diff options
Diffstat (limited to 'source4/auth/gensec/gensec_gssapi.c')
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 41 |
1 files changed, 20 insertions, 21 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 1d8d5f057a..c91da6d1a0 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -142,8 +142,7 @@ static int gensec_gssapi_destructor(struct gensec_gssapi_state *gensec_gssapi_st return 0; } -static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security, - struct loadparm_context *lp_ctx) +static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) { struct gensec_gssapi_state *gensec_gssapi_state; krb5_error_code ret; @@ -156,7 +155,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security, gensec_gssapi_state->gss_exchange_count = 0; gensec_gssapi_state->max_wrap_buf_size - = lp_parm_int(lp_ctx, NULL, "gensec_gssapi", "max wrap buf size", 65536); + = lp_parm_int(gensec_security->lp_ctx, NULL, "gensec_gssapi", "max wrap buf size", 65536); gensec_gssapi_state->sasl = false; gensec_gssapi_state->sasl_state = STAGE_GSS_NEG; @@ -171,16 +170,16 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security, gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS; gensec_gssapi_state->want_flags = 0; - if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "mutual", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "mutual", true)) { gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG; } - if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "delegation", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "delegation", true)) { gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG; } - if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "replay", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "replay", true)) { gensec_gssapi_state->want_flags |= GSS_C_REPLAY_FLAG; } - if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "sequence", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "sequence", true)) { gensec_gssapi_state->want_flags |= GSS_C_SEQUENCE_FLAG; } @@ -214,10 +213,10 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security, talloc_free(gensec_gssapi_state); return NT_STATUS_INTERNAL_ERROR; } - if (lp_realm(lp_ctx) && *lp_realm(lp_ctx)) { - char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(lp_ctx)); + if (lp_realm(gensec_security->lp_ctx) && *lp_realm(gensec_security->lp_ctx)) { + char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(gensec_security->lp_ctx)); if (!upper_realm) { - DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(lp_ctx))); + DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(gensec_security->lp_ctx))); talloc_free(gensec_gssapi_state); return NT_STATUS_NO_MEMORY; } @@ -231,7 +230,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security, } /* don't do DNS lookups of any kind, it might/will fail for a netbios name */ - ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false)); + ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(gensec_security->lp_ctx, NULL, "krb5", "set_dns_canonicalize", false)); if (ret) { DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n")); talloc_free(gensec_gssapi_state); @@ -240,7 +239,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security, ret = smb_krb5_init_context(gensec_gssapi_state, gensec_security->event_ctx, - lp_ctx, + gensec_security->lp_ctx, &gensec_gssapi_state->smb_krb5_context); if (ret) { DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n", @@ -259,7 +258,7 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi struct cli_credentials *machine_account; struct gssapi_creds_container *gcc; - nt_status = gensec_gssapi_start(gensec_security, global_loadparm); + nt_status = gensec_gssapi_start(gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -298,7 +297,7 @@ static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_s return nt_status; } -static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) +static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_security) { struct gensec_gssapi_state *gensec_gssapi_state; struct cli_credentials *creds = gensec_get_credentials(gensec_security); @@ -324,7 +323,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi return NT_STATUS_INVALID_PARAMETER; } - nt_status = gensec_gssapi_start(gensec_security, lp_ctx); + nt_status = gensec_gssapi_start(gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -334,7 +333,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi gensec_gssapi_state->gss_oid = gss_mech_krb5; principal = gensec_get_target_principal(gensec_security); - if (principal && lp_client_use_spnego_principal(lp_ctx)) { + if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) { name_type = GSS_C_NULL_OID; } else { principal = talloc_asprintf(gensec_gssapi_state, "%s@%s", @@ -380,11 +379,11 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi return NT_STATUS_OK; } -static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) +static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_security) { NTSTATUS nt_status; struct gensec_gssapi_state *gensec_gssapi_state; - nt_status = gensec_gssapi_client_start(gensec_security, lp_ctx); + nt_status = gensec_gssapi_client_start(gensec_security); if (NT_STATUS_IS_OK(nt_status)) { gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state); @@ -1319,10 +1318,10 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi talloc_free(mem_ctx); return nt_status; } - } else if (!lp_parm_bool(global_loadparm, NULL, "gensec", "require_pac", false)) { + } else if (!lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) { DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n", gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid))); - nt_status = sam_get_server_info_principal(mem_ctx, global_loadparm, principal_string, + nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { @@ -1361,7 +1360,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } cli_credentials_set_event_context(session_info->credentials, gensec_security->event_ctx); - cli_credentials_set_conf(session_info->credentials, global_loadparm); + cli_credentials_set_conf(session_info->credentials, gensec_security->lp_ctx); /* Just so we don't segfault trying to get at a username */ cli_credentials_set_anonymous(session_info->credentials); |