From: Andreas Schneider Date: Thu, 25 Apr 2024 13:51:40 +0000 (+0200) Subject: s3:gse: Implement gensec_gse_security_by_oid() X-Git-Tag: tdb-1.4.11~789 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc2a2399e5202a03087500056db3c575eda69a27;p=thirdparty%2Fsamba.git s3:gse: Implement gensec_gse_security_by_oid() Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher --- diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c index 19530625bde..a5cfd69c506 100644 --- a/source3/auth/auth_generic.c +++ b/source3/auth/auth_generic.c @@ -488,7 +488,8 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, /* These need to be in priority order, krb5 before NTLMSSP */ #if defined(HAVE_KRB5) - backends[idx++] = &gensec_gse_krb5_security_ops; + backends[idx++] = gensec_gse_security_by_oid( + GENSEC_OID_KERBEROS5); #endif backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP); diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 6673b2ff752..426f1b3b015 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -272,7 +272,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, gensec_init(); - backends[idx++] = &gensec_gse_krb5_security_ops; + backends[idx++] = gensec_gse_security_by_oid(GENSEC_OID_KERBEROS5); status = gensec_server_start(tmp_ctx, gensec_settings, auth_context, &gensec_server_context); diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index 2432143c249..d52e3d84249 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -1479,7 +1479,7 @@ static const char *gensec_gse_krb5_oids[] = { NULL }; -const struct gensec_security_ops gensec_gse_krb5_security_ops = { +static const struct gensec_security_ops gensec_gse_krb5_security_ops = { .name = "gse_krb5", .auth_type = DCERPC_AUTH_TYPE_KRB5, .oid = gensec_gse_krb5_oids, @@ -1507,4 +1507,16 @@ const struct gensec_security_ops gensec_gse_krb5_security_ops = { .priority = GENSEC_GSSAPI }; +const struct gensec_security_ops *gensec_gse_security_by_oid( + const char *oid_string) +{ + int cmp; + + cmp = strcmp(oid_string, GENSEC_OID_KERBEROS5); + if (cmp == 0) { + return &gensec_gse_krb5_security_ops; + } + + return NULL; +} #endif /* HAVE_KRB5 */ diff --git a/source3/librpc/crypto/gse.h b/source3/librpc/crypto/gse.h index 8618573b4aa..1ce8446c55c 100644 --- a/source3/librpc/crypto/gse.h +++ b/source3/librpc/crypto/gse.h @@ -21,6 +21,7 @@ struct gse_context; -extern const struct gensec_security_ops gensec_gse_krb5_security_ops; +const struct gensec_security_ops *gensec_gse_security_by_oid( + const char *oid_string); #endif /* _GSE_H_ */ diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c index b4f283f388a..f1f70a4f30d 100644 --- a/source3/libsmb/auth_generic.c +++ b/source3/libsmb/auth_generic.c @@ -98,7 +98,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st /* These need to be in priority order, krb5 before NTLMSSP */ #if defined(HAVE_KRB5) - backends[idx++] = &gensec_gse_krb5_security_ops; + backends[idx++] = gensec_gse_security_by_oid(GENSEC_OID_KERBEROS5); #endif backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP); diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 946754d26d2..a9e21298f25 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1208,7 +1208,7 @@ static NTSTATUS ntlm_auth_prepare_gensec_client(TALLOC_CTX *mem_ctx, /* These need to be in priority order, krb5 before NTLMSSP */ #if defined(HAVE_KRB5) - backends[idx++] = &gensec_gse_krb5_security_ops; + backends[idx++] = gensec_gse_security_by_oid(GENSEC_OID_KERBEROS5); #endif backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP); @@ -1336,7 +1336,7 @@ static NTSTATUS ntlm_auth_prepare_gensec_server(TALLOC_CTX *mem_ctx, /* These need to be in priority order, krb5 before NTLMSSP */ #if defined(HAVE_KRB5) - backends[idx++] = &gensec_gse_krb5_security_ops; + backends[idx++] = gensec_gse_security_by_oid(GENSEC_OID_KERBEROS5); #endif backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);