summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2013-08-05 10:37:26 +0200
committerStefan Metzmacher <metze@samba.org>2013-08-10 09:19:03 +0200
commit3e3534f882651880093381f5a7846c0938df6501 (patch)
treecc2847e3d5bff9ba4e65f64f8da4c94e8e721a99
parent71c63e85e7a09acb57f6b75284358f2b3b29eeed (diff)
downloadsamba-3e3534f882651880093381f5a7846c0938df6501.tar.gz
samba-3e3534f882651880093381f5a7846c0938df6501.tar.bz2
samba-3e3534f882651880093381f5a7846c0938df6501.zip
auth/gensec: avoid talloc_reference in gensec_use_kerberos_mechs()
We now always copy. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--auth/gensec/gensec_start.c38
1 files changed, 20 insertions, 18 deletions
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 34029f5d88..096ad36486 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -80,13 +80,6 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
use_kerberos = cli_credentials_get_kerberos_state(creds);
}
- if (use_kerberos == CRED_AUTO_USE_KERBEROS) {
- if (!talloc_reference(mem_ctx, old_gensec_list)) {
- return NULL;
- }
- return old_gensec_list;
- }
-
for (num_mechs_in=0; old_gensec_list && old_gensec_list[num_mechs_in]; num_mechs_in++) {
/* noop */
}
@@ -99,35 +92,44 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
j = 0;
for (i=0; old_gensec_list && old_gensec_list[i]; i++) {
int oid_idx;
- bool found_spnego = false;
+ bool keep = false;
+
for (oid_idx = 0; old_gensec_list[i]->oid && old_gensec_list[i]->oid[oid_idx]; oid_idx++) {
if (strcmp(old_gensec_list[i]->oid[oid_idx], GENSEC_OID_SPNEGO) == 0) {
- new_gensec_list[j] = old_gensec_list[i];
- j++;
- found_spnego = true;
+ keep = true;
break;
}
}
- if (found_spnego) {
- continue;
- }
+
switch (use_kerberos) {
+ case CRED_AUTO_USE_KERBEROS:
+ keep = true;
+ break;
+
case CRED_DONT_USE_KERBEROS:
if (old_gensec_list[i]->kerberos == false) {
- new_gensec_list[j] = old_gensec_list[i];
- j++;
+ keep = true;
}
+
break;
+
case CRED_MUST_USE_KERBEROS:
if (old_gensec_list[i]->kerberos == true) {
- new_gensec_list[j] = old_gensec_list[i];
- j++;
+ keep = true;
}
+
break;
default:
/* Can't happen or invalid parameter */
return NULL;
}
+
+ if (!keep) {
+ continue;
+ }
+
+ new_gensec_list[j] = old_gensec_list[i];
+ j++;
}
new_gensec_list[j] = NULL;