summaryrefslogtreecommitdiff
path: root/source4/auth/kerberos
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2012-04-20 13:14:30 -0400
committerSimo Sorce <idra@samba.org>2012-04-23 16:40:05 -0400
commit110dad8c9eb95e6729e589b52ef204d369803bdb (patch)
tree89703746eb0c7f86efbd70c92d18acd6b7b3b5d9 /source4/auth/kerberos
parent090f9072da6974b506901547c0091e3e1b8a11cc (diff)
downloadsamba-110dad8c9eb95e6729e589b52ef204d369803bdb.tar.gz
samba-110dad8c9eb95e6729e589b52ef204d369803bdb.tar.bz2
samba-110dad8c9eb95e6729e589b52ef204d369803bdb.zip
Make krb5 context initialization not heimdal specific
Turn the logging data to an opaque pointer. Ifdef code and use MIT logging function when built against system MIT.
Diffstat (limited to 'source4/auth/kerberos')
-rw-r--r--source4/auth/kerberos/krb5_init_context.c72
-rw-r--r--source4/auth/kerberos/krb5_init_context.h4
2 files changed, 54 insertions, 22 deletions
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index fbcaad29d9..e3c0876f1a 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -30,7 +30,7 @@
#include "param/param.h"
#include "libcli/resolve/resolve.h"
#include "../lib/tsocket/tsocket.h"
-
+#include "krb5_init_context.h"
/*
context structure for operations on cldap packets
*/
@@ -52,9 +52,17 @@ struct smb_krb5_socket {
static krb5_error_code smb_krb5_context_destroy(struct smb_krb5_context *ctx)
{
- /* Otherwise krb5_free_context will try and close what we have already free()ed */
- krb5_set_warn_dest(ctx->krb5_context, NULL);
- krb5_closelog(ctx->krb5_context, ctx->logf);
+#ifdef SAMBA4_USES_HEIMDAL
+ if (ctx->pvt_log_data) {
+ /* Otherwise krb5_free_context will try and close what we
+ * have already free()ed */
+ krb5_set_warn_dest(ctx->krb5_context, NULL);
+ krb5_closelog(ctx->krb5_context,
+ (krb5_log_facility *)ctx->pvt_log_data);
+ }
+#else
+ krb5_set_trace_callback(ctx->krb5_context, NULL, NULL);
+#endif
krb5_free_context(ctx->krb5_context);
return 0;
}
@@ -64,10 +72,19 @@ static void smb_krb5_debug_close(void *private_data) {
return;
}
+#ifdef SAMBA4_USES_HEIMDAL
static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private_data)
{
DEBUG(3, ("Kerberos: %s\n", msg));
}
+#else
+static void smb_krb5_debug_wrapper(krb5_context context,
+ const struct krb5_trace_info *info,
+ void *cb_data)
+{
+ DEBUG(3, ("Kerberos: %s\n", info->message));
+}
+#endif
/*
handle recv events on a smb_krb5 socket
@@ -461,6 +478,10 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
{
krb5_error_code ret;
TALLOC_CTX *tmp_ctx;
+ krb5_context kctx;
+#ifdef SAMBA4_USES_HEIMDAL
+ krb5_log_facility *logf;
+#endif
initialize_krb5_error_table();
@@ -472,37 +493,39 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
return ENOMEM;
}
- ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx,
- &(*smb_krb5_context)->krb5_context);
+ ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx, &kctx);
if (ret) {
DEBUG(1,("smb_krb5_context_init_basic failed (%s)\n",
error_message(ret)));
talloc_free(tmp_ctx);
return ret;
}
+ (*smb_krb5_context)->krb5_context = kctx;
+ talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy);
+
+#ifdef SAMBA4_USES_HEIMDAL
/* TODO: Should we have a different name here? */
- ret = krb5_initlog((*smb_krb5_context)->krb5_context, "Samba", &(*smb_krb5_context)->logf);
+ ret = krb5_initlog(kctx, "Samba", &logf);
if (ret) {
DEBUG(1,("krb5_initlog failed (%s)\n",
- smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
- krb5_free_context((*smb_krb5_context)->krb5_context);
+ smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
talloc_free(tmp_ctx);
return ret;
}
+ (*smb_krb5_context)->pvt_log_data = logf;
- talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy);
-
- ret = krb5_addlog_func((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf, 0 /* min */, -1 /* max */,
- smb_krb5_debug_wrapper, smb_krb5_debug_close, NULL);
+ ret = krb5_addlog_func(kctx, logf, 0 /* min */, -1 /* max */,
+ smb_krb5_debug_wrapper,
+ smb_krb5_debug_close, NULL);
if (ret) {
DEBUG(1,("krb5_addlog_func failed (%s)\n",
- smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
+ smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
talloc_free(tmp_ctx);
return ret;
}
- krb5_set_warn_dest((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf);
+ krb5_set_warn_dest(kctx, logf);
/* Set use of our socket lib */
if (ev) {
@@ -515,13 +538,22 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
}
}
- talloc_steal(parent_ctx, *smb_krb5_context);
- talloc_free(tmp_ctx);
-
/* Set options in kerberos */
- krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context,
- lpcfg_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
+ krb5_set_dns_canonicalize_hostname(kctx,
+ lpcfg_parm_bool(lp_ctx, NULL, "krb5",
+ "set_dns_canonicalize", false));
+#else
+ ret = krb5_set_trace_callback(kctx, smb_krb5_debug_wrapper, NULL);
+ if (ret && ret != KRB5_TRACE_NOSUPP) {
+ DEBUG(1, ("krb5_set_trace_callback failed (%s)\n"
+ smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+#endif
+ talloc_steal(parent_ctx, *smb_krb5_context);
+ talloc_free(tmp_ctx);
return 0;
}
diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h
index 835438cc5b..24ae374cd7 100644
--- a/source4/auth/kerberos/krb5_init_context.h
+++ b/source4/auth/kerberos/krb5_init_context.h
@@ -22,10 +22,10 @@
struct smb_krb5_context {
krb5_context krb5_context;
- krb5_log_facility *logf;
+ void *pvt_log_data;
struct tevent_context *current_ev;
};
-
+
struct tevent_context;
struct loadparm_context;