diff options
-rw-r--r-- | auth/gensec/gensec.h | 14 | ||||
-rw-r--r-- | auth/gensec/gensec_start.c | 52 | ||||
-rw-r--r-- | auth/gensec/spnego.c | 8 | ||||
-rw-r--r-- | source3/auth/auth_generic.c | 15 | ||||
-rw-r--r-- | source3/libads/authdata.c | 11 | ||||
-rw-r--r-- | source3/libsmb/auth_generic.c | 15 | ||||
-rw-r--r-- | source3/utils/ntlm_auth.c | 22 | ||||
-rw-r--r-- | source4/ldap_server/ldap_backend.c | 4 |
8 files changed, 75 insertions, 66 deletions
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h index d0bc451b4e..ac1fadfeef 100644 --- a/auth/gensec/gensec.h +++ b/auth/gensec/gensec.h @@ -85,7 +85,7 @@ struct gensec_settings { /* this allows callers to specify a specific set of ops that * should be used, rather than those loaded by the plugin * mechanism */ - struct gensec_security_ops **backends; + const struct gensec_security_ops * const *backends; /* To fill in our own name in the NTLMSSP server */ const char *server_dns_domain; @@ -179,7 +179,7 @@ const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_sec const struct gensec_security_ops *gensec_security_by_auth_type( struct gensec_security *gensec_security, uint32_t auth_type); -struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security, +const struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx); const struct gensec_security_ops_wrapper *gensec_security_by_oid_list( struct gensec_security *gensec_security, @@ -243,11 +243,11 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security, const DATA_BLOB *in, DATA_BLOB *out); -struct gensec_security_ops **gensec_security_all(void); -bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security); -struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, - struct gensec_security_ops **old_gensec_list, - struct cli_credentials *creds); +const struct gensec_security_ops * const *gensec_security_all(void); +bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security); +const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, + const struct gensec_security_ops * const *old_gensec_list, + struct cli_credentials *creds); NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, const char *sasl_name); diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c index 2874c138b2..3ae64d5683 100644 --- a/auth/gensec/gensec_start.c +++ b/auth/gensec/gensec_start.c @@ -33,17 +33,17 @@ #include "lib/util/samba_modules.h" /* the list of currently registered GENSEC backends */ -static struct gensec_security_ops **generic_security_ops; +static const struct gensec_security_ops **generic_security_ops; static int gensec_num_backends; /* Return all the registered mechs. Don't modify the return pointer, - * but you may talloc_reference it if convient */ -_PUBLIC_ struct gensec_security_ops **gensec_security_all(void) + * but you may talloc_referen it if convient */ +_PUBLIC_ const struct gensec_security_ops * const *gensec_security_all(void) { return generic_security_ops; } -bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security) +bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security) { return lpcfg_parm_bool(security->settings->lp_ctx, NULL, "gensec", ops->name, ops->enabled); } @@ -68,11 +68,11 @@ bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_ * more compplex. */ -_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, - struct gensec_security_ops **old_gensec_list, - struct cli_credentials *creds) +_PUBLIC_ const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, + const struct gensec_security_ops * const *old_gensec_list, + struct cli_credentials *creds) { - struct gensec_security_ops **new_gensec_list; + const struct gensec_security_ops **new_gensec_list; int i, j, num_mechs_in; enum credentials_use_kerberos use_kerberos = CRED_AUTO_USE_KERBEROS; @@ -84,7 +84,9 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ /* noop */ } - new_gensec_list = talloc_array(mem_ctx, struct gensec_security_ops *, num_mechs_in + 1); + new_gensec_list = talloc_array(mem_ctx, + const struct gensec_security_ops *, + num_mechs_in + 1); if (!new_gensec_list) { return NULL; } @@ -136,12 +138,12 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ return new_gensec_list; } -_PUBLIC_ struct gensec_security_ops **gensec_security_mechs( +_PUBLIC_ const struct gensec_security_ops **gensec_security_mechs( struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx) { struct cli_credentials *creds = NULL; - struct gensec_security_ops **backends = gensec_security_all(); + const struct gensec_security_ops * const *backends = gensec_security_all(); if (gensec_security != NULL) { creds = gensec_get_credentials(gensec_security); @@ -159,7 +161,7 @@ static const struct gensec_security_ops *gensec_security_by_authtype(struct gens uint8_t auth_type) { int i; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; const struct gensec_security_ops *backend; TALLOC_CTX *mem_ctx = talloc_new(gensec_security); if (!mem_ctx) { @@ -185,7 +187,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_oid( const char *oid_string) { int i, j; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; const struct gensec_security_ops *backend; TALLOC_CTX *mem_ctx = talloc_new(gensec_security); if (!mem_ctx) { @@ -218,7 +220,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_sasl_name( const char *sasl_name) { int i; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; const struct gensec_security_ops *backend; TALLOC_CTX *mem_ctx = talloc_new(gensec_security); if (!mem_ctx) { @@ -245,7 +247,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_auth_type( uint32_t auth_type) { int i; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; const struct gensec_security_ops *backend; TALLOC_CTX *mem_ctx = talloc_new(gensec_security); if (!mem_ctx) { @@ -270,7 +272,7 @@ static const struct gensec_security_ops *gensec_security_by_name(struct gensec_s const char *name) { int i; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; const struct gensec_security_ops *backend; TALLOC_CTX *mem_ctx = talloc_new(gensec_security); if (!mem_ctx) { @@ -306,7 +308,7 @@ static const struct gensec_security_ops **gensec_security_by_sasl_list( const char **sasl_names) { const struct gensec_security_ops **backends_out; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; int i, k, sasl_idx; int num_backends_out = 0; @@ -377,7 +379,7 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list( const char *skip) { struct gensec_security_ops_wrapper *backends_out; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; int i, j, k, oid_idx; int num_backends_out = 0; @@ -451,7 +453,7 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list( static const char **gensec_security_oids_from_ops( struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, - struct gensec_security_ops **ops, + const struct gensec_security_ops * const *ops, const char *skip) { int i; @@ -542,8 +544,10 @@ _PUBLIC_ const char **gensec_security_oids(struct gensec_security *gensec_securi TALLOC_CTX *mem_ctx, const char *skip) { - struct gensec_security_ops **ops - = gensec_security_mechs(gensec_security, mem_ctx); + const struct gensec_security_ops **ops; + + ops = gensec_security_mechs(gensec_security, mem_ctx); + return gensec_security_oids_from_ops(gensec_security, mem_ctx, ops, skip); } @@ -876,13 +880,13 @@ _PUBLIC_ NTSTATUS gensec_register(const struct gensec_security_ops *ops) generic_security_ops = talloc_realloc(talloc_autofree_context(), generic_security_ops, - struct gensec_security_ops *, + const struct gensec_security_ops *, gensec_num_backends+2); if (!generic_security_ops) { return NT_STATUS_NO_MEMORY; } - generic_security_ops[gensec_num_backends] = discard_const_p(struct gensec_security_ops, ops); + generic_security_ops[gensec_num_backends] = ops; gensec_num_backends++; generic_security_ops[gensec_num_backends] = NULL; @@ -908,7 +912,7 @@ _PUBLIC_ const struct gensec_critical_sizes *gensec_interface_version(void) return &critical_sizes; } -static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_ops **gs2) { +static int sort_gensec(const struct gensec_security_ops **gs1, const struct gensec_security_ops **gs2) { return (*gs2)->priority - (*gs1)->priority; } diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 0eb6da1160..d90a50cb5e 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -352,9 +352,11 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec const DATA_BLOB in, DATA_BLOB *out) { int i,j; - struct gensec_security_ops **all_ops - = gensec_security_mechs(gensec_security, out_mem_ctx); - for (i=0; all_ops[i]; i++) { + const struct gensec_security_ops **all_ops; + + all_ops = gensec_security_mechs(gensec_security, out_mem_ctx); + + for (i=0; all_ops && all_ops[i]; i++) { bool is_spnego; NTSTATUS nt_status; diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c index a2ba4e3257..e15c87edfc 100644 --- a/source3/auth/auth_generic.c +++ b/source3/auth/auth_generic.c @@ -203,6 +203,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, return nt_status; } } else { + const struct gensec_security_ops **backends = NULL; struct gensec_settings *gensec_settings; struct loadparm_context *lp_ctx; size_t idx = 0; @@ -259,24 +260,24 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - gensec_settings->backends = talloc_zero_array(gensec_settings, - struct gensec_security_ops *, 4); - if (gensec_settings->backends == NULL) { + backends = talloc_zero_array(gensec_settings, + const struct gensec_security_ops *, 4); + if (backends == NULL) { TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } + gensec_settings->backends = backends; gensec_init(); /* These need to be in priority order, krb5 before NTLMSSP */ #if defined(HAVE_KRB5) - gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops; + backends[idx++] = &gensec_gse_krb5_security_ops; #endif - gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP); + backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP); - gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, - GENSEC_OID_SPNEGO); + backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO); /* * This is anonymous for now, because we just use it diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 582917da01..801e551edb 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -111,7 +111,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, const char *cc = "MEMORY:kerberos_return_pac"; struct auth_session_info *session_info; struct gensec_security *gensec_server_context; - + const struct gensec_security_ops **backends; struct gensec_settings *gensec_settings; size_t idx = 0; struct auth4_context *auth_context; @@ -230,16 +230,17 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, goto out; } - gensec_settings->backends = talloc_zero_array(gensec_settings, - struct gensec_security_ops *, 2); - if (gensec_settings->backends == NULL) { + backends = talloc_zero_array(gensec_settings, + const struct gensec_security_ops *, 2); + if (backends == NULL) { status = NT_STATUS_NO_MEMORY; goto out; } + gensec_settings->backends = backends; gensec_init(); - gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops; + backends[idx++] = &gensec_gse_krb5_security_ops; status = gensec_server_start(tmp_ctx, gensec_settings, auth_context, &gensec_server_context); diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c index ba0a0ce977..e30c1b7e0f 100644 --- a/source3/libsmb/auth_generic.c +++ b/source3/libsmb/auth_generic.c @@ -54,6 +54,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st NTSTATUS nt_status; size_t idx = 0; struct gensec_settings *gensec_settings; + const struct gensec_security_ops **backends = NULL; struct loadparm_context *lp_ctx; ans = talloc_zero(mem_ctx, struct auth_generic_state); @@ -76,24 +77,24 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st return NT_STATUS_NO_MEMORY; } - gensec_settings->backends = talloc_zero_array(gensec_settings, - struct gensec_security_ops *, 4); - if (gensec_settings->backends == NULL) { + backends = talloc_zero_array(gensec_settings, + const struct gensec_security_ops *, 4); + if (backends == NULL) { TALLOC_FREE(ans); return NT_STATUS_NO_MEMORY; } + gensec_settings->backends = backends; gensec_init(); /* These need to be in priority order, krb5 before NTLMSSP */ #if defined(HAVE_KRB5) - gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops; + backends[idx++] = &gensec_gse_krb5_security_ops; #endif - gensec_settings->backends[idx++] = &gensec_ntlmssp3_client_ops; + backends[idx++] = &gensec_ntlmssp3_client_ops; - gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, - GENSEC_OID_SPNEGO); + backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO); nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings); diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 9e0d7b812b..751f49cdc2 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1035,7 +1035,7 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; TALLOC_CTX *tmp_ctx; - + const struct gensec_security_ops **backends; struct gensec_settings *gensec_settings; size_t idx = 0; struct cli_credentials *server_credentials; @@ -1079,26 +1079,26 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx, gensec_settings->server_dns_name = strlower_talloc(gensec_settings, get_mydnsfullname()); - gensec_settings->backends = talloc_zero_array(gensec_settings, - struct gensec_security_ops *, 4); + backends = talloc_zero_array(gensec_settings, + const struct gensec_security_ops *, 4); - if (gensec_settings->backends == NULL) { + if (backends == NULL) { TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } - + gensec_settings->backends = backends; + gensec_init(); /* These need to be in priority order, krb5 before NTLMSSP */ #if defined(HAVE_KRB5) - gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops; + backends[idx++] = &gensec_gse_krb5_security_ops; #endif - - gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP); - gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, - GENSEC_OID_SPNEGO); - + backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP); + + backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO); + /* * This is anonymous for now, because we just use it * to set the kerberos state at the moment diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 42185316da..2760cdb470 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -192,8 +192,8 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn) if (conn->server_credentials) { char **sasl_mechs = NULL; - struct gensec_security_ops **backends = gensec_security_all(); - struct gensec_security_ops **ops + const struct gensec_security_ops * const *backends = gensec_security_all(); + const struct gensec_security_ops **ops = gensec_use_kerberos_mechs(conn, backends, conn->server_credentials); unsigned int i, j = 0; for (i = 0; ops && ops[i]; i++) { |