auth/gensec: introduce gensec_security_ops.glue in order to avoid depending on GENSEC_OID_SPNEGO being special

In future we have get more backends that can negotiate other backends,
we should keep all of them even if we require kerberos.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/gensec/gensec_internal.h

@@ -86,6 +86,7 @@ struct gensec_security_ops {
 	bool enabled;
 	bool kerberos;
 	enum gensec_priority priority;
+	bool glue;
 };
 
 struct gensec_security_ops_wrapper {

auth/gensec/gensec_start.c

@@ -98,15 +98,12 @@ _PUBLIC_ const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX
 
 	j = 0;
 	for (i=0; old_gensec_list && old_gensec_list[i]; i++) {
-		int oid_idx;
 		bool keep = false;
 
-		for (oid_idx = 0; old_gensec_list[i]->oid && old_gensec_list[i]->oid[oid_idx]; oid_idx++) {
-			if (strcmp(old_gensec_list[i]->oid[oid_idx], GENSEC_OID_SPNEGO) == 0) {
-				keep = true;
-				break;
-			}
-		}
+		/*
+		 * We want to keep SPNGEO and other backends
+		 */
+		keep = old_gensec_list[i]->glue;
 
 		if (old_gensec_list[i]->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
 			keep = keep_schannel;

auth/gensec/spnego.c

@@ -2182,7 +2182,8 @@ static const struct gensec_security_ops gensec_spnego_security_ops = {
 	.expire_time      = gensec_child_expire_time,
 	.final_auth_type  = gensec_child_final_auth_type,
 	.enabled          = true,
-	.priority         = GENSEC_SPNEGO
+	.priority         = GENSEC_SPNEGO,
+	.glue             = true,
 };
 
 _PUBLIC_ NTSTATUS gensec_spnego_init(TALLOC_CTX *ctx)