summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source4/build/smb_build/public.m417
-rw-r--r--source4/lib/events/events_standard.c6
-rw-r--r--source4/libcli/auth/gensec_krb5.c92
-rw-r--r--source4/rpc_server/dcerpc_server.h2
-rw-r--r--source4/rpc_server/samr/samr_password.c8
5 files changed, 67 insertions, 58 deletions
diff --git a/source4/build/smb_build/public.m4 b/source4/build/smb_build/public.m4
index 74f98b1c15..6ce57b0083 100644
--- a/source4/build/smb_build/public.m4
+++ b/source4/build/smb_build/public.m4
@@ -172,16 +172,25 @@ AC_DEFUN([SMB_EXT_LIB_FROM_PKGCONFIG],
elif $PKG_CONFIG --exists '$2' ; then
AC_MSG_RESULT(yes)
- SMB_EXT_LIB_ENABLE($1, YES)
+
+ $1_CFLAGS="`$PKG_CONFIG --cflags '$2'`"
+ OLD_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $$1_CFLAGS"
+ AC_MSG_CHECKING([that the C compiler can use the $1_CFLAGS])
+ AC_TRY_RUN([#include "${srcdir-.}/build/tests/trivial.c"],
+ SMB_EXT_LIB_ENABLE($1, YES)
+ AC_MSG_RESULT(yes),
+ AC_MSG_RESULT(no),
+ AC_MSG_WARN([cannot run when cross-compiling]))
+
+ CFLAGS="$OLD_CFLAGS"
+
SMB_EXT_LIB($1,
[`$PKG_CONFIG --libs-only-l '$2'`],
[`$PKG_CONFIG --cflags-only-other '$2'`],
[`$PKG_CONFIG --cflags-only-I '$2'`],
[`$PKG_CONFIG --libs-only-other '$2'` `$PKG_CONFIG --libs-only-L '$2'`])
- # FIXME: Dirty hack
- $1_CFLAGS="`$PKG_CONFIG --cflags '$2'`"
- CFLAGS="$CFLAGS $$1_CFLAGS"
else
SMB_EXT_LIB($1)
SMB_EXT_LIB_ENABLE($1, NO)
diff --git a/source4/lib/events/events_standard.c b/source4/lib/events/events_standard.c
index 96f938c78e..76c8c4768a 100644
--- a/source4/lib/events/events_standard.c
+++ b/source4/lib/events/events_standard.c
@@ -357,8 +357,8 @@ static int std_event_loop_epoll(struct event_context *ev, struct timeval *tvalp)
struct std_event_context *std_ev = talloc_get_type(ev->additional_data,
struct std_event_context);
int ret, i;
- const int maxevents = 8;
- struct epoll_event events[maxevents];
+#define MAXEVENTS 8
+ struct epoll_event events[MAXEVENTS];
uint32_t destruction_count = std_ev->destruction_count;
int timeout = -1;
@@ -367,7 +367,7 @@ static int std_event_loop_epoll(struct event_context *ev, struct timeval *tvalp)
timeout = ((tvalp->tv_usec+999) / 1000) + (tvalp->tv_sec*1000);
}
- ret = epoll_wait(std_ev->epoll_fd, events, maxevents, timeout);
+ ret = epoll_wait(std_ev->epoll_fd, events, MAXEVENTS, timeout);
if (ret == -1 && errno != EINTR) {
epoll_fallback_to_select(ev, "epoll_wait() failed");
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c
index a0c2a77f4b..71670632b9 100644
--- a/source4/libcli/auth/gensec_krb5.c
+++ b/source4/libcli/auth/gensec_krb5.c
@@ -42,11 +42,11 @@ struct gensec_krb5_state {
DATA_BLOB session_key;
DATA_BLOB pac;
enum GENSEC_KRB5_STATE state_position;
- krb5_context krb5_context;
- krb5_auth_context krb5_auth_context;
- krb5_ccache krb5_ccache;
+ krb5_context context;
+ krb5_auth_context auth_context;
+ krb5_ccache ccache;
krb5_data ticket;
- krb5_keyblock krb5_keyblock;
+ krb5_keyblock keyblock;
char *peer_principal;
};
@@ -66,8 +66,8 @@ static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data,
cksum.checksum.data = sig->signature;
- ret = krb5_crypto_init(gensec_krb5_state->krb5_context,
- &gensec_krb5_state->krb5_keyblock,
+ ret = krb5_crypto_init(gensec_krb5_state->context,
+ &gensec_krb5_state->keyblock,
0,
&crypto);
if (ret) {
@@ -76,7 +76,7 @@ static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data,
}
for (i=0; i < 40; i++) {
keyusage = i;
- ret = krb5_verify_checksum(gensec_krb5_state->krb5_context,
+ ret = krb5_verify_checksum(gensec_krb5_state->context,
crypto,
keyusage,
pac_data.data,
@@ -87,7 +87,7 @@ static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data,
break;
}
}
- krb5_crypto_destroy(gensec_krb5_state->krb5_context, crypto);
+ krb5_crypto_destroy(gensec_krb5_state->context, crypto);
if (ret) {
DEBUG(0,("NOT verifying PAC checksums yet!\n"));
@@ -232,23 +232,23 @@ static int gensec_krb5_destory(void *ptr)
struct gensec_krb5_state *gensec_krb5_state = ptr;
if (gensec_krb5_state->ticket.length) {
- kerberos_free_data_contents(gensec_krb5_state->krb5_context, &gensec_krb5_state->ticket);
+ kerberos_free_data_contents(gensec_krb5_state->context, &gensec_krb5_state->ticket);
}
- if (gensec_krb5_state->krb5_ccache) {
+ if (gensec_krb5_state->ccache) {
/* current heimdal - 0.6.3, which we need anyway, fixes segfaults here */
- krb5_cc_close(gensec_krb5_state->krb5_context, gensec_krb5_state->krb5_ccache);
+ krb5_cc_close(gensec_krb5_state->context, gensec_krb5_state->ccache);
}
- krb5_free_keyblock_contents(gensec_krb5_state->krb5_context,
- &gensec_krb5_state->krb5_keyblock);
+ krb5_free_keyblock_contents(gensec_krb5_state->context,
+ &gensec_krb5_state->keyblock);
- if (gensec_krb5_state->krb5_auth_context) {
- krb5_auth_con_free(gensec_krb5_state->krb5_context,
- gensec_krb5_state->krb5_auth_context);
+ if (gensec_krb5_state->auth_context) {
+ krb5_auth_con_free(gensec_krb5_state->context,
+ gensec_krb5_state->auth_context);
}
- if (gensec_krb5_state->krb5_context) {
- krb5_free_context(gensec_krb5_state->krb5_context);
+ if (gensec_krb5_state->context) {
+ krb5_free_context(gensec_krb5_state->context);
}
return 0;
}
@@ -266,31 +266,31 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
gensec_security->private_data = gensec_krb5_state;
initialize_krb5_error_table();
- gensec_krb5_state->krb5_context = NULL;
- gensec_krb5_state->krb5_auth_context = NULL;
- gensec_krb5_state->krb5_ccache = NULL;
+ gensec_krb5_state->context = NULL;
+ gensec_krb5_state->auth_context = NULL;
+ gensec_krb5_state->ccache = NULL;
ZERO_STRUCT(gensec_krb5_state->ticket);
- ZERO_STRUCT(gensec_krb5_state->krb5_keyblock);
+ ZERO_STRUCT(gensec_krb5_state->keyblock);
gensec_krb5_state->session_key = data_blob(NULL, 0);
gensec_krb5_state->pac = data_blob(NULL, 0);
talloc_set_destructor(gensec_krb5_state, gensec_krb5_destory);
- ret = krb5_init_context(&gensec_krb5_state->krb5_context);
+ ret = krb5_init_context(&gensec_krb5_state->context);
if (ret) {
DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n", error_message(ret)));
return NT_STATUS_INTERNAL_ERROR;
}
if (lp_realm() && *lp_realm()) {
- ret = krb5_set_default_realm(gensec_krb5_state->krb5_context, lp_realm());
+ ret = krb5_set_default_realm(gensec_krb5_state->context, lp_realm());
if (ret) {
DEBUG(1,("gensec_krb5_start: krb5_set_default_realm failed (%s)\n", error_message(ret)));
return NT_STATUS_INTERNAL_ERROR;
}
}
- ret = krb5_auth_con_init(gensec_krb5_state->krb5_context, &gensec_krb5_state->krb5_auth_context);
+ ret = krb5_auth_con_init(gensec_krb5_state->context, &gensec_krb5_state->auth_context);
if (ret) {
DEBUG(1,("gensec_krb5_start: krb5_auth_con_init failed (%s)\n", error_message(ret)));
return NT_STATUS_INTERNAL_ERROR;
@@ -333,7 +333,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
TODO: If the user set a username, we should use an in-memory CCACHE (see below)
*/
- ret = krb5_cc_default(gensec_krb5_state->krb5_context, &gensec_krb5_state->krb5_ccache);
+ ret = krb5_cc_default(gensec_krb5_state->context, &gensec_krb5_state->ccache);
if (ret) {
DEBUG(1,("krb5_cc_default failed (%s)\n",
error_message(ret)));
@@ -343,11 +343,11 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
while (1) {
if (gensec_security->target.principal) {
DEBUG(5, ("Finding ticket for target [%s]\n", gensec_security->target.principal));
- ret = ads_krb5_mk_req(gensec_krb5_state->krb5_context,
- &gensec_krb5_state->krb5_auth_context,
+ ret = ads_krb5_mk_req(gensec_krb5_state->context,
+ &gensec_krb5_state->auth_context,
AP_OPTS_USE_SUBKEY | AP_OPTS_MUTUAL_REQUIRED,
gensec_security->target.principal,
- gensec_krb5_state->krb5_ccache,
+ gensec_krb5_state->ccache,
&gensec_krb5_state->ticket);
} else {
krb5_data in_data;
@@ -359,12 +359,12 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
in_data.length = 0;
- ret = krb5_mk_req(gensec_krb5_state->krb5_context,
- &gensec_krb5_state->krb5_auth_context,
+ ret = krb5_mk_req(gensec_krb5_state->context,
+ &gensec_krb5_state->auth_context,
AP_OPTS_USE_SUBKEY | AP_OPTS_MUTUAL_REQUIRED,
gensec_get_target_service(gensec_security),
hostname,
- &in_data, gensec_krb5_state->krb5_ccache,
+ &in_data, gensec_krb5_state->ccache,
&gensec_krb5_state->ticket);
}
@@ -404,7 +404,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
gensec_get_target_principal(gensec_security),
generate_random_str(gensec_krb5_state, 16));
- ret = krb5_cc_resolve(gensec_krb5_state->krb5_context, ccache_string, &gensec_krb5_state->krb5_ccache);
+ ret = krb5_cc_resolve(gensec_krb5_state->context, ccache_string, &gensec_krb5_state->ccache);
if (ret) {
DEBUG(1,("failed to generate a new krb5 keytab (%s): %s\n",
ccache_string,
@@ -412,7 +412,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
return NT_STATUS_INTERNAL_ERROR;
}
- ret = kerberos_kinit_password_cc(gensec_krb5_state->krb5_context, gensec_krb5_state->krb5_ccache,
+ ret = kerberos_kinit_password_cc(gensec_krb5_state->context, gensec_krb5_state->ccache,
gensec_get_client_principal(gensec_security, gensec_krb5_state),
password, NULL, &kdc_time);
@@ -421,7 +421,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
time_t t = time(NULL);
int time_offset =(unsigned)kdc_time-t;
DEBUG(4,("Advancing clock by %d seconds to cope with clock skew\n", time_offset));
- krb5_set_real_time(gensec_krb5_state->krb5_context, t + time_offset + 1, 0);
+ krb5_set_real_time(gensec_krb5_state->context, t + time_offset + 1, 0);
}
if (ret) {
@@ -501,8 +501,8 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
inbuf.data = unwrapped_in.data;
inbuf.length = unwrapped_in.length;
- ret = krb5_rd_rep(gensec_krb5_state->krb5_context,
- gensec_krb5_state->krb5_auth_context,
+ ret = krb5_rd_rep(gensec_krb5_state->context,
+ gensec_krb5_state->auth_context,
&inbuf, &repl);
if (ret) {
DEBUG(1,("krb5_rd_rep (mutual authentication) failed (%s)\n",
@@ -515,7 +515,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
gensec_krb5_state->state_position = GENSEC_KRB5_DONE;
}
if (repl) {
- krb5_free_ap_rep_enc_part(gensec_krb5_state->krb5_context, repl);
+ krb5_free_ap_rep_enc_part(gensec_krb5_state->context, repl);
}
return nt_status;
}
@@ -535,22 +535,22 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
/* Parse the GSSAPI wrapping, if it's there... (win2k3 allows it to be omited) */
if (!gensec_gssapi_parse_krb5_wrap(out_mem_ctx, &in, &unwrapped_in, tok_id)) {
nt_status = ads_verify_ticket(out_mem_ctx,
- gensec_krb5_state->krb5_context,
- gensec_krb5_state->krb5_auth_context,
+ gensec_krb5_state->context,
+ gensec_krb5_state->auth_context,
lp_realm(),
gensec_get_target_service(gensec_security), &in,
&principal, &pac, &unwrapped_out,
- &gensec_krb5_state->krb5_keyblock);
+ &gensec_krb5_state->keyblock);
} else {
/* TODO: check the tok_id */
nt_status = ads_verify_ticket(out_mem_ctx,
- gensec_krb5_state->krb5_context,
- gensec_krb5_state->krb5_auth_context,
+ gensec_krb5_state->context,
+ gensec_krb5_state->auth_context,
lp_realm(),
gensec_get_target_service(gensec_security),
&unwrapped_in,
&principal, &pac, &unwrapped_out,
- &gensec_krb5_state->krb5_keyblock);
+ &gensec_krb5_state->keyblock);
}
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -584,8 +584,8 @@ static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security,
DATA_BLOB *session_key)
{
struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data;
- krb5_context context = gensec_krb5_state->krb5_context;
- krb5_auth_context auth_context = gensec_krb5_state->krb5_auth_context;
+ krb5_context context = gensec_krb5_state->context;
+ krb5_auth_context auth_context = gensec_krb5_state->auth_context;
krb5_keyblock *skey;
krb5_error_code err;
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index 317ebdd2ec..c3a779326e 100644
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -48,7 +48,7 @@ struct dcesrv_interface {
/* the ndr_pull function for the chosen interface.
*/
- NTSTATUS (*ndr_pull)(struct dcesrv_call_state *, TALLOC_CTX *, struct ndr_pull *, void **);;
+ NTSTATUS (*ndr_pull)(struct dcesrv_call_state *, TALLOC_CTX *, struct ndr_pull *, void **);
/* the dispatch function for the chosen interface.
*/
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index a1c61f03ec..468f02d831 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -488,7 +488,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx,
struct samr_Password *lmNewHash,
struct samr_Password *ntNewHash,
BOOL user_change,
- BOOL restrict,
+ BOOL restrictions,
uint32_t *reject_reason)
{
const char * const user_attrs[] = { "userAccountControl", "lmPwdHistory",
@@ -544,7 +544,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx,
if (new_pass) {
/* check the various password restrictions */
- if (restrict && minPwdLength > strlen_m(new_pass)) {
+ if (restrictions && minPwdLength > strlen_m(new_pass)) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_TOO_SHORT;
}
@@ -552,7 +552,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx,
}
/* possibly check password complexity */
- if (restrict && pwdProperties & DOMAIN_PASSWORD_COMPLEX &&
+ if (restrictions && pwdProperties & DOMAIN_PASSWORD_COMPLEX &&
!samdb_password_complexity_ok(new_pass)) {
if (reject_reason) {
*reject_reason = SAMR_REJECT_COMPLEXITY;
@@ -568,7 +568,7 @@ NTSTATUS samdb_set_password(void *ctx, TALLOC_CTX *mem_ctx,
ntNewHash = &local_ntNewHash;
}
- if (restrict && user_change) {
+ if (restrictions && user_change) {
/* are all password changes disallowed? */
if (pwdProperties & DOMAIN_REFUSE_PASSWORD_CHANGE) {
if (reject_reason) {
generated by cgit (git 2.34.1) at 2024-07-04 23:46:56 +0000