diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-07-20 23:28:51 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2017-07-25 13:51:11 +0200 |
| commit | eb6b2b63e997967b9222741dff166ba73ec54064 (patch) | |
| tree | e9a45350fd13a6a325bca3864b5763f55413a711 /auth | |
| parent | 692425f09a6d03a13861140f8e5446ca1e848887 (diff) | |
| download | samba-eb6b2b63e997967b9222741dff166ba73ec54064.tar.gz | |
auth/gensec: introduce gensec_security_ops.glue in order to avoid depending on GENSEC_OID_SPNEGO being special
In future we have get more backends that can negotiate other backends,
we should keep all of them even if we require kerberos.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'auth')
| -rw-r--r-- | auth/gensec/gensec_internal.h | 1 | ||||
| -rw-r--r-- | auth/gensec/gensec_start.c | 11 | ||||
| -rw-r--r-- | auth/gensec/spnego.c | 3 |
3 files changed, 7 insertions, 8 deletions
diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h index c73be11ded6..911b48b52d6 100644 --- a/auth/gensec/gensec_internal.h +++ b/auth/gensec/gensec_internal.h @@ -86,6 +86,7 @@ struct gensec_security_ops { bool enabled; bool kerberos; enum gensec_priority priority; + bool glue; }; struct gensec_security_ops_wrapper { diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c index 6a1293588cd..42766200a59 100644 --- a/auth/gensec/gensec_start.c +++ b/auth/gensec/gensec_start.c @@ -98,15 +98,12 @@ _PUBLIC_ const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX j = 0; for (i=0; old_gensec_list && old_gensec_list[i]; i++) { - int oid_idx; bool keep = false; - for (oid_idx = 0; old_gensec_list[i]->oid && old_gensec_list[i]->oid[oid_idx]; oid_idx++) { - if (strcmp(old_gensec_list[i]->oid[oid_idx], GENSEC_OID_SPNEGO) == 0) { - keep = true; - break; - } - } + /* + * We want to keep SPNGEO and other backends + */ + keep = old_gensec_list[i]->glue; if (old_gensec_list[i]->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { keep = keep_schannel; diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 2872e7d82e6..9857e78184b 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -2182,7 +2182,8 @@ static const struct gensec_security_ops gensec_spnego_security_ops = { .expire_time = gensec_child_expire_time, .final_auth_type = gensec_child_final_auth_type, .enabled = true, - .priority = GENSEC_SPNEGO + .priority = GENSEC_SPNEGO, + .glue = true, }; _PUBLIC_ NTSTATUS gensec_spnego_init(TALLOC_CTX *ctx) |