diff options
Diffstat (limited to 'auth/gensec')
-rw-r--r-- | auth/gensec/gensec.h | 14 | ||||
-rw-r--r-- | auth/gensec/gensec_start.c | 52 | ||||
-rw-r--r-- | auth/gensec/spnego.c | 8 |
3 files changed, 40 insertions, 34 deletions
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h index d0bc451b4e..ac1fadfeef 100644 --- a/auth/gensec/gensec.h +++ b/auth/gensec/gensec.h @@ -85,7 +85,7 @@ struct gensec_settings { /* this allows callers to specify a specific set of ops that * should be used, rather than those loaded by the plugin * mechanism */ - struct gensec_security_ops **backends; + const struct gensec_security_ops * const *backends; /* To fill in our own name in the NTLMSSP server */ const char *server_dns_domain; @@ -179,7 +179,7 @@ const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_sec const struct gensec_security_ops *gensec_security_by_auth_type( struct gensec_security *gensec_security, uint32_t auth_type); -struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security, +const struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx); const struct gensec_security_ops_wrapper *gensec_security_by_oid_list( struct gensec_security *gensec_security, @@ -243,11 +243,11 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security, const DATA_BLOB *in, DATA_BLOB *out); -struct gensec_security_ops **gensec_security_all(void); -bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security); -struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, - struct gensec_security_ops **old_gensec_list, - struct cli_credentials *creds); +const struct gensec_security_ops * const *gensec_security_all(void); +bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security); +const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, + const struct gensec_security_ops * const *old_gensec_list, + struct cli_credentials *creds); NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, const char *sasl_name); diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c index 2874c138b2..3ae64d5683 100644 --- a/auth/gensec/gensec_start.c +++ b/auth/gensec/gensec_start.c @@ -33,17 +33,17 @@ #include "lib/util/samba_modules.h" /* the list of currently registered GENSEC backends */ -static struct gensec_security_ops **generic_security_ops; +static const struct gensec_security_ops **generic_security_ops; static int gensec_num_backends; /* Return all the registered mechs. Don't modify the return pointer, - * but you may talloc_reference it if convient */ -_PUBLIC_ struct gensec_security_ops **gensec_security_all(void) + * but you may talloc_referen it if convient */ +_PUBLIC_ const struct gensec_security_ops * const *gensec_security_all(void) { return generic_security_ops; } -bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security) +bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security) { return lpcfg_parm_bool(security->settings->lp_ctx, NULL, "gensec", ops->name, ops->enabled); } @@ -68,11 +68,11 @@ bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_ * more compplex. */ -_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, - struct gensec_security_ops **old_gensec_list, - struct cli_credentials *creds) +_PUBLIC_ const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, + const struct gensec_security_ops * const *old_gensec_list, + struct cli_credentials *creds) { - struct gensec_security_ops **new_gensec_list; + const struct gensec_security_ops **new_gensec_list; int i, j, num_mechs_in; enum credentials_use_kerberos use_kerberos = CRED_AUTO_USE_KERBEROS; @@ -84,7 +84,9 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ /* noop */ } - new_gensec_list = talloc_array(mem_ctx, struct gensec_security_ops *, num_mechs_in + 1); + new_gensec_list = talloc_array(mem_ctx, + const struct gensec_security_ops *, + num_mechs_in + 1); if (!new_gensec_list) { return NULL; } @@ -136,12 +138,12 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ return new_gensec_list; } -_PUBLIC_ struct gensec_security_ops **gensec_security_mechs( +_PUBLIC_ const struct gensec_security_ops **gensec_security_mechs( struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx) { struct cli_credentials *creds = NULL; - struct gensec_security_ops **backends = gensec_security_all(); + const struct gensec_security_ops * const *backends = gensec_security_all(); if (gensec_security != NULL) { creds = gensec_get_credentials(gensec_security); @@ -159,7 +161,7 @@ static const struct gensec_security_ops *gensec_security_by_authtype(struct gens uint8_t auth_type) { int i; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; const struct gensec_security_ops *backend; TALLOC_CTX *mem_ctx = talloc_new(gensec_security); if (!mem_ctx) { @@ -185,7 +187,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_oid( const char *oid_string) { int i, j; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; const struct gensec_security_ops *backend; TALLOC_CTX *mem_ctx = talloc_new(gensec_security); if (!mem_ctx) { @@ -218,7 +220,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_sasl_name( const char *sasl_name) { int i; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; const struct gensec_security_ops *backend; TALLOC_CTX *mem_ctx = talloc_new(gensec_security); if (!mem_ctx) { @@ -245,7 +247,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_auth_type( uint32_t auth_type) { int i; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; const struct gensec_security_ops *backend; TALLOC_CTX *mem_ctx = talloc_new(gensec_security); if (!mem_ctx) { @@ -270,7 +272,7 @@ static const struct gensec_security_ops *gensec_security_by_name(struct gensec_s const char *name) { int i; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; const struct gensec_security_ops *backend; TALLOC_CTX *mem_ctx = talloc_new(gensec_security); if (!mem_ctx) { @@ -306,7 +308,7 @@ static const struct gensec_security_ops **gensec_security_by_sasl_list( const char **sasl_names) { const struct gensec_security_ops **backends_out; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; int i, k, sasl_idx; int num_backends_out = 0; @@ -377,7 +379,7 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list( const char *skip) { struct gensec_security_ops_wrapper *backends_out; - struct gensec_security_ops **backends; + const struct gensec_security_ops **backends; int i, j, k, oid_idx; int num_backends_out = 0; @@ -451,7 +453,7 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list( static const char **gensec_security_oids_from_ops( struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, - struct gensec_security_ops **ops, + const struct gensec_security_ops * const *ops, const char *skip) { int i; @@ -542,8 +544,10 @@ _PUBLIC_ const char **gensec_security_oids(struct gensec_security *gensec_securi TALLOC_CTX *mem_ctx, const char *skip) { - struct gensec_security_ops **ops - = gensec_security_mechs(gensec_security, mem_ctx); + const struct gensec_security_ops **ops; + + ops = gensec_security_mechs(gensec_security, mem_ctx); + return gensec_security_oids_from_ops(gensec_security, mem_ctx, ops, skip); } @@ -876,13 +880,13 @@ _PUBLIC_ NTSTATUS gensec_register(const struct gensec_security_ops *ops) generic_security_ops = talloc_realloc(talloc_autofree_context(), generic_security_ops, - struct gensec_security_ops *, + const struct gensec_security_ops *, gensec_num_backends+2); if (!generic_security_ops) { return NT_STATUS_NO_MEMORY; } - generic_security_ops[gensec_num_backends] = discard_const_p(struct gensec_security_ops, ops); + generic_security_ops[gensec_num_backends] = ops; gensec_num_backends++; generic_security_ops[gensec_num_backends] = NULL; @@ -908,7 +912,7 @@ _PUBLIC_ const struct gensec_critical_sizes *gensec_interface_version(void) return &critical_sizes; } -static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_ops **gs2) { +static int sort_gensec(const struct gensec_security_ops **gs1, const struct gensec_security_ops **gs2) { return (*gs2)->priority - (*gs1)->priority; } diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 0eb6da1160..d90a50cb5e 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -352,9 +352,11 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec const DATA_BLOB in, DATA_BLOB *out) { int i,j; - struct gensec_security_ops **all_ops - = gensec_security_mechs(gensec_security, out_mem_ctx); - for (i=0; all_ops[i]; i++) { + const struct gensec_security_ops **all_ops; + + all_ops = gensec_security_mechs(gensec_security, out_mem_ctx); + + for (i=0; all_ops && all_ops[i]; i++) { bool is_spnego; NTSTATUS nt_status; |