summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth/gensec/gensec.h14
-rw-r--r--auth/gensec/gensec_start.c52
-rw-r--r--auth/gensec/spnego.c8
-rw-r--r--source3/auth/auth_generic.c15
-rw-r--r--source3/libads/authdata.c11
-rw-r--r--source3/libsmb/auth_generic.c15
-rw-r--r--source3/utils/ntlm_auth.c22
-rw-r--r--source4/ldap_server/ldap_backend.c4
8 files changed, 75 insertions, 66 deletions
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index d0bc451b4e..ac1fadfeef 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -85,7 +85,7 @@ struct gensec_settings {
/* this allows callers to specify a specific set of ops that
* should be used, rather than those loaded by the plugin
* mechanism */
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops * const *backends;
/* To fill in our own name in the NTLMSSP server */
const char *server_dns_domain;
@@ -179,7 +179,7 @@ const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_sec
const struct gensec_security_ops *gensec_security_by_auth_type(
struct gensec_security *gensec_security,
uint32_t auth_type);
-struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security,
+const struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx);
const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
struct gensec_security *gensec_security,
@@ -243,11 +243,11 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
const DATA_BLOB *in,
DATA_BLOB *out);
-struct gensec_security_ops **gensec_security_all(void);
-bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security);
-struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
- struct gensec_security_ops **old_gensec_list,
- struct cli_credentials *creds);
+const struct gensec_security_ops * const *gensec_security_all(void);
+bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security);
+const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
+ const struct gensec_security_ops * const *old_gensec_list,
+ struct cli_credentials *creds);
NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
const char *sasl_name);
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 2874c138b2..3ae64d5683 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -33,17 +33,17 @@
#include "lib/util/samba_modules.h"
/* the list of currently registered GENSEC backends */
-static struct gensec_security_ops **generic_security_ops;
+static const struct gensec_security_ops **generic_security_ops;
static int gensec_num_backends;
/* Return all the registered mechs. Don't modify the return pointer,
- * but you may talloc_reference it if convient */
-_PUBLIC_ struct gensec_security_ops **gensec_security_all(void)
+ * but you may talloc_referen it if convient */
+_PUBLIC_ const struct gensec_security_ops * const *gensec_security_all(void)
{
return generic_security_ops;
}
-bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security)
+bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security)
{
return lpcfg_parm_bool(security->settings->lp_ctx, NULL, "gensec", ops->name, ops->enabled);
}
@@ -68,11 +68,11 @@ bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_
* more compplex.
*/
-_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
- struct gensec_security_ops **old_gensec_list,
- struct cli_credentials *creds)
+_PUBLIC_ const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
+ const struct gensec_security_ops * const *old_gensec_list,
+ struct cli_credentials *creds)
{
- struct gensec_security_ops **new_gensec_list;
+ const struct gensec_security_ops **new_gensec_list;
int i, j, num_mechs_in;
enum credentials_use_kerberos use_kerberos = CRED_AUTO_USE_KERBEROS;
@@ -84,7 +84,9 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
/* noop */
}
- new_gensec_list = talloc_array(mem_ctx, struct gensec_security_ops *, num_mechs_in + 1);
+ new_gensec_list = talloc_array(mem_ctx,
+ const struct gensec_security_ops *,
+ num_mechs_in + 1);
if (!new_gensec_list) {
return NULL;
}
@@ -136,12 +138,12 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
return new_gensec_list;
}
-_PUBLIC_ struct gensec_security_ops **gensec_security_mechs(
+_PUBLIC_ const struct gensec_security_ops **gensec_security_mechs(
struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx)
{
struct cli_credentials *creds = NULL;
- struct gensec_security_ops **backends = gensec_security_all();
+ const struct gensec_security_ops * const *backends = gensec_security_all();
if (gensec_security != NULL) {
creds = gensec_get_credentials(gensec_security);
@@ -159,7 +161,7 @@ static const struct gensec_security_ops *gensec_security_by_authtype(struct gens
uint8_t auth_type)
{
int i;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
const struct gensec_security_ops *backend;
TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
if (!mem_ctx) {
@@ -185,7 +187,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_oid(
const char *oid_string)
{
int i, j;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
const struct gensec_security_ops *backend;
TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
if (!mem_ctx) {
@@ -218,7 +220,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_sasl_name(
const char *sasl_name)
{
int i;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
const struct gensec_security_ops *backend;
TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
if (!mem_ctx) {
@@ -245,7 +247,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_auth_type(
uint32_t auth_type)
{
int i;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
const struct gensec_security_ops *backend;
TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
if (!mem_ctx) {
@@ -270,7 +272,7 @@ static const struct gensec_security_ops *gensec_security_by_name(struct gensec_s
const char *name)
{
int i;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
const struct gensec_security_ops *backend;
TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
if (!mem_ctx) {
@@ -306,7 +308,7 @@ static const struct gensec_security_ops **gensec_security_by_sasl_list(
const char **sasl_names)
{
const struct gensec_security_ops **backends_out;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
int i, k, sasl_idx;
int num_backends_out = 0;
@@ -377,7 +379,7 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
const char *skip)
{
struct gensec_security_ops_wrapper *backends_out;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
int i, j, k, oid_idx;
int num_backends_out = 0;
@@ -451,7 +453,7 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
static const char **gensec_security_oids_from_ops(
struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
- struct gensec_security_ops **ops,
+ const struct gensec_security_ops * const *ops,
const char *skip)
{
int i;
@@ -542,8 +544,10 @@ _PUBLIC_ const char **gensec_security_oids(struct gensec_security *gensec_securi
TALLOC_CTX *mem_ctx,
const char *skip)
{
- struct gensec_security_ops **ops
- = gensec_security_mechs(gensec_security, mem_ctx);
+ const struct gensec_security_ops **ops;
+
+ ops = gensec_security_mechs(gensec_security, mem_ctx);
+
return gensec_security_oids_from_ops(gensec_security, mem_ctx, ops, skip);
}
@@ -876,13 +880,13 @@ _PUBLIC_ NTSTATUS gensec_register(const struct gensec_security_ops *ops)
generic_security_ops = talloc_realloc(talloc_autofree_context(),
generic_security_ops,
- struct gensec_security_ops *,
+ const struct gensec_security_ops *,
gensec_num_backends+2);
if (!generic_security_ops) {
return NT_STATUS_NO_MEMORY;
}
- generic_security_ops[gensec_num_backends] = discard_const_p(struct gensec_security_ops, ops);
+ generic_security_ops[gensec_num_backends] = ops;
gensec_num_backends++;
generic_security_ops[gensec_num_backends] = NULL;
@@ -908,7 +912,7 @@ _PUBLIC_ const struct gensec_critical_sizes *gensec_interface_version(void)
return &critical_sizes;
}
-static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_ops **gs2) {
+static int sort_gensec(const struct gensec_security_ops **gs1, const struct gensec_security_ops **gs2) {
return (*gs2)->priority - (*gs1)->priority;
}
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 0eb6da1160..d90a50cb5e 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -352,9 +352,11 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
const DATA_BLOB in, DATA_BLOB *out)
{
int i,j;
- struct gensec_security_ops **all_ops
- = gensec_security_mechs(gensec_security, out_mem_ctx);
- for (i=0; all_ops[i]; i++) {
+ const struct gensec_security_ops **all_ops;
+
+ all_ops = gensec_security_mechs(gensec_security, out_mem_ctx);
+
+ for (i=0; all_ops && all_ops[i]; i++) {
bool is_spnego;
NTSTATUS nt_status;
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index a2ba4e3257..e15c87edfc 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -203,6 +203,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
return nt_status;
}
} else {
+ const struct gensec_security_ops **backends = NULL;
struct gensec_settings *gensec_settings;
struct loadparm_context *lp_ctx;
size_t idx = 0;
@@ -259,24 +260,24 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- gensec_settings->backends = talloc_zero_array(gensec_settings,
- struct gensec_security_ops *, 4);
- if (gensec_settings->backends == NULL) {
+ backends = talloc_zero_array(gensec_settings,
+ const struct gensec_security_ops *, 4);
+ if (backends == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
+ gensec_settings->backends = backends;
gensec_init();
/* These need to be in priority order, krb5 before NTLMSSP */
#if defined(HAVE_KRB5)
- gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
+ backends[idx++] = &gensec_gse_krb5_security_ops;
#endif
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
- GENSEC_OID_SPNEGO);
+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
/*
* This is anonymous for now, because we just use it
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 582917da01..801e551edb 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -111,7 +111,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
const char *cc = "MEMORY:kerberos_return_pac";
struct auth_session_info *session_info;
struct gensec_security *gensec_server_context;
-
+ const struct gensec_security_ops **backends;
struct gensec_settings *gensec_settings;
size_t idx = 0;
struct auth4_context *auth_context;
@@ -230,16 +230,17 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
goto out;
}
- gensec_settings->backends = talloc_zero_array(gensec_settings,
- struct gensec_security_ops *, 2);
- if (gensec_settings->backends == NULL) {
+ backends = talloc_zero_array(gensec_settings,
+ const struct gensec_security_ops *, 2);
+ if (backends == NULL) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
+ gensec_settings->backends = backends;
gensec_init();
- gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
+ backends[idx++] = &gensec_gse_krb5_security_ops;
status = gensec_server_start(tmp_ctx, gensec_settings,
auth_context, &gensec_server_context);
diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c
index ba0a0ce977..e30c1b7e0f 100644
--- a/source3/libsmb/auth_generic.c
+++ b/source3/libsmb/auth_generic.c
@@ -54,6 +54,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
NTSTATUS nt_status;
size_t idx = 0;
struct gensec_settings *gensec_settings;
+ const struct gensec_security_ops **backends = NULL;
struct loadparm_context *lp_ctx;
ans = talloc_zero(mem_ctx, struct auth_generic_state);
@@ -76,24 +77,24 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
return NT_STATUS_NO_MEMORY;
}
- gensec_settings->backends = talloc_zero_array(gensec_settings,
- struct gensec_security_ops *, 4);
- if (gensec_settings->backends == NULL) {
+ backends = talloc_zero_array(gensec_settings,
+ const struct gensec_security_ops *, 4);
+ if (backends == NULL) {
TALLOC_FREE(ans);
return NT_STATUS_NO_MEMORY;
}
+ gensec_settings->backends = backends;
gensec_init();
/* These need to be in priority order, krb5 before NTLMSSP */
#if defined(HAVE_KRB5)
- gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
+ backends[idx++] = &gensec_gse_krb5_security_ops;
#endif
- gensec_settings->backends[idx++] = &gensec_ntlmssp3_client_ops;
+ backends[idx++] = &gensec_ntlmssp3_client_ops;
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
- GENSEC_OID_SPNEGO);
+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 9e0d7b812b..751f49cdc2 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1035,7 +1035,7 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx,
NTSTATUS nt_status;
TALLOC_CTX *tmp_ctx;
-
+ const struct gensec_security_ops **backends;
struct gensec_settings *gensec_settings;
size_t idx = 0;
struct cli_credentials *server_credentials;
@@ -1079,26 +1079,26 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx,
gensec_settings->server_dns_name = strlower_talloc(gensec_settings,
get_mydnsfullname());
- gensec_settings->backends = talloc_zero_array(gensec_settings,
- struct gensec_security_ops *, 4);
+ backends = talloc_zero_array(gensec_settings,
+ const struct gensec_security_ops *, 4);
- if (gensec_settings->backends == NULL) {
+ if (backends == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
-
+ gensec_settings->backends = backends;
+
gensec_init();
/* These need to be in priority order, krb5 before NTLMSSP */
#if defined(HAVE_KRB5)
- gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
+ backends[idx++] = &gensec_gse_krb5_security_ops;
#endif
-
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
- GENSEC_OID_SPNEGO);
-
+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
+
+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
+
/*
* This is anonymous for now, because we just use it
* to set the kerberos state at the moment
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 42185316da..2760cdb470 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -192,8 +192,8 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
if (conn->server_credentials) {
char **sasl_mechs = NULL;
- struct gensec_security_ops **backends = gensec_security_all();
- struct gensec_security_ops **ops
+ const struct gensec_security_ops * const *backends = gensec_security_all();
+ const struct gensec_security_ops **ops
= gensec_use_kerberos_mechs(conn, backends, conn->server_credentials);
unsigned int i, j = 0;
for (i = 0; ops && ops[i]; i++) {