r26233: Pass loadparm context when creating krb5 contexts.
[jelmer/samba4-debian.git] / source / auth / gensec / gensec_gssapi.c
index 69e87cf555a48e6dc97da311f5c489fb8cd81c67..fabdfb4308e38f3328509fb6fa217057dbe3a3fe 100644 (file)
@@ -65,7 +65,7 @@ struct gensec_gssapi_state {
 
        gss_cred_id_t delegated_cred_handle;
 
-       BOOL sasl; /* We have two different mechs in this file: One
+       bool sasl; /* We have two different mechs in this file: One
                    * for SASL wrapped GSSAPI and another for normal
                    * GSSAPI */
        enum gensec_gssapi_sasl_state sasl_state;
@@ -155,9 +155,9 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
        
        gensec_gssapi_state->gss_exchange_count = 0;
        gensec_gssapi_state->max_wrap_buf_size
-               = lp_parm_int(NULL, "gensec_gssapi", "max wrap buf size", 65536);
+               = lp_parm_int(global_loadparm, NULL, "gensec_gssapi", "max wrap buf size", 65536);
                
-       gensec_gssapi_state->sasl = False;
+       gensec_gssapi_state->sasl = false;
        gensec_gssapi_state->sasl_state = STAGE_GSS_NEG;
 
        gensec_security->private_data = gensec_gssapi_state;
@@ -170,16 +170,16 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
        gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
        
        gensec_gssapi_state->want_flags = 0;
-       if (lp_parm_bool(NULL, "gensec_gssapi", "mutual", true)) {
+       if (lp_parm_bool(global_loadparm, NULL, "gensec_gssapi", "mutual", true)) {
                gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG;
        }
-       if (lp_parm_bool(NULL, "gensec_gssapi", "delegation", true)) {
+       if (lp_parm_bool(global_loadparm, NULL, "gensec_gssapi", "delegation", true)) {
                gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG;
        }
-       if (lp_parm_bool(NULL, "gensec_gssapi", "replay", true)) {
+       if (lp_parm_bool(global_loadparm, NULL, "gensec_gssapi", "replay", true)) {
                gensec_gssapi_state->want_flags |= GSS_C_REPLAY_FLAG;
        }
-       if (lp_parm_bool(NULL, "gensec_gssapi", "sequence", true)) {
+       if (lp_parm_bool(global_loadparm, NULL, "gensec_gssapi", "sequence", true)) {
                gensec_gssapi_state->want_flags |= GSS_C_SEQUENCE_FLAG;
        }
 
@@ -230,7 +230,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
        }
 
        /* don't do DNS lookups of any kind, it might/will fail for a netbios name */
-       ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(NULL, "krb5", "set_dns_canonicalize", false));
+       ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(global_loadparm, NULL, "krb5", "set_dns_canonicalize", false));
        if (ret) {
                DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n"));
                talloc_free(gensec_gssapi_state);
@@ -239,6 +239,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
 
        ret = smb_krb5_init_context(gensec_gssapi_state, 
                                    gensec_security->event_ctx,
+                                   global_loadparm,
                                    &gensec_gssapi_state->smb_krb5_context);
        if (ret) {
                DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n",
@@ -291,7 +292,7 @@ static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_s
 
        if (NT_STATUS_IS_OK(nt_status)) {
                gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
-               gensec_gssapi_state->sasl = True;
+               gensec_gssapi_state->sasl = true;
        }
        return nt_status;
 }
@@ -366,7 +367,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
                DEBUG(3, ("Cannot reach a KDC we require to contact %s\n", principal));
                return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */
        default:
-               DEBUG(1, ("Aquiring initiator credentails failed\n"));
+               DEBUG(1, ("Aquiring initiator credentials failed\n"));
                return NT_STATUS_UNSUCCESSFUL;
        }
 
@@ -386,7 +387,7 @@ static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_s
 
        if (NT_STATUS_IS_OK(nt_status)) {
                gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
-               gensec_gssapi_state->sasl = True;
+               gensec_gssapi_state->sasl = true;
        }
        return nt_status;
 }
@@ -632,7 +633,7 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
 
                        maj_stat = gss_wrap(&min_stat, 
                                            gensec_gssapi_state->gssapi_context, 
-                                           False,
+                                           false,
                                            GSS_C_QOP_DEFAULT,
                                            &input_token,
                                            &conf_state,
@@ -697,7 +698,7 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
 
                        maj_stat = gss_wrap(&min_stat, 
                                            gensec_gssapi_state->gssapi_context, 
-                                           False,
+                                           false,
                                            GSS_C_QOP_DEFAULT,
                                            &input_token,
                                            &conf_state,
@@ -1110,7 +1111,7 @@ static NTSTATUS gensec_gssapi_check_packet(struct gensec_security *gensec_securi
 }
 
 /* Try to figure out what features we actually got on the connection */
-static BOOL gensec_gssapi_have_feature(struct gensec_security *gensec_security, 
+static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security, 
                                       uint32_t feature) 
 {
        struct gensec_gssapi_state *gensec_gssapi_state
@@ -1136,7 +1137,7 @@ static BOOL gensec_gssapi_have_feature(struct gensec_security *gensec_security,
        if (feature & GENSEC_FEATURE_SESSION_KEY) {
                /* Only for GSSAPI/Krb5 */
                if (gss_oid_equal(gensec_gssapi_state->gss_oid, gss_mech_krb5)) {
-                       return True;
+                       return true;
                }
        }
        if (feature & GENSEC_FEATURE_DCE_STYLE) {
@@ -1144,9 +1145,9 @@ static BOOL gensec_gssapi_have_feature(struct gensec_security *gensec_security,
        }
        /* We can always do async (rather than strict request/reply) packets.  */
        if (feature & GENSEC_FEATURE_ASYNC_REPLIES) {
-               return True;
+               return true;
        }
-       return False;
+       return false;
 }
 
 /*
@@ -1317,7 +1318,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
                        talloc_free(mem_ctx);
                        return nt_status;
                }
-       } else if (!lp_parm_bool(NULL, "gensec", "require_pac", false)) {
+       } else if (!lp_parm_bool(global_loadparm, NULL, "gensec", "require_pac", false)) {
                DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n",
                          gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
                nt_status = sam_get_server_info_principal(mem_ctx, principal_string,
@@ -1414,8 +1415,8 @@ static const struct gensec_security_ops gensec_gssapi_spnego_security_ops = {
        .wrap           = gensec_gssapi_wrap,
        .unwrap         = gensec_gssapi_unwrap,
        .have_feature   = gensec_gssapi_have_feature,
-       .enabled        = False,
-       .kerberos       = True,
+       .enabled        = false,
+       .kerberos       = true,
        .priority       = GENSEC_GSSAPI
 };
 
@@ -1437,8 +1438,8 @@ static const struct gensec_security_ops gensec_gssapi_krb5_security_ops = {
        .wrap           = gensec_gssapi_wrap,
        .unwrap         = gensec_gssapi_unwrap,
        .have_feature   = gensec_gssapi_have_feature,
-       .enabled        = True,
-       .kerberos       = True,
+       .enabled        = true,
+       .kerberos       = true,
        .priority       = GENSEC_GSSAPI
 };
 
@@ -1456,8 +1457,8 @@ static const struct gensec_security_ops gensec_gssapi_sasl_krb5_security_ops = {
        .wrap             = gensec_gssapi_wrap,
        .unwrap           = gensec_gssapi_unwrap,
        .have_feature     = gensec_gssapi_have_feature,
-       .enabled          = True,
-       .kerberos         = True,
+       .enabled          = true,
+       .kerberos         = true,
        .priority         = GENSEC_GSSAPI
 };