sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-24 02:04:21 +03:00
Code

gensec: Filter out disabled mechs in gensec_security_mechs()

Browse Source 
Every single caller of gensec_security_mechs() had to manually filter
out disabled mechanisms. Don't offer them from the start.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Volker Lendecke 2024-05-29 17:08:26 +02:00
parent 426c084767
commit 82c477b980
3 changed files with 6 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
auth/gensec/gensec.h
View File

@ -301,8 +301,6 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
const DATA_BLOB *in,
DATA_BLOB *out);
bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security);
NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
const char *sasl_name);
const char **gensec_security_sasl_names(struct gensec_security *gensec_security,

27
auth/gensec/gensec_start.c
View File

@ -43,7 +43,8 @@
static const struct gensec_security_ops **generic_security_ops;
static int gensec_num_backends;
bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security)
static bool gensec_security_ops_enabled(const struct gensec_security_ops *ops,
struct gensec_security *security)
{
bool ok = lpcfg_parm_bool(security->settings->lp_ctx,
NULL,
@ -134,6 +135,10 @@ static bool gensec_offer_mech(struct gensec_security *gensec_security,
offer = false;
}
if (offer && (gensec_security != NULL)) {
offer = gensec_security_ops_enabled(mech, gensec_security);
}
return offer;
}
@ -204,11 +209,6 @@ static const struct gensec_security_ops *gensec_security_by_fn(
const struct gensec_security_ops *backend = backends[i];
bool ok;
if ((gensec_security != NULL) &&
!gensec_security_ops_enabled(backend, gensec_security)) {
continue;
}
ok = fn(backend, private_data);
if (ok) {
TALLOC_FREE(mem_ctx);
@ -324,11 +324,6 @@ static const char **gensec_security_sasl_names_from_ops(
}
if (gensec_security != NULL) {
if (!gensec_security_ops_enabled(ops[i],
gensec_security)) {
continue;
}
role = gensec_security->gensec_role;
}
@ -418,9 +413,6 @@ static const struct gensec_security_ops **gensec_security_by_sasl_list(
/* Find backends in our preferred order, by walking our list,
* then looking in the supplied list */
for (i=0; backends && backends[i]; i++) {
if (gensec_security != NULL &&
!gensec_security_ops_enabled(backends[i], gensec_security))
continue;
for (sasl_idx = 0; sasl_names[sasl_idx]; sasl_idx++) {
if (!backends[i]->sasl_name ||
!(strcmp(backends[i]->sasl_name,
@ -490,9 +482,6 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
/* Find backends in our preferred order, by walking our list,
* then looking in the supplied list */
for (i=0; backends && backends[i]; i++) {
if (gensec_security != NULL &&
!gensec_security_ops_enabled(backends[i], gensec_security))
continue;
if (!backends[i]->oid) {
continue;
}
@ -560,10 +549,6 @@ static const char **gensec_security_oids_from_ops(
}
for (i=0; ops && ops[i]; i++) {
if (gensec_security != NULL &&
!gensec_security_ops_enabled(ops[i], gensec_security)) {
continue;
}
if (!ops[i]->oid) {
continue;
}

6
auth/gensec/spnego.c
View File

@ -242,12 +242,6 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
bool is_spnego;
NTSTATUS nt_status;
if (gensec_security != NULL &&
!gensec_security_ops_enabled(all_ops[i], gensec_security))
{
continue;
}
if (!all_ops[i]->oid) {
continue;
}