From bad1891cae2c688b17a6a2b932e754f51291035c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 17:41:37 +0100 Subject: [PATCH] r26258: Use loadparm context in client_start function of gensec. --- source/auth/gensec/cyrus_sasl.c | 2 +- source/auth/gensec/gensec.c | 2 +- source/auth/gensec/gensec.h | 5 ++++- source/auth/gensec/gensec_gssapi.c | 10 +++++----- source/auth/gensec/gensec_krb5.c | 6 +++--- source/auth/gensec/schannel.c | 3 ++- source/auth/gensec/spnego.c | 4 ++-- source/auth/ntlmssp/ntlmssp.h | 1 + source/auth/ntlmssp/ntlmssp_client.c | 29 ++++++++++++++-------------- 9 files changed, 34 insertions(+), 28 deletions(-) diff --git a/source/auth/gensec/cyrus_sasl.c b/source/auth/gensec/cyrus_sasl.c index 0bce35e1c..7ccdb1ede 100644 --- a/source/auth/gensec/cyrus_sasl.c +++ b/source/auth/gensec/cyrus_sasl.c @@ -112,7 +112,7 @@ static int gensec_sasl_dispose(struct gensec_sasl_state *gensec_sasl_state) return 0; } -static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security) +static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) { struct gensec_sasl_state *gensec_sasl_state; const char *service = gensec_get_target_service(gensec_security); diff --git a/source/auth/gensec/gensec.c b/source/auth/gensec/gensec.c index b3ac64fdc..27981a750 100644 --- a/source/auth/gensec/gensec.c +++ b/source/auth/gensec/gensec.c @@ -603,7 +603,7 @@ static NTSTATUS gensec_start_mech(struct gensec_security *gensec_security) switch (gensec_security->gensec_role) { case GENSEC_CLIENT: if (gensec_security->ops->client_start) { - status = gensec_security->ops->client_start(gensec_security); + status = gensec_security->ops->client_start(gensec_security, global_loadparm); if (!NT_STATUS_IS_OK(status)) { DEBUG(2, ("Failed to start GENSEC client mech %s: %s\n", gensec_security->ops->name, nt_errstr(status))); diff --git a/source/auth/gensec/gensec.h b/source/auth/gensec/gensec.h index 6263edd68..6b787d25a 100644 --- a/source/auth/gensec/gensec.h +++ b/source/auth/gensec/gensec.h @@ -75,12 +75,15 @@ struct gensec_update_request { } callback; }; +struct loadparm_context; + struct gensec_security_ops { const char *name; const char *sasl_name; uint8_t auth_type; /* 0 if not offered on DCE-RPC */ const char **oid; /* NULL if not offered by SPNEGO */ - NTSTATUS (*client_start)(struct gensec_security *gensec_security); + NTSTATUS (*client_start)(struct gensec_security *gensec_security, + struct loadparm_context *lp_ctx); NTSTATUS (*server_start)(struct gensec_security *gensec_security); /** Determine if a packet has the right 'magic' for this mechanism diff --git a/source/auth/gensec/gensec_gssapi.c b/source/auth/gensec/gensec_gssapi.c index b3e535241..1d8d5f057 100644 --- a/source/auth/gensec/gensec_gssapi.c +++ b/source/auth/gensec/gensec_gssapi.c @@ -298,7 +298,7 @@ static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_s return nt_status; } -static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_security) +static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) { struct gensec_gssapi_state *gensec_gssapi_state; struct cli_credentials *creds = gensec_get_credentials(gensec_security); @@ -324,7 +324,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi return NT_STATUS_INVALID_PARAMETER; } - nt_status = gensec_gssapi_start(gensec_security, global_loadparm); + nt_status = gensec_gssapi_start(gensec_security, lp_ctx); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -334,7 +334,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi gensec_gssapi_state->gss_oid = gss_mech_krb5; principal = gensec_get_target_principal(gensec_security); - if (principal && lp_client_use_spnego_principal(global_loadparm)) { + if (principal && lp_client_use_spnego_principal(lp_ctx)) { name_type = GSS_C_NULL_OID; } else { principal = talloc_asprintf(gensec_gssapi_state, "%s@%s", @@ -380,11 +380,11 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi return NT_STATUS_OK; } -static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_security) +static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) { NTSTATUS nt_status; struct gensec_gssapi_state *gensec_gssapi_state; - nt_status = gensec_gssapi_client_start(gensec_security); + nt_status = gensec_gssapi_client_start(gensec_security, lp_ctx); if (NT_STATUS_IS_OK(nt_status)) { gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state); diff --git a/source/auth/gensec/gensec_krb5.c b/source/auth/gensec/gensec_krb5.c index eb8c74533..296f58782 100644 --- a/source/auth/gensec/gensec_krb5.c +++ b/source/auth/gensec/gensec_krb5.c @@ -210,7 +210,7 @@ static NTSTATUS gensec_fake_gssapi_krb5_server_start(struct gensec_security *gen return nt_status; } -static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security) +static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) { struct gensec_krb5_state *gensec_krb5_state; krb5_error_code ret; @@ -322,9 +322,9 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security } } -static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gensec_security) +static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) { - NTSTATUS nt_status = gensec_krb5_client_start(gensec_security); + NTSTATUS nt_status = gensec_krb5_client_start(gensec_security, lp_ctx); if (NT_STATUS_IS_OK(nt_status)) { struct gensec_krb5_state *gensec_krb5_state; diff --git a/source/auth/gensec/schannel.c b/source/auth/gensec/schannel.c index 462fb26ba..7da96560a 100644 --- a/source/auth/gensec/schannel.c +++ b/source/auth/gensec/schannel.c @@ -218,7 +218,8 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security) return NT_STATUS_OK; } -static NTSTATUS schannel_client_start(struct gensec_security *gensec_security) +static NTSTATUS schannel_client_start(struct gensec_security *gensec_security, + struct loadparm_context *lp_ctx) { NTSTATUS status; struct schannel_state *state; diff --git a/source/auth/gensec/spnego.c b/source/auth/gensec/spnego.c index ca82980f9..4a7c2e1d4 100644 --- a/source/auth/gensec/spnego.c +++ b/source/auth/gensec/spnego.c @@ -47,11 +47,11 @@ struct spnego_state { }; -static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_security) +static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) { struct spnego_state *spnego_state; - spnego_state = talloc(gensec_security, struct spnego_state); + spnego_state = talloc(gensec_security, struct spnego_state); if (!spnego_state) { return NT_STATUS_NO_MEMORY; } diff --git a/source/auth/ntlmssp/ntlmssp.h b/source/auth/ntlmssp/ntlmssp.h index e39e2d940..5efc0a2eb 100644 --- a/source/auth/ntlmssp/ntlmssp.h +++ b/source/auth/ntlmssp/ntlmssp.h @@ -184,5 +184,6 @@ struct gensec_ntlmssp_state struct auth_serversupplied_info *server_info; }; +struct loadparm_context; struct auth_session_info; #include "auth/ntlmssp/proto.h" diff --git a/source/auth/ntlmssp/ntlmssp_client.c b/source/auth/ntlmssp/ntlmssp_client.c index bff9fc0b8..49ba6d240 100644 --- a/source/auth/ntlmssp/ntlmssp_client.c +++ b/source/auth/ntlmssp/ntlmssp_client.c @@ -285,7 +285,8 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, return NT_STATUS_OK; } -NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security) +NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security, + struct loadparm_context *lp_ctx) { struct gensec_ntlmssp_state *gensec_ntlmssp_state; NTSTATUS nt_status; @@ -297,17 +298,17 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->role = NTLMSSP_CLIENT; - gensec_ntlmssp_state->domain = lp_workgroup(global_loadparm); + gensec_ntlmssp_state->domain = lp_workgroup(lp_ctx); - gensec_ntlmssp_state->unicode = lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "unicode", true); + gensec_ntlmssp_state->unicode = lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "unicode", true); - gensec_ntlmssp_state->use_nt_response = lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "send_nt_reponse", true); + gensec_ntlmssp_state->use_nt_response = lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "send_nt_reponse", true); - gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(global_loadparm) - && (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "allow_lm_key", false) - || lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "lm_key", false))); + gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(lp_ctx) + && (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "allow_lm_key", false) + || lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "lm_key", false))); - gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(global_loadparm); + gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(lp_ctx); gensec_ntlmssp_state->expected_state = NTLMSSP_INITIAL; @@ -315,27 +316,27 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security) NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_REQUEST_TARGET; - if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "128bit", true)) { + if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "128bit", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128; } - if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "56bit", false)) { + if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "56bit", false)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56; } - if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "lm_key", false)) { + if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "lm_key", false)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY; } - if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "keyexchange", true)) { + if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "keyexchange", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH; } - if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "alwayssign", true)) { + if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "alwayssign", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; } - if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "ntlm2", true)) { + if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "ntlm2", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } else { /* apparently we can't do ntlmv2 if we don't do ntlm2 */ -- 2.34.1