summaryrefslogtreecommitdiff
path: root/source4/auth/gensec/gensec_gssapi.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/gensec/gensec_gssapi.c')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c61
1 files changed, 32 insertions, 29 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 3c66a032d5..dceb10e7b6 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -34,6 +34,7 @@
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
#include "auth/gensec/gensec.h"
+#include "param/param.h"
enum gensec_gssapi_sasl_state
{
@@ -64,7 +65,7 @@ struct gensec_gssapi_state {
gss_cred_id_t delegated_cred_handle;
- BOOL sasl; /* We have two different mechs in this file: One
+ bool sasl; /* We have two different mechs in this file: One
* for SASL wrapped GSSAPI and another for normal
* GSSAPI */
enum gensec_gssapi_sasl_state sasl_state;
@@ -154,9 +155,9 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
gensec_gssapi_state->gss_exchange_count = 0;
gensec_gssapi_state->max_wrap_buf_size
- = lp_parm_int(-1, "gensec_gssapi", "max wrap buf size", 65536);
+ = lp_parm_int(global_loadparm, NULL, "gensec_gssapi", "max wrap buf size", 65536);
- gensec_gssapi_state->sasl = False;
+ gensec_gssapi_state->sasl = false;
gensec_gssapi_state->sasl_state = STAGE_GSS_NEG;
gensec_security->private_data = gensec_gssapi_state;
@@ -169,16 +170,16 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
gensec_gssapi_state->want_flags = 0;
- if (lp_parm_bool(-1, "gensec_gssapi", "mutual", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "gensec_gssapi", "mutual", true)) {
gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG;
}
- if (lp_parm_bool(-1, "gensec_gssapi", "delegation", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "gensec_gssapi", "delegation", true)) {
gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG;
}
- if (lp_parm_bool(-1, "gensec_gssapi", "replay", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "gensec_gssapi", "replay", true)) {
gensec_gssapi_state->want_flags |= GSS_C_REPLAY_FLAG;
}
- if (lp_parm_bool(-1, "gensec_gssapi", "sequence", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "gensec_gssapi", "sequence", true)) {
gensec_gssapi_state->want_flags |= GSS_C_SEQUENCE_FLAG;
}
@@ -212,10 +213,10 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
talloc_free(gensec_gssapi_state);
return NT_STATUS_INTERNAL_ERROR;
}
- if (lp_realm() && *lp_realm()) {
- char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm());
+ if (lp_realm(global_loadparm) && *lp_realm(global_loadparm)) {
+ char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(global_loadparm));
if (!upper_realm) {
- DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm()));
+ DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(global_loadparm)));
talloc_free(gensec_gssapi_state);
return NT_STATUS_NO_MEMORY;
}
@@ -229,7 +230,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
}
/* don't do DNS lookups of any kind, it might/will fail for a netbios name */
- ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(-1, "krb5", "set_dns_canonicalize", false));
+ ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(global_loadparm, NULL, "krb5", "set_dns_canonicalize", false));
if (ret) {
DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n"));
talloc_free(gensec_gssapi_state);
@@ -290,7 +291,7 @@ static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_s
if (NT_STATUS_IS_OK(nt_status)) {
gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
- gensec_gssapi_state->sasl = True;
+ gensec_gssapi_state->sasl = true;
}
return nt_status;
}
@@ -331,7 +332,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
gensec_gssapi_state->gss_oid = gss_mech_krb5;
principal = gensec_get_target_principal(gensec_security);
- if (principal && lp_client_use_spnego_principal()) {
+ if (principal && lp_client_use_spnego_principal(global_loadparm)) {
name_type = GSS_C_NULL_OID;
} else {
principal = talloc_asprintf(gensec_gssapi_state, "%s@%s",
@@ -385,7 +386,7 @@ static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_s
if (NT_STATUS_IS_OK(nt_status)) {
gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
- gensec_gssapi_state->sasl = True;
+ gensec_gssapi_state->sasl = true;
}
return nt_status;
}
@@ -631,7 +632,7 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
maj_stat = gss_wrap(&min_stat,
gensec_gssapi_state->gssapi_context,
- False,
+ false,
GSS_C_QOP_DEFAULT,
&input_token,
&conf_state,
@@ -696,7 +697,7 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
maj_stat = gss_wrap(&min_stat,
gensec_gssapi_state->gssapi_context,
- False,
+ false,
GSS_C_QOP_DEFAULT,
&input_token,
&conf_state,
@@ -1109,7 +1110,7 @@ static NTSTATUS gensec_gssapi_check_packet(struct gensec_security *gensec_securi
}
/* Try to figure out what features we actually got on the connection */
-static BOOL gensec_gssapi_have_feature(struct gensec_security *gensec_security,
+static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security,
uint32_t feature)
{
struct gensec_gssapi_state *gensec_gssapi_state
@@ -1135,7 +1136,7 @@ static BOOL gensec_gssapi_have_feature(struct gensec_security *gensec_security,
if (feature & GENSEC_FEATURE_SESSION_KEY) {
/* Only for GSSAPI/Krb5 */
if (gss_oid_equal(gensec_gssapi_state->gss_oid, gss_mech_krb5)) {
- return True;
+ return true;
}
}
if (feature & GENSEC_FEATURE_DCE_STYLE) {
@@ -1143,9 +1144,9 @@ static BOOL gensec_gssapi_have_feature(struct gensec_security *gensec_security,
}
/* We can always do async (rather than strict request/reply) packets. */
if (feature & GENSEC_FEATURE_ASYNC_REPLIES) {
- return True;
+ return true;
}
- return False;
+ return false;
}
/*
@@ -1229,7 +1230,9 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
return NT_STATUS_FOOBAR;
}
- principal_string = talloc_strndup(mem_ctx, name_token.value, name_token.length);
+ principal_string = talloc_strndup(mem_ctx,
+ (const char *)name_token.value,
+ name_token.length);
gss_release_buffer(&min_stat, &name_token);
@@ -1314,7 +1317,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
talloc_free(mem_ctx);
return nt_status;
}
- } else if (!lp_parm_bool(-1, "gensec", "require_pac", False)) {
+ } else if (!lp_parm_bool(global_loadparm, NULL, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
nt_status = sam_get_server_info_principal(mem_ctx, principal_string,
@@ -1356,7 +1359,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
}
cli_credentials_set_event_context(session_info->credentials, gensec_security->event_ctx);
- cli_credentials_set_conf(session_info->credentials);
+ cli_credentials_set_conf(session_info->credentials, global_loadparm);
/* Just so we don't segfault trying to get at a username */
cli_credentials_set_anonymous(session_info->credentials);
@@ -1411,8 +1414,8 @@ static const struct gensec_security_ops gensec_gssapi_spnego_security_ops = {
.wrap = gensec_gssapi_wrap,
.unwrap = gensec_gssapi_unwrap,
.have_feature = gensec_gssapi_have_feature,
- .enabled = False,
- .kerberos = True,
+ .enabled = false,
+ .kerberos = true,
.priority = GENSEC_GSSAPI
};
@@ -1434,8 +1437,8 @@ static const struct gensec_security_ops gensec_gssapi_krb5_security_ops = {
.wrap = gensec_gssapi_wrap,
.unwrap = gensec_gssapi_unwrap,
.have_feature = gensec_gssapi_have_feature,
- .enabled = True,
- .kerberos = True,
+ .enabled = true,
+ .kerberos = true,
.priority = GENSEC_GSSAPI
};
@@ -1453,8 +1456,8 @@ static const struct gensec_security_ops gensec_gssapi_sasl_krb5_security_ops = {
.wrap = gensec_gssapi_wrap,
.unwrap = gensec_gssapi_unwrap,
.have_feature = gensec_gssapi_have_feature,
- .enabled = True,
- .kerberos = True,
+ .enabled = true,
+ .kerberos = true,
.priority = GENSEC_GSSAPI
};
generated by cgit (git 2.34.1) at 2025-02-03 06:28:18 +0000