auth/gensec: add gensec_*max_update_size()

This is only a hint for the backend, which may want to fragment
update tokens.

metze

diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index ec104a7f75bce8773a02363862843aecc55a8d13..d1dcc75eafc0cc4e23fbe8d5d76d195542803e07 100644 (file)
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -185,6 +185,21 @@ _PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
        return gensec_security->ops->session_info(gensec_security, mem_ctx, session_info);
 }
 
+void gensec_set_max_update_size(struct gensec_security *gensec_security,
+                               uint32_t max_update_size)
+{
+       gensec_security->max_update_size = max_update_size;
+}
+
+size_t gensec_max_update_size(struct gensec_security *gensec_security)
+{
+       if (gensec_security->max_update_size == 0) {
+               return UINT32_MAX;
+       }
+
+       return gensec_security->max_update_size;
+}
+
 /**
  * Next state function for the GENSEC state machine
  *

diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index a1ae634bf881519999920e313b7987ceaa08547f..9982718b0a078fa609f7ae617da004066a879dbf 100644 (file)
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -167,6 +167,7 @@ struct gensec_security {
        enum gensec_role gensec_role;
        bool subcontext;
        uint32_t want_features;
+       uint32_t max_update_size;
        uint8_t dcerpc_auth_level;
        struct tsocket_address *local_addr, *remote_addr;
        struct gensec_settings *settings;
@@ -223,6 +224,9 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security,
                                  const struct gensec_security_ops *ops);
 NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security,
                                                 const char **sasl_names);
+void gensec_set_max_update_size(struct gensec_security *gensec_security,
+                               uint32_t max_update_size);
+size_t gensec_max_update_size(struct gensec_security *gensec_security);
 NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
                       struct tevent_context *ev,
                       const DATA_BLOB in, DATA_BLOB *out);

diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 9576e53ec685b727eeebb5892c8ce9c43c8f97d6..b09a76b3450b3bb3a4d6bd91d0bb1ec5e43d0530 100644 (file)
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -518,6 +518,8 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
        (*gensec_security) = talloc_zero(mem_ctx, struct gensec_security);
        NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
 
+       (*gensec_security)->max_update_size = UINT32_MAX;
+
        SMB_ASSERT(settings->lp_ctx != NULL);
        (*gensec_security)->settings = talloc_reference(*gensec_security, settings);
 
@@ -550,6 +552,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
 
        (*gensec_security)->subcontext = true;
        (*gensec_security)->want_features = parent->want_features;
+       (*gensec_security)->max_update_size = parent->max_update_size;
        (*gensec_security)->dcerpc_auth_level = parent->dcerpc_auth_level;
        (*gensec_security)->auth_context = talloc_reference(*gensec_security, parent->auth_context);
        (*gensec_security)->settings = talloc_reference(*gensec_security, parent->settings);