git.samba.org / metze / samba / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c81b6f7)
auth/gensec: treat struct gensec_security_ops as const if possible.
authorStefan Metzmacher <metze@samba.org>
Mon, 5 Aug 2013 09:20:21 +0000 (11:20 +0200)
committerStefan Metzmacher <metze@samba.org>
Sat, 10 Aug 2013 07:19:04 +0000 (09:19 +0200)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth/gensec/gensec.h patch | blob | history
auth/gensec/gensec_start.c patch | blob | history
auth/gensec/spnego.c patch | blob | history
source3/auth/auth_generic.c patch | blob | history
source3/libads/authdata.c patch | blob | history
source3/libsmb/auth_generic.c patch | blob | history
source3/utils/ntlm_auth.c patch | blob | history
source4/ldap_server/ldap_backend.c patch | blob | history

diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index d0bc451b4e005825cf4084dc524ba894264183ae..ac1fadfeeffaf8f6d4591fd6bc21b419e94c001c 100644 (file)
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -85,7 +85,7 @@ struct gensec_settings {
        /* this allows callers to specify a specific set of ops that
         * should be used, rather than those loaded by the plugin
         * mechanism */
-       struct gensec_security_ops **backends;
+       const struct gensec_security_ops * const *backends;
 
        /* To fill in our own name in the NTLMSSP server */
        const char *server_dns_domain;
@@ -179,7 +179,7 @@ const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_sec
 const struct gensec_security_ops *gensec_security_by_auth_type(
                                struct gensec_security *gensec_security,
                                uint32_t auth_type);
-struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security,
+const struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security,
                                                   TALLOC_CTX *mem_ctx);
 const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
                                        struct gensec_security *gensec_security,
@@ -243,11 +243,11 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
                     const DATA_BLOB *in,
                     DATA_BLOB *out);
 
-struct gensec_security_ops **gensec_security_all(void);
-bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security);
-struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
-                                                      struct gensec_security_ops **old_gensec_list,
-                                                      struct cli_credentials *creds);
+const struct gensec_security_ops * const *gensec_security_all(void);
+bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security);
+const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
+                       const struct gensec_security_ops * const *old_gensec_list,
+                       struct cli_credentials *creds);
 
 NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
                                        const char *sasl_name);
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 2874c138b2a375fe7f351f50e969021cb8e3d538..3ae64d5683fd86270c5a58d8f61854c7b9c0e57b 100644 (file)
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -33,17 +33,17 @@
 #include "lib/util/samba_modules.h"
 
 /* the list of currently registered GENSEC backends */
-static struct gensec_security_ops **generic_security_ops;
+static const struct gensec_security_ops **generic_security_ops;
 static int gensec_num_backends;
 
 /* Return all the registered mechs.  Don't modify the return pointer,
- * but you may talloc_reference it if convient */
-_PUBLIC_ struct gensec_security_ops **gensec_security_all(void)
+ * but you may talloc_referen it if convient */
+_PUBLIC_ const struct gensec_security_ops * const *gensec_security_all(void)
 {
        return generic_security_ops;
 }
 
-bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_security *security)
+bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security)
 {
        return lpcfg_parm_bool(security->settings->lp_ctx, NULL, "gensec", ops->name, ops->enabled);
 }
@@ -68,11 +68,11 @@ bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_
  * more compplex.
  */
 
-_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
-                                                      struct gensec_security_ops **old_gensec_list,
-                                                      struct cli_credentials *creds)
+_PUBLIC_ const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
+                       const struct gensec_security_ops * const *old_gensec_list,
+                       struct cli_credentials *creds)
 {
-       struct gensec_security_ops **new_gensec_list;
+       const struct gensec_security_ops **new_gensec_list;
        int i, j, num_mechs_in;
        enum credentials_use_kerberos use_kerberos = CRED_AUTO_USE_KERBEROS;
 
@@ -84,7 +84,9 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
                /* noop */
        }
 
-       new_gensec_list = talloc_array(mem_ctx, struct gensec_security_ops *, num_mechs_in + 1);
+       new_gensec_list = talloc_array(mem_ctx,
+                                      const struct gensec_security_ops *,
+                                      num_mechs_in + 1);
        if (!new_gensec_list) {
                return NULL;
        }
@@ -136,12 +138,12 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
        return new_gensec_list;
 }
 
-_PUBLIC_ struct gensec_security_ops **gensec_security_mechs(
+_PUBLIC_ const struct gensec_security_ops **gensec_security_mechs(
                                struct gensec_security *gensec_security,
                                TALLOC_CTX *mem_ctx)
 {
        struct cli_credentials *creds = NULL;
-       struct gensec_security_ops **backends = gensec_security_all();
+       const struct gensec_security_ops * const *backends = gensec_security_all();
 
        if (gensec_security != NULL) {
                creds = gensec_get_credentials(gensec_security);
@@ -159,7 +161,7 @@ static const struct gensec_security_ops *gensec_security_by_authtype(struct gens
                                                                     uint8_t auth_type)
 {
        int i;
-       struct gensec_security_ops **backends;
+       const struct gensec_security_ops **backends;
        const struct gensec_security_ops *backend;
        TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
        if (!mem_ctx) {
@@ -185,7 +187,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_oid(
                                const char *oid_string)
 {
        int i, j;
-       struct gensec_security_ops **backends;
+       const struct gensec_security_ops **backends;
        const struct gensec_security_ops *backend;
        TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
        if (!mem_ctx) {
@@ -218,7 +220,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_sasl_name(
                                const char *sasl_name)
 {
        int i;
-       struct gensec_security_ops **backends;
+       const struct gensec_security_ops **backends;
        const struct gensec_security_ops *backend;
        TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
        if (!mem_ctx) {
@@ -245,7 +247,7 @@ _PUBLIC_ const struct gensec_security_ops *gensec_security_by_auth_type(
                                uint32_t auth_type)
 {
        int i;
-       struct gensec_security_ops **backends;
+       const struct gensec_security_ops **backends;
        const struct gensec_security_ops *backend;
        TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
        if (!mem_ctx) {
@@ -270,7 +272,7 @@ static const struct gensec_security_ops *gensec_security_by_name(struct gensec_s
                                                                 const char *name)
 {
        int i;
-       struct gensec_security_ops **backends;
+       const struct gensec_security_ops **backends;
        const struct gensec_security_ops *backend;
        TALLOC_CTX *mem_ctx = talloc_new(gensec_security);
        if (!mem_ctx) {
@@ -306,7 +308,7 @@ static const struct gensec_security_ops **gensec_security_by_sasl_list(
        const char **sasl_names)
 {
        const struct gensec_security_ops **backends_out;
-       struct gensec_security_ops **backends;
+       const struct gensec_security_ops **backends;
        int i, k, sasl_idx;
        int num_backends_out = 0;
 
@@ -377,7 +379,7 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
                                        const char *skip)
 {
        struct gensec_security_ops_wrapper *backends_out;
-       struct gensec_security_ops **backends;
+       const struct gensec_security_ops **backends;
        int i, j, k, oid_idx;
        int num_backends_out = 0;
 
@@ -451,7 +453,7 @@ _PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
 static const char **gensec_security_oids_from_ops(
        struct gensec_security *gensec_security,
        TALLOC_CTX *mem_ctx,
-       struct gensec_security_ops **ops,
+       const struct gensec_security_ops * const *ops,
        const char *skip)
 {
        int i;
@@ -542,8 +544,10 @@ _PUBLIC_ const char **gensec_security_oids(struct gensec_security *gensec_securi
                                           TALLOC_CTX *mem_ctx,
                                           const char *skip)
 {
-       struct gensec_security_ops **ops
-               = gensec_security_mechs(gensec_security, mem_ctx);
+       const struct gensec_security_ops **ops;
+
+       ops = gensec_security_mechs(gensec_security, mem_ctx);
+
        return gensec_security_oids_from_ops(gensec_security, mem_ctx, ops, skip);
 }
 
@@ -876,13 +880,13 @@ _PUBLIC_ NTSTATUS gensec_register(const struct gensec_security_ops *ops)
 
        generic_security_ops = talloc_realloc(talloc_autofree_context(),
                                              generic_security_ops,
-                                             struct gensec_security_ops *,
+                                             const struct gensec_security_ops *,
                                              gensec_num_backends+2);
        if (!generic_security_ops) {
                return NT_STATUS_NO_MEMORY;
        }
 
-       generic_security_ops[gensec_num_backends] = discard_const_p(struct gensec_security_ops, ops);
+       generic_security_ops[gensec_num_backends] = ops;
        gensec_num_backends++;
        generic_security_ops[gensec_num_backends] = NULL;
 
@@ -908,7 +912,7 @@ _PUBLIC_ const struct gensec_critical_sizes *gensec_interface_version(void)
        return &critical_sizes;
 }
 
-static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_ops **gs2) {
+static int sort_gensec(const struct gensec_security_ops **gs1, const struct gensec_security_ops **gs2) {
        return (*gs2)->priority - (*gs1)->priority;
 }
 
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 0eb6da1160aa3f4b25ba0df7c17ab0a1527bb79c..d90a50cb5eb9553e6f2a8304e0e4f8ce3dc0fdc8 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -352,9 +352,11 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
                                                  const DATA_BLOB in, DATA_BLOB *out) 
 {
        int i,j;
-       struct gensec_security_ops **all_ops
-               = gensec_security_mechs(gensec_security, out_mem_ctx);
-       for (i=0; all_ops[i]; i++) {
+       const struct gensec_security_ops **all_ops;
+
+       all_ops = gensec_security_mechs(gensec_security, out_mem_ctx);
+
+       for (i=0; all_ops && all_ops[i]; i++) {
                bool is_spnego;
                NTSTATUS nt_status;
 
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index a2ba4e32573d2a1aca2a2bb02b78b3c100aa4701..e15c87edfc0d2a2c5a818fbce41cdea63c2b1df8 100644 (file)
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -203,6 +203,7 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
                        return nt_status;
                }
        } else {
+               const struct gensec_security_ops **backends = NULL;
                struct gensec_settings *gensec_settings;
                struct loadparm_context *lp_ctx;
                size_t idx = 0;
@@ -259,24 +260,24 @@ NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
                        return NT_STATUS_NO_MEMORY;
                }
 
-               gensec_settings->backends = talloc_zero_array(gensec_settings,
-                                               struct gensec_security_ops *, 4);
-               if (gensec_settings->backends == NULL) {
+               backends = talloc_zero_array(gensec_settings,
+                                            const struct gensec_security_ops *, 4);
+               if (backends == NULL) {
                        TALLOC_FREE(tmp_ctx);
                        return NT_STATUS_NO_MEMORY;
                }
+               gensec_settings->backends = backends;
 
                gensec_init();
 
                /* These need to be in priority order, krb5 before NTLMSSP */
 #if defined(HAVE_KRB5)
-               gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
+               backends[idx++] = &gensec_gse_krb5_security_ops;
 #endif
 
-               gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
+               backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
 
-               gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
-                                                       GENSEC_OID_SPNEGO);
+               backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
 
                /*
                 * This is anonymous for now, because we just use it
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 582917da010cfddca9b6cdea01bcad11a2da0ef0..801e551edbde2c475a544c1577ec0c2f05d715e9 100644 (file)
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -111,7 +111,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
        const char *cc = "MEMORY:kerberos_return_pac";
        struct auth_session_info *session_info;
        struct gensec_security *gensec_server_context;
-
+       const struct gensec_security_ops **backends;
        struct gensec_settings *gensec_settings;
        size_t idx = 0;
        struct auth4_context *auth_context;
@@ -230,16 +230,17 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
                goto out;
        }
 
-       gensec_settings->backends = talloc_zero_array(gensec_settings,
-                                                     struct gensec_security_ops *, 2);
-       if (gensec_settings->backends == NULL) {
+       backends = talloc_zero_array(gensec_settings,
+                                    const struct gensec_security_ops *, 2);
+       if (backends == NULL) {
                status = NT_STATUS_NO_MEMORY;
                goto out;
        }
+       gensec_settings->backends = backends;
 
        gensec_init();
 
-       gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
+       backends[idx++] = &gensec_gse_krb5_security_ops;
 
        status = gensec_server_start(tmp_ctx, gensec_settings,
                                        auth_context, &gensec_server_context);
diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c
index ba0a0ce977695b9bfe899e7526324bc7a10b501f..e30c1b7e0fe4bc8264d016c66c0be300a6ffa800 100644 (file)
--- a/source3/libsmb/auth_generic.c
+++ b/source3/libsmb/auth_generic.c
@@ -54,6 +54,7 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
        NTSTATUS nt_status;
        size_t idx = 0;
        struct gensec_settings *gensec_settings;
+       const struct gensec_security_ops **backends = NULL;
        struct loadparm_context *lp_ctx;
 
        ans = talloc_zero(mem_ctx, struct auth_generic_state);
@@ -76,24 +77,24 @@ NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_st
                return NT_STATUS_NO_MEMORY;
        }
 
-       gensec_settings->backends = talloc_zero_array(gensec_settings,
-                                       struct gensec_security_ops *, 4);
-       if (gensec_settings->backends == NULL) {
+       backends = talloc_zero_array(gensec_settings,
+                                    const struct gensec_security_ops *, 4);
+       if (backends == NULL) {
                TALLOC_FREE(ans);
                return NT_STATUS_NO_MEMORY;
        }
+       gensec_settings->backends = backends;
 
        gensec_init();
 
        /* These need to be in priority order, krb5 before NTLMSSP */
 #if defined(HAVE_KRB5)
-       gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
+       backends[idx++] = &gensec_gse_krb5_security_ops;
 #endif
 
-       gensec_settings->backends[idx++] = &gensec_ntlmssp3_client_ops;
+       backends[idx++] = &gensec_ntlmssp3_client_ops;
 
-       gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
-                                               GENSEC_OID_SPNEGO);
+       backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
 
        nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
 
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 9e0d7b812b05b8ea69a7bd02efbf2aeac582f7ed..751f49cdc29d7ddb9f408aa5c4234678aa276199 100644 (file)
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1035,7 +1035,7 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx,
        NTSTATUS nt_status;
 
        TALLOC_CTX *tmp_ctx;
-
+       const struct gensec_security_ops **backends;
        struct gensec_settings *gensec_settings;
        size_t idx = 0;
        struct cli_credentials *server_credentials;
@@ -1079,26 +1079,26 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx,
        gensec_settings->server_dns_name = strlower_talloc(gensec_settings,
                                                           get_mydnsfullname());
        
-       gensec_settings->backends = talloc_zero_array(gensec_settings,
-                                                     struct gensec_security_ops *, 4);
+       backends = talloc_zero_array(gensec_settings,
+                                    const struct gensec_security_ops *, 4);
        
-       if (gensec_settings->backends == NULL) {
+       if (backends == NULL) {
                TALLOC_FREE(tmp_ctx);
                return NT_STATUS_NO_MEMORY;
        }
-       
+       gensec_settings->backends = backends;
+
        gensec_init();
        
        /* These need to be in priority order, krb5 before NTLMSSP */
 #if defined(HAVE_KRB5)
-       gensec_settings->backends[idx++] = &gensec_gse_krb5_security_ops;
+       backends[idx++] = &gensec_gse_krb5_security_ops;
 #endif
-       
-       gensec_settings->backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
 
-       gensec_settings->backends[idx++] = gensec_security_by_oid(NULL,
-                                                                 GENSEC_OID_SPNEGO);
-       
+       backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
+
+       backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
+
        /*
         * This is anonymous for now, because we just use it
         * to set the kerberos state at the moment
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 42185316da0addfeef1d7d0a117c5dbf363bec82..2760cdb4707072d19559758f5a0b2f9e2cd2efa5 100644 (file)
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -192,8 +192,8 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
 
        if (conn->server_credentials) {
                char **sasl_mechs = NULL;
-               struct gensec_security_ops **backends = gensec_security_all();
-               struct gensec_security_ops **ops
+               const struct gensec_security_ops * const *backends = gensec_security_all();
+               const struct gensec_security_ops **ops
                        = gensec_use_kerberos_mechs(conn, backends, conn->server_credentials);
                unsigned int i, j = 0;
                for (i = 0; ops && ops[i]; i++) {
Work in progress branches