auth/gensec: introduce gensec_security_ops.glue in order to avoid depending on GENSEC...

In future we have get more backends that can negotiate other backends,
we should keep all of them even if we require kerberos.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h
index c73be11ded69f3dfdcef735c0db75b971be7f2c1..911b48b52d625f79165081fba5c2018e736948f3 100644 (file)
--- a/auth/gensec/gensec_internal.h
+++ b/auth/gensec/gensec_internal.h
@@ -86,6 +86,7 @@ struct gensec_security_ops {
        bool enabled;
        bool kerberos;
        enum gensec_priority priority;
+       bool glue;
 };
 
 struct gensec_security_ops_wrapper {

diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 6a1293588cd82430c20a1ff434203b537ea40f37..42766200a5930497dd111252b9fbc4b6ecb3f431 100644 (file)
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -98,15 +98,12 @@ _PUBLIC_ const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX
 
        j = 0;
        for (i=0; old_gensec_list && old_gensec_list[i]; i++) {
-               int oid_idx;
                bool keep = false;
 
-               for (oid_idx = 0; old_gensec_list[i]->oid && old_gensec_list[i]->oid[oid_idx]; oid_idx++) {
-                       if (strcmp(old_gensec_list[i]->oid[oid_idx], GENSEC_OID_SPNEGO) == 0) {
-                               keep = true;
-                               break;
-                       }
-               }
+               /*
+                * We want to keep SPNGEO and other backends
+                */
+               keep = old_gensec_list[i]->glue;
 
                if (old_gensec_list[i]->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
                        keep = keep_schannel;

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 2872e7d82e63f1bc4079512e0e6948241fae4933..9857e78184b3fd21baf42bd7534077459a14a257 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -2182,7 +2182,8 @@ static const struct gensec_security_ops gensec_spnego_security_ops = {
        .expire_time      = gensec_child_expire_time,
        .final_auth_type  = gensec_child_final_auth_type,
        .enabled          = true,
-       .priority         = GENSEC_SPNEGO
+       .priority         = GENSEC_SPNEGO,
+       .glue             = true,
 };
 
 _PUBLIC_ NTSTATUS gensec_spnego_init(TALLOC_CTX *ctx)