diff options
-rw-r--r-- | source4/build/smb_build/public.m4 | 17 | ||||
-rw-r--r-- | source4/lib/events/events_standard.c | 6 | ||||
-rw-r--r-- | source4/libcli/auth/gensec_krb5.c | 92 | ||||
-rw-r--r-- | source4/rpc_server/dcerpc_server.h | 2 | ||||
-rw-r--r-- | source4/rpc_server/samr/samr_password.c | 8 |
5 files changed, 67 insertions, 58 deletions
diff --git a/source4/build/smb_build/public.m4 b/source4/build/smb_build/public.m4 index 74f98b1c15..6ce57b0083 100644 --- a/source4/build/smb_build/public.m4 +++ b/source4/build/smb_build/public.m4 @@ -172,16 +172,25 @@ AC_DEFUN([SMB_EXT_LIB_FROM_PKGCONFIG], elif $PKG_CONFIG --exists '$2' ; then AC_MSG_RESULT(yes) - SMB_EXT_LIB_ENABLE($1, YES) + + $1_CFLAGS="`$PKG_CONFIG --cflags '$2'`" + OLD_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $$1_CFLAGS" + AC_MSG_CHECKING([that the C compiler can use the $1_CFLAGS]) + AC_TRY_RUN([#include "${srcdir-.}/build/tests/trivial.c"], + SMB_EXT_LIB_ENABLE($1, YES) + AC_MSG_RESULT(yes), + AC_MSG_RESULT(no), + AC_MSG_WARN([cannot run when cross-compiling])) + + CFLAGS="$OLD_CFLAGS" + SMB_EXT_LIB($1, [`$PKG_CONFIG --libs-only-l '$2'`], [`$PKG_CONFIG --cflags-only-other '$2'`], [`$PKG_CONFIG --cflags-only-I '$2'`], [`$PKG_CONFIG --libs-only-other '$2'` `$PKG_CONFIG --libs-only-L '$2'`]) - # FIXME: Dirty hack - $1_CFLAGS="`$PKG_CONFIG --cflags '$2'`" - CFLAGS="$CFLAGS $$1_CFLAGS" else SMB_EXT_LIB($1) SMB_EXT_LIB_ENABLE($1, NO) diff --git a/source4/lib/events/events_standard.c b/source4/lib/events/events_standard.c index 96f938c78e..76c8c4768a 100644 --- a/source4/lib/events/events_standard.c +++ b/source4/lib/events/events_standard.c @@ -357,8 +357,8 @@ static int std_event_loop_epoll(struct event_context *ev, struct timeval *tvalp) struct std_event_context *std_ev = talloc_get_type(ev->additional_data, struct std_event_context); int ret, i; - const int maxevents = 8; - struct epoll_event events[maxevents]; +#define MAXEVENTS 8 + struct epoll_event events[MAXEVENTS]; uint32_t destruction_count = std_ev->destruction_count; int timeout = -1; @@ -367,7 +367,7 @@ static int std_event_loop_epoll(struct event_context *ev, struct timeval *tvalp) timeout = ((tvalp->tv_usec+999) / 1000) + (tvalp->tv_sec*1000); } - ret = epoll_wait(std_ev->epoll_fd, events, maxevents, timeout); + ret = epoll_wait(std_ev->epoll_fd, events, MAXEVENTS, timeout); if (ret == -1 && errno != EINTR) { epoll_fallback_to_select(ev, "epoll_wait() failed"); diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c index a0c2a77f4b..71670632b9 100644 --- a/source4/libcli/auth/gensec_krb5.c +++ b/source4/libcli/auth/gensec_krb5.c @@ -42,11 +42,11 @@ struct gensec_krb5_state { DATA_BLOB session_key; DATA_BLOB pac; enum GENSEC_KRB5_STATE state_position; - krb5_context krb5_context; - krb5_auth_context krb5_auth_context; - krb5_ccache krb5_ccache; + krb5_context context; + krb5_auth_context auth_context; + krb5_ccache ccache; krb5_data ticket; - krb5_keyblock krb5_keyblock; + krb5_keyblock keyblock; char *peer_principal; }; @@ -66,8 +66,8 @@ static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data, cksum.checksum.data = sig->signature; - ret = krb5_crypto_init(gensec_krb5_state->krb5_context, - &gensec_krb5_state->krb5_keyblock, + ret = krb5_crypto_init(gensec_krb5_state->context, + &gensec_krb5_state->keyblock, 0, &crypto); if (ret) { @@ -76,7 +76,7 @@ static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data, } for (i=0; i < 40; i++) { keyusage = i; - ret = krb5_verify_checksum(gensec_krb5_state->krb5_context, + ret = krb5_verify_checksum(gensec_krb5_state->context, crypto, keyusage, pac_data.data, @@ -87,7 +87,7 @@ static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data, break; } } - krb5_crypto_destroy(gensec_krb5_state->krb5_context, crypto); + krb5_crypto_destroy(gensec_krb5_state->context, crypto); if (ret) { DEBUG(0,("NOT verifying PAC checksums yet!\n")); @@ -232,23 +232,23 @@ static int gensec_krb5_destory(void *ptr) struct gensec_krb5_state *gensec_krb5_state = ptr; if (gensec_krb5_state->ticket.length) { - kerberos_free_data_contents(gensec_krb5_state->krb5_context, &gensec_krb5_state->ticket); + kerberos_free_data_contents(gensec_krb5_state->context, &gensec_krb5_state->ticket); } - if (gensec_krb5_state->krb5_ccache) { + if (gensec_krb5_state->ccache) { /* current heimdal - 0.6.3, which we need anyway, fixes segfaults here */ - krb5_cc_close(gensec_krb5_state->krb5_context, gensec_krb5_state->krb5_ccache); + krb5_cc_close(gensec_krb5_state->context, gensec_krb5_state->ccache); } - krb5_free_keyblock_contents(gensec_krb5_state->krb5_context, - &gensec_krb5_state->krb5_keyblock); + krb5_free_keyblock_contents(gensec_krb5_state->context, + &gensec_krb5_state->keyblock); - if (gensec_krb5_state->krb5_auth_context) { - krb5_auth_con_free(gensec_krb5_state->krb5_context, - gensec_krb5_state->krb5_auth_context); + if (gensec_krb5_state->auth_context) { + krb5_auth_con_free(gensec_krb5_state->context, + gensec_krb5_state->auth_context); } - if (gensec_krb5_state->krb5_context) { - krb5_free_context(gensec_krb5_state->krb5_context); + if (gensec_krb5_state->context) { + krb5_free_context(gensec_krb5_state->context); } return 0; } @@ -266,31 +266,31 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) gensec_security->private_data = gensec_krb5_state; initialize_krb5_error_table(); - gensec_krb5_state->krb5_context = NULL; - gensec_krb5_state->krb5_auth_context = NULL; - gensec_krb5_state->krb5_ccache = NULL; + gensec_krb5_state->context = NULL; + gensec_krb5_state->auth_context = NULL; + gensec_krb5_state->ccache = NULL; ZERO_STRUCT(gensec_krb5_state->ticket); - ZERO_STRUCT(gensec_krb5_state->krb5_keyblock); + ZERO_STRUCT(gensec_krb5_state->keyblock); gensec_krb5_state->session_key = data_blob(NULL, 0); gensec_krb5_state->pac = data_blob(NULL, 0); talloc_set_destructor(gensec_krb5_state, gensec_krb5_destory); - ret = krb5_init_context(&gensec_krb5_state->krb5_context); + ret = krb5_init_context(&gensec_krb5_state->context); if (ret) { DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n", error_message(ret))); return NT_STATUS_INTERNAL_ERROR; } if (lp_realm() && *lp_realm()) { - ret = krb5_set_default_realm(gensec_krb5_state->krb5_context, lp_realm()); + ret = krb5_set_default_realm(gensec_krb5_state->context, lp_realm()); if (ret) { DEBUG(1,("gensec_krb5_start: krb5_set_default_realm failed (%s)\n", error_message(ret))); return NT_STATUS_INTERNAL_ERROR; } } - ret = krb5_auth_con_init(gensec_krb5_state->krb5_context, &gensec_krb5_state->krb5_auth_context); + ret = krb5_auth_con_init(gensec_krb5_state->context, &gensec_krb5_state->auth_context); if (ret) { DEBUG(1,("gensec_krb5_start: krb5_auth_con_init failed (%s)\n", error_message(ret))); return NT_STATUS_INTERNAL_ERROR; @@ -333,7 +333,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security TODO: If the user set a username, we should use an in-memory CCACHE (see below) */ - ret = krb5_cc_default(gensec_krb5_state->krb5_context, &gensec_krb5_state->krb5_ccache); + ret = krb5_cc_default(gensec_krb5_state->context, &gensec_krb5_state->ccache); if (ret) { DEBUG(1,("krb5_cc_default failed (%s)\n", error_message(ret))); @@ -343,11 +343,11 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security while (1) { if (gensec_security->target.principal) { DEBUG(5, ("Finding ticket for target [%s]\n", gensec_security->target.principal)); - ret = ads_krb5_mk_req(gensec_krb5_state->krb5_context, - &gensec_krb5_state->krb5_auth_context, + ret = ads_krb5_mk_req(gensec_krb5_state->context, + &gensec_krb5_state->auth_context, AP_OPTS_USE_SUBKEY | AP_OPTS_MUTUAL_REQUIRED, gensec_security->target.principal, - gensec_krb5_state->krb5_ccache, + gensec_krb5_state->ccache, &gensec_krb5_state->ticket); } else { krb5_data in_data; @@ -359,12 +359,12 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security in_data.length = 0; - ret = krb5_mk_req(gensec_krb5_state->krb5_context, - &gensec_krb5_state->krb5_auth_context, + ret = krb5_mk_req(gensec_krb5_state->context, + &gensec_krb5_state->auth_context, AP_OPTS_USE_SUBKEY | AP_OPTS_MUTUAL_REQUIRED, gensec_get_target_service(gensec_security), hostname, - &in_data, gensec_krb5_state->krb5_ccache, + &in_data, gensec_krb5_state->ccache, &gensec_krb5_state->ticket); } @@ -404,7 +404,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security gensec_get_target_principal(gensec_security), generate_random_str(gensec_krb5_state, 16)); - ret = krb5_cc_resolve(gensec_krb5_state->krb5_context, ccache_string, &gensec_krb5_state->krb5_ccache); + ret = krb5_cc_resolve(gensec_krb5_state->context, ccache_string, &gensec_krb5_state->ccache); if (ret) { DEBUG(1,("failed to generate a new krb5 keytab (%s): %s\n", ccache_string, @@ -412,7 +412,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security return NT_STATUS_INTERNAL_ERROR; } - ret = kerberos_kinit_password_cc(gensec_krb5_state->krb5_context, gensec_krb5_state->krb5_ccache, + ret = kerberos_kinit_password_cc(gensec_krb5_state->context, gensec_krb5_state->ccache, gensec_get_client_principal(gensec_security, gensec_krb5_state), password, NULL, &kdc_time); @@ -421,7 +421,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security time_t t = time(NULL); int time_offset =(unsigned)kdc_time-t; DEBUG(4,("Advancing clock by %d seconds to cope with clock skew\n", time_offset)); - krb5_set_real_time(gensec_krb5_state->krb5_context, t + time_offset + 1, 0); + krb5_set_real_time(gensec_krb5_state->context, t + time_offset + 1, 0); } if (ret) { @@ -501,8 +501,8 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, inbuf.data = unwrapped_in.data; inbuf.length = unwrapped_in.length; - ret = krb5_rd_rep(gensec_krb5_state->krb5_context, - gensec_krb5_state->krb5_auth_context, + ret = krb5_rd_rep(gensec_krb5_state->context, + gensec_krb5_state->auth_context, &inbuf, &repl); if (ret) { DEBUG(1,("krb5_rd_rep (mutual authentication) failed (%s)\n", @@ -515,7 +515,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, gensec_krb5_state->state_position = GENSEC_KRB5_DONE; } if (repl) { - krb5_free_ap_rep_enc_part(gensec_krb5_state->krb5_context, repl); + krb5_free_ap_rep_enc_part(gensec_krb5_state->context, repl); } return nt_status; } @@ -535,22 +535,22 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, /* Parse the GSSAPI wrapping, if it's there... (win2k3 allows it to be omited) */ if (!gensec_gssapi_parse_krb5_wrap(out_mem_ctx, &in, &unwrapped_in, tok_id)) { nt_status = ads_verify_ticket(out_mem_ctx, - gensec_krb5_state->krb5_context, - gensec_krb5_state->krb5_auth_context, + gensec_krb5_state->context, + gensec_krb5_state->auth_context, lp_realm(), gensec_get_target_service(gensec_security), &in, &principal, &pac, &unwrapped_out, - &gensec_krb5_state->krb5_keyblock); + &gensec_krb5_state->keyblock); } else { /* TODO: check the tok_id */ nt_status = ads_verify_ticket(out_mem_ctx, - gensec_krb5_state->krb5_context, - gensec_krb5_state->krb5_auth_context, + gensec_krb5_state->context, + gensec_krb5_state->auth_context, lp_realm(), gensec_get_target_service(gensec_security), &unwrapped_in, &principal, &pac, &unwrapped_out, - &gensec_krb5_state->krb5_keyblock); + &gensec_krb5_state->keyblock); } if (!NT_STATUS_IS_OK(nt_status)) { @@ -584,8 +584,8 @@ static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security, DATA_BLOB *session_key) { struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data; - krb5_context context = gensec_krb5_state->krb5_context; - krb5_auth_context auth_context = gensec_krb5_state->krb5_auth_context; + krb5_context context = gensec_krb5_state->context; + krb5_auth_context auth_context = gensec_krb5_state->auth_context; krb5_keyblock *skey; krb5_error_code err; diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index 317ebdd2ec..c3a779326e 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -48,7 +48,7 @@ struct dcesrv_interface { /* the ndr_pull function for the chosen interface. */ - NTSTATUS (*ndr_pull)(struct dcesrv_call_state *, TALLOC_CTX *, struct ndr_pull *, void **);; + NTSTATUS (*ndr_pull)(struct dcesrv_call_state *, TALLOC_CTX *, struct ndr_pull *, void **); /* the dispatch function for the chosen interface. */ diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index a1c61f03ec..468f02d831 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -488,7 +488,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, struct samr_Password *lmNewHash, struct samr_Password *ntNewHash, BOOL user_change, - BOOL restrict, + BOOL restrictions, uint32_t *reject_reason) { const char * const user_attrs[] = { "userAccountControl", "lmPwdHistory", @@ -544,7 +544,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, if (new_pass) { /* check the various password restrictions */ - if (restrict && minPwdLength > strlen_m(new_pass)) { + if (restrictions && minPwdLength > strlen_m(new_pass)) { if (reject_reason) { *reject_reason = SAMR_REJECT_TOO_SHORT; } @@ -552,7 +552,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, } /* possibly check password complexity */ - if (restrict && pwdProperties & DOMAIN_PASSWORD_COMPLEX && + if (restrictions && pwdProperties & DOMAIN_PASSWORD_COMPLEX && !samdb_password_complexity_ok(new_pass)) { if (reject_reason) { *reject_reason = SAMR_REJECT_COMPLEXITY; @@ -568,7 +568,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx, ntNewHash = &local_ntNewHash; } - if (restrict && user_change) { + if (restrictions && user_change) { /* are all password changes disallowed? */ if (pwdProperties & DOMAIN_REFUSE_PASSWORD_CHANGE) { if (reject_reason) { |