From eb6b2b63e997967b9222741dff166ba73ec54064 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 20 Jul 2017 23:28:51 +0200 Subject: auth/gensec: introduce gensec_security_ops.glue in order to avoid depending on GENSEC_OID_SPNEGO being special In future we have get more backends that can negotiate other backends, we should keep all of them even if we require kerberos. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- auth/gensec/gensec_internal.h | 1 + auth/gensec/gensec_start.c | 11 ++++------- auth/gensec/spnego.c | 3 ++- 3 files changed, 7 insertions(+), 8 deletions(-) (limited to 'auth') diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h index c73be11ded6..911b48b52d6 100644 --- a/auth/gensec/gensec_internal.h +++ b/auth/gensec/gensec_internal.h @@ -86,6 +86,7 @@ struct gensec_security_ops { bool enabled; bool kerberos; enum gensec_priority priority; + bool glue; }; struct gensec_security_ops_wrapper { diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c index 6a1293588cd..42766200a59 100644 --- a/auth/gensec/gensec_start.c +++ b/auth/gensec/gensec_start.c @@ -98,15 +98,12 @@ _PUBLIC_ const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX j = 0; for (i=0; old_gensec_list && old_gensec_list[i]; i++) { - int oid_idx; bool keep = false; - for (oid_idx = 0; old_gensec_list[i]->oid && old_gensec_list[i]->oid[oid_idx]; oid_idx++) { - if (strcmp(old_gensec_list[i]->oid[oid_idx], GENSEC_OID_SPNEGO) == 0) { - keep = true; - break; - } - } + /* + * We want to keep SPNGEO and other backends + */ + keep = old_gensec_list[i]->glue; if (old_gensec_list[i]->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { keep = keep_schannel; diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 2872e7d82e6..9857e78184b 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -2182,7 +2182,8 @@ static const struct gensec_security_ops gensec_spnego_security_ops = { .expire_time = gensec_child_expire_time, .final_auth_type = gensec_child_final_auth_type, .enabled = true, - .priority = GENSEC_SPNEGO + .priority = GENSEC_SPNEGO, + .glue = true, }; _PUBLIC_ NTSTATUS gensec_spnego_init(TALLOC_CTX *ctx) -- cgit v1.2.1