summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/gensec/gensec.c77
-rw-r--r--source4/auth/gensec/gensec_gssapi.c1
-rw-r--r--source4/auth/gensec/gensec_krb5.c1
3 files changed, 74 insertions, 5 deletions
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 375c55e3ba..3818965a6f 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -98,6 +98,71 @@ const struct gensec_security_ops **gensec_security_all(int *num_backends_out)
* The list is in the exact order of the OIDs asked for, where available.
*/
+const struct gensec_security_ops **gensec_security_by_sasl(TALLOC_CTX *mem_ctx,
+ const char **sasl_names)
+{
+ const struct gensec_security_ops **backends_out;
+ const struct gensec_security_ops **backends;
+ int i, k, sasl_idx;
+ int num_backends_out = 0;
+ int num_backends;
+
+ if (!sasl_names) {
+ return NULL;
+ }
+
+ backends = gensec_security_all(&num_backends);
+
+ backends_out = talloc_array(mem_ctx, const struct gensec_security_ops *, 1);
+ if (!backends_out) {
+ return NULL;
+ }
+ backends_out[0] = NULL;
+
+ /* Find backends in our preferred order, by walking our list,
+ * then looking in the supplied list */
+ for (i=0; i < num_backends; i++) {
+ for (sasl_idx = 0; sasl_names[sasl_idx]; sasl_idx++) {
+ if (!backends[i]->sasl_name ||
+ !(strcmp(backends[i]->sasl_name,
+ sasl_names[sasl_idx]) == 0)) {
+ continue;
+ }
+
+ for (k=0; backends_out[k]; k++) {
+ if (backends_out[k] == backends[i]) {
+ break;
+ }
+ }
+
+ if (k < num_backends_out) {
+ /* already in there */
+ continue;
+ }
+
+ backends_out = talloc_realloc(mem_ctx, backends_out,
+ const struct gensec_security_ops *,
+ num_backends_out + 2);
+ if (!backends_out) {
+ return NULL;
+ }
+
+ backends_out[num_backends_out] = backends[i];
+ num_backends_out++;
+ backends_out[num_backends_out] = NULL;
+ }
+ }
+ return backends_out;
+}
+
+/**
+ * Return a unique list of security subsystems from those specified in
+ * the OID list. That is, where two OIDs refer to the same module,
+ * return that module only once
+ *
+ * The list is in the exact order of the OIDs asked for, where available.
+ */
+
const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(TALLOC_CTX *mem_ctx,
const char **oid_strings,
const char *skip)
@@ -121,15 +186,17 @@ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(TALLOC_CTX
backends_out[0].op = NULL;
backends_out[0].oid = NULL;
- for (oid_idx = 0; oid_strings[oid_idx]; oid_idx++) {
- if (strcmp(oid_strings[oid_idx], skip) == 0) {
+ /* Find backends in our preferred order, by walking our list,
+ * then looking in the supplied list */
+ for (i=0; i < num_backends; i++) {
+ if (!backends[i]->oid) {
continue;
}
-
- for (i=0; i < num_backends; i++) {
- if (!backends[i]->oid) {
+ for (oid_idx = 0; oid_strings[oid_idx]; oid_idx++) {
+ if (strcmp(oid_strings[oid_idx], skip) == 0) {
continue;
}
+
for (j=0; backends[i]->oid[j]; j++) {
if (!backends[i]->oid[j] ||
!(strcmp(backends[i]->oid[j],
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 745191e693..08e2298c1a 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -965,6 +965,7 @@ static const char *gensec_gssapi_krb5_oids[] = {
/* As a server, this could in theory accept any GSSAPI mech */
static const struct gensec_security_ops gensec_gssapi_krb5_security_ops = {
.name = "gssapi_krb5",
+ .sasl_name = "GSSAPI",
.auth_type = DCERPC_AUTH_TYPE_KRB5,
.oid = gensec_gssapi_krb5_oids,
.client_start = gensec_gssapi_client_start,
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 43187939bb..d5a2fd9a8f 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -667,6 +667,7 @@ static const char *gensec_krb5_oids[] = {
static const struct gensec_security_ops gensec_fake_gssapi_krb5_security_ops = {
.name = "fake_gssapi_krb5",
+ .sasl_name = "GSSAPI",
.auth_type = DCERPC_AUTH_TYPE_KRB5,
.oid = gensec_krb5_oids,
.client_start = gensec_fake_gssapi_krb5_client_start,