diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2008-04-25 10:04:20 +0100 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2008-04-25 10:04:20 +0100 |
| commit | cc9c4aaa8d02c4c31c9e9a4bb53e5941683fcc31 (patch) | |
| tree | d0b116699dee35372ed335834989e1c885e8f94a /source4/auth/gensec | |
| parent | d1432d617e6ed04c33ca214d7f3b0099bdf53065 (diff) | |
| parent | 240d959005f5fd80a38b3734b39dd5d6e425a566 (diff) | |
| download | samba-cc9c4aaa8d02c4c31c9e9a4bb53e5941683fcc31.tar.gz samba-cc9c4aaa8d02c4c31c9e9a4bb53e5941683fcc31.tar.bz2 samba-cc9c4aaa8d02c4c31c9e9a4bb53e5941683fcc31.zip | |
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3
Conflicts:
source/Makefile
source/auth/config.mk
source/auth/gensec/config.mk
source/build/m4/public.m4
source/build/make/python.mk
source/build/make/rules.mk
source/build/smb_build/header.pm
source/build/smb_build/main.pl
source/build/smb_build/makefile.pm
source/dsdb/config.mk
source/dsdb/samdb/ldb_modules/config.mk
source/kdc/config.mk
source/lib/events/config.mk
source/lib/events/events.c
source/lib/ldb/config.mk
source/lib/nss_wrapper/config.mk
source/lib/policy/config.mk
source/lib/util/config.mk
source/libcli/smb2/config.mk
source/libnet/config.mk
source/librpc/config.mk
source/nbt_server/config.mk
source/ntptr/ntptr_base.c
source/ntvfs/posix/config.mk
source/ntvfs/sysdep/config.mk
source/param/config.mk
source/rpc_server/config.mk
source/rpc_server/service_rpc.c
source/scripting/ejs/config.mk
source/scripting/python/config.mk
source/smb_server/config.mk
source/smbd/server.c
source/torture/config.mk
source/torture/smb2/config.mk
source/wrepl_server/config.mk
(This used to be commit 13bbd420681519894a4036729c43273912c9b402)
Diffstat (limited to 'source4/auth/gensec')
| -rw-r--r-- | source4/auth/gensec/gensec.c | 22 | ||||
| -rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 14 | ||||
| -rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 16 | ||||
| -rw-r--r-- | source4/auth/gensec/schannel.c | 5 | ||||
| -rw-r--r-- | source4/auth/gensec/schannel_state.c | 11 |
5 files changed, 35 insertions, 33 deletions
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 3393ce0178..0edb34d740 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -481,6 +481,11 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, struct messaging_context *msg, struct gensec_security **gensec_security) { + if (ev == NULL) { + DEBUG(0, ("No event context available!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + (*gensec_security) = talloc(mem_ctx, struct gensec_security); NT_STATUS_HAVE_NO_MEMORY(*gensec_security); @@ -492,14 +497,6 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, (*gensec_security)->subcontext = false; (*gensec_security)->want_features = 0; - - if (ev == NULL) { - ev = event_context_init(*gensec_security); - if (ev == NULL) { - talloc_free(*gensec_security); - return NT_STATUS_NO_MEMORY; - } - } (*gensec_security)->event_ctx = ev; (*gensec_security)->msg_ctx = msg; @@ -547,20 +544,11 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) { NTSTATUS status; - struct event_context *new_ev = NULL; - - if (ev == NULL) { - new_ev = event_context_init(mem_ctx); - NT_STATUS_HAVE_NO_MEMORY(new_ev); - ev = new_ev; - } status = gensec_start(mem_ctx, ev, lp_ctx, NULL, gensec_security); if (!NT_STATUS_IS_OK(status)) { - talloc_free(new_ev); return status; } - talloc_steal((*gensec_security), new_ev); (*gensec_security)->gensec_role = GENSEC_CLIENT; return status; diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index e7dcb4ea68..cc0d40469e 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -273,7 +273,9 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi DEBUG(3, ("No machine account credentials specified\n")); return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } else { - ret = cli_credentials_get_server_gss_creds(machine_account, gensec_security->lp_ctx, &gcc); + ret = cli_credentials_get_server_gss_creds(machine_account, + gensec_security->event_ctx, + gensec_security->lp_ctx, &gcc); if (ret) { DEBUG(1, ("Aquiring acceptor credentials failed: %s\n", error_message(ret))); @@ -359,7 +361,9 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi return NT_STATUS_INVALID_PARAMETER; } - ret = cli_credentials_get_client_gss_creds(creds, gensec_security->lp_ctx, &gcc); + ret = cli_credentials_get_client_gss_creds(creds, + gensec_security->event_ctx, + gensec_security->lp_ctx, &gcc); switch (ret) { case 0: break; @@ -1323,7 +1327,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } else if (!lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) { DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n", gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid))); - nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string, + nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { @@ -1338,7 +1342,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } /* references the server_info into the session_info */ - nt_status = auth_generate_session_info(mem_ctx, gensec_security->lp_ctx, server_info, &session_info); + nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); return nt_status; @@ -1361,12 +1365,12 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi return NT_STATUS_NO_MEMORY; } - cli_credentials_set_event_context(session_info->credentials, gensec_security->event_ctx); cli_credentials_set_conf(session_info->credentials, gensec_security->lp_ctx); /* Just so we don't segfault trying to get at a username */ cli_credentials_set_anonymous(session_info->credentials); ret = cli_credentials_set_client_gss_creds(session_info->credentials, + gensec_security->event_ctx, gensec_security->lp_ctx, gensec_gssapi_state->delegated_cred_handle, CRED_SPECIFIED); diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index ae601b19c2..47df2ccfcc 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -118,7 +118,9 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy); - if (cli_credentials_get_krb5_context(creds, gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) { + if (cli_credentials_get_krb5_context(creds, + gensec_security->event_ctx, + gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) { talloc_free(gensec_krb5_state); return NT_STATUS_INTERNAL_ERROR; } @@ -248,7 +250,9 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security principal = gensec_get_target_principal(gensec_security); - ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &ccache_container); + ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), + gensec_security->event_ctx, + gensec_security->lp_ctx, &ccache_container); switch (ret) { case 0: break; @@ -446,7 +450,9 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, } /* Grab the keytab, however generated */ - ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &keytab); + ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), + gensec_security->event_ctx, + gensec_security->lp_ctx, &keytab); if (ret) { return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } @@ -597,7 +603,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); - nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string, + nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string, &server_info); krb5_free_principal(context, client_principal); free(principal_string); @@ -645,7 +651,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security } /* references the server_info into the session_info */ - nt_status = auth_generate_session_info(mem_ctx, gensec_security->lp_ctx, server_info, &session_info); + nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index b3117ee9b2..f21202b86f 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -125,7 +125,8 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ } /* pull the session key for this client */ - status = schannel_fetch_session_key(out_mem_ctx, gensec_security->lp_ctx, workstation, + status = schannel_fetch_session_key(out_mem_ctx, gensec_security->event_ctx, + gensec_security->lp_ctx, workstation, domain, &creds); if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n", @@ -189,7 +190,7 @@ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security, struct auth_session_info **_session_info) { struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); - return auth_anonymous_session_info(state, gensec_security->lp_ctx, _session_info); + return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->lp_ctx, _session_info); } static NTSTATUS schannel_start(struct gensec_security *gensec_security) diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 0c7c509954..0f7c4ca11d 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -32,7 +32,8 @@ /** connect to the schannel ldb */ -struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct event_context *ev_ctx, + struct loadparm_context *lp_ctx) { char *path; struct ldb_context *ldb; @@ -49,7 +50,7 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_con existed = file_exist(path); - ldb = ldb_wrap_connect(mem_ctx, lp_ctx, path, + ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, path, system_session(mem_ctx, lp_ctx), NULL, LDB_FLG_NOSYNC, NULL); talloc_free(path); @@ -137,6 +138,7 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx, } NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, + struct event_context *ev_ctx, struct loadparm_context *lp_ctx, struct creds_CredentialState *creds) { @@ -144,7 +146,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; int ret; - ldb = schannel_db_connect(mem_ctx, lp_ctx); + ldb = schannel_db_connect(mem_ctx, ev_ctx, lp_ctx); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } @@ -268,6 +270,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, } NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, + struct event_context *ev_ctx, struct loadparm_context *lp_ctx, const char *computer_name, const char *domain, @@ -276,7 +279,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; struct ldb_context *ldb; - ldb = schannel_db_connect(mem_ctx, lp_ctx); + ldb = schannel_db_connect(mem_ctx, ev_ctx, lp_ctx); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } |