diff options
Diffstat (limited to 'source4/auth')
34 files changed, 508 insertions, 526 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c index 57e2c050c1..1dc55de61e 100644 --- a/source4/auth/auth.c +++ b/source4/auth/auth.c @@ -23,6 +23,7 @@ #include "auth/auth.h" #include "lib/events/events.h" #include "build.h" +#include "param/param.h" /*************************************************************************** Set a fixed challenge @@ -41,7 +42,7 @@ NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t /*************************************************************************** Set a fixed challenge ***************************************************************************/ -BOOL auth_challenge_may_be_modified(struct auth_context *auth_ctx) +bool auth_challenge_may_be_modified(struct auth_context *auth_ctx) { return auth_ctx->challenge.may_be_modified; } @@ -92,7 +93,7 @@ _PUBLIC_ NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, const uint8_ NT_STATUS_HAVE_NO_MEMORY(auth_ctx->challenge.data.data); auth_ctx->challenge.set_by = "random"; - auth_ctx->challenge.may_be_modified = True; + auth_ctx->challenge.may_be_modified = true; } DEBUG(10,("auth_get_challenge: challenge set by %s\n", @@ -103,7 +104,7 @@ _PUBLIC_ NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, const uint8_ } struct auth_check_password_sync_state { - BOOL finished; + bool finished; NTSTATUS status; struct auth_serversupplied_info *server_info; }; @@ -114,7 +115,7 @@ static void auth_check_password_sync_callback(struct auth_check_password_request struct auth_check_password_sync_state *s = talloc_get_type(private_data, struct auth_check_password_sync_state); - s->finished = True; + s->finished = true; s->status = auth_check_password_recv(req, s, &s->server_info); } @@ -375,7 +376,7 @@ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, ctx = talloc(mem_ctx, struct auth_context); NT_STATUS_HAVE_NO_MEMORY(ctx); ctx->challenge.set_by = NULL; - ctx->challenge.may_be_modified = False; + ctx->challenge.may_be_modified = false; ctx->challenge.data = data_blob(NULL, 0); ctx->methods = NULL; ctx->event_ctx = ev; @@ -416,15 +417,15 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, struct auth_context **auth_ctx) { const char **auth_methods = NULL; - switch (lp_server_role()) { + switch (lp_server_role(global_loadparm)) { case ROLE_STANDALONE: - auth_methods = lp_parm_string_list(-1, "auth methods", "standalone", NULL); + auth_methods = lp_parm_string_list(global_loadparm, NULL, "auth methods", "standalone", NULL); break; case ROLE_DOMAIN_MEMBER: - auth_methods = lp_parm_string_list(-1, "auth methods", "member server", NULL); + auth_methods = lp_parm_string_list(global_loadparm, NULL, "auth methods", "member server", NULL); break; case ROLE_DOMAIN_CONTROLLER: - auth_methods = lp_parm_string_list(-1, "auth methods", "domain controller", NULL); + auth_methods = lp_parm_string_list(global_loadparm, NULL, "auth methods", "domain controller", NULL); break; } return auth_context_create_methods(mem_ctx, auth_methods, ev, msg, auth_ctx); @@ -443,9 +444,8 @@ static int num_backends; The 'name' can be later used by other backends to find the operations structure for this backend. */ -NTSTATUS auth_register(const void *_ops) +NTSTATUS auth_register(const struct auth_operations *ops) { - const struct auth_operations *ops = _ops; struct auth_operations *new_ops; if (auth_backend_byname(ops->name) != NULL) { @@ -455,13 +455,14 @@ NTSTATUS auth_register(const void *_ops) return NT_STATUS_OBJECT_NAME_COLLISION; } - backends = realloc_p(backends, struct auth_backend, num_backends+1); - if (!backends) { - return NT_STATUS_NO_MEMORY; - } + backends = talloc_realloc(talloc_autofree_context(), backends, + struct auth_backend, num_backends+1); + NT_STATUS_HAVE_NO_MEMORY(backends); - new_ops = smb_xmemdup(ops, sizeof(*ops)); - new_ops->name = smb_xstrdup(ops->name); + new_ops = talloc_memdup(backends, ops, sizeof(*ops)); + NT_STATUS_HAVE_NO_MEMORY(new_ops); + new_ops->name = talloc_strdup(new_ops, ops->name); + NT_STATUS_HAVE_NO_MEMORY(new_ops->name); backends[num_backends].ops = new_ops; @@ -510,15 +511,15 @@ const struct auth_critical_sizes *auth_interface_version(void) NTSTATUS auth_init(void) { - static BOOL initialized = False; + static bool initialized = false; init_module_fn static_init[] = STATIC_auth_MODULES; init_module_fn *shared_init; if (initialized) return NT_STATUS_OK; - initialized = True; + initialized = true; - shared_init = load_samba_modules(NULL, "auth"); + shared_init = load_samba_modules(NULL, global_loadparm, "auth"); run_init_functions(static_init); run_init_functions(shared_init); diff --git a/source4/auth/auth_developer.c b/source4/auth/auth_developer.c index a28cf4a590..cc5e79631f 100644 --- a/source4/auth/auth_developer.c +++ b/source4/auth/auth_developer.c @@ -122,7 +122,7 @@ static NTSTATUS name_to_ntstatus_check_password(struct auth_method_context *ctx, server_info->acct_flags = ACB_NORMAL; - server_info->authenticated = False; + server_info->authenticated = false; *_server_info = server_info; diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index 840db3ede6..da1ffb5c85 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -29,6 +29,7 @@ #include "dsdb/samdb/samdb.h" #include "libcli/security/security.h" #include "libcli/ldap/ldap.h" +#include "param/param.h" extern const char *user_attrs[]; extern const char *domain_ref_attrs[]; @@ -150,7 +151,7 @@ static NTSTATUS authsam_password_ok(struct auth_context *auth_context, NTSTATUS status; if (acct_flags & ACB_PWNOTREQ) { - if (lp_null_passwords()) { + if (lp_null_passwords(global_loadparm)) { DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", user_info->mapped.account_name)); return NT_STATUS_OK; @@ -341,17 +342,19 @@ static NTSTATUS authsam_want_check(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info) { - BOOL is_local_name, is_my_domain; + bool is_local_name, is_my_domain; if (!user_info->mapped.account_name || !*user_info->mapped.account_name) { return NT_STATUS_NOT_IMPLEMENTED; } - is_local_name = is_myname(user_info->mapped.domain_name); - is_my_domain = strequal(user_info->mapped.domain_name, lp_workgroup()); + is_local_name = lp_is_myname(global_loadparm, + user_info->mapped.domain_name); + is_my_domain = lp_is_mydomain(global_loadparm, + user_info->mapped.domain_name); /* check whether or not we service this domain/workgroup name */ - switch (lp_server_role()) { + switch (lp_server_role(global_loadparm)) { case ROLE_STANDALONE: return NT_STATUS_OK; @@ -387,14 +390,14 @@ static NTSTATUS authsam_check_password(struct auth_method_context *ctx, const char *domain; /* check whether or not we service this domain/workgroup name */ - switch (lp_server_role()) { + switch (lp_server_role(global_loadparm)) { case ROLE_STANDALONE: case ROLE_DOMAIN_MEMBER: - domain = lp_netbios_name(); + domain = lp_netbios_name(global_loadparm); break; case ROLE_DOMAIN_CONTROLLER: - domain = lp_workgroup(); + domain = lp_workgroup(global_loadparm); break; default: diff --git a/source4/auth/auth_server.c b/source4/auth/auth_server.c index 5d4c33969f..abc052c9ea 100644 --- a/source4/auth/auth_server.c +++ b/source4/auth/auth_server.c @@ -31,13 +31,13 @@ static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx) struct ipv4_addr dest_ip; const char *p; char *pserver; - BOOL connected_ok = False; + bool connected_ok = false; if (!(cli = smbcli_initialise(cli))) return NULL; /* security = server just can't function with spnego */ - cli->use_spnego = False; + cli->use_spnego = false; pserver = talloc_strdup(mem_ctx, lp_passwordserver()); p = pserver; @@ -66,7 +66,7 @@ static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx) if (smbcli_connect(cli, desthost, &dest_ip)) { DEBUG(3,("connected to password server %s\n",desthost)); - connected_ok = True; + connected_ok = true; break; } } @@ -195,10 +195,10 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context struct smbcli_state *cli; static uint8_t badpass[24]; static fstring baduser; - static BOOL tested_password_server = False; - static BOOL bad_password_server = False; + static bool tested_password_server = false; + static bool bad_password_server = false; NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; - BOOL locally_made_cli = False; + bool locally_made_cli = false; /* * Check that the requested domain is not our own machine name. @@ -206,7 +206,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context * password file. */ - if(is_myname(user_info->domain.str)) { + if (lp_is_myname(global_loadparm, user_info->domain.str)) { DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n")); return NT_STATUS_LOGON_FAILURE; } @@ -216,7 +216,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context if (cli) { } else { cli = server_cryptkey(mem_ctx); - locally_made_cli = True; + locally_made_cli = true; } if (!cli || !cli->initialised) { @@ -273,7 +273,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context * We connected to the password server so we * can say we've tested it. */ - tested_password_server = True; + tested_password_server = true; if ((SVAL(cli->inbuf,smb_vwv2) & 1) == 0) { DEBUG(0,("server_validate: password server %s allows users as non-guest \ @@ -285,7 +285,7 @@ use this machine as the password server.\n")); /* * Password server has the bug. */ - bad_password_server = True; + bad_password_server = true; return NT_STATUS_LOGON_FAILURE; } smbcli_ulogoff(cli); diff --git a/source4/auth/auth_simple.c b/source4/auth/auth_simple.c index add45268d4..3e07adcb6a 100644 --- a/source4/auth/auth_simple.c +++ b/source4/auth/auth_simple.c @@ -61,7 +61,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - user_info->mapped_state = True; + user_info->mapped_state = true; user_info->client.account_name = nt4_username; user_info->mapped.account_name = nt4_username; user_info->client.domain_name = nt4_domain; diff --git a/source4/auth/auth_unix.c b/source4/auth/auth_unix.c index 61e004f592..8b4e23a2c4 100644 --- a/source4/auth/auth_unix.c +++ b/source4/auth/auth_unix.c @@ -24,6 +24,7 @@ #include "system/passwd.h" /* needed by some systems for struct passwd */ #include "lib/socket/socket.h" #include "auth/pam_errors.h" +#include "param/param.h" /* TODO: look at how to best fill in parms retrieveing a struct passwd info * except in case USER_INFO_DONT_CHECK_UNIX_ACCOUNT is set @@ -52,7 +53,7 @@ static NTSTATUS authunix_make_server_info(TALLOC_CTX *mem_ctx, server_info = talloc(mem_ctx, struct auth_serversupplied_info); NT_STATUS_HAVE_NO_MEMORY(server_info); - server_info->authenticated = True; + server_info->authenticated = true; server_info->account_name = talloc_steal(server_info, pwd->pw_name); NT_STATUS_HAVE_NO_MEMORY(server_info->account_name); @@ -318,7 +319,7 @@ static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user) DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user)); - pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK); + pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords(global_loadparm) ? 0 : PAM_DISALLOW_NULL_AUTHTOK); switch( pam_error ){ case PAM_AUTH_ERR: DEBUG(2, ("smb_pam_auth: PAM: Authentication Error for user %s\n", user)); @@ -498,7 +499,7 @@ core of password checking routine static NTSTATUS password_check(const char *username, const char *password, const char *crypted, const char *salt) { - BOOL ret; + bool ret; #ifdef WITH_AFS if (afs_auth(username, password)) @@ -598,7 +599,7 @@ static NTSTATUS check_unix_password(TALLOC_CTX *ctx, const struct auth_usersuppl char *crypted; struct passwd *pws; NTSTATUS nt_status; - int level = lp_passwordlevel(); + int level = lp_passwordlevel(global_loadparm); *ret_passwd = NULL; @@ -701,7 +702,7 @@ static NTSTATUS check_unix_password(TALLOC_CTX *ctx, const struct auth_usersuppl #endif if (crypted[0] == '\0') { - if (!lp_null_passwords()) { + if (!lp_null_passwords(global_loadparm)) { DEBUG(2, ("Disallowing %s with null password\n", username)); return NT_STATUS_LOGON_FAILURE; } diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index 693ec35f86..60ba043479 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -27,6 +27,7 @@ #include "libcli/auth/libcli_auth.h" #include "dsdb/samdb/samdb.h" #include "auth/credentials/credentials.h" +#include "param/param.h" /* this default function can be used by mostly all backends * which don't want to set a challenge @@ -72,7 +73,7 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx, d++; domain = d; } else { - domain = lp_workgroup(); + domain = lp_workgroup(global_loadparm); } *user_info_mapped = talloc(mem_ctx, struct auth_usersupplied_info); @@ -81,7 +82,7 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx, } talloc_reference(*user_info_mapped, user_info); **user_info_mapped = *user_info; - (*user_info_mapped)->mapped_state = True; + (*user_info_mapped)->mapped_state = true; (*user_info_mapped)->mapped.domain_name = talloc_strdup(*user_info_mapped, domain); (*user_info_mapped)->mapped.account_name = talloc_strdup(*user_info_mapped, account_name); talloc_free(account_name); @@ -137,8 +138,8 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx, } chall_blob = data_blob_talloc(mem_ctx, challenge, 8); - if (lp_client_ntlmv2_auth()) { - DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(), lp_workgroup()); + if (lp_client_ntlmv2_auth(global_loadparm)) { + DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(global_loadparm), lp_workgroup(global_loadparm)); DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key, ntlmv2_session_key; if (!SMBNTLMv2encrypt_hash(user_info_temp, @@ -162,7 +163,7 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx, SMBOWFencrypt(user_info_in->password.hash.nt->hash, challenge, blob.data); user_info_temp->password.response.nt = blob; - if (lp_client_lanman_auth() && user_info_in->password.hash.lanman) { + if (lp_client_lanman_auth(global_loadparm) && user_info_in->password.hash.lanman) { DATA_BLOB lm_blob = data_blob_talloc(mem_ctx, NULL, 24); SMBOWFencrypt(user_info_in->password.hash.lanman->hash, challenge, blob.data); user_info_temp->password.response.lanman = lm_blob; @@ -341,7 +342,7 @@ NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx, server_info->bad_password_count = base->bad_password_count; server_info->acct_flags = base->acct_flags; - server_info->authenticated = True; + server_info->authenticated = true; /* ensure we are never given NULL session keys */ @@ -412,7 +413,7 @@ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, struct auth_serversuppl server_info->home_drive = talloc_strdup(server_info, ""); NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive); - server_info->logon_server = talloc_strdup(server_info, lp_netbios_name()); + server_info->logon_server = talloc_strdup(server_info, lp_netbios_name(global_loadparm)); NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server); server_info->last_logon = 0; @@ -427,7 +428,7 @@ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, struct auth_serversuppl server_info->acct_flags = ACB_NORMAL; - server_info->authenticated = False; + server_info->authenticated = false; *_server_info = server_info; @@ -482,7 +483,7 @@ NTSTATUS auth_system_server_info(TALLOC_CTX *mem_ctx, struct auth_serversupplied server_info->home_drive = talloc_strdup(server_info, ""); NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive); - server_info->logon_server = talloc_strdup(server_info, lp_netbios_name()); + server_info->logon_server = talloc_strdup(server_info, lp_netbios_name(global_loadparm)); NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server); server_info->last_logon = 0; @@ -497,7 +498,7 @@ NTSTATUS auth_system_server_info(TALLOC_CTX *mem_ctx, struct auth_serversupplied server_info->acct_flags = ACB_NORMAL; - server_info->authenticated = True; + server_info->authenticated = true; *_server_info = server_info; @@ -561,7 +562,7 @@ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, return NT_STATUS_NO_MEMORY; } - cli_credentials_set_conf(session_info->credentials); + cli_credentials_set_conf(session_info->credentials, global_loadparm); cli_credentials_set_anonymous(session_info->credentials); *_session_info = session_info; @@ -581,7 +582,7 @@ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx) } static NTSTATUS _auth_system_session_info(TALLOC_CTX *parent_ctx, - BOOL anonymous_credentials, + bool anonymous_credentials, struct auth_session_info **_session_info) { NTSTATUS nt_status; @@ -607,7 +608,7 @@ static NTSTATUS _auth_system_session_info(TALLOC_CTX *parent_ctx, return NT_STATUS_NO_MEMORY; } - cli_credentials_set_conf(session_info->credentials); + cli_credentials_set_conf(session_info->credentials, global_loadparm); if (anonymous_credentials) { cli_credentials_set_anonymous(session_info->credentials); @@ -622,8 +623,9 @@ static NTSTATUS _auth_system_session_info(TALLOC_CTX *parent_ctx, _PUBLIC_ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, struct auth_session_info **_session_info) { - return _auth_system_session_info(parent_ctx, lp_parm_bool(-1,"system","anonymous", False), - _session_info); + return _auth_system_session_info(parent_ctx, + lp_parm_bool(global_loadparm, NULL, "system", "anonymous", false), + _session_info); } /* @@ -648,7 +650,7 @@ _PUBLIC_ struct auth_session_info *system_session_anon(TALLOC_CTX *mem_ctx) { NTSTATUS nt_status; struct auth_session_info *session_info = NULL; - nt_status = _auth_system_session_info(mem_ctx, False, &session_info); + nt_status = _auth_system_session_info(mem_ctx, false, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { return NULL; } diff --git a/source4/auth/auth_winbind.c b/source4/auth/auth_winbind.c index 95636d7843..2ec0dc7a56 100644 --- a/source4/auth/auth_winbind.c +++ b/source4/auth/auth_winbind.c @@ -109,7 +109,7 @@ static NTSTATUS winbind_check_password_samba3(struct auth_method_context *ctx, memcpy(request.data.auth_crap.nt_resp, user_info->password.response.nt.data, request.data.auth_crap.nt_resp_len); - result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response); + result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response); nt_status = NT_STATUS(response.data.auth.nt_status); NT_STATUS_NOT_OK_RETURN(nt_status); diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c index c32efb045f..d6c0bbc0ba 100644 --- a/source4/auth/credentials/credentials.c +++ b/source4/auth/credentials/credentials.c @@ -27,6 +27,7 @@ #include "auth/credentials/credentials_krb5.h" #include "libcli/auth/libcli_auth.h" #include "lib/events/events.h" +#include "param/param.h" /** * Create a new credentials structure @@ -40,7 +41,7 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) } cred->netlogon_creds = NULL; - cred->machine_account_pending = False; + cred->machine_account_pending = false; cred->workstation_obtained = CRED_UNINITIALISED; cred->username_obtained = CRED_UNINITIALISED; cred->password_obtained = CRED_UNINITIALISED; @@ -58,12 +59,12 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) cred->old_password = NULL; cred->smb_krb5_context = NULL; cred->salt_principal = NULL; - cred->machine_account = False; + cred->machine_account = false; cred->bind_dn = NULL; cred->tries = 3; - cred->callback_running = False; + cred->callback_running = false; cred->ev = NULL; cli_credentials_set_kerberos_state(cred, CRED_AUTO_USE_KERBEROS); @@ -81,7 +82,7 @@ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx) struct cli_credentials *anon_credentials; anon_credentials = cli_credentials_init(mem_ctx); - cli_credentials_set_conf(anon_credentials); + cli_credentials_set_conf(anon_credentials, global_loadparm); cli_credentials_set_anonymous(anon_credentials); return anon_credentials; @@ -123,9 +124,9 @@ const char *cli_credentials_get_username(struct cli_credentials *cred) if (cred->username_obtained == CRED_CALLBACK && !cred->callback_running) { - cred->callback_running = True; + cred->callback_running = true; cred->username = cred->username_cb(cred); - cred->callback_running = False; + cred->callback_running = false; cred->username_obtained = CRED_SPECIFIED; cli_credentials_invalidate_ccache(cred, cred->username_obtained); } @@ -133,36 +134,36 @@ const char *cli_credentials_get_username(struct cli_credentials *cred) return cred->username; } -BOOL cli_credentials_set_username(struct cli_credentials *cred, +bool cli_credentials_set_username(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { if (obtained >= cred->username_obtained) { cred->username = talloc_strdup(cred, val); cred->username_obtained = obtained; cli_credentials_invalidate_ccache(cred, cred->username_obtained); - return True; + return true; } - return False; + return false; } -BOOL cli_credentials_set_username_callback(struct cli_credentials *cred, +bool cli_credentials_set_username_callback(struct cli_credentials *cred, const char *(*username_cb) (struct cli_credentials *)) { if (cred->username_obtained < CRED_CALLBACK) { cred->username_cb = username_cb; cred->username_obtained = CRED_CALLBACK; - return True; + return true; } - return False; + return false; } -BOOL cli_credentials_set_bind_dn(struct cli_credentials *cred, +bool cli_credentials_set_bind_dn(struct cli_credentials *cred, const char *bind_dn) { cred->bind_dn = talloc_strdup(cred, bind_dn); - return True; + return true; } /** @@ -191,9 +192,9 @@ const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_C if (cred->principal_obtained == CRED_CALLBACK && !cred->callback_running) { - cred->callback_running = True; + cred->callback_running = true; cred->principal = cred->principal_cb(cred); - cred->callback_running = False; + cred->callback_running = false; cred->principal_obtained = CRED_SPECIFIED; cli_credentials_invalidate_ccache(cred, cred->principal_obtained); } @@ -212,7 +213,7 @@ const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_C return talloc_reference(mem_ctx, cred->principal); } -BOOL cli_credentials_set_principal(struct cli_credentials *cred, +bool cli_credentials_set_principal(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { @@ -220,53 +221,53 @@ BOOL cli_credentials_set_principal(struct cli_credentials *cred, cred->principal = talloc_strdup(cred, val); cred->principal_obtained = obtained; cli_credentials_invalidate_ccache(cred, cred->principal_obtained); - return True; + return true; } - return False; + return false; } /* Set a callback to get the principal. This could be a popup dialog, * a terminal prompt or similar. */ -BOOL cli_credentials_set_principal_callback(struct cli_credentials *cred, +bool cli_credentials_set_principal_callback(struct cli_credentials *cred, const char *(*principal_cb) (struct cli_credentials *)) { if (cred->principal_obtained < CRED_CALLBACK) { cred->principal_cb = principal_cb; cred->principal_obtained = CRED_CALLBACK; - return True; + return true; } - return False; + return false; } /* Some of our tools are 'anonymous by default'. This is a single * function to determine if authentication has been explicitly * requested */ -BOOL cli_credentials_authentication_requested(struct cli_credentials *cred) +bool cli_credentials_authentication_requested(struct cli_credentials *cred) { if (cred->bind_dn) { - return True; + return true; } if (cli_credentials_is_anonymous(cred)){ - return False; + return false; } if (cred->principal_obtained >= CRED_SPECIFIED) { - return True; + return true; } if (cred->username_obtained >= CRED_SPECIFIED) { - return True; + return true; } if (cli_credentials_get_kerberos_state(cred) == CRED_MUST_USE_KERBEROS) { - return True; + return true; } - return False; + return false; } /** @@ -282,9 +283,9 @@ const char *cli_credentials_get_password(struct cli_credentials *cred) if (cred->password_obtained == CRED_CALLBACK && !cred->callback_running) { - cred->callback_running = True; + cred->callback_running = true; cred->password = cred->password_cb(cred); - cred->callback_running = False; + cred->callback_running = false; cred->password_obtained = CRED_CALLBACK_RESULT; cli_credentials_invalidate_ccache(cred, cred->password_obtained); } @@ -295,7 +296,7 @@ const char *cli_credentials_get_password(struct cli_credentials *cred) /* Set a password on the credentials context, including an indication * of 'how' the password was obtained */ -BOOL cli_credentials_set_password(struct cli_credentials *cred, +bool cli_credentials_set_password(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { @@ -305,23 +306,23 @@ BOOL cli_credentials_set_password(struct cli_credentials *cred, cli_credentials_invalidate_ccache(cred, cred->password_obtained); cred->nt_hash = NULL; - return True; + return true; } - return False; + return false; } -BOOL cli_credentials_set_password_callback(struct cli_credentials *cred, +bool cli_credentials_set_password_callback(struct cli_credentials *cred, const char *(*password_cb) (struct cli_credentials *)) { if (cred->password_obtained < CRED_CALLBACK) { cred->password_cb = password_cb; cred->password_obtained = CRED_CALLBACK; cli_credentials_invalidate_ccache(cred, cred->password_obtained); - return True; + return true; } - return False; + return false; } /** @@ -338,12 +339,12 @@ const char *cli_credentials_get_old_password(struct cli_credentials *cred) return cred->old_password; } -BOOL cli_credentials_set_old_password(struct cli_credentials *cred, +bool cli_credentials_set_old_password(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { cred->old_password = talloc_strdup(cred, val); - return True; + return true; } /** @@ -374,7 +375,7 @@ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials * } } -BOOL cli_credentials_set_nt_hash(struct cli_credentials *cred, +bool cli_credentials_set_nt_hash(struct cli_credentials *cred, const struct samr_Password *nt_hash, enum credentials_obtained obtained) { @@ -386,10 +387,10 @@ BOOL cli_credentials_set_nt_hash(struct cli_credentials *cred, } else { cred->nt_hash = NULL; } - return True; + return true; } - return False; + return false; } /** @@ -406,9 +407,9 @@ const char *cli_credentials_get_domain(struct cli_credentials *cred) if (cred->domain_obtained == CRED_CALLBACK && !cred->callback_running) { - cred->callback_running = True; + cred->callback_running = true; cred->domain = cred->domain_cb(cred); - cred->callback_running = False; + cred->callback_running = false; cred->domain_obtained = CRED_SPECIFIED; cli_credentials_invalidate_ccache(cred, cred->domain_obtained); } @@ -417,7 +418,7 @@ const char *cli_credentials_get_domain(struct cli_credentials *cred) } -BOOL cli_credentials_set_domain(struct cli_credentials *cred, +bool cli_credentials_set_domain(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { @@ -428,22 +429,22 @@ BOOL cli_credentials_set_domain(struct cli_credentials *cred, cred->domain = strupper_talloc(cred, val); cred->domain_obtained = obtained; cli_credentials_invalidate_ccache(cred, cred->domain_obtained); - return True; + return true; } - return False; + return false; } -BOOL cli_credentials_set_domain_callback(struct cli_credentials *cred, +bool cli_credentials_set_domain_callback(struct cli_credentials *cred, const char *(*domain_cb) (struct cli_credentials *)) { if (cred->domain_obtained < CRED_CALLBACK) { cred->domain_cb = domain_cb; cred->domain_obtained = CRED_CALLBACK; - return True; + return true; } - return False; + return false; } /** @@ -460,9 +461,9 @@ const char *cli_credentials_get_realm(struct cli_credentials *cred) if (cred->realm_obtained == CRED_CALLBACK && !cred->callback_running) { - cred->callback_running = True; + cred->callback_running = true; cred->realm = cred->realm_cb(cred); - cred->callback_running = False; + cred->callback_running = false; cred->realm_obtained = CRED_SPECIFIED; cli_credentials_invalidate_ccache(cred, cred->realm_obtained); } @@ -474,7 +475,7 @@ const char *cli_credentials_get_realm(struct cli_credentials *cred) * Set the realm for this credentials context, and force it to * uppercase for the sainity of our local kerberos libraries */ -BOOL cli_credentials_set_realm(struct cli_credentials *cred, +bool cli_credentials_set_realm(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { @@ -482,22 +483,22 @@ BOOL cli_credentials_set_realm(struct cli_credentials *cred, cred->realm = strupper_talloc(cred, val); cred->realm_obtained = obtained; cli_credentials_invalidate_ccache(cred, cred->realm_obtained); - return True; + return true; } - return False; + return false; } -BOOL cli_credentials_set_realm_callback(struct cli_credentials *cred, +bool cli_credentials_set_realm_callback(struct cli_credentials *cred, const char *(*realm_cb) (struct cli_credentials *)) { if (cred->realm_obtained < CRED_CALLBACK) { cred->realm_cb = realm_cb; cred->realm_obtained = CRED_CALLBACK; - return True; + return true; } - return False; + return false; } /** @@ -511,38 +512,38 @@ const char *cli_credentials_get_workstation(struct cli_credentials *cred) { if (cred->workstation_obtained == CRED_CALLBACK && !cred->callback_running) { - cred->callback_running = True; + cred->callback_running = true; cred->workstation = cred->workstation_cb(cred); - cred->callback_running = False; + cred->callback_running = false; cred->workstation_obtained = CRED_SPECIFIED; } return cred->workstation; } -BOOL cli_credentials_set_workstation(struct cli_credentials *cred, +bool cli_credentials_set_workstation(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { if (obtained >= cred->workstation_obtained) { cred->workstation = talloc_strdup(cred, val); cred->workstation_obtained = obtained; - return True; + return true; } - return False; + return false; } -BOOL cli_credentials_set_workstation_callback(struct cli_credentials *cred, +bool cli_credentials_set_workstation_callback(struct cli_credentials *cred, const char *(*workstation_cb) (struct cli_credentials *)) { if (cred->workstation_obtained < CRED_CALLBACK) { cred->workstation_cb = workstation_cb; cred->workstation_obtained = CRED_CALLBACK; - return True; + return true; } - return False; + return false; } /** @@ -620,12 +621,13 @@ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credential * * @param cred Credentials structure to fill in */ -void cli_credentials_set_conf(struct cli_credentials *cred) +void cli_credentials_set_conf(struct cli_credentials *cred, + struct loadparm_context *lp_ctx) { cli_credentials_set_username(cred, "", CRED_UNINITIALISED); - cli_credentials_set_domain(cred, lp_workgroup(), CRED_UNINITIALISED); - cli_credentials_set_workstation(cred, lp_netbios_name(), CRED_UNINITIALISED); - cli_credentials_set_realm(cred, lp_realm(), CRED_UNINITIALISED); + cli_credentials_set_domain(cred, lp_workgroup(lp_ctx), CRED_UNINITIALISED); + cli_credentials_set_workstation(cred, lp_netbios_name(lp_ctx), CRED_UNINITIALISED); + cli_credentials_set_realm(cred, lp_realm(lp_ctx), CRED_UNINITIALISED); } /** @@ -638,7 +640,7 @@ void cli_credentials_guess(struct cli_credentials *cred) { char *p; - cli_credentials_set_conf(cred); + cli_credentials_set_conf(cred, global_loadparm); if (getenv("LOGNAME")) { cli_credentials_set_username(cred, getenv("LOGNAME"), CRED_GUESS_ENV); @@ -656,7 +658,8 @@ void cli_credentials_guess(struct cli_credentials *cred) } if (getenv("PASSWD_FD")) { - cli_credentials_parse_password_fd(cred, atoi(getenv("PASSWD_FD")), CRED_GUESS_FILE); + cli_credentials_parse_password_fd(cred, atoi(getenv("PASSWD_FD")), + CRED_GUESS_FILE); } p = getenv("PASSWD_FILE"); @@ -719,10 +722,10 @@ void cli_credentials_set_anonymous(struct cli_credentials *cred) /** * Describe a credentials context as anonymous or authenticated - * @retval True if anonymous, False if a username is specified + * @retval true if anonymous, false if a username is specified */ -BOOL cli_credentials_is_anonymous(struct cli_credentials *cred) +bool cli_credentials_is_anonymous(struct cli_credentials *cred) { const char *username; @@ -736,10 +739,10 @@ BOOL cli_credentials_is_anonymous(struct cli_credentials *cred) * here - anonymous is "", not NULL, which is 'never specified, * never guessed', ie programmer bug */ if (!username[0]) { - return True; + return true; } - return False; + return false; } /** @@ -750,10 +753,10 @@ BOOL cli_credentials_is_anonymous(struct cli_credentials *cred) * * @retval whether the credentials struct is finished */ -BOOL cli_credentials_wrong_password(struct cli_credentials *cred) +bool cli_credentials_wrong_password(struct cli_credentials *cred) { if (cred->password_obtained != CRED_CALLBACK_RESULT) { - return False; + return false; } cred->password_obtained = CRED_CALLBACK; diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index 1cecb97055..7ea37e40d1 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -22,6 +22,7 @@ #ifndef __CREDENTIALS_H__ #define __CREDENTIALS_H__ +#include "util/data_blob.h" #include "librpc/gen_ndr/misc.h" struct ccache_container; @@ -126,6 +127,7 @@ struct cli_credentials { }; struct ldb_context; +struct loadparm_context; #include "auth/credentials/credentials_proto.h" #endif /* __CREDENTIALS_H__ */ diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index 2b6bc4f9d6..1708fa5841 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -29,6 +29,7 @@ #include "db_wrap.h" #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" +#include "param/param.h" /** * Read a file descriptor, and parse it for a password (eg from a file or stdin) @@ -38,7 +39,7 @@ * @param obtained This enum describes how 'specified' this password is */ -BOOL cli_credentials_parse_password_fd(struct cli_credentials *credentials, +bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, int fd, enum credentials_obtained obtained) { char *p; @@ -60,18 +61,18 @@ BOOL cli_credentials_parse_password_fd(struct cli_credentials *credentials, break; } else { fprintf(stderr, "Error reading password from file descriptor %d: %s\n", fd, "empty password\n"); - return False; + return false; } default: fprintf(stderr, "Error reading password from file descriptor %d: %s\n", fd, strerror(errno)); - return False; + return false; } } cli_credentials_set_password(credentials, pass, obtained); - return True; + return true; } /** @@ -82,15 +83,15 @@ BOOL cli_credentials_parse_password_fd(struct cli_credentials *credentials, * @param obtained This enum describes how 'specified' this password is */ -BOOL cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained) +bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained) { int fd = open(file, O_RDONLY, 0); - BOOL ret; + bool ret; if (fd < 0) { fprintf(stderr, "Error opening password file %s: %s\n", file, strerror(errno)); - return False; + return false; } ret = cli_credentials_parse_password_fd(credentials, fd, obtained); @@ -108,7 +109,7 @@ BOOL cli_credentials_parse_password_file(struct cli_credentials *credentials, co * @param obtained This enum describes how 'specified' this password is */ -BOOL cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained) +bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained) { uint16_t len = 0; char *ptr, *val, *param; @@ -121,7 +122,7 @@ BOOL cli_credentials_parse_file(struct cli_credentials *cred, const char *file, { /* fail if we can't open the credentials file */ d_printf("ERROR: Unable to open credentials file!\n"); - return False; + return false; } for (i = 0; i < numlines; i++) { @@ -157,7 +158,7 @@ BOOL cli_credentials_parse_file(struct cli_credentials *cred, const char *file, talloc_free(lines); - return True; + return true; } @@ -202,10 +203,10 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, const char *keytab; /* ok, we are going to get it now, don't recurse back here */ - cred->machine_account_pending = False; + cred->machine_account_pending = false; /* some other parts of the system will key off this */ - cred->machine_account = True; + cred->machine_account = true; mem_ctx = talloc_named(cred, 0, "cli_credentials fetch machine password"); @@ -307,7 +308,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, } else { keytab = ldb_msg_find_attr_as_string(msgs[0], "privateKeytab", NULL); if (keytab) { - keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, keytab)); + keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, global_loadparm, keytab)); if (keytab) { cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED); } @@ -330,7 +331,7 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred) /* Bleh, nasty recursion issues: We are setting a machine * account here, so we don't want the 'pending' flag around * any more */ - cred->machine_account_pending = False; + cred->machine_account_pending = false; filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, cli_credentials_get_domain(cred)); return cli_credentials_set_secrets(cred, NULL, SECRETS_PRIMARY_DOMAIN_DN, @@ -349,7 +350,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred) /* Bleh, nasty recursion issues: We are setting a machine * account here, so we don't want the 'pending' flag around * any more */ - cred->machine_account_pending = False; + cred->machine_account_pending = false; filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH, cli_credentials_get_realm(cred), cli_credentials_get_domain(cred)); @@ -370,7 +371,7 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, /* Bleh, nasty recursion issues: We are setting a machine * account here, so we don't want the 'pending' flag around * any more */ - cred->machine_account_pending = False; + cred->machine_account_pending = false; filter = talloc_asprintf(cred, SECRETS_PRINCIPAL_SEARCH, cli_credentials_get_realm(cred), cli_credentials_get_domain(cred), @@ -390,7 +391,7 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, */ void cli_credentials_set_machine_account_pending(struct cli_credentials *cred) { - cred->machine_account_pending = True; + cred->machine_account_pending = true; } diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c index db77ed13a7..0bce35e1c5 100644 --- a/source4/auth/gensec/cyrus_sasl.c +++ b/source4/auth/gensec/cyrus_sasl.c @@ -248,6 +248,7 @@ static NTSTATUS gensec_sasl_unwrap_packets(struct gensec_security *gensec_securi return sasl_nt_status(sasl_ret); } + static NTSTATUS gensec_sasl_wrap_packets(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB *in, @@ -271,7 +272,7 @@ static NTSTATUS gensec_sasl_wrap_packets(struct gensec_security *gensec_security } /* Try to figure out what features we actually got on the connection */ -static BOOL gensec_sasl_have_feature(struct gensec_security *gensec_security, +static bool gensec_sasl_have_feature(struct gensec_security *gensec_security, uint32_t feature) { struct gensec_sasl_state *gensec_sasl_state = talloc_get_type(gensec_security->private_data, @@ -279,25 +280,25 @@ static BOOL gensec_sasl_have_feature(struct gensec_security *gensec_security, sasl_ssf_t ssf; int sasl_ret = sasl_getprop(gensec_sasl_state->conn, SASL_SSF, &ssf); if (sasl_ret != SASL_OK) { - return False; + return false; } if (feature & GENSEC_FEATURE_SIGN) { if (ssf == 0) { - return False; + return false; } if (ssf >= 1) { - return True; + return true; } } if (feature & GENSEC_FEATURE_SEAL) { if (ssf <= 1) { - return False; + return false; } if (ssf > 1) { - return True; + return true; } } - return False; + return false; } /* This could in theory work with any SASL mech */ @@ -309,7 +310,7 @@ static const struct gensec_security_ops gensec_sasl_security_ops = { .wrap_packets = gensec_sasl_wrap_packets, .unwrap_packets = gensec_sasl_unwrap_packets, .have_feature = gensec_sasl_have_feature, - .enabled = True, + .enabled = true, .priority = GENSEC_SASL }; diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 25366dc246..4821e6a19b 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -27,6 +27,7 @@ #include "librpc/rpc/dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "param/param.h" /* the list of currently registered GENSEC backends */ static struct gensec_security_ops **generic_security_ops; @@ -46,10 +47,15 @@ struct gensec_security_ops **gensec_security_all(void) struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, struct gensec_security_ops **old_gensec_list, - enum credentials_use_kerberos use_kerberos) + struct cli_credentials *creds) { struct gensec_security_ops **new_gensec_list; int i, j, num_mechs_in; + enum credentials_use_kerberos use_kerberos = CRED_AUTO_USE_KERBEROS; + + if (creds) { + use_kerberos = cli_credentials_get_kerberos_state(creds); + } if (use_kerberos == CRED_AUTO_USE_KERBEROS) { if (!talloc_reference(mem_ctx, old_gensec_list)) { @@ -79,13 +85,13 @@ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, } switch (use_kerberos) { case CRED_DONT_USE_KERBEROS: - if (old_gensec_list[i]->kerberos == False) { + if (old_gensec_list[i]->kerberos == false) { new_gensec_list[j] = old_gensec_list[i]; j++; } break; case CRED_MUST_USE_KERBEROS: - if (old_gensec_list[i]->kerberos == True) { + if (old_gensec_list[i]->kerberos == true) { new_gensec_list[j] = old_gensec_list[i]; j++; } @@ -111,7 +117,6 @@ struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gense } return backends; } else { - enum credentials_use_kerberos use_kerberos; struct cli_credentials *creds = gensec_get_credentials(gensec_security); if (!creds) { if (!talloc_reference(mem_ctx, backends)) { @@ -119,8 +124,7 @@ struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gense } return backends; } - use_kerberos = cli_credentials_get_kerberos_state(creds); - return gensec_use_kerberos_mechs(mem_ctx, backends, use_kerberos); + return gensec_use_kerberos_mechs(mem_ctx, backends, creds); } } @@ -485,7 +489,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, ZERO_STRUCT((*gensec_security)->peer_addr); ZERO_STRUCT((*gensec_security)->my_addr); - (*gensec_security)->subcontext = False; + (*gensec_security)->subcontext = false; (*gensec_security)->want_features = 0; if (ev == NULL) { @@ -521,7 +525,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, (*gensec_security)->ops = NULL; (*gensec_security)->private_data = NULL; - (*gensec_security)->subcontext = True; + (*gensec_security)->subcontext = true; (*gensec_security)->event_ctx = parent->event_ctx; (*gensec_security)->msg_ctx = parent->msg_ctx; @@ -1026,11 +1030,11 @@ _PUBLIC_ void gensec_want_feature(struct gensec_security *gensec_security, * */ -_PUBLIC_ BOOL gensec_have_feature(struct gensec_security *gensec_security, +_PUBLIC_ bool gensec_have_feature(struct gensec_security *gensec_security, uint32_t feature) { if (!gensec_security->ops->have_feature) { - return False; + return false; } /* We might 'have' features that we don't 'want', because the @@ -1104,7 +1108,7 @@ _PUBLIC_ NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_secu _PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_security) { /* We allow the target hostname to be overriden for testing purposes */ - const char *target_hostname = lp_parm_string(-1, "gensec", "target_hostname"); + const char *target_hostname = lp_parm_string(global_loadparm, NULL, "gensec", "target_hostname"); if (target_hostname) { return target_hostname; } @@ -1202,7 +1206,7 @@ const char *gensec_get_target_principal(struct gensec_security *gensec_security) */ NTSTATUS gensec_register(const struct gensec_security_ops *ops) { - if (!lp_parm_bool(-1, "gensec", ops->name, ops->enabled)) { + if (!lp_parm_bool(global_loadparm, NULL, "gensec", ops->name, ops->enabled)) { DEBUG(2,("gensec subsystem %s is disabled\n", ops->name)); return NT_STATUS_OK; } @@ -1222,7 +1226,7 @@ NTSTATUS gensec_register(const struct gensec_security_ops *ops) return NT_STATUS_NO_MEMORY; } - generic_security_ops[gensec_num_backends] = discard_const(ops); + generic_security_ops[gensec_num_backends] = discard_const_p(struct gensec_security_ops, ops); gensec_num_backends++; generic_security_ops[gensec_num_backends] = NULL; @@ -1257,15 +1261,15 @@ static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_ */ NTSTATUS gensec_init(void) { - static BOOL initialized = False; + static bool initialized = false; init_module_fn static_init[] = STATIC_gensec_MODULES; init_module_fn *shared_init; if (initialized) return NT_STATUS_OK; - initialized = True; + initialized = true; - shared_init = load_samba_modules(NULL, "gensec"); + shared_init = load_samba_modules(NULL, global_loadparm, "gensec"); run_init_functions(static_init); run_init_functions(shared_init); diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 48a2903513..bda740cc86 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -39,8 +39,6 @@ enum gensec_priority { GENSEC_OTHER = 0 }; -enum credentials_use_kerberos; - struct gensec_security; struct gensec_target { const char *principal; @@ -63,6 +61,7 @@ enum gensec_role }; struct auth_session_info; +struct cli_credentials; struct gensec_update_request { struct gensec_security *gensec_security; diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 3c66a032d5..dceb10e7b6 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -34,6 +34,7 @@ #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" #include "auth/gensec/gensec.h" +#include "param/param.h" enum gensec_gssapi_sasl_state { @@ -64,7 +65,7 @@ struct gensec_gssapi_state { gss_cred_id_t delegated_cred_handle; - BOOL sasl; /* We have two different mechs in this file: One + bool sasl; /* We have two different mechs in this file: One * for SASL wrapped GSSAPI and another for normal * GSSAPI */ enum gensec_gssapi_sasl_state sasl_state; @@ -154,9 +155,9 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) gensec_gssapi_state->gss_exchange_count = 0; gensec_gssapi_state->max_wrap_buf_size - = lp_parm_int(-1, "gensec_gssapi", "max wrap buf size", 65536); + = lp_parm_int(global_loadparm, NULL, "gensec_gssapi", "max wrap buf size", 65536); - gensec_gssapi_state->sasl = False; + gensec_gssapi_state->sasl = false; gensec_gssapi_state->sasl_state = STAGE_GSS_NEG; gensec_security->private_data = gensec_gssapi_state; @@ -169,16 +170,16 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS; gensec_gssapi_state->want_flags = 0; - if (lp_parm_bool(-1, "gensec_gssapi", "mutual", True)) { + if (lp_parm_bool(global_loadparm, NULL, "gensec_gssapi", "mutual", true)) { gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG; } - if (lp_parm_bool(-1, "gensec_gssapi", "delegation", True)) { + if (lp_parm_bool(global_loadparm, NULL, "gensec_gssapi", "delegation", true)) { gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG; } - if (lp_parm_bool(-1, "gensec_gssapi", "replay", True)) { + if (lp_parm_bool(global_loadparm, NULL, "gensec_gssapi", "replay", true)) { gensec_gssapi_state->want_flags |= GSS_C_REPLAY_FLAG; } - if (lp_parm_bool(-1, "gensec_gssapi", "sequence", True)) { + if (lp_parm_bool(global_loadparm, NULL, "gensec_gssapi", "sequence", true)) { gensec_gssapi_state->want_flags |= GSS_C_SEQUENCE_FLAG; } @@ -212,10 +213,10 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) talloc_free(gensec_gssapi_state); return NT_STATUS_INTERNAL_ERROR; } - if (lp_realm() && *lp_realm()) { - char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm()); + if (lp_realm(global_loadparm) && *lp_realm(global_loadparm)) { + char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(global_loadparm)); if (!upper_realm) { - DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm())); + DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(global_loadparm))); talloc_free(gensec_gssapi_state); return NT_STATUS_NO_MEMORY; } @@ -229,7 +230,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) } /* don't do DNS lookups of any kind, it might/will fail for a netbios name */ - ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(-1, "krb5", "set_dns_canonicalize", false)); + ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(global_loadparm, NULL, "krb5", "set_dns_canonicalize", false)); if (ret) { DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n")); talloc_free(gensec_gssapi_state); @@ -290,7 +291,7 @@ static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_s if (NT_STATUS_IS_OK(nt_status)) { gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state); - gensec_gssapi_state->sasl = True; + gensec_gssapi_state->sasl = true; } return nt_status; } @@ -331,7 +332,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi gensec_gssapi_state->gss_oid = gss_mech_krb5; principal = gensec_get_target_principal(gensec_security); - if (principal && lp_client_use_spnego_principal()) { + if (principal && lp_client_use_spnego_principal(global_loadparm)) { name_type = GSS_C_NULL_OID; } else { principal = talloc_asprintf(gensec_gssapi_state, "%s@%s", @@ -385,7 +386,7 @@ static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_s if (NT_STATUS_IS_OK(nt_status)) { gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state); - gensec_gssapi_state->sasl = True; + gensec_gssapi_state->sasl = true; } return nt_status; } @@ -631,7 +632,7 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security, maj_stat = gss_wrap(&min_stat, gensec_gssapi_state->gssapi_context, - False, + false, GSS_C_QOP_DEFAULT, &input_token, &conf_state, @@ -696,7 +697,7 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security, maj_stat = gss_wrap(&min_stat, gensec_gssapi_state->gssapi_context, - False, + false, GSS_C_QOP_DEFAULT, &input_token, &conf_state, @@ -1109,7 +1110,7 @@ static NTSTATUS gensec_gssapi_check_packet(struct gensec_security *gensec_securi } /* Try to figure out what features we actually got on the connection */ -static BOOL gensec_gssapi_have_feature(struct gensec_security *gensec_security, +static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security, uint32_t feature) { struct gensec_gssapi_state *gensec_gssapi_state @@ -1135,7 +1136,7 @@ static BOOL gensec_gssapi_have_feature(struct gensec_security *gensec_security, if (feature & GENSEC_FEATURE_SESSION_KEY) { /* Only for GSSAPI/Krb5 */ if (gss_oid_equal(gensec_gssapi_state->gss_oid, gss_mech_krb5)) { - return True; + return true; } } if (feature & GENSEC_FEATURE_DCE_STYLE) { @@ -1143,9 +1144,9 @@ static BOOL gensec_gssapi_have_feature(struct gensec_security *gensec_security, } /* We can always do async (rather than strict request/reply) packets. */ if (feature & GENSEC_FEATURE_ASYNC_REPLIES) { - return True; + return true; } - return False; + return false; } /* @@ -1229,7 +1230,9 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi return NT_STATUS_FOOBAR; } - principal_string = talloc_strndup(mem_ctx, name_token.value, name_token.length); + principal_string = talloc_strndup(mem_ctx, + (const char *)name_token.value, + name_token.length); gss_release_buffer(&min_stat, &name_token); @@ -1314,7 +1317,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi talloc_free(mem_ctx); return nt_status; } - } else if (!lp_parm_bool(-1, "gensec", "require_pac", False)) { + } else if (!lp_parm_bool(global_loadparm, NULL, "gensec", "require_pac", false)) { DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n", gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid))); nt_status = sam_get_server_info_principal(mem_ctx, principal_string, @@ -1356,7 +1359,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } cli_credentials_set_event_context(session_info->credentials, gensec_security->event_ctx); - cli_credentials_set_conf(session_info->credentials); + cli_credentials_set_conf(session_info->credentials, global_loadparm); /* Just so we don't segfault trying to get at a username */ cli_credentials_set_anonymous(session_info->credentials); @@ -1411,8 +1414,8 @@ static const struct gensec_security_ops gensec_gssapi_spnego_security_ops = { .wrap = gensec_gssapi_wrap, .unwrap = gensec_gssapi_unwrap, .have_feature = gensec_gssapi_have_feature, - .enabled = False, - .kerberos = True, + .enabled = false, + .kerberos = true, .priority = GENSEC_GSSAPI }; @@ -1434,8 +1437,8 @@ static const struct gensec_security_ops gensec_gssapi_krb5_security_ops = { .wrap = gensec_gssapi_wrap, .unwrap = gensec_gssapi_unwrap, .have_feature = gensec_gssapi_have_feature, - .enabled = True, - .kerberos = True, + .enabled = true, + .kerberos = true, .priority = GENSEC_GSSAPI }; @@ -1453,8 +1456,8 @@ static const struct gensec_security_ops gensec_gssapi_sasl_krb5_security_ops = { .wrap = gensec_gssapi_wrap, .unwrap = gensec_gssapi_unwrap, .have_feature = gensec_gssapi_have_feature, - .enabled = True, - .kerberos = True, + .enabled = true, + .kerberos = true, .priority = GENSEC_GSSAPI }; diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 87ce571fc0..ca48e85089 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -36,6 +36,7 @@ #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" #include "auth/gensec/gensec.h" +#include "param/param.h" enum GENSEC_KRB5_STATE { GENSEC_KRB5_SERVER_START, @@ -53,7 +54,7 @@ struct gensec_krb5_state { krb5_data enc_ticket; krb5_keyblock *keyblock; krb5_ticket *ticket; - BOOL gssapi; + bool gssapi; }; static int gensec_krb5_destroy(struct gensec_krb5_state *gensec_krb5_state) @@ -111,7 +112,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) gensec_krb5_state->keyblock = NULL; gensec_krb5_state->session_key = data_blob(NULL, 0); gensec_krb5_state->pac = data_blob(NULL, 0); - gensec_krb5_state->gssapi = False; + gensec_krb5_state->gssapi = false; talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy); @@ -191,7 +192,7 @@ static NTSTATUS gensec_krb5_server_start(struct gensec_security *gensec_security return nt_status; } - gensec_krb5_state = gensec_security->private_data; + gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data; gensec_krb5_state->state_position = GENSEC_KRB5_SERVER_START; return NT_STATUS_OK; @@ -203,8 +204,8 @@ static NTSTATUS gensec_fake_gssapi_krb5_server_start(struct gensec_security *gen if (NT_STATUS_IS_OK(nt_status)) { struct gensec_krb5_state *gensec_krb5_state; - gensec_krb5_state = gensec_security->private_data; - gensec_krb5_state->gssapi = True; + gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data; + gensec_krb5_state->gssapi = true; } return nt_status; } @@ -240,7 +241,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security return nt_status; } - gensec_krb5_state = gensec_security->private_data; + gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data; gensec_krb5_state->state_position = GENSEC_KRB5_CLIENT_START; principal = gensec_get_target_principal(gensec_security); @@ -260,7 +261,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security } in_data.length = 0; - if (principal && lp_client_use_spnego_principal()) { + if (principal && lp_client_use_spnego_principal(global_loadparm)) { krb5_principal target_principal; ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal, &target_principal); @@ -327,8 +328,8 @@ static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gen if (NT_STATUS_IS_OK(nt_status)) { struct gensec_krb5_state *gensec_krb5_state; - gensec_krb5_state = gensec_security->private_data; - gensec_krb5_state->gssapi = True; + gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data; + gensec_krb5_state->gssapi = true; } return nt_status; } @@ -368,7 +369,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out) { - struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data; + struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data; krb5_error_code ret = 0; NTSTATUS nt_status; @@ -416,7 +417,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, if (ret) { DEBUG(1,("krb5_rd_rep (mutual authentication) failed (%s)\n", smb_get_krb5_error_message(gensec_krb5_state->smb_krb5_context->krb5_context, ret, out_mem_ctx))); - dump_data_pw("Mutual authentication message:\n", inbuf.data, inbuf.length); + dump_data_pw("Mutual authentication message:\n", (uint8_t *)inbuf.data, inbuf.length); nt_status = NT_STATUS_ACCESS_DENIED; } else { *out = data_blob(NULL, 0); @@ -477,7 +478,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, if (ret) { return NT_STATUS_LOGON_FAILURE; } - unwrapped_out.data = outbuf.data; + unwrapped_out.data = (uint8_t *)outbuf.data; unwrapped_out.length = outbuf.length; gensec_krb5_state->state_position = GENSEC_KRB5_DONE; /* wrap that up in a nice GSS-API wrapping */ @@ -500,7 +501,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security, DATA_BLOB *session_key) { - struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data; + struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data; krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context; krb5_auth_context auth_context = gensec_krb5_state->auth_context; krb5_keyblock *skey; @@ -539,7 +540,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security struct auth_session_info **_session_info) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data; + struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data; krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context; struct auth_serversupplied_info *server_info = NULL; struct auth_session_info *session_info = NULL; @@ -581,7 +582,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security KRB5_AUTHDATA_WIN2K_PAC, &pac_data); - if (ret && lp_parm_bool(-1, "gensec", "require_pac", False)) { + if (ret && lp_parm_bool(global_loadparm, NULL, "gensec", "require_pac", false)) { DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access: %s \n", principal_string, smb_get_krb5_error_message(context, @@ -666,7 +667,7 @@ static NTSTATUS gensec_krb5_wrap(struct gensec_security *gensec_security, const DATA_BLOB *in, DATA_BLOB *out) { - struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data; + struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data; krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context; krb5_auth_context auth_context = gensec_krb5_state->auth_context; krb5_error_code ret; @@ -696,7 +697,7 @@ static NTSTATUS gensec_krb5_unwrap(struct gensec_security *gensec_security, const DATA_BLOB *in, DATA_BLOB *out) { - struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data; + struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data; krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context; krb5_auth_context auth_context = gensec_krb5_state->auth_context; krb5_error_code ret; @@ -722,19 +723,19 @@ static NTSTATUS gensec_krb5_unwrap(struct gensec_security *gensec_security, return NT_STATUS_OK; } -static BOOL gensec_krb5_have_feature(struct gensec_security *gensec_security, +static bool gensec_krb5_have_feature(struct gensec_security *gensec_security, uint32_t feature) { - struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data; + struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data; if (feature & GENSEC_FEATURE_SESSION_KEY) { - return True; + return true; } if (!gensec_krb5_state->gssapi && (feature & GENSEC_FEATURE_SEAL)) { - return True; + return true; } - return False; + return false; } static const char *gensec_krb5_oids[] = { @@ -754,8 +755,8 @@ static const struct gensec_security_ops gensec_fake_gssapi_krb5_security_ops = { .session_key = gensec_krb5_session_key, .session_info = gensec_krb5_session_info, .have_feature = gensec_krb5_have_feature, - .enabled = False, - .kerberos = True, + .enabled = false, + .kerberos = true, .priority = GENSEC_KRB5 }; @@ -769,8 +770,8 @@ static const struct gensec_security_ops gensec_krb5_security_ops = { .have_feature = gensec_krb5_have_feature, .wrap = gensec_krb5_wrap, .unwrap = gensec_krb5_unwrap, - .enabled = True, - .kerberos = True, + .enabled = true, + .kerberos = true, .priority = GENSEC_KRB5 }; diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 5dc5c287ec..4d2c9cfee3 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -44,7 +44,7 @@ static NTSTATUS schannel_session_key(struct gensec_security *gensec_security, static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out) { - struct schannel_state *state = gensec_security->private_data; + struct schannel_state *state = (struct schannel_state *)gensec_security->private_data; NTSTATUS status; struct schannel_bind bind_schannel; struct schannel_bind_ack bind_schannel_ack; @@ -207,8 +207,8 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security) return status; } - state = gensec_security->private_data; - state->initiator = False; + state = (struct schannel_state *)gensec_security->private_data; + state->initiator = false; return NT_STATUS_OK; } @@ -223,27 +223,27 @@ static NTSTATUS schannel_client_start(struct gensec_security *gensec_security) return status; } - state = gensec_security->private_data; - state->initiator = True; + state = (struct schannel_state *)gensec_security->private_data; + state->initiator = true; return NT_STATUS_OK; } -static BOOL schannel_have_feature(struct gensec_security *gensec_security, +static bool schannel_have_feature(struct gensec_security *gensec_security, uint32_t feature) { if (feature & (GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL)) { - return True; + return true; } if (feature & GENSEC_FEATURE_DCE_STYLE) { - return True; + return true; } if (feature & GENSEC_FEATURE_ASYNC_REPLIES) { - return True; + return true; } - return False; + return false; } @@ -261,7 +261,7 @@ static const struct gensec_security_ops gensec_schannel_security_ops = { .session_info = schannel_session_info, .sig_size = schannel_sig_size, .have_feature = schannel_have_feature, - .enabled = True, + .enabled = true, .priority = GENSEC_SCHANNEL }; diff --git a/source4/auth/gensec/schannel_sign.c b/source4/auth/gensec/schannel_sign.c index 43de328c9e..1e57beba08 100644 --- a/source4/auth/gensec/schannel_sign.c +++ b/source4/auth/gensec/schannel_sign.c @@ -26,6 +26,7 @@ #include "auth/gensec/schannel.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "auth/gensec/schannel_proto.h" #define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 } #define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 } diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index a911ed9288..808240c4f4 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -26,6 +26,7 @@ #include "db_wrap.h" #include "libcli/auth/libcli_auth.h" #include "auth/auth.h" +#include "param/param.h" /** connect to the schannel ldb @@ -34,20 +35,21 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) { char *path; struct ldb_context *ldb; - BOOL existed; + bool existed; const char *init_ldif = "dn: @ATTRIBUTES\n" \ "computerName: CASE_INSENSITIVE\n" \ "flatname: CASE_INSENSITIVE\n"; - path = smbd_tmp_path(mem_ctx, "schannel.ldb"); + path = smbd_tmp_path(mem_ctx, global_loadparm, "schannel.ldb"); if (!path) { return NULL; } existed = file_exist(path); - ldb = ldb_wrap_connect(mem_ctx, path, system_session(mem_ctx), + ldb = ldb_wrap_connect(mem_ctx, global_loadparm, path, + system_session(mem_ctx), NULL, LDB_FLG_NOSYNC, NULL); talloc_free(path); if (!ldb) { diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c index 9bd97109fb..4dc05e8cc4 100644 --- a/source4/auth/gensec/socket.c +++ b/source4/auth/gensec/socket.c @@ -34,13 +34,13 @@ struct gensec_socket { struct packet_context *packet; DATA_BLOB read_buffer; /* SASL packets are turned into liniarlised data here, for reading */ size_t orig_send_len; - BOOL eof; + bool eof; NTSTATUS error; - BOOL interrupted; + bool interrupted; void (*recv_handler)(void *, uint16_t); void *recv_private; int in_extra_read; - BOOL wrap; /* Should we be wrapping on this socket at all? */ + bool wrap; /* Should we be wrapping on this socket at all? */ }; static NTSTATUS gensec_socket_init_fn(struct socket_context *sock) @@ -190,7 +190,7 @@ static void gensec_socket_error_handler(void *private, NTSTATUS status) { struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket); if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) { - gensec_socket->eof = True; + gensec_socket->eof = true; } else { gensec_socket->error = status; } @@ -331,7 +331,7 @@ static NTSTATUS gensec_socket_unwrap(void *private, DATA_BLOB blob) static void send_callback(void *private) { struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket); - gensec_socket->interrupted = False; + gensec_socket->interrupted = false; } /* @@ -384,7 +384,7 @@ static NTSTATUS gensec_socket_send(struct socket_context *sock, return nt_status; } - gensec_socket->interrupted = True; + gensec_socket->interrupted = true; gensec_socket->error = NT_STATUS_OK; nt_status = packet_send_callback(gensec_socket->packet, @@ -446,17 +446,17 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL) && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { - gensec_socket->wrap = False; + gensec_socket->wrap = false; *new_socket = new_sock; return NT_STATUS_OK; } gensec_socket->gensec_security = gensec_security; - gensec_socket->wrap = True; - gensec_socket->eof = False; + gensec_socket->wrap = true; + gensec_socket->eof = false; gensec_socket->error = NT_STATUS_OK; - gensec_socket->interrupted = False; + gensec_socket->interrupted = false; gensec_socket->in_extra_read = 0; gensec_socket->read_buffer = data_blob(NULL, 0); diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index 88521b912c..5c1c15935f 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -41,7 +41,7 @@ struct spnego_state { enum spnego_message_type expected_packet; enum spnego_state_position state_position; struct gensec_security *sub_sec_security; - BOOL no_response_expected; + bool no_response_expected; const char *neg_oid; }; @@ -59,7 +59,7 @@ static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_securi spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT; spnego_state->state_position = SPNEGO_CLIENT_START; spnego_state->sub_sec_security = NULL; - spnego_state->no_response_expected = False; + spnego_state->no_response_expected = false; gensec_security->private_data = spnego_state; return NT_STATUS_OK; @@ -77,7 +77,7 @@ static NTSTATUS gensec_spnego_server_start(struct gensec_security *gensec_securi spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT; spnego_state->state_position = SPNEGO_SERVER_START; spnego_state->sub_sec_security = NULL; - spnego_state->no_response_expected = False; + spnego_state->no_response_expected = false; gensec_security->private_data = spnego_state; return NT_STATUS_OK; @@ -92,7 +92,7 @@ static NTSTATUS gensec_spnego_unseal_packet(struct gensec_security *gensec_secur const uint8_t *whole_pdu, size_t pdu_length, const DATA_BLOB *sig) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (spnego_state->state_position != SPNEGO_DONE && spnego_state->state_position != SPNEGO_FALLBACK) { @@ -112,7 +112,7 @@ static NTSTATUS gensec_spnego_check_packet(struct gensec_security *gensec_securi const uint8_t *whole_pdu, size_t pdu_length, const DATA_BLOB *sig) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (spnego_state->state_position != SPNEGO_DONE && spnego_state->state_position != SPNEGO_FALLBACK) { @@ -132,7 +132,7 @@ static NTSTATUS gensec_spnego_seal_packet(struct gensec_security *gensec_securit const uint8_t *whole_pdu, size_t pdu_length, DATA_BLOB *sig) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (spnego_state->state_position != SPNEGO_DONE && spnego_state->state_position != SPNEGO_FALLBACK) { @@ -152,7 +152,7 @@ static NTSTATUS gensec_spnego_sign_packet(struct gensec_security *gensec_securit const uint8_t *whole_pdu, size_t pdu_length, DATA_BLOB *sig) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (spnego_state->state_position != SPNEGO_DONE && spnego_state->state_position != SPNEGO_FALLBACK) { @@ -171,7 +171,7 @@ static NTSTATUS gensec_spnego_wrap(struct gensec_security *gensec_security, const DATA_BLOB *in, DATA_BLOB *out) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (spnego_state->state_position != SPNEGO_DONE && spnego_state->state_position != SPNEGO_FALLBACK) { @@ -188,7 +188,7 @@ static NTSTATUS gensec_spnego_unwrap(struct gensec_security *gensec_security, const DATA_BLOB *in, DATA_BLOB *out) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (spnego_state->state_position != SPNEGO_DONE && spnego_state->state_position != SPNEGO_FALLBACK) { @@ -206,7 +206,7 @@ static NTSTATUS gensec_spnego_wrap_packets(struct gensec_security *gensec_securi DATA_BLOB *out, size_t *len_processed) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (spnego_state->state_position != SPNEGO_DONE && spnego_state->state_position != SPNEGO_FALLBACK) { @@ -222,7 +222,7 @@ static NTSTATUS gensec_spnego_wrap_packets(struct gensec_security *gensec_securi static NTSTATUS gensec_spnego_packet_full_request(struct gensec_security *gensec_security, DATA_BLOB blob, size_t *size) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (spnego_state->state_position != SPNEGO_DONE && spnego_state->state_position != SPNEGO_FALLBACK) { @@ -240,7 +240,7 @@ static NTSTATUS gensec_spnego_unwrap_packets(struct gensec_security *gensec_secu DATA_BLOB *out, size_t *len_processed) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (spnego_state->state_position != SPNEGO_DONE && spnego_state->state_position != SPNEGO_FALLBACK) { @@ -255,7 +255,7 @@ static NTSTATUS gensec_spnego_unwrap_packets(struct gensec_security *gensec_secu static size_t gensec_spnego_sig_size(struct gensec_security *gensec_security, size_t data_size) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (spnego_state->state_position != SPNEGO_DONE && spnego_state->state_position != SPNEGO_FALLBACK) { @@ -267,7 +267,7 @@ static size_t gensec_spnego_sig_size(struct gensec_security *gensec_security, si static size_t gensec_spnego_max_input_size(struct gensec_security *gensec_security) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (spnego_state->state_position != SPNEGO_DONE && spnego_state->state_position != SPNEGO_FALLBACK) { @@ -279,7 +279,7 @@ static size_t gensec_spnego_max_input_size(struct gensec_security *gensec_securi static size_t gensec_spnego_max_wrapped_size(struct gensec_security *gensec_security) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (spnego_state->state_position != SPNEGO_DONE && spnego_state->state_position != SPNEGO_FALLBACK) { @@ -292,7 +292,7 @@ static size_t gensec_spnego_max_wrapped_size(struct gensec_security *gensec_secu static NTSTATUS gensec_spnego_session_key(struct gensec_security *gensec_security, DATA_BLOB *session_key) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (!spnego_state->sub_sec_security) { return NT_STATUS_INVALID_PARAMETER; } @@ -304,7 +304,7 @@ static NTSTATUS gensec_spnego_session_key(struct gensec_security *gensec_securit static NTSTATUS gensec_spnego_session_info(struct gensec_security *gensec_security, struct auth_session_info **session_info) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (!spnego_state->sub_sec_security) { return NT_STATUS_INVALID_PARAMETER; } @@ -329,16 +329,16 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec struct gensec_security_ops **all_ops = gensec_security_mechs(gensec_security, out_mem_ctx); for (i=0; all_ops[i]; i++) { - BOOL is_spnego; + bool is_spnego; NTSTATUS nt_status; if (!all_ops[i]->oid) { continue; } - is_spnego = False; + is_spnego = false; for (j=0; all_ops[i]->oid[j]; j++) { if (strcasecmp(GENSEC_OID_SPNEGO,all_ops[i]->oid[j]) == 0) { - is_spnego = True; + is_spnego = true; } } if (is_spnego) { @@ -622,7 +622,7 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec spnego_state->neg_oid = all_sec[i].oid; if (NT_STATUS_IS_OK(nt_status)) { - spnego_state->no_response_expected = True; + spnego_state->no_response_expected = true; } return NT_STATUS_MORE_PROCESSING_REQUIRED; @@ -685,7 +685,7 @@ static NTSTATUS gensec_spnego_server_negTokenTarg(struct gensec_security *gensec static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; DATA_BLOB null_data_blob = data_blob(NULL, 0); DATA_BLOB unwrapped_out = data_blob(NULL, 0); struct spnego_data spnego_out; @@ -820,7 +820,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA spnego_state->state_position = SPNEGO_CLIENT_TARG; if (NT_STATUS_IS_OK(nt_status)) { - spnego_state->no_response_expected = True; + spnego_state->no_response_expected = true; } spnego_free_data(&spnego); @@ -947,7 +947,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA &unwrapped_out); if (NT_STATUS_IS_OK(nt_status)) { - spnego_state->no_response_expected = True; + spnego_state->no_response_expected = true; } } @@ -999,12 +999,12 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA return NT_STATUS_INVALID_PARAMETER; } -static BOOL gensec_spnego_have_feature(struct gensec_security *gensec_security, +static bool gensec_spnego_have_feature(struct gensec_security *gensec_security, uint32_t feature) { - struct spnego_state *spnego_state = gensec_security->private_data; + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (!spnego_state->sub_sec_security) { - return False; + return false; } return gensec_have_feature(spnego_state->sub_sec_security, @@ -1039,7 +1039,7 @@ static const struct gensec_security_ops gensec_spnego_security_ops = { .session_key = gensec_spnego_session_key, .session_info = gensec_spnego_session_info, .have_feature = gensec_spnego_have_feature, - .enabled = True, + .enabled = true, .priority = GENSEC_SPNEGO }; diff --git a/source4/auth/gensec/spnego_parse.c b/source4/auth/gensec/spnego_parse.c index bb674a7aad..37f4f12278 100644 --- a/source4/auth/gensec/spnego_parse.c +++ b/source4/auth/gensec/spnego_parse.c @@ -25,7 +25,7 @@ #include "auth/gensec/gensec.h" #include "libcli/util/asn_1.h" -static BOOL read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, +static bool read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, struct spnego_negTokenInit *token) { ZERO_STRUCTP(token); @@ -37,7 +37,7 @@ static BOOL read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, int i; uint8_t context; if (!asn1_peek_uint8(asn1, &context)) { - asn1->has_error = True; + asn1->has_error = true; break; } @@ -79,7 +79,7 @@ static BOOL read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, uint8_t type_peek; asn1_start_tag(asn1, ASN1_CONTEXT(3)); if (!asn1_peek_uint8(asn1, &type_peek)) { - asn1->has_error = True; + asn1->has_error = true; break; } if (type_peek == ASN1_OCTET_STRING) { @@ -101,7 +101,7 @@ static BOOL read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, break; } default: - asn1->has_error = True; + asn1->has_error = true; break; } } @@ -112,7 +112,7 @@ static BOOL read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, return !asn1->has_error; } -static BOOL write_negTokenInit(struct asn1_data *asn1, struct spnego_negTokenInit *token) +static bool write_negTokenInit(struct asn1_data *asn1, struct spnego_negTokenInit *token) { asn1_push_tag(asn1, ASN1_CONTEXT(0)); asn1_push_tag(asn1, ASN1_SEQUENCE(0)); @@ -175,7 +175,7 @@ static BOOL write_negTokenInit(struct asn1_data *asn1, struct spnego_negTokenIni return !asn1->has_error; } -static BOOL read_negTokenTarg(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, +static bool read_negTokenTarg(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, struct spnego_negTokenTarg *token) { ZERO_STRUCTP(token); @@ -186,7 +186,7 @@ static BOOL read_negTokenTarg(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, while (!asn1->has_error && 0 < asn1_tag_remaining(asn1)) { uint8_t context; if (!asn1_peek_uint8(asn1, &context)) { - asn1->has_error = True; + asn1->has_error = true; break; } @@ -214,7 +214,7 @@ static BOOL read_negTokenTarg(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, asn1_end_tag(asn1); break; default: - asn1->has_error = True; + asn1->has_error = true; break; } } @@ -225,7 +225,7 @@ static BOOL read_negTokenTarg(struct asn1_data *asn1, TALLOC_CTX *mem_ctx, return !asn1->has_error; } -static BOOL write_negTokenTarg(struct asn1_data *asn1, struct spnego_negTokenTarg *token) +static bool write_negTokenTarg(struct asn1_data *asn1, struct spnego_negTokenTarg *token) { asn1_push_tag(asn1, ASN1_CONTEXT(1)); asn1_push_tag(asn1, ASN1_SEQUENCE(0)); @@ -282,7 +282,7 @@ ssize_t spnego_read_data(TALLOC_CTX *mem_ctx, DATA_BLOB data, struct spnego_data asn1_load(asn1, data); if (!asn1_peek_uint8(asn1, &context)) { - asn1->has_error = True; + asn1->has_error = true; } else { switch (context) { case ASN1_APPLICATION(0): @@ -299,7 +299,7 @@ ssize_t spnego_read_data(TALLOC_CTX *mem_ctx, DATA_BLOB data, struct spnego_data } break; default: - asn1->has_error = True; + asn1->has_error = true; break; } } @@ -330,7 +330,7 @@ ssize_t spnego_write_data(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, struct spnego_da write_negTokenTarg(asn1, &spnego->negTokenTarg); break; default: - asn1->has_error = True; + asn1->has_error = true; break; } @@ -343,9 +343,9 @@ ssize_t spnego_write_data(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, struct spnego_da return ret; } -BOOL spnego_free_data(struct spnego_data *spnego) +bool spnego_free_data(struct spnego_data *spnego) { - BOOL ret = True; + bool ret = true; if (!spnego) goto out; @@ -366,7 +366,7 @@ BOOL spnego_free_data(struct spnego_data *spnego) data_blob_free(&spnego->negTokenTarg.mechListMIC); break; default: - ret = False; + ret = false; break; } ZERO_STRUCTP(spnego); diff --git a/source4/auth/kerberos/config.mk b/source4/auth/kerberos/config.mk index f75fd99323..87c62fb6ed 100644 --- a/source4/auth/kerberos/config.mk +++ b/source4/auth/kerberos/config.mk @@ -10,6 +10,6 @@ OBJ_FILES = kerberos.o \ gssapi_parse.o \ krb5_init_context.o PUBLIC_DEPENDENCIES = HEIMDAL_KRB5 NDR_KRB5PAC samba-socket LIBCLI_RESOLVE -PRIVATE_DEPENDENCIES = ASN1_UTIL HEIMDAL_ROKEN_ADDRINFO auth_sam CREDENTIALS_KRB5 +PRIVATE_DEPENDENCIES = ASN1_UTIL auth_sam CREDENTIALS_KRB5 # End SUBSYSTEM KERBEROS ################################# diff --git a/source4/auth/kerberos/gssapi_parse.c b/source4/auth/kerberos/gssapi_parse.c index 27c96770a6..4b1b178238 100644 --- a/source4/auth/kerberos/gssapi_parse.c +++ b/source4/auth/kerberos/gssapi_parse.c @@ -64,14 +64,14 @@ DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *tick /* parse a krb5 GSS-API wrapper packet giving a ticket */ -BOOL gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2]) +bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2]) { - BOOL ret; + bool ret; struct asn1_data *data = asn1_init(mem_ctx); int data_remaining; if (!data) { - return False; + return false; } asn1_load(data, *blob); @@ -81,7 +81,7 @@ BOOL gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, D data_remaining = asn1_tag_remaining(data); if (data_remaining < 3) { - data->has_error = True; + data->has_error = true; } else { asn1_read(data, tok_id, 2); data_remaining -= 2; @@ -102,12 +102,12 @@ BOOL gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, D /* check a GSS-API wrapper packet givin an expected OID */ -BOOL gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid) +bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid) { - BOOL ret; + bool ret; struct asn1_data *data = asn1_init(NULL); - if (!data) return False; + if (!data) return false; asn1_load(data, *blob); asn1_start_tag(data, ASN1_APPLICATION(0)); diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 918c28cf33..70e2961d55 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -343,7 +343,7 @@ static int create_keytab(TALLOC_CTX *parent_ctx, struct smb_krb5_context *smb_krb5_context, const char **enctype_strings, krb5_keytab keytab, - BOOL add_old) + bool add_old) { krb5_error_code ret; const char *password_s; @@ -484,7 +484,7 @@ static int create_keytab(TALLOC_CTX *parent_ctx, static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, - krb5_keytab keytab, BOOL *found_previous) + krb5_keytab keytab, bool *found_previous) { krb5_error_code ret, ret2; krb5_kt_cursor cursor; @@ -496,7 +496,7 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx, return ENOMEM; } - *found_previous = False; + *found_previous = false; princ_string = cli_credentials_get_principal(machine_account, mem_ctx); /* Get the principal we will store the new keytab entries under */ @@ -575,7 +575,7 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx, } } else { - *found_previous = True; + *found_previous = true; } /* Free the entry, we don't need it any more */ @@ -609,7 +609,7 @@ int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, struct keytab_container *keytab_container) { krb5_error_code ret; - BOOL found_previous; + bool found_previous; TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); if (!mem_ctx) { return ENOMEM; @@ -629,7 +629,7 @@ int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, ret = create_keytab(mem_ctx, machine_account, smb_krb5_context, enctype_strings, keytab_container->keytab, - found_previous ? False : True); + found_previous ? false : true); talloc_free(mem_ctx); return ret; } diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index c11d93f44a..68e60dcdc5 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -29,6 +29,7 @@ #include "system/network.h" #include "lib/events/events.h" #include "roken.h" +#include "param/param.h" /* context structure for operations on cldap packets @@ -249,12 +250,12 @@ krb5_error_code smb_krb5_send_and_recv_func(krb5_context context, status = NT_STATUS_INVALID_PARAMETER; switch (hi->proto) { case KRB5_KRBHST_UDP: - if (lp_parm_bool(-1, "krb5", "udp", True)) { + if (lp_parm_bool(global_loadparm, NULL, "krb5", "udp", true)) { status = socket_create(name, SOCKET_TYPE_DGRAM, &smb_krb5->sock, 0); } break; case KRB5_KRBHST_TCP: - if (lp_parm_bool(-1, "krb5", "tcp", True)) { + if (lp_parm_bool(global_loadparm, NULL, "krb5", "tcp", true)) { status = socket_create(name, SOCKET_TYPE_STREAM, &smb_krb5->sock, 0); } break; @@ -392,7 +393,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy_1); - config_file = config_path(tmp_ctx, "krb5.conf"); + config_file = config_path(tmp_ctx, global_loadparm, "krb5.conf"); if (!config_file) { talloc_free(tmp_ctx); return ENOMEM; @@ -417,10 +418,10 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, return ret; } - if (lp_realm() && *lp_realm()) { - char *upper_realm = strupper_talloc(tmp_ctx, lp_realm()); + if (lp_realm(global_loadparm) && *lp_realm(global_loadparm)) { + char *upper_realm = strupper_talloc(tmp_ctx, lp_realm(global_loadparm)); if (!upper_realm) { - DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm())); + DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(global_loadparm))); talloc_free(tmp_ctx); return ENOMEM; } @@ -472,7 +473,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, /* Set options in kerberos */ krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context, - lp_parm_bool(-1, "krb5", "set_dns_canonicalize", false)); + lp_parm_bool(global_loadparm, NULL, "krb5", "set_dns_canonicalize", false)); return 0; } diff --git a/source4/auth/ntlm_check.c b/source4/auth/ntlm_check.c index 5c5ad1f3ca..5214c46e0e 100644 --- a/source4/auth/ntlm_check.c +++ b/source4/auth/ntlm_check.c @@ -23,12 +23,13 @@ #include "lib/crypto/crypto.h" #include "librpc/gen_ndr/netlogon.h" #include "libcli/auth/libcli_auth.h" +#include "param/param.h" /**************************************************************************** Core of smb password checking routine. ****************************************************************************/ -static BOOL smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx, +static bool smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx, const DATA_BLOB *nt_response, const uint8_t *part_passwd, const DATA_BLOB *sec_blob, @@ -40,19 +41,19 @@ static BOOL smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx, if (part_passwd == NULL) { DEBUG(10,("No password set - DISALLOWING access\n")); /* No password set - always false ! */ - return False; + return false; } if (sec_blob->length != 8) { DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect challenge size (%lu)\n", (unsigned long)sec_blob->length)); - return False; + return false; } if (nt_response->length != 24) { DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect password length (%lu)\n", (unsigned long)nt_response->length)); - return False; + return false; } SMBOWFencrypt(part_passwd, sec_blob->data, p24); @@ -72,9 +73,9 @@ static BOOL smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx, *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); SMBsesskeygen_ntv1(part_passwd, user_sess_key->data); } - return True; + return true; } - return False; + return false; } /**************************************************************************** @@ -82,12 +83,12 @@ static BOOL smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx, Note: The same code works with both NTLMv2 and LMv2. ****************************************************************************/ -static BOOL smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, +static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, const DATA_BLOB *ntv2_response, const uint8_t *part_passwd, const DATA_BLOB *sec_blob, const char *user, const char *domain, - BOOL upper_case_domain, /* should the domain be transformed into upper case? */ + bool upper_case_domain, /* should the domain be transformed into upper case? */ DATA_BLOB *user_sess_key) { /* Finish the encryption of part_passwd. */ @@ -97,14 +98,14 @@ static BOOL smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, if (part_passwd == NULL) { DEBUG(10,("No password set - DISALLOWING access\n")); - /* No password set - always False */ - return False; + /* No password set - always false */ + return false; } if (sec_blob->length != 8) { DEBUG(0, ("smb_pwd_check_ntlmv2: incorrect challenge size (%lu)\n", (unsigned long)sec_blob->length)); - return False; + return false; } if (ntv2_response->length < 24) { @@ -113,7 +114,7 @@ static BOOL smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, for LMv2, let alone NTLMv2. */ DEBUG(0, ("smb_pwd_check_ntlmv2: incorrect password length (%lu)\n", (unsigned long)ntv2_response->length)); - return False; + return false; } client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16); @@ -123,7 +124,7 @@ static BOOL smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, */ if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) { - return False; + return false; } SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption); @@ -146,9 +147,9 @@ static BOOL smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key->data); } - return True; + return true; } - return False; + return false; } /**************************************************************************** @@ -156,12 +157,12 @@ static BOOL smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, Note: The same code works with both NTLMv2 and LMv2. ****************************************************************************/ -static BOOL smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, +static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, const DATA_BLOB *ntv2_response, const uint8_t *part_passwd, const DATA_BLOB *sec_blob, const char *user, const char *domain, - BOOL upper_case_domain, /* should the domain be transformed into upper case? */ + bool upper_case_domain, /* should the domain be transformed into upper case? */ DATA_BLOB *user_sess_key) { /* Finish the encryption of part_passwd. */ @@ -171,14 +172,14 @@ static BOOL smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, if (part_passwd == NULL) { DEBUG(10,("No password set - DISALLOWING access\n")); - /* No password set - always False */ - return False; + /* No password set - always false */ + return false; } if (sec_blob->length != 8) { DEBUG(0, ("smb_sess_key_ntlmv2: incorrect challenge size (%lu)\n", (unsigned long)sec_blob->length)); - return False; + return false; } if (ntv2_response->length < 24) { @@ -187,19 +188,19 @@ static BOOL smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, for LMv2, let alone NTLMv2. */ DEBUG(0, ("smb_sess_key_ntlmv2: incorrect password length (%lu)\n", (unsigned long)ntv2_response->length)); - return False; + return false; } client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16); if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) { - return False; + return false; } SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption); *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key->data); - return True; + return true; } /** @@ -239,7 +240,7 @@ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx, } } else if (client_lanman && stored_lanman) { - if (!lp_lanman_auth()) { + if (!lp_lanman_auth(global_loadparm)) { DEBUG(3,("ntlm_password_check: Interactive logon: only LANMAN password supplied for user %s, and LM passwords are disabled!\n", username)); return NT_STATUS_WRONG_PASSWORD; @@ -310,7 +311,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, struct samr_Password client_nt; struct samr_Password client_lm; char *unix_pw = NULL; - BOOL lm_ok; + bool lm_ok; DEBUG(4,("ntlm_password_check: checking plaintext passwords for user %s\n", username)); @@ -321,12 +322,12 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, lm_response->data, lm_response->length, (void **)&unix_pw) != -1)) { if (E_deshash(unix_pw, client_lm.hash)) { - lm_ok = True; + lm_ok = true; } else { - lm_ok = False; + lm_ok = false; } } else { - lm_ok = False; + lm_ok = false; } return hash_password_check(mem_ctx, lm_ok ? &client_lm : NULL, @@ -350,7 +351,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, client_domain, - False, + false, user_sess_key)) { *lm_sess_key = *user_sess_key; if (user_sess_key->length) { @@ -365,7 +366,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, client_domain, - True, + true, user_sess_key)) { *lm_sess_key = *user_sess_key; if (user_sess_key->length) { @@ -380,7 +381,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, "", - False, + false, user_sess_key)) { *lm_sess_key = *user_sess_key; if (user_sess_key->length) { @@ -391,7 +392,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, DEBUG(3,("ntlm_password_check: NTLMv2 password check failed\n")); } } else if (nt_response->length == 24 && stored_nt) { - if (lp_ntlm_auth()) { + if (lp_ntlm_auth(global_loadparm)) { /* We have the NT MD4 hash challenge available - see if we can use it (ie. does it exist in the smbpasswd file). */ @@ -403,7 +404,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, /* The LM session key for this response is not very secure, so use it only if we otherwise allow LM authentication */ - if (lp_lanman_auth() && stored_lanman) { + if (lp_lanman_auth(global_loadparm) && stored_lanman) { *lm_sess_key = data_blob_talloc(mem_ctx, stored_lanman->hash, 8); } return NT_STATUS_OK; @@ -431,7 +432,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, return NT_STATUS_WRONG_PASSWORD; } - if (!lp_lanman_auth()) { + if (!lp_lanman_auth(global_loadparm)) { DEBUG(3,("ntlm_password_check: Lanman passwords NOT PERMITTED for user %s\n", username)); } else if (!stored_lanman) { @@ -450,7 +451,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, It not very secure, so use it only if we otherwise allow LM authentication */ - if (lp_lanman_auth() && stored_lanman) { + if (lp_lanman_auth(global_loadparm) && stored_lanman) { uint8_t first_8_lm_hash[16]; memcpy(first_8_lm_hash, stored_lanman->hash, 8); memset(first_8_lm_hash + 8, '\0', 8); @@ -475,7 +476,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, client_domain, - False, + false, &tmp_sess_key)) { if (nt_response->length > 24) { /* If NTLMv2 authentication has preceeded us @@ -487,7 +488,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, client_domain, - False, + false, user_sess_key); } else { /* Otherwise, use the LMv2 session key */ @@ -506,7 +507,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, client_domain, - True, + true, &tmp_sess_key)) { if (nt_response->length > 24) { /* If NTLMv2 authentication has preceeded us @@ -518,7 +519,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, client_domain, - True, + true, user_sess_key); } else { /* Otherwise, use the LMv2 session key */ @@ -537,7 +538,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, "", - False, + false, &tmp_sess_key)) { if (nt_response->length > 24) { /* If NTLMv2 authentication has preceeded us @@ -549,7 +550,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, stored_nt->hash, challenge, client_username, "", - False, + false, user_sess_key); } else { /* Otherwise, use the LMv2 session key */ @@ -566,7 +567,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, - I think this is related to Win9X pass-though authentication */ DEBUG(4,("ntlm_password_check: Checking NT MD4 password in LM field\n")); - if (lp_ntlm_auth()) { + if (lp_ntlm_auth(global_loadparm)) { if (smb_pwd_check_ntlmv1(mem_ctx, lm_response, stored_nt->hash, challenge, @@ -575,7 +576,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, It not very secure, so use it only if we otherwise allow LM authentication */ - if (lp_lanman_auth() && stored_lanman) { + if (lp_lanman_auth(global_loadparm) && stored_lanman) { uint8_t first_8_lm_hash[16]; memcpy(first_8_lm_hash, stored_lanman->hash, 8); memset(first_8_lm_hash + 8, '\0', 8); diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index a2d2d22170..f957ac9dbd 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -199,7 +199,7 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB input, DATA_BLOB *out) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; NTSTATUS status; uint32_t i; @@ -229,7 +229,7 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security, DATA_BLOB *session_key) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; if (!gensec_ntlmssp_state->session_key.data) { return NT_STATUS_NO_USER_SESSION_KEY; @@ -240,16 +240,16 @@ NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security, } void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state, - uint32_t neg_flags, BOOL allow_lm) + uint32_t neg_flags, bool allow_lm) { if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE; gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM; - gensec_ntlmssp_state->unicode = True; + gensec_ntlmssp_state->unicode = true; } else { gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_UNICODE; gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM; - gensec_ntlmssp_state->unicode = False; + gensec_ntlmssp_state->unicode = false; } if ((neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && allow_lm && !gensec_ntlmssp_state->use_ntlmv2) { @@ -341,40 +341,40 @@ DATA_BLOB ntlmssp_weakend_key(struct gensec_ntlmssp_state *gensec_ntlmssp_state, return weakened_key; } -static BOOL gensec_ntlmssp_have_feature(struct gensec_security *gensec_security, +static bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security, uint32_t feature) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; if (feature & GENSEC_FEATURE_SIGN) { if (!gensec_ntlmssp_state->session_key.length) { - return False; + return false; } if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { - return True; + return true; } } if (feature & GENSEC_FEATURE_SEAL) { if (!gensec_ntlmssp_state->session_key.length) { - return False; + return false; } if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { - return True; + return true; } } if (feature & GENSEC_FEATURE_SESSION_KEY) { if (gensec_ntlmssp_state->session_key.length) { - return True; + return true; } } if (feature & GENSEC_FEATURE_DCE_STYLE) { - return True; + return true; } if (feature & GENSEC_FEATURE_ASYNC_REPLIES) { if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { - return True; + return true; } } - return False; + return false; } NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security) @@ -418,7 +418,7 @@ static const struct gensec_security_ops gensec_ntlmssp_security_ops = { .session_key = gensec_ntlmssp_session_key, .session_info = gensec_ntlmssp_session_info, .have_feature = gensec_ntlmssp_have_feature, - .enabled = True, + .enabled = true, .priority = GENSEC_NTLMSSP }; diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h index 282fcbc510..e39e2d9407 100644 --- a/source4/auth/ntlmssp/ntlmssp.h +++ b/source4/auth/ntlmssp/ntlmssp.h @@ -93,7 +93,7 @@ struct gensec_ntlmssp_state style 'challenge caching' */ char *user; - char *domain; + const char *domain; const char *workstation; char *server_domain; @@ -156,7 +156,6 @@ struct gensec_ntlmssp_state DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key); const char *server_name; - const char *(*get_domain)(void); bool doing_ntlm2; diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c index 3f507908f2..61d6f1b25f 100644 --- a/source4/auth/ntlmssp/ntlmssp_client.c +++ b/source4/auth/ntlmssp/ntlmssp_client.c @@ -28,6 +28,7 @@ #include "libcli/auth/libcli_auth.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" +#include "param/param.h" /********************************************************************* Client side NTLMSSP @@ -47,7 +48,7 @@ NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, DATA_BLOB in, DATA_BLOB *out) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; if (gensec_ntlmssp_state->unicode) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE; @@ -65,7 +66,7 @@ NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security, "NTLMSSP", NTLMSSP_NEGOTIATE, gensec_ntlmssp_state->neg_flags, - gensec_ntlmssp_state->get_domain(), + gensec_ntlmssp_state->domain, cli_credentials_get_workstation(gensec_security->credentials)); gensec_ntlmssp_state->expected_state = NTLMSSP_CHALLENGE; @@ -87,7 +88,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; uint32_t chal_flags, ntlmssp_command, unkn1, unkn2; DATA_BLOB server_domain_blob; DATA_BLOB challenge_blob; @@ -180,7 +181,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, if (gensec_ntlmssp_state->use_nt_response) { flags |= CLI_CRED_NTLM_AUTH; } - if (lp_client_lanman_auth()) { + if (lp_client_lanman_auth(global_loadparm)) { flags |= CLI_CRED_LANMAN_AUTH; } @@ -205,7 +206,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, } if ((gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) - && lp_client_lanman_auth() && lm_session_key.length == 16) { + && lp_client_lanman_auth(global_loadparm) && lm_session_key.length == 16) { DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16); if (lm_response.length == 24) { SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data, @@ -292,21 +293,21 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security) nt_status = gensec_ntlmssp_start(gensec_security); NT_STATUS_NOT_OK_RETURN(nt_status); - gensec_ntlmssp_state = gensec_security->private_data; + gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; gensec_ntlmssp_state->role = NTLMSSP_CLIENT; - gensec_ntlmssp_state->get_domain = lp_workgroup; + gensec_ntlmssp_state->domain = lp_workgroup(global_loadparm); - gensec_ntlmssp_state->unicode = lp_parm_bool(-1, "ntlmssp_client", "unicode", True); + gensec_ntlmssp_state->unicode = lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "unicode", true); - gensec_ntlmssp_state->use_nt_response = lp_parm_bool(-1, "ntlmssp_client", "send_nt_reponse", True); + gensec_ntlmssp_state->use_nt_response = lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "send_nt_reponse", true); - gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth() - && (lp_parm_bool(-1, "ntlmssp_client", "allow_lm_key", False) - || lp_parm_bool(-1, "ntlmssp_client", "lm_key", False))); + gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(global_loadparm) + && (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "allow_lm_key", false) + || lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "lm_key", false))); - gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(); + gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(global_loadparm); gensec_ntlmssp_state->expected_state = NTLMSSP_INITIAL; @@ -314,31 +315,31 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security) NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_REQUEST_TARGET; - if (lp_parm_bool(-1, "ntlmssp_client", "128bit", True)) { + if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "128bit", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128; } - if (lp_parm_bool(-1, "ntlmssp_client", "56bit", False)) { + if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "56bit", false)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56; } - if (lp_parm_bool(-1, "ntlmssp_client", "lm_key", False)) { + if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "lm_key", false)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY; } - if (lp_parm_bool(-1, "ntlmssp_client", "keyexchange", True)) { + if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "keyexchange", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH; } - if (lp_parm_bool(-1, "ntlmssp_client", "alwayssign", True)) { + if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "alwayssign", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; } - if (lp_parm_bool(-1, "ntlmssp_client", "ntlm2", True)) { + if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "ntlm2", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } else { /* apparently we can't do ntlmv2 if we don't do ntlm2 */ - gensec_ntlmssp_state->use_ntlmv2 = False; + gensec_ntlmssp_state->use_ntlmv2 = false; } if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) { diff --git a/source4/auth/ntlmssp/ntlmssp_parse.c b/source4/auth/ntlmssp/ntlmssp_parse.c index 98594f1fc3..ea9b52e432 100644 --- a/source4/auth/ntlmssp/ntlmssp_parse.c +++ b/source4/auth/ntlmssp/ntlmssp_parse.c @@ -40,7 +40,7 @@ d = word (4 bytes) C = constant ascii string */ -BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, +bool msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *format, ...) { int i; @@ -66,7 +66,7 @@ BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, head_size += 8; n = push_ucs2_talloc(pointers, (void **)&pointers[i].data, s); if (n == -1) { - return False; + return false; } pointers[i].length = n; pointers[i].length -= 2; @@ -77,7 +77,7 @@ BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, head_size += 8; n = push_ascii_talloc(pointers, (char **)&pointers[i].data, s); if (n == -1) { - return False; + return false; } pointers[i].length = n; pointers[i].length -= 1; @@ -89,7 +89,7 @@ BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, s = va_arg(ap, char *); n = push_ucs2_talloc(pointers, (void **)&pointers[i].data, s); if (n == -1) { - return False; + return false; } pointers[i].length = n; pointers[i].length -= 2; @@ -175,14 +175,14 @@ BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, talloc_free(pointers); - return True; + return true; } /* a helpful macro to avoid running over the end of our blob */ #define NEED_DATA(amount) \ if ((head_ofs + amount) > blob->length) { \ - return False; \ + return false; \ } /* @@ -198,7 +198,7 @@ if ((head_ofs + amount) > blob->length) { \ C = constant ascii string */ -BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, +bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const char *format, ...) { int i; @@ -226,21 +226,21 @@ BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, } else { /* make sure its in the right format - be strict */ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { - return False; + return false; } if (len1 & 1) { /* if odd length and unicode */ - return False; + return false; } if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data) - return False; + return false; if (0 < len1) { pull_string(p, blob->data + ptr, sizeof(p), len1, STR_UNICODE|STR_NOALIGN); (*ps) = talloc_strdup(mem_ctx, p); if (!(*ps)) { - return False; + return false; } } else { (*ps) = ""; @@ -259,18 +259,18 @@ BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, *ps = ""; } else { if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { - return False; + return false; } if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data) - return False; + return false; if (0 < len1) { pull_string(p, blob->data + ptr, sizeof(p), len1, STR_ASCII|STR_NOALIGN); (*ps) = talloc_strdup(mem_ctx, p); if (!(*ps)) { - return False; + return false; } } else { (*ps) = ""; @@ -289,11 +289,11 @@ BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, } else { /* make sure its in the right format - be strict */ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { - return False; + return false; } if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data) - return False; + return false; *b = data_blob_talloc(mem_ctx, blob->data + ptr, len1); } @@ -304,7 +304,7 @@ BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, /* make sure its in the right format - be strict */ NEED_DATA(len1); if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data) - return False; + return false; *b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1); head_ofs += len1; @@ -318,18 +318,18 @@ BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, s = va_arg(ap, char *); if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data) - return False; + return false; head_ofs += pull_string(p, blob->data+head_ofs, sizeof(p), blob->length - head_ofs, STR_ASCII|STR_TERMINATE); if (strcmp(s, p) != 0) { - return False; + return false; } break; } } va_end(ap); - return True; + return true; } diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 18e38cf6bf..79a17e5733 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -25,12 +25,12 @@ #include "auth/ntlmssp/ntlmssp.h" #include "auth/ntlmssp/msrpc_parse.h" #include "lib/crypto/crypto.h" -#include "pstring.h" #include "system/filesys.h" #include "libcli/auth/libcli_auth.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" #include "auth/auth.h" +#include "param/param.h" /** * Set a username on an NTLMSSP context - ensures it is talloc()ed @@ -98,66 +98,13 @@ static const char *ntlmssp_target_name(struct gensec_ntlmssp_state *gensec_ntlms return gensec_ntlmssp_state->server_name; } else { *chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN; - return gensec_ntlmssp_state->get_domain(); + return gensec_ntlmssp_state->domain; }; } else { return ""; } } -/* - Andrew, please remove these totally bogus calls when you get time -*/ -static BOOL get_myfullname(char *my_name) -{ - pstring hostname; - - *hostname = 0; - - /* get my host name */ - if (gethostname(hostname, sizeof(hostname)) == -1) { - DEBUG(0,("gethostname failed\n")); - return False; - } - - /* Ensure null termination. */ - hostname[sizeof(hostname)-1] = '\0'; - - if (my_name) - fstrcpy(my_name, hostname); - return True; -} - -static BOOL get_mydomname(char *my_domname) -{ - pstring hostname; - char *p; - - /* arrgh! relies on full name in system */ - - *hostname = 0; - /* get my host name */ - if (gethostname(hostname, sizeof(hostname)) == -1) { - DEBUG(0,("gethostname failed\n")); - return False; - } - - /* Ensure null termination. */ - hostname[sizeof(hostname)-1] = '\0'; - - p = strchr_m(hostname, '.'); - - if (!p) - return False; - - p++; - - if (my_domname) - fstrcpy(my_domname, p); - - return True; -} - /** @@ -174,9 +121,10 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; DATA_BLOB struct_blob; - fstring dnsname, dnsdomname; + char dnsname[MAXHOSTNAMELEN], dnsdomname[MAXHOSTNAMELEN]; + const char *p; uint32_t neg_flags = 0; uint32_t ntlmssp_command, chal_flags; const uint8_t *cryptkey; @@ -227,13 +175,20 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security, gensec_ntlmssp_state->chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8); gensec_ntlmssp_state->internal_chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8); - /* This should be a 'netbios domain -> DNS domain' mapping */ - dnsdomname[0] = '\0'; - get_mydomname(dnsdomname); - strlower_m(dnsdomname); - dnsname[0] = '\0'; - get_myfullname(dnsname); + if (gethostname(dnsname, sizeof(dnsname)) == -1) { + DEBUG(0,("gethostname failed\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + /* This should be a 'netbios domain -> DNS domain' mapping */ + p = strchr(dnsname, '.'); + if (p != NULL) { + safe_strcpy(dnsdomname, p+1, sizeof(dnsdomname)); + strlower_m(dnsdomname); + } else { + dnsdomname[0] = '\0'; + } /* This creates the 'blob' of names that appears at the end of the packet */ if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) @@ -404,7 +359,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_ntlmssp_state *gensec_ntlms SMB_ASSERT(gensec_ntlmssp_state->internal_chal.data && gensec_ntlmssp_state->internal_chal.length == 8); - gensec_ntlmssp_state->doing_ntlm2 = True; + gensec_ntlmssp_state->doing_ntlm2 = true; memcpy(gensec_ntlmssp_state->crypt.ntlm2.session_nonce, gensec_ntlmssp_state->internal_chal.data, 8); memcpy(&gensec_ntlmssp_state->crypt.ntlm2.session_nonce[8], gensec_ntlmssp_state->lm_resp.data, 8); @@ -447,7 +402,7 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; NTSTATUS nt_status; DATA_BLOB session_key = data_blob(NULL, 0); @@ -594,7 +549,7 @@ NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; DATA_BLOB user_session_key = data_blob(NULL, 0); DATA_BLOB lm_session_key = data_blob(NULL, 0); NTSTATUS nt_status; @@ -662,7 +617,7 @@ static const uint8_t *auth_ntlmssp_get_challenge(const struct gensec_ntlmssp_sta * * @return If the effective challenge used by the auth subsystem may be modified */ -static BOOL auth_ntlmssp_may_set_challenge(const struct gensec_ntlmssp_state *gensec_ntlmssp_state) +static bool auth_ntlmssp_may_set_challenge(const struct gensec_ntlmssp_state *gensec_ntlmssp_state) { return auth_challenge_may_be_modified(gensec_ntlmssp_state->auth_context); } @@ -706,7 +661,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct gensec_ntlmssp_state *gensec_ user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT; user_info->flags = 0; - user_info->mapped_state = False; + user_info->mapped_state = false; user_info->client.account_name = gensec_ntlmssp_state->user; user_info->client.domain_name = gensec_ntlmssp_state->domain; user_info->workstation_name = gensec_ntlmssp_state->workstation; @@ -760,7 +715,7 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security, struct auth_session_info **session_info) { NTSTATUS nt_status; - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_ntlmssp_state->server_info, session_info); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -784,21 +739,21 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) nt_status = gensec_ntlmssp_start(gensec_security); NT_STATUS_NOT_OK_RETURN(nt_status); - gensec_ntlmssp_state = gensec_security->private_data; + gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; gensec_ntlmssp_state->role = NTLMSSP_SERVER; gensec_ntlmssp_state->workstation = NULL; - gensec_ntlmssp_state->server_name = lp_netbios_name(); + gensec_ntlmssp_state->server_name = lp_netbios_name(global_loadparm); - gensec_ntlmssp_state->get_domain = lp_workgroup; + gensec_ntlmssp_state->domain = lp_workgroup(global_loadparm); gensec_ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE; - gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth() - && lp_parm_bool(-1, "ntlmssp_server", "allow_lm_key", False)); + gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(global_loadparm) + && lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "allow_lm_key", false)); - gensec_ntlmssp_state->server_multiple_authentications = False; + gensec_ntlmssp_state->server_multiple_authentications = false; gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_UNKNOWN_02000000; @@ -807,23 +762,23 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0); gensec_ntlmssp_state->encrypted_session_key = data_blob(NULL, 0); - if (lp_parm_bool(-1, "ntlmssp_server", "128bit", True)) { + if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "128bit", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128; } - if (lp_parm_bool(-1, "ntlmssp_server", "56bit", True)) { + if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "56bit", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56; } - if (lp_parm_bool(-1, "ntlmssp_server", "keyexchange", True)) { + if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "keyexchange", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH; } - if (lp_parm_bool(-1, "ntlmssp_server", "alwayssign", True)) { + if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "alwayssign", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; } - if (lp_parm_bool(-1, "ntlmssp_server", "ntlm2", True)) { + if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "ntlm2", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } @@ -844,7 +799,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge; gensec_ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge; gensec_ntlmssp_state->check_password = auth_ntlmssp_check_password; - gensec_ntlmssp_state->server_role = lp_server_role(); + gensec_ntlmssp_state->server_role = lp_server_role(global_loadparm); return NT_STATUS_OK; } diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c index 4eb6156deb..dd8dd450c8 100644 --- a/source4/auth/ntlmssp/ntlmssp_sign.c +++ b/source4/auth/ntlmssp/ntlmssp_sign.c @@ -65,7 +65,7 @@ static NTSTATUS ntlmssp_make_packet_signature(struct gensec_ntlmssp_state *gense const uint8_t *data, size_t length, const uint8_t *whole_pdu, size_t pdu_length, enum ntlmssp_direction direction, - DATA_BLOB *sig, BOOL encrypt_sig) + DATA_BLOB *sig, bool encrypt_sig) { if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { @@ -137,12 +137,12 @@ _PUBLIC_ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_secu const uint8_t *whole_pdu, size_t pdu_length, DATA_BLOB *sig) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; return ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, data, length, whole_pdu, pdu_length, - NTLMSSP_SEND, sig, True); + NTLMSSP_SEND, sig, true); } /** @@ -156,7 +156,7 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security, const uint8_t *whole_pdu, size_t pdu_length, const DATA_BLOB *sig) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; DATA_BLOB local_sig; NTSTATUS nt_status; @@ -169,7 +169,7 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security, nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, data, length, whole_pdu, pdu_length, - NTLMSSP_RECEIVE, &local_sig, True); + NTLMSSP_RECEIVE, &local_sig, true); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status))); @@ -220,7 +220,7 @@ NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security, const uint8_t *whole_pdu, size_t pdu_length, DATA_BLOB *sig) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; NTSTATUS nt_status; if (!gensec_ntlmssp_state->session_key.length) { DEBUG(3, ("NO session key, cannot seal packet\n")); @@ -236,7 +236,7 @@ NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security, nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, data, length, whole_pdu, pdu_length, - NTLMSSP_SEND, sig, False); + NTLMSSP_SEND, sig, false); arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, data, length); if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, sig->data+4, 8); @@ -281,7 +281,7 @@ NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, const uint8_t *whole_pdu, size_t pdu_length, const DATA_BLOB *sig) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; if (!gensec_ntlmssp_state->session_key.length) { DEBUG(3, ("NO session key, cannot unseal packet\n")); return NT_STATUS_NO_USER_SESSION_KEY; diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 6e160941d8..ad8d77ecf8 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -27,6 +27,7 @@ #include "libcli/security/security.h" #include "libcli/ldap/ldap.h" #include "librpc/gen_ndr/ndr_netlogon.h" +#include "param/param.h" const char *user_attrs[] = { /* required for the krb5 kdc */ @@ -75,7 +76,7 @@ const char *domain_ref_attrs[] = {"nETBIOSName", "nCName", bitmask. ****************************************************************************/ -static BOOL logon_hours_ok(struct ldb_message *msg, const char *name_for_logs) +static bool logon_hours_ok(struct ldb_message *msg, const char *name_for_logs) { /* In logon hours first bit is Sunday from 12AM to 1AM */ const struct ldb_val *hours; @@ -87,12 +88,12 @@ static BOOL logon_hours_ok(struct ldb_message *msg, const char *name_for_logs) hours = ldb_msg_find_ldb_val(msg, "logonHours"); if (!hours) { DEBUG(5,("logon_hours_ok: No hours restrictions for user %s\n", name_for_logs)); - return True; + return true; } if (hours->length != 168/8) { DEBUG(5,("logon_hours_ok: malformed logon hours restrictions for user %s\n", name_for_logs)); - return True; + return true; } lasttime = time(NULL); @@ -100,7 +101,7 @@ static BOOL logon_hours_ok(struct ldb_message *msg, const char *name_for_logs) if (!utctime) { DEBUG(1, ("logon_hours_ok: failed to get gmtime. Failing logon for user %s\n", name_for_logs)); - return False; + return false; } /* find the corresponding byte and bit */ @@ -121,14 +122,14 @@ static BOOL logon_hours_ok(struct ldb_message *msg, const char *name_for_logs) DEBUG(1, ("logon_hours_ok: Account for user %s not allowed to " "logon at this time (%s).\n", name_for_logs, asct )); - return False; + return false; } asct = asctime(utctime); DEBUG(5,("logon_hours_ok: user %s allowed to logon at this time (%s)\n", name_for_logs, asct ? asct : "UNKNOWN TIME" )); - return True; + return true; } /**************************************************************************** @@ -204,7 +205,7 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, /* Test workstation. Workstation list is comma separated. */ if (logon_workstation && workstation_list && *workstation_list) { - BOOL invalid_ws = True; + bool invalid_ws = true; int i; const char **workstations = str_list_make(mem_ctx, workstation_list, ","); @@ -213,7 +214,7 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx, workstations[i], logon_workstation)); if (strequal(workstations[i], logon_workstation)) { - invalid_ws = False; + invalid_ws = false; break; } } @@ -343,7 +344,7 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_conte server_info->home_drive = talloc_strdup(server_info, str); NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive); - server_info->logon_server = talloc_strdup(server_info, lp_netbios_name()); + server_info->logon_server = talloc_strdup(server_info, lp_netbios_name(global_loadparm)); NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server); server_info->last_logon = samdb_result_nttime(msg, "lastLogon", 0); @@ -370,7 +371,7 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_conte server_info->user_session_key = user_sess_key; server_info->lm_session_key = lm_sess_key; - server_info->authenticated = True; + server_info->authenticated = true; *_server_info = server_info; |