/* this allows callers to specify a specific set of ops that
* should be used, rather than those loaded by the plugin
* mechanism */
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops * const *backends;
/* To fill in our own name in the NTLMSSP server */
const char *server_dns_domain;
const struct gensec_security_ops *gensec_security_by_auth_type(
struct gensec_security *gensec_security,
uint32_t auth_type);
-struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security,
+const struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx);
const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
struct gensec_security *gensec_security,
const DATA_BLOB *in,
DATA_BLOB *out);
-struct gensec_security_ops **gensec_security_all(void);
-bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security);
-struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
- struct gensec_security_ops **old_gensec_list,
- struct cli_credentials *creds);
+const struct gensec_security_ops * const *gensec_security_all(void);
+bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security);
+const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
+ const struct gensec_security_ops * const *old_gensec_list,
+ struct cli_credentials *creds);
NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
const char *sasl_name);
#include "lib/util/samba_modules.h"
/* the list of currently registered GENSEC backends */
-static struct gensec_security_ops **generic_security_ops;
+static const struct gensec_security_ops **generic_security_ops;
static int gensec_num_backends;
/* Return all the registered mechs. Don't modify the return pointer,
- * but you may talloc_reference it if convient */
-_PUBLIC_ struct gensec_security_ops **gensec_security_all(void)
+ * but you may talloc_referen it if convient */
+_PUBLIC_ const struct gensec_security_ops * const *gensec_security_all(void)
{
return generic_security_ops;
}
-bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security)
+bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security)
{
return lpcfg_parm_bool(security->settings->lp_ctx, NULL, "gensec", ops->name, ops->enabled);
}
* more compplex.
*/
-_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
- struct gensec_security_ops **old_gensec_list,
- struct cli_credentials *creds)
+_PUBLIC_ const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
+ const struct gensec_security_ops * const *old_gensec_list,
+ struct cli_credentials *creds)
{
- struct gensec_security_ops **new_gensec_list;
+ const struct gensec_security_ops **new_gensec_list;
int i, j, num_mechs_in;
enum credentials_use_kerberos use_kerberos = CRED_AUTO_USE_KERBEROS;
/* noop */
}
- new_gensec_list = talloc_array(mem_ctx, struct gensec_security_ops *, num_mechs_in + 1);
+ new_gensec_list = talloc_array(mem_ctx,
+ const struct gensec_security_ops *,
+ num_mechs_in + 1);
if (!new_gensec_list) {
return NULL;
}
return new_gensec_list;
}
-_PUBLIC_ struct gensec_security_ops **gensec_security_mechs(
+_PUBLIC_ const struct gensec_security_ops **gensec_security_mechs(
struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx)
{
struct cli_credentials *creds = NULL;
- struct gensec_security_ops **backends = gensec_security_all();
+ const struct gensec_security_ops * const *backends = gensec_security_all();
if (gensec_security != NULL) {
creds = gensec_get_credentials(gensec_security);
uint8_t auth_type)
{
int i;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
const struct gensec_security_ops *backend;
TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
if (!mem_ctx) {
const char *oid_string)
{
int i, j;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
const struct gensec_security_ops *backend;
TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
if (!mem_ctx) {
const char *sasl_name)
{
int i;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
const struct gensec_security_ops *backend;
TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
if (!mem_ctx) {
uint32_t auth_type)
{
int i;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
const struct gensec_security_ops *backend;
TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
if (!mem_ctx) {
const char *name)
{
int i;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
const struct gensec_security_ops *backend;
TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
if (!mem_ctx) {
const char **sasl_names)
{
const struct gensec_security_ops **backends_out;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
int i, k, sasl_idx;
int num_backends_out = 0;
const char *skip)
{
struct gensec_security_ops_wrapper *backends_out;
- struct gensec_security_ops **backends;
+ const struct gensec_security_ops **backends;
int i, j, k, oid_idx;
int num_backends_out = 0;
static const char **gensec_security_oids_from_ops(
struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
- struct gensec_security_ops **ops,
+ const struct gensec_security_ops * const *ops,
const char *skip)
{
int i;
TALLOC_CTX *mem_ctx,
const char *skip)
{
- struct gensec_security_ops **ops
- = gensec_security_mechs(gensec_security, mem_ctx);
+ const struct gensec_security_ops **ops;
+
+ ops = gensec_security_mechs(gensec_security, mem_ctx);
+
return gensec_security_oids_from_ops(gensec_security, mem_ctx, ops, skip);
}
generic_security_ops = talloc_realloc(talloc_autofree_context(),
generic_security_ops,
- struct gensec_security_ops *,
+ const struct gensec_security_ops *,
gensec_num_backends+2);
if (!generic_security_ops) {
return NT_STATUS_NO_MEMORY;
}
- generic_security_ops[gensec_num_backends] = discard_const_p(struct gensec_security_ops, ops);
+ generic_security_ops[gensec_num_backends] = ops;
gensec_num_backends++;
generic_security_ops[gensec_num_backends] = NULL;
return &critical_sizes;
}
-static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_ops **gs2) {
+static int sort_gensec(const struct gensec_security_ops **gs1, const struct gensec_security_ops **gs2) {
return (*gs2)->priority - (*gs1)->priority;
}
const DATA_BLOB in, DATA_BLOB *out)
{
int i,j;
- struct gensec_security_ops **all_ops
- = gensec_security_mechs(gensec_security, out_mem_ctx);
- for (i=0; all_ops[i]; i++) {
+ const struct gensec_security_ops **all_ops;
+
+ all_ops = gensec_security_mechs(gensec_security, out_mem_ctx);
+
+ for (i=0; all_ops && all_ops[i]; i++) {
bool is_spnego;
NTSTATUS nt_status;
return nt_status;
}
} else {
+ const struct gensec_security_ops **backends = NULL;
struct gensec_settings *gensec_settings;
struct loadparm_context *lp_ctx;
size_t idx = 0;
return NT_STATUS_NO_MEMORY;
}
- gensec_settings->backends = talloc_zero_array(gensec_settings,
- struct gensec_security_ops *, 4);
- if (gensec_settings->backends == NULL) {
+ backends = talloc_zero_array(gensec_settings,
+ const struct gensec_security_ops *, 4);
+ if (backends == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
+ gensec_settings->backends = backends;
gensec_init();
/* These need to be in priority order, krb5 before NTLMSSP */
#if defined(HAVE_KRB5)
- gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
+ backends[idx++] = &gensec_gse_krb5_security_ops;
#endif
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
- GENSEC_OID_SPNEGO);
+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
/*
* This is anonymous for now, because we just use it
const char *cc = "MEMORY:kerberos_return_pac";
struct auth_session_info *session_info;
struct gensec_security *gensec_server_context;
-
+ const struct gensec_security_ops **backends;
struct gensec_settings *gensec_settings;
size_t idx = 0;
struct auth4_context *auth_context;
goto out;
}
- gensec_settings->backends = talloc_zero_array(gensec_settings,
- struct gensec_security_ops *, 2);
- if (gensec_settings->backends == NULL) {
+ backends = talloc_zero_array(gensec_settings,
+ const struct gensec_security_ops *, 2);
+ if (backends == NULL) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
+ gensec_settings->backends = backends;
gensec_init();
- gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
+ backends[idx++] = &gensec_gse_krb5_security_ops;
status = gensec_server_start(tmp_ctx, gensec_settings,
auth_context, &gensec_server_context);
NTSTATUS nt_status;
size_t idx = 0;
struct gensec_settings *gensec_settings;
+ const struct gensec_security_ops **backends = NULL;
struct loadparm_context *lp_ctx;
ans = talloc_zero(mem_ctx, struct auth_generic_state);
return NT_STATUS_NO_MEMORY;
}
- gensec_settings->backends = talloc_zero_array(gensec_settings,
- struct gensec_security_ops *, 4);
- if (gensec_settings->backends == NULL) {
+ backends = talloc_zero_array(gensec_settings,
+ const struct gensec_security_ops *, 4);
+ if (backends == NULL) {
TALLOC_FREE(ans);
return NT_STATUS_NO_MEMORY;
}
+ gensec_settings->backends = backends;
gensec_init();
/* These need to be in priority order, krb5 before NTLMSSP */
#if defined(HAVE_KRB5)
- gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
+ backends[idx++] = &gensec_gse_krb5_security_ops;
#endif
- gensec_settings->backends[idx++] = &gensec_ntlmssp3_client_ops;
+ backends[idx++] = &gensec_ntlmssp3_client_ops;
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
- GENSEC_OID_SPNEGO);
+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
NTSTATUS nt_status;
TALLOC_CTX *tmp_ctx;
-
+ const struct gensec_security_ops **backends;
struct gensec_settings *gensec_settings;
size_t idx = 0;
struct cli_credentials *server_credentials;
gensec_settings->server_dns_name = strlower_talloc(gensec_settings,
get_mydnsfullname());
- gensec_settings->backends = talloc_zero_array(gensec_settings,
- struct gensec_security_ops *, 4);
+ backends = talloc_zero_array(gensec_settings,
+ const struct gensec_security_ops *, 4);
- if (gensec_settings->backends == NULL) {
+ if (backends == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
-
+ gensec_settings->backends = backends;
+
gensec_init();
/* These need to be in priority order, krb5 before NTLMSSP */
#if defined(HAVE_KRB5)
- gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
+ backends[idx++] = &gensec_gse_krb5_security_ops;
#endif
-
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
- gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
- GENSEC_OID_SPNEGO);
-
+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
+
+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
+
/*
* This is anonymous for now, because we just use it
* to set the kerberos state at the moment
if (conn->server_credentials) {
char **sasl_mechs = NULL;
- struct gensec_security_ops **backends = gensec_security_all();
- struct gensec_security_ops **ops
+ const struct gensec_security_ops * const *backends = gensec_security_all();
+ const struct gensec_security_ops **ops
= gensec_use_kerberos_mechs(conn, backends, conn->server_credentials);
unsigned int i, j = 0;
for (i = 0; ops && ops[i]; i++) {