mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
gensec: Add a check if a gensec module implements weak crypto
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
7d09c1cc87
commit
6ada071d62
@ -28,6 +28,7 @@ struct gensec_security;
|
||||
struct gensec_security_ops {
|
||||
const char *name;
|
||||
const char *sasl_name;
|
||||
bool weak_crypto;
|
||||
uint8_t auth_type; /* 0 if not offered on DCE-RPC */
|
||||
const char **oid; /* NULL if not offered by SPNEGO */
|
||||
NTSTATUS (*client_start)(struct gensec_security *gensec_security);
|
||||
|
@ -32,6 +32,7 @@
|
||||
#include "lib/util/tsort.h"
|
||||
#include "lib/util/samba_modules.h"
|
||||
#include "lib/util/base64.h"
|
||||
#include "lib/crypto/gnutls_helpers.h"
|
||||
|
||||
#undef DBGC_CLASS
|
||||
#define DBGC_CLASS DBGC_AUTH
|
||||
@ -49,7 +50,17 @@ _PUBLIC_ const struct gensec_security_ops * const *gensec_security_all(void)
|
||||
|
||||
bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security)
|
||||
{
|
||||
return lpcfg_parm_bool(security->settings->lp_ctx, NULL, "gensec", ops->name, ops->enabled);
|
||||
bool ok = lpcfg_parm_bool(security->settings->lp_ctx,
|
||||
NULL,
|
||||
"gensec",
|
||||
ops->name,
|
||||
ops->enabled);
|
||||
|
||||
if (!samba_gnutls_weak_crypto_allowed() && ops->weak_crypto) {
|
||||
ok = false;
|
||||
}
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
||||
/* Sometimes we want to force only kerberos, sometimes we want to
|
||||
|
Loading…
Reference in New Issue
Block a user