From 82c477b98071346a0e4e9162d9a200d1755533a7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 29 May 2024 17:08:26 +0200 Subject: [PATCH] gensec: Filter out disabled mechs in gensec_security_mechs() Every single caller of gensec_security_mechs() had to manually filter out disabled mechanisms. Don't offer them from the start. Signed-off-by: Volker Lendecke Reviewed-by: Andrew Bartlett --- auth/gensec/gensec.h | 2 -- auth/gensec/gensec_start.c | 27 ++++++--------------------- auth/gensec/spnego.c | 6 ------ 3 files changed, 6 insertions(+), 29 deletions(-) diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h index 25242384f55..2135eba6dc6 100644 --- a/auth/gensec/gensec.h +++ b/auth/gensec/gensec.h @@ -301,8 +301,6 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security, const DATA_BLOB *in, DATA_BLOB *out); -bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security); - NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, const char *sasl_name); const char **gensec_security_sasl_names(struct gensec_security *gensec_security, diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c index c4c5f04029b..23e6e170ecd 100644 --- a/auth/gensec/gensec_start.c +++ b/auth/gensec/gensec_start.c @@ -43,7 +43,8 @@ static const struct gensec_security_ops **generic_security_ops; static int gensec_num_backends; -bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security) +static bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, + struct gensec_security *security) { bool ok = lpcfg_parm_bool(security->settings->lp_ctx, NULL, @@ -134,6 +135,10 @@ static bool gensec_offer_mech(struct gensec_security *gensec_security, offer = false; } + if (offer && (gensec_security != NULL)) { + offer = gensec_security_ops_enabled(mech, gensec_security); + } + return offer; } @@ -204,11 +209,6 @@ static const struct gensec_security_ops *gensec_security_by_fn( const struct gensec_security_ops *backend = backends[i]; bool ok; - if ((gensec_security != NULL) && - !gensec_security_ops_enabled(backend, gensec_security)) { - continue; - } - ok = fn(backend, private_data); if (ok) { TALLOC_FREE(mem_ctx); @@ -324,11 +324,6 @@ static const char **gensec_security_sasl_names_from_ops( } if (gensec_security != NULL) { - if (!gensec_security_ops_enabled(ops[i], - gensec_security)) { - continue; - } - role = gensec_security->gensec_role; } @@ -418,9 +413,6 @@ static const struct gensec_security_ops **gensec_security_by_sasl_list( /* Find backends in our preferred order, by walking our list, * then looking in the supplied list */ for (i=0; backends && backends[i]; i++) { - if (gensec_security != NULL && - !gensec_security_ops_enabled(backends[i], gensec_security)) - continue; for (sasl_idx = 0; sasl_names[sasl_idx]; sasl_idx++) { if (!backends[i]->sasl_name || !(strcmp(backends[i]->sasl_name, @@ -490,9 +482,6 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list( /* Find backends in our preferred order, by walking our list, * then looking in the supplied list */ for (i=0; backends && backends[i]; i++) { - if (gensec_security != NULL && - !gensec_security_ops_enabled(backends[i], gensec_security)) - continue; if (!backends[i]->oid) { continue; } @@ -560,10 +549,6 @@ static const char **gensec_security_oids_from_ops( } for (i=0; ops && ops[i]; i++) { - if (gensec_security != NULL && - !gensec_security_ops_enabled(ops[i], gensec_security)) { - continue; - } if (!ops[i]->oid) { continue; } diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 717f643957a..d63d292f168 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -242,12 +242,6 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec bool is_spnego; NTSTATUS nt_status; - if (gensec_security != NULL && - !gensec_security_ops_enabled(all_ops[i], gensec_security)) - { - continue; - } - if (!all_ops[i]->oid) { continue; } -- 2.47.3