gensec: Filter out disabled mechs in gensec_security_mechs()

Every single caller of gensec_security_mechs() had to manually filter
out disabled mechanisms. Don't offer them from the start.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index 25242384f5552deaa5f978c3e3e2a573f1668f76..2135eba6dc6263ba6707767d7024b983c32519a3 100644 (file)
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -301,8 +301,6 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
                     const DATA_BLOB *in,
                     DATA_BLOB *out);
 
-bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security);
-
 NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
                                        const char *sasl_name);
 const char **gensec_security_sasl_names(struct gensec_security *gensec_security,

diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index c4c5f04029bdf1b601d7854916192654aff6c591..23e6e170ecd378091eaf8446303a022eb8065186 100644 (file)
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -43,7 +43,8 @@
 static const struct gensec_security_ops **generic_security_ops;
 static int gensec_num_backends;
 
-bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security)
+static bool gensec_security_ops_enabled(const struct gensec_security_ops *ops,
+                                       struct gensec_security *security)
 {
        bool ok = lpcfg_parm_bool(security->settings->lp_ctx,
                                  NULL,
@@ -134,6 +135,10 @@ static bool gensec_offer_mech(struct gensec_security *gensec_security,
                offer = false;
        }
 
+       if (offer && (gensec_security != NULL)) {
+               offer = gensec_security_ops_enabled(mech, gensec_security);
+       }
+
        return offer;
 }
 
@@ -204,11 +209,6 @@ static const struct gensec_security_ops *gensec_security_by_fn(
                const struct gensec_security_ops *backend = backends[i];
                bool ok;
 
-               if ((gensec_security != NULL)  &&
-                   !gensec_security_ops_enabled(backend, gensec_security)) {
-                       continue;
-               }
-
                ok = fn(backend, private_data);
                if (ok) {
                        TALLOC_FREE(mem_ctx);
@@ -324,11 +324,6 @@ static const char **gensec_security_sasl_names_from_ops(
                }
 
                if (gensec_security != NULL) {
-                       if (!gensec_security_ops_enabled(ops[i],
-                                                        gensec_security)) {
-                               continue;
-                       }
-
                        role = gensec_security->gensec_role;
                }
 
@@ -418,9 +413,6 @@ static const struct gensec_security_ops **gensec_security_by_sasl_list(
        /* Find backends in our preferred order, by walking our list,
         * then looking in the supplied list */
        for (i=0; backends && backends[i]; i++) {
-               if (gensec_security != NULL &&
-                               !gensec_security_ops_enabled(backends[i], gensec_security))
-                   continue;
                for (sasl_idx = 0; sasl_names[sasl_idx]; sasl_idx++) {
                        if (!backends[i]->sasl_name ||
                            !(strcmp(backends[i]->sasl_name,
@@ -490,9 +482,6 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
        /* Find backends in our preferred order, by walking our list,
         * then looking in the supplied list */
        for (i=0; backends && backends[i]; i++) {
-               if (gensec_security != NULL &&
-                               !gensec_security_ops_enabled(backends[i], gensec_security))
-                   continue;
                if (!backends[i]->oid) {
                        continue;
                }
@@ -560,10 +549,6 @@ static const char **gensec_security_oids_from_ops(
        }
 
        for (i=0; ops && ops[i]; i++) {
-               if (gensec_security != NULL &&
-                       !gensec_security_ops_enabled(ops[i], gensec_security)) {
-                       continue;
-               }
                if (!ops[i]->oid) {
                        continue;
                }

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 717f643957ab2b4a69019c0aa4051ec2a2a53a86..d63d292f1689049d13a20c09c99729dad2aaf642 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -242,12 +242,6 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
                bool is_spnego;
                NTSTATUS nt_status;
 
-               if (gensec_security != NULL &&
-                   !gensec_security_ops_enabled(all_ops[i], gensec_security))
-               {
-                       continue;
-               }
-
                if (!all_ops[i]->oid) {
                        continue;
                }