3 files changed, 12 insertions, 2 deletions

diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index acfc54926c..9b2ac19fe1 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -77,6 +77,11 @@ struct tevent_req;
 struct gensec_settings {
 	struct loadparm_context *lp_ctx;
 	const char *target_hostname;
+
+	/* this allows callers to specify a specific set of ops that
+	 * should be used, rather than those loaded by the plugin
+	 * mechanism */
+	struct gensec_security_ops **backends;
 };
 
 struct gensec_security_ops {
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index c38b97050f..9576e53ec6 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -118,14 +118,19 @@ struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gense
 						   TALLOC_CTX *mem_ctx)
 {
 	struct gensec_security_ops **backends;
-	backends = gensec_security_all();
 	if (!gensec_security) {
+		backends = gensec_security_all();
 		if (!talloc_reference(mem_ctx, backends)) {
 			return NULL;
 		}
 		return backends;
 	} else {
 		struct cli_credentials *creds = gensec_get_credentials(gensec_security);
+		if (gensec_security->settings->backends) {
+			backends = gensec_security->settings->backends;
+		} else {
+			backends = gensec_security_all();
+		}
 		if (!creds) {
 			if (!talloc_reference(mem_ctx, backends)) {
 				return NULL;
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 006fa8a6c1..949c404bf1 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3727,7 +3727,7 @@ _PUBLIC_ char *lpcfg_tls_dhpfile(TALLOC_CTX *mem_ctx, struct loadparm_context *l
 
 struct gensec_settings *lpcfg_gensec_settings(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
 {
-	struct gensec_settings *settings = talloc(mem_ctx, struct gensec_settings);
+	struct gensec_settings *settings = talloc_zero(mem_ctx, struct gensec_settings);
 	if (settings == NULL)
 		return NULL;
 	SMB_ASSERT(lp_ctx != NULL);