Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-wsgi

Conflicts: source/scripting/python/samba/provision.py (This used to be commit d27de633656f8a699222df77c4c58326890889a2)
author: Jelmer Vernooij <jelmer@samba.org> 2008-05-23 16:24:07 +0200
committer: Jelmer Vernooij <jelmer@samba.org> 2008-05-23 16:24:07 +0200
commit: cceac63aaab26a72e2f3fd150dd1e4e83a0e5279 (patch)
tree: 6203cca724fc5f17f068e3fd4d0b403fdff3f8f9 /source4/auth/gensec
parent: 7c7880695b02df4cbe0faab959846c63d0cc0536 (diff)
parent: 72fce654072b2d7317ff21c95558bd365701d5dd (diff)
download: samba-cceac63aaab26a72e2f3fd150dd1e4e83a0e5279.tar.gz
samba-cceac63aaab26a72e2f3fd150dd1e4e83a0e5279.tar.bz2
samba-cceac63aaab26a72e2f3fd150dd1e4e83a0e5279.zip
6 files changed, 67 insertions, 53 deletions
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk
index 14864f7e4c..f08ff2638a 100644
--- a/source4/auth/gensec/config.mk
+++ b/source4/auth/gensec/config.mk
@@ -1,80 +1,87 @@
 #################################
 # Start SUBSYSTEM gensec
 [LIBRARY::gensec]
-PC_FILE = gensec.pc
-VERSION = 0.0.1
-SO_VERSION = 0
-PRIVATE_PROTO_HEADER = gensec_proto.h
-OBJ_FILES = gensec.o socket.o
 PUBLIC_DEPENDENCIES = \
 		CREDENTIALS LIBSAMBA-UTIL LIBCRYPTO ASN1_UTIL samba-socket LIBPACKET
 # End SUBSYSTEM gensec
 #################################
 
-PUBLIC_HEADERS += auth/gensec/gensec.h
+PC_FILES += $(gensecsrcdir)/gensec.pc
+
+gensec_VERSION = 0.0.1
+gensec_SOVERSION = 0
+gensec_OBJ_FILES = $(addprefix $(gensecsrcdir)/, gensec.o socket.o)
+
+PUBLIC_HEADERS += $(gensecsrcdir)/gensec.h
+
+$(eval $(call proto_header_template,$(gensecsrcdir)/gensec_proto.h,$(gensec_OBJ_FILES:.o=.c)))
 
 ################################################
 # Start MODULE gensec_krb5
 [MODULE::gensec_krb5]
 SUBSYSTEM = gensec
 INIT_FUNCTION = gensec_krb5_init
-OBJ_FILES = gensec_krb5.o 
-PRIVATE_DEPENDENCIES = CREDENTIALS KERBEROS auth auth_sam
+PRIVATE_DEPENDENCIES = CREDENTIALS KERBEROS auth_session auth_sam
 # End MODULE gensec_krb5
 ################################################
 
+gensec_krb5_OBJ_FILES = $(addprefix $(gensecsrcdir)/, gensec_krb5.o)
+
 ################################################
 # Start MODULE gensec_gssapi
 [MODULE::gensec_gssapi]
 SUBSYSTEM = gensec
 INIT_FUNCTION = gensec_gssapi_init
-OBJ_FILES = gensec_gssapi.o 
 PRIVATE_DEPENDENCIES = HEIMDAL_GSSAPI CREDENTIALS KERBEROS 
 # End MODULE gensec_gssapi
 ################################################
 
+gensec_gssapi_OBJ_FILES = $(addprefix $(gensecsrcdir)/, gensec_gssapi.o)
+
 ################################################
 # Start MODULE cyrus_sasl
 [MODULE::cyrus_sasl]
 SUBSYSTEM = gensec
 INIT_FUNCTION = gensec_sasl_init
-OBJ_FILES = cyrus_sasl.o 
 PRIVATE_DEPENDENCIES = CREDENTIALS SASL 
 # End MODULE cyrus_sasl
 ################################################
 
+cyrus_sasl_OBJ_FILES = $(addprefix $(gensecsrcdir)/, cyrus_sasl.o)
+
 ################################################
 # Start MODULE gensec_spnego
 [MODULE::gensec_spnego]
 SUBSYSTEM = gensec
 INIT_FUNCTION = gensec_spnego_init
-PRIVATE_PROTO_HEADER = spnego_proto.h
 PRIVATE_DEPENDENCIES = ASN1_UTIL CREDENTIALS
-OBJ_FILES = spnego.o spnego_parse.o
 # End MODULE gensec_spnego
 ################################################
 
+gensec_spnego_OBJ_FILES = $(addprefix $(gensecsrcdir)/, spnego.o spnego_parse.o)
+
+$(eval $(call proto_header_template,$(gensecsrcdir)/spnego_proto.h,$(gensec_spnego_OBJ_FILES:.o=.c)))
+
 ################################################
 # Start MODULE gensec_schannel
 [MODULE::gensec_schannel]
 SUBSYSTEM = gensec
-PRIVATE_PROTO_HEADER = schannel_proto.h
 INIT_FUNCTION = gensec_schannel_init
-OBJ_FILES = schannel.o \
-			schannel_sign.o
 PRIVATE_DEPENDENCIES = SCHANNELDB NDR_SCHANNEL CREDENTIALS LIBNDR
 OUTPUT_TYPE = MERGED_OBJ
 # End MODULE gensec_schannel
 ################################################
 
+gensec_schannel_OBJ_FILES = $(addprefix $(gensecsrcdir)/, schannel.o schannel_sign.o)
+$(eval $(call proto_header_template,$(gensecsrcdir)/schannel_proto.h,$(gensec_schannel_OBJ_FILES:.o=.c)))
+
 ################################################
 # Start SUBSYSTEM SCHANNELDB
 [SUBSYSTEM::SCHANNELDB]
-PRIVATE_PROTO_HEADER = schannel_state.h
-OBJ_FILES = \
-		schannel_state.o
 PRIVATE_DEPENDENCIES = LDB_WRAP SAMDB
-#
 # End SUBSYSTEM SCHANNELDB
 ################################################
 
+SCHANNELDB_OBJ_FILES = $(addprefix $(gensecsrcdir)/, schannel_state.o)
+$(eval $(call proto_header_template,$(gensecsrcdir)/schannel_state.h,$(SCHANNELDB_OBJ_FILES:.o=.c)))
+
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 59c19b96ab..0edb34d740 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -23,7 +23,6 @@
 #include "includes.h"
 #include "auth/auth.h"
 #include "lib/events/events.h"
-#include "build.h"
 #include "librpc/rpc/dcerpc.h"
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
@@ -482,6 +481,11 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
 			     struct messaging_context *msg,
 			     struct gensec_security **gensec_security)
 {
+	if (ev == NULL) {
+		DEBUG(0, ("No event context available!\n"));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
 	(*gensec_security) = talloc(mem_ctx, struct gensec_security);
 	NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
 
@@ -493,14 +497,6 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
 
 	(*gensec_security)->subcontext = false;
 	(*gensec_security)->want_features = 0;
-	
-	if (ev == NULL) {
-		ev = event_context_init(*gensec_security);
-		if (ev == NULL) {
-			talloc_free(*gensec_security);
-			return NT_STATUS_NO_MEMORY;
-		}
-	}
 
 	(*gensec_security)->event_ctx = ev;
 	(*gensec_security)->msg_ctx = msg;
@@ -548,20 +544,11 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
 			     struct loadparm_context *lp_ctx)
 {
 	NTSTATUS status;
-	struct event_context *new_ev = NULL;
-
-	if (ev == NULL) {
-		new_ev = event_context_init(mem_ctx);
-		NT_STATUS_HAVE_NO_MEMORY(new_ev);
-		ev = new_ev;
-	}
 
 	status = gensec_start(mem_ctx, ev, lp_ctx, NULL, gensec_security);
 	if (!NT_STATUS_IS_OK(status)) {
-		talloc_free(new_ev);
 		return status;
 	}
-	talloc_steal((*gensec_security), new_ev);
 	(*gensec_security)->gensec_role = GENSEC_CLIENT;
 
 	return status;
@@ -1268,6 +1255,12 @@ static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_
 _PUBLIC_ NTSTATUS gensec_init(struct loadparm_context *lp_ctx)
 {
 	static bool initialized = false;
+	extern NTSTATUS gensec_sasl_init(void);
+	extern NTSTATUS gensec_krb5_init(void);
+	extern NTSTATUS gensec_schannel_init(void);
+	extern NTSTATUS gensec_spnego_init(void);
+	extern NTSTATUS gensec_gssapi_init(void);
+	extern NTSTATUS gensec_ntlmssp_init(void);
 
 	init_module_fn static_init[] = { STATIC_gensec_MODULES };
 	init_module_fn *shared_init;
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index e7dcb4ea68..cc0d40469e 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -273,7 +273,9 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi
 		DEBUG(3, ("No machine account credentials specified\n"));
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 	} else {
-		ret = cli_credentials_get_server_gss_creds(machine_account, gensec_security->lp_ctx, &gcc);
+		ret = cli_credentials_get_server_gss_creds(machine_account, 
+							   gensec_security->event_ctx, 
+							   gensec_security->lp_ctx, &gcc);
 		if (ret) {
 			DEBUG(1, ("Aquiring acceptor credentials failed: %s\n", 
 				  error_message(ret)));
@@ -359,7 +361,9 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	ret = cli_credentials_get_client_gss_creds(creds, gensec_security->lp_ctx, &gcc);
+	ret = cli_credentials_get_client_gss_creds(creds, 
+						   gensec_security->event_ctx, 
+						   gensec_security->lp_ctx, &gcc);
 	switch (ret) {
 	case 0:
 		break;
@@ -1323,7 +1327,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
 	} else if (!lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) {
 		DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n",
 			  gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
-		nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string,
+		nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string,
 							  &server_info);
 
 		if (!NT_STATUS_IS_OK(nt_status)) {
@@ -1338,7 +1342,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
 	}
 
 	/* references the server_info into the session_info */
-	nt_status = auth_generate_session_info(mem_ctx, gensec_security->lp_ctx, server_info, &session_info);
+	nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		talloc_free(mem_ctx);
 		return nt_status;
@@ -1361,12 +1365,12 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		cli_credentials_set_event_context(session_info->credentials, gensec_security->event_ctx);
 		cli_credentials_set_conf(session_info->credentials, gensec_security->lp_ctx);
 		/* Just so we don't segfault trying to get at a username */
 		cli_credentials_set_anonymous(session_info->credentials);
 		
 		ret = cli_credentials_set_client_gss_creds(session_info->credentials, 
+							   gensec_security->event_ctx,
 							   gensec_security->lp_ctx, 
 							   gensec_gssapi_state->delegated_cred_handle,
 							   CRED_SPECIFIED);
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index ae601b19c2..47df2ccfcc 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -118,7 +118,9 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
 
 	talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy); 
 
-	if (cli_credentials_get_krb5_context(creds, gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
+	if (cli_credentials_get_krb5_context(creds, 
+					     gensec_security->event_ctx, 
+					     gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
 		talloc_free(gensec_krb5_state);
 		return NT_STATUS_INTERNAL_ERROR;
 	}
@@ -248,7 +250,9 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
 
 	principal = gensec_get_target_principal(gensec_security);
 
-	ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &ccache_container);
+	ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), 
+				         gensec_security->event_ctx, 
+					 gensec_security->lp_ctx, &ccache_container);
 	switch (ret) {
 	case 0:
 		break;
@@ -446,7 +450,9 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
 		}	
 
 		/* Grab the keytab, however generated */
-		ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &keytab);
+		ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), 
+					         gensec_security->event_ctx, 
+						 gensec_security->lp_ctx, &keytab);
 		if (ret) {
 			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 		}
@@ -597,7 +603,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 		DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n", 
 			  smb_get_krb5_error_message(context, 
 						     ret, mem_ctx)));
-		nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string,
+		nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string,
 							  &server_info);
 		krb5_free_principal(context, client_principal);
 		free(principal_string);
@@ -645,7 +651,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 	}
 
 	/* references the server_info into the session_info */
-	nt_status = auth_generate_session_info(mem_ctx, gensec_security->lp_ctx, server_info, &session_info);
+	nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info);
 
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		talloc_free(mem_ctx);
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index b3117ee9b2..f21202b86f 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -125,7 +125,8 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
 		}
 		
 		/* pull the session key for this client */
-		status = schannel_fetch_session_key(out_mem_ctx, gensec_security->lp_ctx, workstation, 
+		status = schannel_fetch_session_key(out_mem_ctx, gensec_security->event_ctx, 
+						    gensec_security->lp_ctx, workstation, 
 						    domain, &creds);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
@@ -189,7 +190,7 @@ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security,
 					 struct auth_session_info **_session_info) 
 {
 	struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
-	return auth_anonymous_session_info(state, gensec_security->lp_ctx, _session_info);
+	return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->lp_ctx, _session_info);
 }
 
 static NTSTATUS schannel_start(struct gensec_security *gensec_security)
diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c
index 0c7c509954..0f7c4ca11d 100644
--- a/source4/auth/gensec/schannel_state.c
+++ b/source4/auth/gensec/schannel_state.c
@@ -32,7 +32,8 @@
 /**
   connect to the schannel ldb
 */
-struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct event_context *ev_ctx,
+					struct loadparm_context *lp_ctx)
 {
 	char *path;
 	struct ldb_context *ldb;
@@ -49,7 +50,7 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_con
 
 	existed = file_exist(path);
 	
-	ldb = ldb_wrap_connect(mem_ctx, lp_ctx, path, 
+	ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, path, 
 			       system_session(mem_ctx, lp_ctx), 
 			       NULL, LDB_FLG_NOSYNC, NULL);
 	talloc_free(path);
@@ -137,6 +138,7 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx,
 }
 
 NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
+				    struct event_context *ev_ctx,
 				    struct loadparm_context *lp_ctx,
 				    struct creds_CredentialState *creds)
 {
@@ -144,7 +146,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
 	NTSTATUS nt_status;
 	int ret;
 		
-	ldb = schannel_db_connect(mem_ctx, lp_ctx);
+	ldb = schannel_db_connect(mem_ctx, ev_ctx, lp_ctx);
 	if (!ldb) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
@@ -268,6 +270,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
 }
 
 NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
+				    struct event_context *ev_ctx,
 				    struct loadparm_context *lp_ctx,
 					const char *computer_name, 
 					const char *domain, 
@@ -276,7 +279,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
 	NTSTATUS nt_status;
 	struct ldb_context *ldb;
 
-	ldb = schannel_db_connect(mem_ctx, lp_ctx);
+	ldb = schannel_db_connect(mem_ctx, ev_ctx, lp_ctx);
 	if (!ldb) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
author	Jelmer Vernooij <jelmer@samba.org>	2008-05-23 16:24:07 +0200
committer	Jelmer Vernooij <jelmer@samba.org>	2008-05-23 16:24:07 +0200
commit	cceac63aaab26a72e2f3fd150dd1e4e83a0e5279 (patch)
tree	6203cca724fc5f17f068e3fd4d0b403fdff3f8f9 /source4/auth/gensec
parent	7c7880695b02df4cbe0faab959846c63d0cc0536 (diff)
parent	72fce654072b2d7317ff21c95558bd365701d5dd (diff)
download	samba-cceac63aaab26a72e2f3fd150dd1e4e83a0e5279.tar.gz samba-cceac63aaab26a72e2f3fd150dd1e4e83a0e5279.tar.bz2 samba-cceac63aaab26a72e2f3fd150dd1e4e83a0e5279.zip