mirror of
https://github.com/samba-team/samba.git
synced 2025-08-26 01:49:31 +03:00
Remove use of global_loadparm for disabled gensec backends.
This commit is contained in:
Jelmer Vernooij
@ -40,6 +40,12 @@ _PUBLIC_ struct gensec_security_ops **gensec_security_all(void)
|
||||
return generic_security_ops;
|
||||
}
|
||||
|
||||
bool gensec_security_ops_enabled(struct gensec_security_ops *ops,
|
||||
struct loadparm_context *lp_ctx)
|
||||
{
|
||||
return lp_parm_bool(lp_ctx, NULL, "gensec", ops->name, ops->enabled);
|
||||
}
|
||||
|
||||
/* Sometimes we want to force only kerberos, sometimes we want to
|
||||
* force it's avoidance. The old list could be either
|
||||
* gensec_security_all(), or from cli_credentials_gensec_list() (ie,
|
||||
@ -76,6 +82,7 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
|
||||
j = 0;
|
||||
for (i=0; old_gensec_list && old_gensec_list[i]; i++) {
|
||||
int oid_idx;
|
||||
|
||||
for (oid_idx = 0; old_gensec_list[i]->oid && old_gensec_list[i]->oid[oid_idx]; oid_idx++) {
|
||||
if (strcmp(old_gensec_list[i]->oid[oid_idx], GENSEC_OID_SPNEGO) == 0) {
|
||||
new_gensec_list[j] = old_gensec_list[i];
|
||||
@ -140,6 +147,8 @@ static const struct gensec_security_ops *gensec_security_by_authtype(struct gens
|
||||
}
|
||||
backends = gensec_security_mechs(gensec_security, mem_ctx);
|
||||
for (i=0; backends && backends[i]; i++) {
|
||||
if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
|
||||
continue;
|
||||
if (backends[i]->auth_type == auth_type) {
|
||||
backend = backends[i];
|
||||
talloc_free(mem_ctx);
|
||||
@ -163,6 +172,8 @@ const struct gensec_security_ops *gensec_security_by_oid(struct gensec_security
|
||||
}
|
||||
backends = gensec_security_mechs(gensec_security, mem_ctx);
|
||||
for (i=0; backends && backends[i]; i++) {
|
||||
if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
|
||||
continue;
|
||||
if (backends[i]->oid) {
|
||||
for (j=0; backends[i]->oid[j]; j++) {
|
||||
if (backends[i]->oid[j] &&
|
||||
@ -191,6 +202,8 @@ const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_sec
|
||||
}
|
||||
backends = gensec_security_mechs(gensec_security, mem_ctx);
|
||||
for (i=0; backends && backends[i]; i++) {
|
||||
if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
|
||||
continue;
|
||||
if (backends[i]->sasl_name
|
||||
&& (strcmp(backends[i]->sasl_name, sasl_name) == 0)) {
|
||||
backend = backends[i];
|
||||
@ -215,6 +228,8 @@ static const struct gensec_security_ops *gensec_security_by_name(struct gensec_s
|
||||
}
|
||||
backends = gensec_security_mechs(gensec_security, mem_ctx);
|
||||
for (i=0; backends && backends[i]; i++) {
|
||||
if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
|
||||
continue;
|
||||
if (backends[i]->name
|
||||
&& (strcmp(backends[i]->name, name) == 0)) {
|
||||
backend = backends[i];
|
||||
@ -258,6 +273,8 @@ const struct gensec_security_ops **gensec_security_by_sasl_list(struct gensec_se
|
||||
/* Find backends in our preferred order, by walking our list,
|
||||
* then looking in the supplied list */
|
||||
for (i=0; backends && backends[i]; i++) {
|
||||
if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
|
||||
continue;
|
||||
for (sasl_idx = 0; sasl_names[sasl_idx]; sasl_idx++) {
|
||||
if (!backends[i]->sasl_name ||
|
||||
!(strcmp(backends[i]->sasl_name,
|
||||
@ -326,6 +343,8 @@ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(struct gen
|
||||
/* Find backends in our preferred order, by walking our list,
|
||||
* then looking in the supplied list */
|
||||
for (i=0; backends && backends[i]; i++) {
|
||||
if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
|
||||
continue;
|
||||
if (!backends[i]->oid) {
|
||||
continue;
|
||||
}
|
||||
@ -1204,10 +1223,7 @@ const char *gensec_get_target_principal(struct gensec_security *gensec_security)
|
||||
*/
|
||||
NTSTATUS gensec_register(const struct gensec_security_ops *ops)
|
||||
{
|
||||
if (!lp_parm_bool(global_loadparm, NULL, "gensec", ops->name, ops->enabled)) {
|
||||
DEBUG(2,("gensec subsystem %s is disabled\n", ops->name));
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
||||
if (gensec_security_by_name(NULL, ops->name) != NULL) {
|
||||
/* its already registered! */
|
||||
|
||||
@ -295,6 +295,7 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
|
||||
DATA_BLOB *out);
|
||||
|
||||
struct gensec_security_ops **gensec_security_all(void);
|
||||
bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct loadparm_context *lp_ctx);
|
||||
struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
|
||||
struct gensec_security_ops **old_gensec_list,
|
||||
struct cli_credentials *creds);
|
||||
|
||||
@ -336,6 +336,10 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
|
||||
for (i=0; all_ops[i]; i++) {
|
||||
bool is_spnego;
|
||||
NTSTATUS nt_status;
|
||||
|
||||
if (gensec_security_ops_enabled(all_ops[i], gensec_security->settings->lp_ctx))
|
||||
continue;
|
||||
|
||||
if (!all_ops[i]->oid) {
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -74,6 +74,9 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
|
||||
= gensec_use_kerberos_mechs(conn, backends, conn->server_credentials);
|
||||
int i, j = 0;
|
||||
for (i = 0; ops && ops[i]; i++) {
|
||||
if (!gensec_security_ops_enabled(ops[i], conn->lp_ctx))
|
||||
continue;
|
||||
|
||||
if (ops[i]->sasl_name && ops[i]->server_start) {
|
||||
char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user