[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Tue Jun 4 08:17:01 UTC 2024
The branch, master has been updated
via 6b3135078e0 lib: Align an integer type
via 5ae1605fc22 lib: Fix an error path memleak
via 0321f31a8e1 lib: Use talloc_asprintf_addbufin _ber_read_OID_String_impl
via 4313add2bf5 lib: Use unsigned long in ber_write_OID_String
via 8f90ec12a56 lib: gensec.h references NTTIME, add time.h
via b317408591d wbclient: Fix a typo
via 021dfe8f33b winbind: Modernize a few DEBUGs
via bc2b2350b94 smbd: Fix whitespace
via b29e408e140 libsmb: Use SMB2_0_INFO_SECURITY instead of raw "3"
via 5c736ffe354 gensec: Simplify gensec_security_by_fn()
via 82c477b9807 gensec: Filter out disabled mechs in gensec_security_mechs()
via 426c0847670 gensec: Refactor gensec_security_mechs()
via b28de27f6b8 gensec: Simplify gensec_security_by_*
via 9445d8e06e8 torture: Remove some pointless local variables
via df30ec83c96 lib: Use cli_credentials_add_gensec_features in a few places
via b436f5fec11 creds: Add cli_credentials_add_gensec_features
via dc31a49830d libsmb: Slightly simplify cli_session_creds_init
from 4cade04d1f1 vfs_ceph: Implement SMB_VFS_FSET_DOS_ATTRIBUTES for precise btime
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6b3135078e0f6c67566f4312998bc4032e387e19
Author: Volker Lendecke <vl at samba.org>
Date: Thu May 23 16:13:58 2024 +0200
lib: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Jun 4 08:16:58 UTC 2024 on atb-devel-224
commit 5ae1605fc22acf672f46ba08f6b2ef4f675e92b8
Author: Volker Lendecke <vl at samba.org>
Date: Thu May 23 16:12:53 2024 +0200
lib: Fix an error path memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0321f31a8e1364b32fad61e99856024eaed0b81e
Author: Volker Lendecke <vl at samba.org>
Date: Thu May 23 16:06:37 2024 +0200
lib: Use talloc_asprintf_addbufin _ber_read_OID_String_impl
Just one NULL check required
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4313add2bf5ee41a5cbcac79135da96d5424ec2d
Author: Volker Lendecke <vl at samba.org>
Date: Thu May 23 16:04:52 2024 +0200
lib: Use unsigned long in ber_write_OID_String
This is what smb_strtoul returns, so use it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8f90ec12a560bfe08b0bf9ae447b789bbcc22dda
Author: Volker Lendecke <vl at samba.org>
Date: Thu May 23 15:48:55 2024 +0200
lib: gensec.h references NTTIME, add time.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b317408591da4cbb8facd1e9215fd204078722b7
Author: Volker Lendecke <vl at samba.org>
Date: Fri May 24 18:34:05 2024 +0200
wbclient: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 021dfe8f33b3d21ec16ac6e4a28f5a1d09b838a3
Author: Volker Lendecke <vl at samba.org>
Date: Fri May 24 18:48:29 2024 +0200
winbind: Modernize a few DEBUGs
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bc2b2350b94cbfc53628852026f68f71f09607e6
Author: Volker Lendecke <vl at samba.org>
Date: Sat May 25 12:17:46 2024 +0200
smbd: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b29e408e140b74b82ba04391fd1ded43444c83b6
Author: Volker Lendecke <vl at samba.org>
Date: Sat May 25 12:41:58 2024 +0200
libsmb: Use SMB2_0_INFO_SECURITY instead of raw "3"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5c736ffe35408a6344e5c4c4ae57b89e09e51918
Author: Volker Lendecke <vl at samba.org>
Date: Wed May 29 17:11:51 2024 +0200
gensec: Simplify gensec_security_by_fn()
We don't need that intermediate talloc ctx, we only allocate backends
and don't pass it anywhere else.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 82c477b98071346a0e4e9162d9a200d1755533a7
Author: Volker Lendecke <vl at samba.org>
Date: Wed May 29 17:08:26 2024 +0200
gensec: Filter out disabled mechs in gensec_security_mechs()
Every single caller of gensec_security_mechs() had to manually filter
out disabled mechanisms. Don't offer them from the start.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 426c08476704f8ac574a18562719517c6084ed3f
Author: Volker Lendecke <vl at samba.org>
Date: Tue May 28 18:49:41 2024 +0200
gensec: Refactor gensec_security_mechs()
The decision whether to offer a mechanism was split between
gensec_security_mechs() and gensec_use_kerberos_mechs() with two
booleans passed down. Consolidate that decision into one
gensec_offer_mech() function that queries all information on its own.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b28de27f6b880962e9183d28d76f27ce0847bd36
Author: Volker Lendecke <vl at samba.org>
Date: Tue May 28 15:52:05 2024 +0200
gensec: Simplify gensec_security_by_*
Centralize looping over all backends
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9445d8e06e8b8bb25ddb55ae045c51c56f3210cf
Author: Volker Lendecke <vl at samba.org>
Date: Tue May 28 14:52:25 2024 +0200
torture: Remove some pointless local variables
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit df30ec83c961d8333d76ed13aa1944a2e93f9050
Author: Volker Lendecke <vl at samba.org>
Date: Tue May 28 12:38:18 2024 +0200
lib: Use cli_credentials_add_gensec_features in a few places
Capture a common pattern
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b436f5fec117ba746546bc1e8ed8adb2bf3756a2
Author: Volker Lendecke <vl at samba.org>
Date: Tue May 28 12:32:58 2024 +0200
creds: Add cli_credentials_add_gensec_features
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dc31a49830d6a01b177293ededa856c8d4be06ab
Author: Volker Lendecke <vl at samba.org>
Date: Tue May 28 12:23:35 2024 +0200
libsmb: Slightly simplify cli_session_creds_init
In this case a nested if seems easier to understand to me than another
if-expression duplicating half of a previous one.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 9 +
auth/credentials/credentials.h | 3 +
auth/gensec/gensec.h | 3 +-
auth/gensec/gensec_start.c | 336 ++++++++++++++----------------
auth/gensec/spnego.c | 6 -
lib/cmdline/cmdline.c | 10 +-
lib/util/asn1.c | 19 +-
nsswitch/libwbclient/wbc_pam.c | 2 +-
source3/lib/netapi/netapi.c | 8 +-
source3/libsmb/cliconnect.c | 42 ++--
source3/libsmb/clisecdesc.c | 16 +-
source3/libsmb/libsmb_context.c | 8 +-
source3/smbd/srvstr.c | 8 +-
source3/torture/locktest2.c | 12 +-
source3/utils/net.c | 10 +-
source3/winbindd/winbindd_ccache_access.c | 29 ++-
source3/winbindd/winbindd_pam.c | 17 +-
17 files changed, 242 insertions(+), 296 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 441db6f0e5b..174858fb83a 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -171,6 +171,15 @@ _PUBLIC_ bool cli_credentials_set_gensec_features(struct cli_credentials *creds,
return false;
}
+_PUBLIC_ bool cli_credentials_add_gensec_features(
+ struct cli_credentials *creds,
+ uint32_t gensec_features,
+ enum credentials_obtained obtained)
+{
+ return cli_credentials_set_gensec_features(
+ creds, creds->gensec_features | gensec_features, obtained);
+}
+
_PUBLIC_ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
{
return creds->gensec_features;
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 386647c7aae..2b95b963766 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -253,6 +253,9 @@ bool cli_credentials_set_gensec_features(struct cli_credentials *creds,
uint32_t gensec_features,
enum credentials_obtained obtained);
uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds);
+bool cli_credentials_add_gensec_features(struct cli_credentials *creds,
+ uint32_t gensec_features,
+ enum credentials_obtained obtained);
int cli_credentials_set_ccache(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
const char *name,
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index 25242384f55..24abacfb2aa 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -25,6 +25,7 @@
#include "../lib/util/data_blob.h"
#include "libcli/util/ntstatus.h"
+#include "lib/util/time.h"
#define GENSEC_SASL_NAME_NTLMSSP "NTLM"
@@ -301,8 +302,6 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
const DATA_BLOB *in,
DATA_BLOB *out);
-bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security);
-
NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
const char *sasl_name);
const char **gensec_security_sasl_names(struct gensec_security *gensec_security,
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 4405aca278d..05d0d3cf7a7 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -43,7 +43,8 @@
static const struct gensec_security_ops **generic_security_ops;
static int gensec_num_backends;
-bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security)
+static bool gensec_security_ops_enabled(const struct gensec_security_ops *ops,
+ struct gensec_security *security)
{
bool ok = lpcfg_parm_bool(security->settings->lp_ctx,
NULL,
@@ -79,72 +80,66 @@ bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct g
* more complex.
*/
-static const struct gensec_security_ops **gensec_use_kerberos_mechs(
- TALLOC_CTX *mem_ctx,
- const struct gensec_security_ops * const *old_gensec_list,
- enum credentials_use_kerberos use_kerberos,
- bool keep_schannel)
+static bool gensec_offer_mech(struct gensec_security *gensec_security,
+ const struct gensec_security_ops *mech)
{
- const struct gensec_security_ops **new_gensec_list;
- int i, j, num_mechs_in;
+ struct cli_credentials *creds = NULL;
+ enum credentials_use_kerberos use_kerberos;
+ bool offer;
- for (num_mechs_in=0; old_gensec_list && old_gensec_list[num_mechs_in]; num_mechs_in++) {
- /* noop */
- }
+ /*
+ * We want to always offer SPNEGO and other backends
+ */
+ offer = mech->glue;
- new_gensec_list = talloc_array(mem_ctx,
- const struct gensec_security_ops *,
- num_mechs_in + 1);
- if (!new_gensec_list) {
- return NULL;
+ if (gensec_security != NULL) {
+ creds = gensec_get_credentials(gensec_security);
}
- j = 0;
- for (i=0; old_gensec_list && old_gensec_list[i]; i++) {
- bool keep = false;
-
+ if ((mech->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) && (creds != NULL))
+ {
+ if (cli_credentials_get_netlogon_creds(creds) != NULL) {
+ offer = true;
+ }
/*
- * We want to keep SPNEGO and other backends
+ * Even if Kerberos is set to REQUIRED, offer the
+ * schannel auth mechanism so that machine accounts are
+ * able to authenticate via netlogon.
*/
- keep = old_gensec_list[i]->glue;
-
- if (old_gensec_list[i]->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
- keep = keep_schannel;
+ if (gensec_security->gensec_role == GENSEC_SERVER) {
+ offer = true;
}
+ }
- switch (use_kerberos) {
- case CRED_USE_KERBEROS_DESIRED:
- keep = true;
- break;
-
- case CRED_USE_KERBEROS_DISABLED:
- if (old_gensec_list[i]->kerberos == false) {
- keep = true;
- }
-
- break;
-
- case CRED_USE_KERBEROS_REQUIRED:
- if (old_gensec_list[i]->kerberos == true) {
- keep = true;
- }
+ use_kerberos = CRED_USE_KERBEROS_DESIRED;
+ if (creds != NULL) {
+ use_kerberos = cli_credentials_get_kerberos_state(creds);
+ }
- break;
- default:
- /* Can't happen or invalid parameter */
- return NULL;
+ switch (use_kerberos) {
+ case CRED_USE_KERBEROS_DESIRED:
+ offer = true;
+ break;
+ case CRED_USE_KERBEROS_DISABLED:
+ if (!mech->kerberos) {
+ offer = true;
}
-
- if (!keep) {
- continue;
+ break;
+ case CRED_USE_KERBEROS_REQUIRED:
+ if (mech->kerberos) {
+ offer = true;
}
+ break;
+ default:
+ /* Can't happen or invalid parameter */
+ offer = false;
+ }
- new_gensec_list[j] = old_gensec_list[i];
- j++;
+ if (offer && (gensec_security != NULL)) {
+ offer = gensec_security_ops_enabled(mech, gensec_security);
}
- new_gensec_list[j] = NULL;
- return new_gensec_list;
+ return offer;
}
_PUBLIC_ const struct gensec_security_ops **gensec_security_mechs(
@@ -153,159 +148,147 @@ _PUBLIC_ const struct gensec_security_ops **gensec_security_mechs(
{
const struct gensec_security_ops * const *backends =
generic_security_ops;
- enum credentials_use_kerberos use_kerberos = CRED_USE_KERBEROS_DESIRED;
- bool keep_schannel = false;
-
- if (gensec_security != NULL) {
- struct cli_credentials *creds = NULL;
-
- creds = gensec_get_credentials(gensec_security);
- if (creds != NULL) {
- use_kerberos = cli_credentials_get_kerberos_state(creds);
- if (cli_credentials_get_netlogon_creds(creds) != NULL) {
- keep_schannel = true;
- }
-
- /*
- * Even if Kerberos is set to REQUIRED, keep the
- * schannel auth mechanism so that machine accounts are
- * able to authenticate via netlogon.
- */
- if (gensec_security->gensec_role == GENSEC_SERVER) {
- keep_schannel = true;
- }
- }
+ const struct gensec_security_ops **result = NULL;
+ size_t i, j, num_backends;
- if (gensec_security->settings->backends) {
- backends = gensec_security->settings->backends;
- }
+ if ((gensec_security != NULL) &&
+ (gensec_security->settings->backends != NULL)) {
+ backends = gensec_security->settings->backends;
}
- return gensec_use_kerberos_mechs(mem_ctx, backends,
- use_kerberos, keep_schannel);
+ if (backends == NULL) {
+ /* Just return the NULL terminator */
+ return talloc_zero(mem_ctx,
+ const struct gensec_security_ops *);
+ }
-}
+ for (num_backends = 0; backends[num_backends]; num_backends++) {
+ /* noop */
+ }
-_PUBLIC_ const struct gensec_security_ops *gensec_security_by_oid(
- struct gensec_security *gensec_security,
- const char *oid_string)
-{
- int i, j;
- const struct gensec_security_ops **backends;
- const struct gensec_security_ops *backend;
- TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
- if (!mem_ctx) {
+ result = talloc_array(
+ mem_ctx, const struct gensec_security_ops *, num_backends + 1);
+ if (result == NULL) {
return NULL;
}
- backends = gensec_security_mechs(gensec_security, mem_ctx);
- for (i=0; backends && backends[i]; i++) {
- if (gensec_security != NULL &&
- !gensec_security_ops_enabled(backends[i],
- gensec_security))
- continue;
- if (backends[i]->oid) {
- for (j=0; backends[i]->oid[j]; j++) {
- if (backends[i]->oid[j] &&
- (strcmp(backends[i]->oid[j], oid_string) == 0)) {
- backend = backends[i];
- talloc_free(mem_ctx);
- return backend;
- }
- }
+
+ j = 0;
+ for (i = 0; backends[i]; i++) {
+ bool offer = gensec_offer_mech(gensec_security, backends[i]);
+ if (offer) {
+ result[j++] = backends[i];
}
}
- talloc_free(mem_ctx);
- return NULL;
+ result[j] = NULL;
+ return result;
}
-_PUBLIC_ const struct gensec_security_ops *gensec_security_by_sasl_name(
- struct gensec_security *gensec_security,
- const char *sasl_name)
+static const struct gensec_security_ops *gensec_security_by_fn(
+ struct gensec_security *gensec_security,
+ bool (*fn)(const struct gensec_security_ops *backend,
+ const void *private_data),
+ const void *private_data)
{
- int i;
- const struct gensec_security_ops **backends;
- const struct gensec_security_ops *backend;
- TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
- if (!mem_ctx) {
+ size_t i;
+ const struct gensec_security_ops **backends = NULL;
+
+ backends = gensec_security_mechs(gensec_security, gensec_security);
+ if (backends == NULL) {
return NULL;
}
- backends = gensec_security_mechs(gensec_security, mem_ctx);
- for (i=0; backends && backends[i]; i++) {
- if (gensec_security != NULL &&
- !gensec_security_ops_enabled(backends[i], gensec_security)) {
- continue;
- }
- if (backends[i]->sasl_name
- && (strcmp(backends[i]->sasl_name, sasl_name) == 0)) {
- backend = backends[i];
- talloc_free(mem_ctx);
+
+ for (i = 0; backends[i] != NULL; i++) {
+ const struct gensec_security_ops *backend = backends[i];
+ bool ok;
+
+ ok = fn(backend, private_data);
+ if (ok) {
+ TALLOC_FREE(backends);
return backend;
}
}
- talloc_free(mem_ctx);
+ TALLOC_FREE(backends);
return NULL;
}
-_PUBLIC_ const struct gensec_security_ops *gensec_security_by_auth_type(
- struct gensec_security *gensec_security,
- uint32_t auth_type)
+static bool by_oid_fn(const struct gensec_security_ops *backend,
+ const void *private_data)
{
+ const char *oid = private_data;
int i;
- const struct gensec_security_ops **backends;
- const struct gensec_security_ops *backend;
- TALLOC_CTX *mem_ctx;
- if (auth_type == DCERPC_AUTH_TYPE_NONE) {
- return NULL;
+ if (backend->oid == NULL) {
+ return false;
}
- mem_ctx = talloc_new(gensec_security);
- if (!mem_ctx) {
- return NULL;
- }
- backends = gensec_security_mechs(gensec_security, mem_ctx);
- for (i=0; backends && backends[i]; i++) {
- if (gensec_security != NULL &&
- !gensec_security_ops_enabled(backends[i], gensec_security)) {
- continue;
- }
- if (backends[i]->auth_type == auth_type) {
- backend = backends[i];
- talloc_free(mem_ctx);
- return backend;
+ for (i = 0; backend->oid[i] != NULL; i++) {
+ if (strcmp(backend->oid[i], oid) == 0) {
+ return true;
}
}
- talloc_free(mem_ctx);
+ return false;
+}
- return NULL;
+_PUBLIC_ const struct gensec_security_ops *gensec_security_by_oid(
+ struct gensec_security *gensec_security,
+ const char *oid_string)
+{
+ return gensec_security_by_fn(gensec_security, by_oid_fn, oid_string);
}
-const struct gensec_security_ops *gensec_security_by_name(struct gensec_security *gensec_security,
- const char *name)
+static bool by_sasl_name_fn(const struct gensec_security_ops *backend,
+ const void *private_data)
{
- int i;
- const struct gensec_security_ops **backends;
- const struct gensec_security_ops *backend;
- TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
- if (!mem_ctx) {
+ const char *sasl_name = private_data;
+ if (backend->sasl_name == NULL) {
+ return false;
+ }
+ return (strcmp(backend->sasl_name, sasl_name) == 0);
+}
+
+_PUBLIC_ const struct gensec_security_ops *gensec_security_by_sasl_name(
+ struct gensec_security *gensec_security,
+ const char *sasl_name)
+{
+ return gensec_security_by_fn(
+ gensec_security, by_sasl_name_fn, sasl_name);
+}
+
+static bool by_auth_type_fn(const struct gensec_security_ops *backend,
+ const void *private_data)
+{
+ uint32_t auth_type = *((const uint32_t *)private_data);
+ return (backend->auth_type == auth_type);
+}
+
+_PUBLIC_ const struct gensec_security_ops *gensec_security_by_auth_type(
+ struct gensec_security *gensec_security,
+ uint32_t auth_type)
+{
+ if (auth_type == DCERPC_AUTH_TYPE_NONE) {
return NULL;
}
- backends = gensec_security_mechs(gensec_security, mem_ctx);
- for (i=0; backends && backends[i]; i++) {
- if (gensec_security != NULL &&
- !gensec_security_ops_enabled(backends[i], gensec_security))
- continue;
- if (backends[i]->name
- && (strcmp(backends[i]->name, name) == 0)) {
- backend = backends[i];
- talloc_free(mem_ctx);
- return backend;
- }
+ return gensec_security_by_fn(
+ gensec_security, by_auth_type_fn, &auth_type);
+}
+
+static bool by_name_fn(const struct gensec_security_ops *backend,
+ const void *private_data)
+{
+ const char *name = private_data;
+ if (backend->name == NULL) {
+ return false;
}
- talloc_free(mem_ctx);
- return NULL;
+ return (strcmp(backend->name, name) == 0);
+}
+
+_PUBLIC_ const struct gensec_security_ops *gensec_security_by_name(
+ struct gensec_security *gensec_security,
+ const char *name)
+{
+ return gensec_security_by_fn(gensec_security, by_name_fn, name);
}
static const char **gensec_security_sasl_names_from_ops(
@@ -334,11 +317,6 @@ static const char **gensec_security_sasl_names_from_ops(
}
if (gensec_security != NULL) {
- if (!gensec_security_ops_enabled(ops[i],
- gensec_security)) {
- continue;
- }
-
role = gensec_security->gensec_role;
}
@@ -428,9 +406,6 @@ static const struct gensec_security_ops **gensec_security_by_sasl_list(
/* Find backends in our preferred order, by walking our list,
* then looking in the supplied list */
for (i=0; backends && backends[i]; i++) {
- if (gensec_security != NULL &&
- !gensec_security_ops_enabled(backends[i], gensec_security))
- continue;
for (sasl_idx = 0; sasl_names[sasl_idx]; sasl_idx++) {
if (!backends[i]->sasl_name ||
!(strcmp(backends[i]->sasl_name,
@@ -500,9 +475,6 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
/* Find backends in our preferred order, by walking our list,
* then looking in the supplied list */
for (i=0; backends && backends[i]; i++) {
- if (gensec_security != NULL &&
- !gensec_security_ops_enabled(backends[i], gensec_security))
- continue;
if (!backends[i]->oid) {
continue;
}
@@ -570,10 +542,6 @@ static const char **gensec_security_oids_from_ops(
}
for (i=0; ops && ops[i]; i++) {
- if (gensec_security != NULL &&
- !gensec_security_ops_enabled(ops[i], gensec_security)) {
- continue;
- }
if (!ops[i]->oid) {
continue;
}
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 717f643957a..d63d292f168 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -242,12 +242,6 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
--
Samba Shared Repository
More information about the samba-cvs
mailing list