summaryrefslogtreecommitdiff
path: root/libcli/auth
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2012-04-21 17:26:18 -0400
committerSimo Sorce <idra@samba.org>2012-04-23 19:20:38 -0400
commit08c733d75fd83fd5e32ced9712d41dd595e0f182 (patch)
treea49d6ebbf1d6c498294862f268d6890a1e6a507f /libcli/auth
parentf7070c90b94954835478a09e89a85c03f0f85500 (diff)
downloadsamba-08c733d75fd83fd5e32ced9712d41dd595e0f182.tar.gz
samba-08c733d75fd83fd5e32ced9712d41dd595e0f182.tar.bz2
samba-08c733d75fd83fd5e32ced9712d41dd595e0f182.zip
Make krb5 wrapper library common so they can be used all over
Diffstat (limited to 'libcli/auth')
-rw-r--r--libcli/auth/krb5_wrap.c243
-rw-r--r--libcli/auth/krb5_wrap.h62
-rwxr-xr-x[-rw-r--r--]libcli/auth/wscript_build6
3 files changed, 1 insertions, 310 deletions
diff --git a/libcli/auth/krb5_wrap.c b/libcli/auth/krb5_wrap.c
deleted file mode 100644
index 55a224612d..0000000000
--- a/libcli/auth/krb5_wrap.c
+++ /dev/null
@@ -1,243 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- simple kerberos5 routines for active directory
- Copyright (C) Andrew Tridgell 2001
- Copyright (C) Luke Howard 2002-2003
- Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2011
- Copyright (C) Guenther Deschner 2005-2009
- Copyright (C) Simo Sorce 2010.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#ifdef HAVE_KRB5
-
-#include "libcli/auth/krb5_wrap.h"
-#include "librpc/gen_ndr/krb5pac.h"
-
-#if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_C_STRING_TO_KEY)
-/* MIT */
-int create_kerberos_key_from_string_direct(krb5_context context,
- krb5_principal host_princ,
- krb5_data *password,
- krb5_keyblock *key,
- krb5_enctype enctype)
-{
- int ret = 0;
- krb5_data salt;
-
- ret = krb5_principal2salt(context, host_princ, &salt);
- if (ret) {
- DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
- return ret;
- }
- ret = krb5_c_string_to_key(context, enctype, password, &salt, key);
- SAFE_FREE(salt.data);
-
- return ret;
-}
-#elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
-/* Heimdal */
-int create_kerberos_key_from_string_direct(krb5_context context,
- krb5_principal host_princ,
- krb5_data *password,
- krb5_keyblock *key,
- krb5_enctype enctype)
-{
- int ret;
- krb5_salt salt;
-
- ret = krb5_get_pw_salt(context, host_princ, &salt);
- if (ret) {
- DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
- return ret;
- }
-
- ret = krb5_string_to_key_salt(context, enctype, (const char *)password->data, salt, key);
- krb5_free_salt(context, salt);
-
- return ret;
-}
-#else
-#error UNKNOWN_CREATE_KEY_FUNCTIONS
-#endif
-
- void kerberos_free_data_contents(krb5_context context, krb5_data *pdata)
-{
-#if defined(HAVE_KRB5_FREE_DATA_CONTENTS)
- if (pdata->data) {
- krb5_free_data_contents(context, pdata);
- }
-#elif defined(HAVE_KRB5_DATA_FREE)
- krb5_data_free(context, pdata);
-#else
- SAFE_FREE(pdata->data);
-#endif
-}
-
-
- krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry)
-{
-/* Try krb5_free_keytab_entry_contents first, since
- * MIT Kerberos >= 1.7 has both krb5_free_keytab_entry_contents and
- * krb5_kt_free_entry but only has a prototype for the first, while the
- * second is considered private.
- */
-#if defined(HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS)
- return krb5_free_keytab_entry_contents(context, kt_entry);
-#elif defined(HAVE_KRB5_KT_FREE_ENTRY)
- return krb5_kt_free_entry(context, kt_entry);
-#else
-#error UNKNOWN_KT_FREE_FUNCTION
-#endif
-}
-
-/**************************************************************
- Wrappers around kerberos string functions that convert from
- utf8 -> unix charset and vica versa.
-**************************************************************/
-
-/**************************************************************
- krb5_parse_name that takes a UNIX charset.
-**************************************************************/
-
- krb5_error_code smb_krb5_parse_name(krb5_context context,
- const char *name, /* in unix charset */
- krb5_principal *principal)
-{
- krb5_error_code ret;
- char *utf8_name;
- size_t converted_size;
- TALLOC_CTX *frame = talloc_stackframe();
-
- if (!push_utf8_talloc(frame, &utf8_name, name, &converted_size)) {
- talloc_free(frame);
- return ENOMEM;
- }
-
- ret = krb5_parse_name(context, utf8_name, principal);
- TALLOC_FREE(frame);
- return ret;
-}
-
-#if !defined(HAVE_KRB5_FREE_UNPARSED_NAME)
-static void krb5_free_unparsed_name(krb5_context context, char *val)
-{
- SAFE_FREE(val);
-}
-#endif
-
-/**************************************************************
- krb5_parse_name that returns a UNIX charset name. Must
- be freed with talloc_free() call.
-**************************************************************/
-
-krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
- krb5_context context,
- krb5_const_principal principal,
- char **unix_name)
-{
- krb5_error_code ret;
- char *utf8_name;
- size_t converted_size;
-
- *unix_name = NULL;
- ret = krb5_unparse_name(context, principal, &utf8_name);
- if (ret) {
- return ret;
- }
-
- if (!pull_utf8_talloc(mem_ctx, unix_name, utf8_name, &converted_size)) {
- krb5_free_unparsed_name(context, utf8_name);
- return ENOMEM;
- }
- krb5_free_unparsed_name(context, utf8_name);
- return 0;
-}
-
- krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
- const char *name,
- krb5_principal *principal)
-{
- /* we are cheating here because parse_name will in fact set the realm.
- * We don't care as the only caller of smb_krb5_parse_name_norealm
- * ignores the realm anyway when calling
- * smb_krb5_principal_compare_any_realm later - Guenther */
-
- return smb_krb5_parse_name(context, name, principal);
-}
-
- bool smb_krb5_principal_compare_any_realm(krb5_context context,
- krb5_const_principal princ1,
- krb5_const_principal princ2)
-{
- return krb5_principal_compare_any_realm(context, princ1, princ2);
-}
-
-char *gssapi_error_string(TALLOC_CTX *mem_ctx,
- OM_uint32 maj_stat, OM_uint32 min_stat,
- const gss_OID mech)
-{
- OM_uint32 disp_min_stat, disp_maj_stat;
- gss_buffer_desc maj_error_message;
- gss_buffer_desc min_error_message;
- char *maj_error_string, *min_error_string;
- OM_uint32 msg_ctx = 0;
-
- char *ret;
-
- maj_error_message.value = NULL;
- min_error_message.value = NULL;
- maj_error_message.length = 0;
- min_error_message.length = 0;
-
- disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat, GSS_C_GSS_CODE,
- mech, &msg_ctx, &maj_error_message);
- disp_maj_stat = gss_display_status(&disp_min_stat, min_stat, GSS_C_MECH_CODE,
- mech, &msg_ctx, &min_error_message);
-
- maj_error_string = talloc_strndup(mem_ctx, (char *)maj_error_message.value, maj_error_message.length);
-
- min_error_string = talloc_strndup(mem_ctx, (char *)min_error_message.value, min_error_message.length);
-
- ret = talloc_asprintf(mem_ctx, "%s: %s", maj_error_string, min_error_string);
-
- talloc_free(maj_error_string);
- talloc_free(min_error_string);
-
- gss_release_buffer(&disp_min_stat, &maj_error_message);
- gss_release_buffer(&disp_min_stat, &min_error_message);
-
- return ret;
-}
-
-
- char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx)
-{
- char *ret;
-
-#if defined(HAVE_KRB5_GET_ERROR_MESSAGE) && defined(HAVE_KRB5_FREE_ERROR_MESSAGE)
- const char *context_error = krb5_get_error_message(context, code);
- if (context_error) {
- ret = talloc_asprintf(mem_ctx, "%s: %s", error_message(code), context_error);
- krb5_free_error_message(context, context_error);
- return ret;
- }
-#endif
- ret = talloc_strdup(mem_ctx, error_message(code));
- return ret;
-}
-
-#endif
diff --git a/libcli/auth/krb5_wrap.h b/libcli/auth/krb5_wrap.h
deleted file mode 100644
index 4c0ef93e4c..0000000000
--- a/libcli/auth/krb5_wrap.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- simple kerberos5 routines for active directory
- Copyright (C) Andrew Tridgell 2001
- Copyright (C) Luke Howard 2002-2003
- Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
- Copyright (C) Guenther Deschner 2005-2009
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "system/kerberos.h"
-
-#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
-#define KRB5_KEY_TYPE(k) ((k)->keytype)
-#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
-#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
-#define KRB5_KEY_DATA_CAST void
-#else /* MIT */
-#define KRB5_KEY_TYPE(k) ((k)->enctype)
-#define KRB5_KEY_LENGTH(k) ((k)->length)
-#define KRB5_KEY_DATA(k) ((k)->contents)
-#define KRB5_KEY_DATA_CAST krb5_octet
-#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
-
-int create_kerberos_key_from_string_direct(krb5_context context,
- krb5_principal host_princ,
- krb5_data *password,
- krb5_keyblock *key,
- krb5_enctype enctype);
-void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
-krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
-
- krb5_error_code smb_krb5_parse_name(krb5_context context,
- const char *name, /* in unix charset */
- krb5_principal *principal);
-krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
- krb5_context context,
- krb5_const_principal principal,
- char **unix_name);
- krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
- const char *name,
- krb5_principal *principal);
- bool smb_krb5_principal_compare_any_realm(krb5_context context,
- krb5_const_principal princ1,
- krb5_const_principal princ2);
-char *gssapi_error_string(TALLOC_CTX *mem_ctx,
- OM_uint32 maj_stat, OM_uint32 min_stat,
- const gss_OID mech);
-char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx);
-
diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build
index b4b648efa1..893cfd9d95 100644..100755
--- a/libcli/auth/wscript_build
+++ b/libcli/auth/wscript_build
@@ -2,7 +2,7 @@
bld.SAMBA_LIBRARY('cliauth',
source='',
- deps='MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE KRB5_WRAP errors NTLM_CHECK UTIL_LSARPC',
+ deps='MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE krb5samba errors NTLM_CHECK UTIL_LSARPC',
private_library=True,
grouping_library=True)
@@ -37,7 +37,3 @@ bld.SAMBA_SUBSYSTEM('PAM_ERRORS',
bld.SAMBA_SUBSYSTEM('SPNEGO_PARSE',
source='spnego_parse.c',
deps='asn1util')
-
-bld.SAMBA_SUBSYSTEM('KRB5_WRAP',
- source='krb5_wrap.c',
- deps='gssapi_krb5 krb5 ndr-krb5pac com_err KRB5_PAC')