This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "librpc/rpc/dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "param/param.h"
/* the list of currently registered GENSEC backends */
static struct gensec_security_ops **generic_security_ops;
struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
struct gensec_security_ops **old_gensec_list,
- enum credentials_use_kerberos use_kerberos)
+ struct cli_credentials *creds)
{
struct gensec_security_ops **new_gensec_list;
int i, j, num_mechs_in;
+ enum credentials_use_kerberos use_kerberos = CRED_AUTO_USE_KERBEROS;
+
+ if (creds) {
+ use_kerberos = cli_credentials_get_kerberos_state(creds);
+ }
if (use_kerberos == CRED_AUTO_USE_KERBEROS) {
if (!talloc_reference(mem_ctx, old_gensec_list)) {
}
switch (use_kerberos) {
case CRED_DONT_USE_KERBEROS:
- if (old_gensec_list[i]->kerberos == False) {
+ if (old_gensec_list[i]->kerberos == false) {
new_gensec_list[j] = old_gensec_list[i];
j++;
}
break;
case CRED_MUST_USE_KERBEROS:
- if (old_gensec_list[i]->kerberos == True) {
+ if (old_gensec_list[i]->kerberos == true) {
new_gensec_list[j] = old_gensec_list[i];
j++;
}
}
return backends;
} else {
- enum credentials_use_kerberos use_kerberos;
struct cli_credentials *creds = gensec_get_credentials(gensec_security);
if (!creds) {
if (!talloc_reference(mem_ctx, backends)) {
}
return backends;
}
- use_kerberos = cli_credentials_get_kerberos_state(creds);
- return gensec_use_kerberos_mechs(mem_ctx, backends, use_kerberos);
+ return gensec_use_kerberos_mechs(mem_ctx, backends, creds);
}
}
/**
* Return all the security subsystems currently enabled on a GENSEC context.
*
- * This is taken from a list attached to the cli_credentails, and
+ * This is taken from a list attached to the cli_credentials, and
* skips the OID in 'skip'. (Typically the SPNEGO OID)
*
*/
*/
static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
struct event_context *ev,
+ struct loadparm_context *lp_ctx,
struct messaging_context *msg,
struct gensec_security **gensec_security)
{
ZERO_STRUCT((*gensec_security)->peer_addr);
ZERO_STRUCT((*gensec_security)->my_addr);
- (*gensec_security)->subcontext = False;
+ (*gensec_security)->subcontext = false;
(*gensec_security)->want_features = 0;
if (ev == NULL) {
(*gensec_security)->event_ctx = ev;
(*gensec_security)->msg_ctx = msg;
+ (*gensec_security)->lp_ctx = lp_ctx;
return NT_STATUS_OK;
}
(*gensec_security)->ops = NULL;
(*gensec_security)->private_data = NULL;
- (*gensec_security)->subcontext = True;
+ (*gensec_security)->subcontext = true;
(*gensec_security)->event_ctx = parent->event_ctx;
(*gensec_security)->msg_ctx = parent->msg_ctx;
+ (*gensec_security)->lp_ctx = parent->lp_ctx;
return NT_STATUS_OK;
}
*/
_PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_security,
- struct event_context *ev)
+ struct event_context *ev,
+ struct loadparm_context *lp_ctx)
{
NTSTATUS status;
struct event_context *new_ev = NULL;
ev = new_ev;
}
- status = gensec_start(mem_ctx, ev, NULL, gensec_security);
+ status = gensec_start(mem_ctx, ev, lp_ctx, NULL, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(new_ev);
return status;
*/
NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
struct event_context *ev,
+ struct loadparm_context *lp_ctx,
struct messaging_context *msg,
struct gensec_security **gensec_security)
{
return NT_STATUS_INTERNAL_ERROR;
}
- status = gensec_start(mem_ctx, ev, msg, gensec_security);
+ status = gensec_start(mem_ctx, ev, lp_ctx, msg, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
*
*/
-_PUBLIC_ BOOL gensec_have_feature(struct gensec_security *gensec_security,
+_PUBLIC_ bool gensec_have_feature(struct gensec_security *gensec_security,
uint32_t feature)
{
if (!gensec_security->ops->have_feature) {
- return False;
+ return false;
}
/* We might 'have' features that we don't 'want', because the
_PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_security)
{
/* We allow the target hostname to be overriden for testing purposes */
- const char *target_hostname = lp_parm_string(-1, "gensec", "target_hostname");
+ const char *target_hostname = lp_parm_string(gensec_security->lp_ctx, NULL, "gensec", "target_hostname");
if (target_hostname) {
return target_hostname;
}
*/
NTSTATUS gensec_register(const struct gensec_security_ops *ops)
{
- if (!lp_parm_bool(-1, "gensec", ops->name, ops->enabled)) {
+ if (!lp_parm_bool(global_loadparm, NULL, "gensec", ops->name, ops->enabled)) {
DEBUG(2,("gensec subsystem %s is disabled\n", ops->name));
return NT_STATUS_OK;
}
return NT_STATUS_NO_MEMORY;
}
- generic_security_ops[gensec_num_backends] = discard_const(ops);
+ generic_security_ops[gensec_num_backends] = discard_const_p(struct gensec_security_ops, ops);
gensec_num_backends++;
generic_security_ops[gensec_num_backends] = NULL;
/*
initialise the GENSEC subsystem
*/
-NTSTATUS gensec_init(void)
+NTSTATUS gensec_init(struct loadparm_context *lp_ctx)
{
- static BOOL initialized = False;
+ static bool initialized = false;
- init_module_fn static_init[] = STATIC_gensec_MODULES;
+ init_module_fn static_init[] = { STATIC_gensec_MODULES };
init_module_fn *shared_init;
if (initialized) return NT_STATUS_OK;
- initialized = True;
+ initialized = true;
- shared_init = load_samba_modules(NULL, "gensec");
+ shared_init = load_samba_modules(NULL, lp_ctx, "gensec");
run_init_functions(static_init);
run_init_functions(shared_init);