8 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
(*gensec_security) = talloc_zero(mem_ctx, struct gensec_security);
NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
+ (*gensec_security)->max_update_size = UINT32_MAX;
+
SMB_ASSERT(settings->lp_ctx != NULL);
(*gensec_security)->settings = talloc_reference(*gensec_security, settings);
@@ -550,6 +552,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
(*gensec_security)->subcontext = true;
(*gensec_security)->want_features = parent->want_features;
+ (*gensec_security)->max_update_size = parent->max_update_size;
(*gensec_security)->dcerpc_auth_level = parent->dcerpc_auth_level;
(*gensec_security)->auth_context = talloc_reference(*gensec_security, parent->auth_context);
(*gensec_security)->settings = talloc_reference(*gensec_security, parent->settings);