summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2008-11-02 19:28:17 +0100
committerJelmer Vernooij <jelmer@samba.org>2008-11-02 19:28:17 +0100
commit1e053df95c478dd5ca5fceab822700af49cc6510 (patch)
tree23c2034ee2d5f9ed196f78f2df9428dcc73d8733
parent3fda6c5c2a4199217a0ee4078125fe3178639009 (diff)
downloadsamba-1e053df95c478dd5ca5fceab822700af49cc6510.tar.gz
samba-1e053df95c478dd5ca5fceab822700af49cc6510.tar.bz2
samba-1e053df95c478dd5ca5fceab822700af49cc6510.zip
Remove use of global_loadparm for disabled gensec backends.
-rw-r--r--source4/auth/gensec/gensec.c24
-rw-r--r--source4/auth/gensec/gensec.h1
-rw-r--r--source4/auth/gensec/spnego.c4
-rw-r--r--source4/ldap_server/ldap_backend.c3
4 files changed, 28 insertions, 4 deletions
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 20c88f86bc..b970549e6c 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -40,6 +40,12 @@ _PUBLIC_ struct gensec_security_ops **gensec_security_all(void)
return generic_security_ops;
}
+bool gensec_security_ops_enabled(struct gensec_security_ops *ops,
+ struct loadparm_context *lp_ctx)
+{
+ return lp_parm_bool(lp_ctx, NULL, "gensec", ops->name, ops->enabled);
+}
+
/* Sometimes we want to force only kerberos, sometimes we want to
* force it's avoidance. The old list could be either
* gensec_security_all(), or from cli_credentials_gensec_list() (ie,
@@ -76,6 +82,7 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
j = 0;
for (i=0; old_gensec_list && old_gensec_list[i]; i++) {
int oid_idx;
+
for (oid_idx = 0; old_gensec_list[i]->oid && old_gensec_list[i]->oid[oid_idx]; oid_idx++) {
if (strcmp(old_gensec_list[i]->oid[oid_idx], GENSEC_OID_SPNEGO) == 0) {
new_gensec_list[j] = old_gensec_list[i];
@@ -140,6 +147,8 @@ static const struct gensec_security_ops *gensec_security_by_authtype(struct gens
}
backends = gensec_security_mechs(gensec_security, mem_ctx);
for (i=0; backends && backends[i]; i++) {
+ if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
+ continue;
if (backends[i]->auth_type == auth_type) {
backend = backends[i];
talloc_free(mem_ctx);
@@ -163,6 +172,8 @@ const struct gensec_security_ops *gensec_security_by_oid(struct gensec_security
}
backends = gensec_security_mechs(gensec_security, mem_ctx);
for (i=0; backends && backends[i]; i++) {
+ if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
+ continue;
if (backends[i]->oid) {
for (j=0; backends[i]->oid[j]; j++) {
if (backends[i]->oid[j] &&
@@ -191,6 +202,8 @@ const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_sec
}
backends = gensec_security_mechs(gensec_security, mem_ctx);
for (i=0; backends && backends[i]; i++) {
+ if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
+ continue;
if (backends[i]->sasl_name
&& (strcmp(backends[i]->sasl_name, sasl_name) == 0)) {
backend = backends[i];
@@ -215,6 +228,8 @@ static const struct gensec_security_ops *gensec_security_by_name(struct gensec_s
}
backends = gensec_security_mechs(gensec_security, mem_ctx);
for (i=0; backends && backends[i]; i++) {
+ if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
+ continue;
if (backends[i]->name
&& (strcmp(backends[i]->name, name) == 0)) {
backend = backends[i];
@@ -258,6 +273,8 @@ const struct gensec_security_ops **gensec_security_by_sasl_list(struct gensec_se
/* Find backends in our preferred order, by walking our list,
* then looking in the supplied list */
for (i=0; backends && backends[i]; i++) {
+ if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
+ continue;
for (sasl_idx = 0; sasl_names[sasl_idx]; sasl_idx++) {
if (!backends[i]->sasl_name ||
!(strcmp(backends[i]->sasl_name,
@@ -326,6 +343,8 @@ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(struct gen
/* Find backends in our preferred order, by walking our list,
* then looking in the supplied list */
for (i=0; backends && backends[i]; i++) {
+ if (gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx))
+ continue;
if (!backends[i]->oid) {
continue;
}
@@ -1204,10 +1223,7 @@ const char *gensec_get_target_principal(struct gensec_security *gensec_security)
*/
NTSTATUS gensec_register(const struct gensec_security_ops *ops)
{
- if (!lp_parm_bool(global_loadparm, NULL, "gensec", ops->name, ops->enabled)) {
- DEBUG(2,("gensec subsystem %s is disabled\n", ops->name));
- return NT_STATUS_OK;
- }
+
if (gensec_security_by_name(NULL, ops->name) != NULL) {
/* its already registered! */
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 2a483171f7..2e020e3434 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -295,6 +295,7 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
DATA_BLOB *out);
struct gensec_security_ops **gensec_security_all(void);
+bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct loadparm_context *lp_ctx);
struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
struct gensec_security_ops **old_gensec_list,
struct cli_credentials *creds);
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index bf991616bd..5733cb9004 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -336,6 +336,10 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
for (i=0; all_ops[i]; i++) {
bool is_spnego;
NTSTATUS nt_status;
+
+ if (gensec_security_ops_enabled(all_ops[i], gensec_security->settings->lp_ctx))
+ continue;
+
if (!all_ops[i]->oid) {
continue;
}
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 32fc00832e..d0417107f1 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -74,6 +74,9 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
= gensec_use_kerberos_mechs(conn, backends, conn->server_credentials);
int i, j = 0;
for (i = 0; ops && ops[i]; i++) {
+ if (!gensec_security_ops_enabled(ops[i], conn->lp_ctx))
+ continue;
+
if (ops[i]->sasl_name && ops[i]->server_start) {
char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name);