diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2011-04-20 17:39:50 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2011-04-27 11:21:37 +1000 |
| commit | e04bab4a19658009e53949b814a58d177966a9cd (patch) | |
| tree | bb9bb8962f23590a8b1272cd5fc2cdbea37a4993 | |
| parent | e81ea8a291d1a51a1b69dfeabf686e72f284689b (diff) | |
| download | samba-e04bab4a19658009e53949b814a58d177966a9cd.tar.gz samba-e04bab4a19658009e53949b814a58d177966a9cd.tar.bz2 samba-e04bab4a19658009e53949b814a58d177966a9cd.zip | |
libcli/auth Move Samba4's gssapi_error_string from GENSEC to libcli/auth
This will allow the GSSAPI PAC fetch code to use it.
Andrew Bartlett
| -rw-r--r-- | lib/replace/system/kerberos.h | 10 | ||||
| -rw-r--r-- | libcli/auth/krb5_wrap.c | 39 | ||||
| -rw-r--r-- | libcli/auth/krb5_wrap.h | 5 | ||||
| -rw-r--r-- | libcli/auth/wscript_build | 2 | ||||
| -rw-r--r-- | source3/include/smb_krb5.h | 8 | ||||
| -rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 38 |
6 files changed, 54 insertions, 48 deletions
diff --git a/lib/replace/system/kerberos.h b/lib/replace/system/kerberos.h index bb1f1b9a09..10d5f76ccc 100644 --- a/lib/replace/system/kerberos.h +++ b/lib/replace/system/kerberos.h @@ -37,5 +37,15 @@ #include <com_err.h> #endif +#if HAVE_GSSAPI_GSSAPI_H +#include <gssapi/gssapi.h> +#elif HAVE_GSSAPI_GSSAPI_GENERIC_H +#include <gssapi/gssapi_generic.h> +#elif HAVE_GSSAPI_H +#include <gssapi.h> +#endif + +#include <gssapi/gssapi_krb5.h> + #endif #endif diff --git a/libcli/auth/krb5_wrap.c b/libcli/auth/krb5_wrap.c index c69e3946c6..7725261408 100644 --- a/libcli/auth/krb5_wrap.c +++ b/libcli/auth/krb5_wrap.c @@ -5,6 +5,7 @@ Copyright (C) Luke Howard 2002-2003 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2011 Copyright (C) Guenther Deschner 2005-2009 + Copyright (C) Simo Sorce 2010. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -307,6 +308,44 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, return ret; } +char *gssapi_error_string(TALLOC_CTX *mem_ctx, + OM_uint32 maj_stat, OM_uint32 min_stat, + const gss_OID mech) +{ + OM_uint32 disp_min_stat, disp_maj_stat; + gss_buffer_desc maj_error_message; + gss_buffer_desc min_error_message; + char *maj_error_string, *min_error_string; + OM_uint32 msg_ctx = 0; + + char *ret; + + maj_error_message.value = NULL; + min_error_message.value = NULL; + maj_error_message.length = 0; + min_error_message.length = 0; + + disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat, GSS_C_GSS_CODE, + mech, &msg_ctx, &maj_error_message); + disp_maj_stat = gss_display_status(&disp_min_stat, min_stat, GSS_C_MECH_CODE, + mech, &msg_ctx, &min_error_message); + + maj_error_string = talloc_strndup(mem_ctx, (char *)maj_error_message.value, maj_error_message.length); + + min_error_string = talloc_strndup(mem_ctx, (char *)min_error_message.value, min_error_message.length); + + ret = talloc_asprintf(mem_ctx, "%s: %s", maj_error_string, min_error_string); + + talloc_free(maj_error_string); + talloc_free(min_error_string); + + gss_release_buffer(&disp_min_stat, &maj_error_message); + gss_release_buffer(&disp_min_stat, &min_error_message); + + return ret; +} + + char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx) { char *ret; diff --git a/libcli/auth/krb5_wrap.h b/libcli/auth/krb5_wrap.h index 4f333cc4b0..31bee352ab 100644 --- a/libcli/auth/krb5_wrap.h +++ b/libcli/auth/krb5_wrap.h @@ -31,7 +31,6 @@ int create_kerberos_key_from_string_direct(krb5_context context, krb5_enctype enctype); void kerberos_free_data_contents(krb5_context context, krb5_data *pdata); krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry); -char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx); krb5_error_code smb_krb5_parse_name(krb5_context context, const char *name, /* in unix charset */ @@ -54,6 +53,10 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, krb5_checksum *cksum, uint8_t *data, size_t length); +char *gssapi_error_string(TALLOC_CTX *mem_ctx, + OM_uint32 maj_stat, OM_uint32 min_stat, + const gss_OID mech); +char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx); krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, DATA_BLOB pac_data, diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build index bdf52d0399..541eaf0434 100644 --- a/libcli/auth/wscript_build +++ b/libcli/auth/wscript_build @@ -41,4 +41,4 @@ bld.SAMBA_SUBSYSTEM('SPNEGO_PARSE', bld.SAMBA_SUBSYSTEM('KRB5_WRAP', source='krb5_wrap.c kerberos_pac.c', - deps='krb5 ndr-krb5pac com_err') + deps='gssapi krb5 ndr-krb5pac com_err') diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h index d87dc79ff9..8109747b70 100644 --- a/source3/include/smb_krb5.h +++ b/source3/include/smb_krb5.h @@ -14,14 +14,6 @@ #include "libcli/auth/krb5_wrap.h" -#if HAVE_GSSAPI_GSSAPI_H -#include <gssapi/gssapi.h> -#elif HAVE_GSSAPI_GSSAPI_GENERIC_H -#include <gssapi/gssapi_generic.h> -#elif HAVE_GSSAPI_H -#include <gssapi.h> -#endif - #ifndef KRB5_ADDR_NETBIOS #define KRB5_ADDR_NETBIOS 0x14 #endif diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 59029e6fc9..0dfc38d288 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -47,44 +47,6 @@ _PUBLIC_ NTSTATUS gensec_gssapi_init(void); static size_t gensec_gssapi_max_input_size(struct gensec_security *gensec_security); static size_t gensec_gssapi_max_wrapped_size(struct gensec_security *gensec_security); -static char *gssapi_error_string(TALLOC_CTX *mem_ctx, - OM_uint32 maj_stat, OM_uint32 min_stat, - const gss_OID mech) -{ - OM_uint32 disp_min_stat, disp_maj_stat; - gss_buffer_desc maj_error_message; - gss_buffer_desc min_error_message; - char *maj_error_string, *min_error_string; - OM_uint32 msg_ctx = 0; - - char *ret; - - maj_error_message.value = NULL; - min_error_message.value = NULL; - maj_error_message.length = 0; - min_error_message.length = 0; - - disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat, GSS_C_GSS_CODE, - mech, &msg_ctx, &maj_error_message); - disp_maj_stat = gss_display_status(&disp_min_stat, min_stat, GSS_C_MECH_CODE, - mech, &msg_ctx, &min_error_message); - - maj_error_string = talloc_strndup(mem_ctx, (char *)maj_error_message.value, maj_error_message.length); - - min_error_string = talloc_strndup(mem_ctx, (char *)min_error_message.value, min_error_message.length); - - ret = talloc_asprintf(mem_ctx, "%s: %s", maj_error_string, min_error_string); - - talloc_free(maj_error_string); - talloc_free(min_error_string); - - gss_release_buffer(&disp_min_stat, &maj_error_message); - gss_release_buffer(&disp_min_stat, &min_error_message); - - return ret; -} - - static int gensec_gssapi_destructor(struct gensec_gssapi_state *gensec_gssapi_state) { OM_uint32 maj_stat, min_stat; |