summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/auth.c6
-rw-r--r--source4/auth/auth_util.c5
-rw-r--r--source4/auth/gensec/gensec.c4
-rw-r--r--source4/auth/gensec/gensec_gssapi.c14
-rw-r--r--source4/auth/gensec/gensec_krb5.c2
-rw-r--r--source4/auth/gensec/schannel_sign.c1
-rw-r--r--source4/auth/kerberos/krb5_init_context.c6
-rw-r--r--source4/auth/ntlmssp/ntlmssp_client.c20
-rw-r--r--source4/auth/ntlmssp/ntlmssp_server.c12
9 files changed, 36 insertions, 34 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c
index 8cd46cd6fe..ba1e6fd0e5 100644
--- a/source4/auth/auth.c
+++ b/source4/auth/auth.c
@@ -419,13 +419,13 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
const char **auth_methods = NULL;
switch (lp_server_role()) {
case ROLE_STANDALONE:
- auth_methods = lp_parm_string_list(-1, "auth methods", "standalone", NULL);
+ auth_methods = lp_parm_string_list(NULL, "auth methods", "standalone", NULL);
break;
case ROLE_DOMAIN_MEMBER:
- auth_methods = lp_parm_string_list(-1, "auth methods", "member server", NULL);
+ auth_methods = lp_parm_string_list(NULL, "auth methods", "member server", NULL);
break;
case ROLE_DOMAIN_CONTROLLER:
- auth_methods = lp_parm_string_list(-1, "auth methods", "domain controller", NULL);
+ auth_methods = lp_parm_string_list(NULL, "auth methods", "domain controller", NULL);
break;
}
return auth_context_create_methods(mem_ctx, auth_methods, ev, msg, auth_ctx);
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index 8398bbfaf4..6597c79b84 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -623,8 +623,9 @@ static NTSTATUS _auth_system_session_info(TALLOC_CTX *parent_ctx,
_PUBLIC_ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
struct auth_session_info **_session_info)
{
- return _auth_system_session_info(parent_ctx, lp_parm_bool(-1,"system","anonymous", False),
- _session_info);
+ return _auth_system_session_info(parent_ctx,
+ lp_parm_bool(NULL, "system", "anonymous", false),
+ _session_info);
}
/*
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index a974cd5138..052eed1363 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -1105,7 +1105,7 @@ _PUBLIC_ NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_secu
_PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_security)
{
/* We allow the target hostname to be overriden for testing purposes */
- const char *target_hostname = lp_parm_string(-1, "gensec", "target_hostname");
+ const char *target_hostname = lp_parm_string(NULL, "gensec", "target_hostname");
if (target_hostname) {
return target_hostname;
}
@@ -1203,7 +1203,7 @@ const char *gensec_get_target_principal(struct gensec_security *gensec_security)
*/
NTSTATUS gensec_register(const struct gensec_security_ops *ops)
{
- if (!lp_parm_bool(-1, "gensec", ops->name, ops->enabled)) {
+ if (!lp_parm_bool(NULL, "gensec", ops->name, ops->enabled)) {
DEBUG(2,("gensec subsystem %s is disabled\n", ops->name));
return NT_STATUS_OK;
}
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index a3351f75a8..8a7e8090eb 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -155,7 +155,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
gensec_gssapi_state->gss_exchange_count = 0;
gensec_gssapi_state->max_wrap_buf_size
- = lp_parm_int(-1, "gensec_gssapi", "max wrap buf size", 65536);
+ = lp_parm_int(NULL, "gensec_gssapi", "max wrap buf size", 65536);
gensec_gssapi_state->sasl = False;
gensec_gssapi_state->sasl_state = STAGE_GSS_NEG;
@@ -170,16 +170,16 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
gensec_gssapi_state->want_flags = 0;
- if (lp_parm_bool(-1, "gensec_gssapi", "mutual", True)) {
+ if (lp_parm_bool(NULL, "gensec_gssapi", "mutual", true)) {
gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG;
}
- if (lp_parm_bool(-1, "gensec_gssapi", "delegation", True)) {
+ if (lp_parm_bool(NULL, "gensec_gssapi", "delegation", true)) {
gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG;
}
- if (lp_parm_bool(-1, "gensec_gssapi", "replay", True)) {
+ if (lp_parm_bool(NULL, "gensec_gssapi", "replay", true)) {
gensec_gssapi_state->want_flags |= GSS_C_REPLAY_FLAG;
}
- if (lp_parm_bool(-1, "gensec_gssapi", "sequence", True)) {
+ if (lp_parm_bool(NULL, "gensec_gssapi", "sequence", true)) {
gensec_gssapi_state->want_flags |= GSS_C_SEQUENCE_FLAG;
}
@@ -230,7 +230,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
}
/* don't do DNS lookups of any kind, it might/will fail for a netbios name */
- ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(-1, "krb5", "set_dns_canonicalize", false));
+ ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(NULL, "krb5", "set_dns_canonicalize", false));
if (ret) {
DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n"));
talloc_free(gensec_gssapi_state);
@@ -1317,7 +1317,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
talloc_free(mem_ctx);
return nt_status;
}
- } else if (!lp_parm_bool(-1, "gensec", "require_pac", False)) {
+ } else if (!lp_parm_bool(NULL, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
nt_status = sam_get_server_info_principal(mem_ctx, principal_string,
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 973de0c10b..c0348441ed 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -582,7 +582,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
KRB5_AUTHDATA_WIN2K_PAC,
&pac_data);
- if (ret && lp_parm_bool(-1, "gensec", "require_pac", False)) {
+ if (ret && lp_parm_bool(NULL, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access: %s \n",
principal_string,
smb_get_krb5_error_message(context,
diff --git a/source4/auth/gensec/schannel_sign.c b/source4/auth/gensec/schannel_sign.c
index 43de328c9e..1e57beba08 100644
--- a/source4/auth/gensec/schannel_sign.c
+++ b/source4/auth/gensec/schannel_sign.c
@@ -26,6 +26,7 @@
#include "auth/gensec/schannel.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "auth/gensec/schannel_proto.h"
#define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
#define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 000e715305..06a80e44e4 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -250,12 +250,12 @@ krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
status = NT_STATUS_INVALID_PARAMETER;
switch (hi->proto) {
case KRB5_KRBHST_UDP:
- if (lp_parm_bool(-1, "krb5", "udp", True)) {
+ if (lp_parm_bool(NULL, "krb5", "udp", true)) {
status = socket_create(name, SOCKET_TYPE_DGRAM, &smb_krb5->sock, 0);
}
break;
case KRB5_KRBHST_TCP:
- if (lp_parm_bool(-1, "krb5", "tcp", True)) {
+ if (lp_parm_bool(NULL, "krb5", "tcp", true)) {
status = socket_create(name, SOCKET_TYPE_STREAM, &smb_krb5->sock, 0);
}
break;
@@ -473,7 +473,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
/* Set options in kerberos */
krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context,
- lp_parm_bool(-1, "krb5", "set_dns_canonicalize", false));
+ lp_parm_bool(NULL, "krb5", "set_dns_canonicalize", false));
return 0;
}
diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c
index a98918a54b..d2f28a394c 100644
--- a/source4/auth/ntlmssp/ntlmssp_client.c
+++ b/source4/auth/ntlmssp/ntlmssp_client.c
@@ -299,13 +299,13 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
gensec_ntlmssp_state->get_domain = lp_workgroup;
- gensec_ntlmssp_state->unicode = lp_parm_bool(-1, "ntlmssp_client", "unicode", True);
+ gensec_ntlmssp_state->unicode = lp_parm_bool(NULL, "ntlmssp_client", "unicode", true);
- gensec_ntlmssp_state->use_nt_response = lp_parm_bool(-1, "ntlmssp_client", "send_nt_reponse", True);
+ gensec_ntlmssp_state->use_nt_response = lp_parm_bool(NULL, "ntlmssp_client", "send_nt_reponse", true);
gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth()
- && (lp_parm_bool(-1, "ntlmssp_client", "allow_lm_key", False)
- || lp_parm_bool(-1, "ntlmssp_client", "lm_key", False)));
+ && (lp_parm_bool(NULL, "ntlmssp_client", "allow_lm_key", false)
+ || lp_parm_bool(NULL, "ntlmssp_client", "lm_key", false)));
gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth();
@@ -315,27 +315,27 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_REQUEST_TARGET;
- if (lp_parm_bool(-1, "ntlmssp_client", "128bit", True)) {
+ if (lp_parm_bool(NULL, "ntlmssp_client", "128bit", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "56bit", False)) {
+ if (lp_parm_bool(NULL, "ntlmssp_client", "56bit", false)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "lm_key", False)) {
+ if (lp_parm_bool(NULL, "ntlmssp_client", "lm_key", false)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "keyexchange", True)) {
+ if (lp_parm_bool(NULL, "ntlmssp_client", "keyexchange", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "alwayssign", True)) {
+ if (lp_parm_bool(NULL, "ntlmssp_client", "alwayssign", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "ntlm2", True)) {
+ if (lp_parm_bool(NULL, "ntlmssp_client", "ntlm2", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
} else {
/* apparently we can't do ntlmv2 if we don't do ntlm2 */
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 8b6920c978..954c9ea2ac 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -751,7 +751,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
gensec_ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth()
- && lp_parm_bool(-1, "ntlmssp_server", "allow_lm_key", False));
+ && lp_parm_bool(NULL, "ntlmssp_server", "allow_lm_key", false));
gensec_ntlmssp_state->server_multiple_authentications = False;
@@ -762,23 +762,23 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0);
gensec_ntlmssp_state->encrypted_session_key = data_blob(NULL, 0);
- if (lp_parm_bool(-1, "ntlmssp_server", "128bit", True)) {
+ if (lp_parm_bool(NULL, "ntlmssp_server", "128bit", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
}
- if (lp_parm_bool(-1, "ntlmssp_server", "56bit", True)) {
+ if (lp_parm_bool(NULL, "ntlmssp_server", "56bit", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
}
- if (lp_parm_bool(-1, "ntlmssp_server", "keyexchange", True)) {
+ if (lp_parm_bool(NULL, "ntlmssp_server", "keyexchange", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
}
- if (lp_parm_bool(-1, "ntlmssp_server", "alwayssign", True)) {
+ if (lp_parm_bool(NULL, "ntlmssp_server", "alwayssign", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
}
- if (lp_parm_bool(-1, "ntlmssp_server", "ntlm2", True)) {
+ if (lp_parm_bool(NULL, "ntlmssp_server", "ntlm2", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
}