summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2008-04-25 10:04:20 +0100
committerJelmer Vernooij <jelmer@samba.org>2008-04-25 10:04:20 +0100
commitcc9c4aaa8d02c4c31c9e9a4bb53e5941683fcc31 (patch)
treed0b116699dee35372ed335834989e1c885e8f94a /source4/auth
parentd1432d617e6ed04c33ca214d7f3b0099bdf53065 (diff)
parent240d959005f5fd80a38b3734b39dd5d6e425a566 (diff)
downloadsamba-cc9c4aaa8d02c4c31c9e9a4bb53e5941683fcc31.tar.gz
samba-cc9c4aaa8d02c4c31c9e9a4bb53e5941683fcc31.tar.bz2
samba-cc9c4aaa8d02c4c31c9e9a4bb53e5941683fcc31.zip
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3
Conflicts: source/Makefile source/auth/config.mk source/auth/gensec/config.mk source/build/m4/public.m4 source/build/make/python.mk source/build/make/rules.mk source/build/smb_build/header.pm source/build/smb_build/main.pl source/build/smb_build/makefile.pm source/dsdb/config.mk source/dsdb/samdb/ldb_modules/config.mk source/kdc/config.mk source/lib/events/config.mk source/lib/events/events.c source/lib/ldb/config.mk source/lib/nss_wrapper/config.mk source/lib/policy/config.mk source/lib/util/config.mk source/libcli/smb2/config.mk source/libnet/config.mk source/librpc/config.mk source/nbt_server/config.mk source/ntptr/ntptr_base.c source/ntvfs/posix/config.mk source/ntvfs/sysdep/config.mk source/param/config.mk source/rpc_server/config.mk source/rpc_server/service_rpc.c source/scripting/ejs/config.mk source/scripting/python/config.mk source/smb_server/config.mk source/smbd/server.c source/torture/config.mk source/torture/smb2/config.mk source/wrepl_server/config.mk (This used to be commit 13bbd420681519894a4036729c43273912c9b402)
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/auth_sam.c2
-rw-r--r--source4/auth/auth_simple.c2
-rw-r--r--source4/auth/config.mk4
-rw-r--r--source4/auth/credentials/credentials.c22
-rw-r--r--source4/auth/credentials/credentials.h16
-rw-r--r--source4/auth/credentials/credentials.i2
-rw-r--r--source4/auth/credentials/credentials.py1
-rw-r--r--source4/auth/credentials/credentials_files.c16
-rw-r--r--source4/auth/credentials/credentials_krb5.c35
-rw-r--r--source4/auth/credentials/credentials_krb5.h1
-rw-r--r--source4/auth/credentials/credentials_wrap.c102
-rw-r--r--source4/auth/gensec/gensec.c22
-rw-r--r--source4/auth/gensec/gensec_gssapi.c14
-rw-r--r--source4/auth/gensec/gensec_krb5.c16
-rw-r--r--source4/auth/gensec/schannel.c5
-rw-r--r--source4/auth/gensec/schannel_state.c11
-rw-r--r--source4/auth/ntlmssp/ntlmssp_server.c2
-rw-r--r--source4/auth/sam.c3
-rw-r--r--source4/auth/session.c8
-rw-r--r--source4/auth/session.h3
20 files changed, 173 insertions, 114 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 4b467cee75..731e489ba0 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -289,7 +289,7 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx
return NT_STATUS_NO_MEMORY;
}
- sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx, ctx->auth_ctx->lp_ctx));
+ sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx, ctx->auth_ctx->lp_ctx));
if (sam_ctx == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
diff --git a/source4/auth/auth_simple.c b/source4/auth/auth_simple.c
index 50be02a353..e7039c3657 100644
--- a/source4/auth/auth_simple.c
+++ b/source4/auth/auth_simple.c
@@ -90,7 +90,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
}
if (session_info) {
- nt_status = auth_generate_session_info(tmp_ctx, lp_ctx, server_info, session_info);
+ nt_status = auth_generate_session_info(tmp_ctx, ev, lp_ctx, server_info, session_info);
if (NT_STATUS_IS_OK(nt_status)) {
talloc_steal(mem_ctx, *session_info);
diff --git a/source4/auth/config.mk b/source4/auth/config.mk
index 14f5da0eb7..dd55071186 100644
--- a/source4/auth/config.mk
+++ b/source4/auth/config.mk
@@ -87,13 +87,13 @@ PRIVATE_PROTO_HEADER = pam_errors.h
PAM_ERRORS_OBJ_FILES = $(addprefix auth/, pam_errors.o)
-[MODULE::service_auth]
+[MODULE::auth]
INIT_FUNCTION = server_service_auth_init
SUBSYSTEM = smbd
PRIVATE_PROTO_HEADER = auth_proto.h
PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS
-service_auth_OBJ_FILES = $(addprefix auth/, auth.o auth_util.o auth_simple.o)
+auth_OBJ_FILES = $(addprefix auth/, auth.o auth_util.o auth_simple.o)
# PUBLIC_HEADERS += auth/auth.h
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 89dddc9e05..bfed451689 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -65,7 +65,6 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
cred->tries = 3;
cred->callback_running = false;
- cred->ev = NULL;
cli_credentials_set_kerberos_state(cred, CRED_AUTO_USE_KERBEROS);
cli_credentials_set_gensec_features(cred, 0);
@@ -675,7 +674,7 @@ _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
}
if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
- cli_credentials_set_ccache(cred, lp_ctx, NULL, CRED_GUESS_FILE);
+ cli_credentials_set_ccache(cred, event_context_find(cred), lp_ctx, NULL, CRED_GUESS_FILE);
}
}
@@ -775,22 +774,3 @@ _PUBLIC_ bool cli_credentials_wrong_password(struct cli_credentials *cred)
return (cred->tries > 0);
}
-
-/*
- set the common event context for this set of credentials
- */
-_PUBLIC_ void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev)
-{
- cred->ev = ev;
-}
-
-/*
- set the common event context for this set of credentials
- */
-_PUBLIC_ struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred)
-{
- if (cred->ev == NULL) {
- cred->ev = event_context_find(cred);
- }
- return cred->ev;
-}
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index afcb300638..2514b5b1ce 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -26,6 +26,7 @@
#include "librpc/gen_ndr/misc.h"
struct ccache_container;
+struct event_context;
/* In order of priority */
enum credentials_obtained {
@@ -121,9 +122,6 @@ struct cli_credentials {
/* Whether any callback is currently running */
bool callback_running;
-
- /* an event context for anyone wanting to use the credentials */
- struct event_context *ev;
};
struct ldb_context;
@@ -152,12 +150,15 @@ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_
const char *cli_credentials_get_realm(struct cli_credentials *cred);
const char *cli_credentials_get_username(struct cli_credentials *cred);
int cli_credentials_get_krb5_context(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context);
int cli_credentials_get_ccache(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ccache_container **ccc);
int cli_credentials_get_keytab(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct keytab_container **_ktc);
const char *cli_credentials_get_domain(struct cli_credentials *cred);
@@ -168,15 +169,15 @@ void cli_credentials_set_conf(struct cli_credentials *cred,
struct loadparm_context *lp_ctx);
const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx);
int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc);
int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc);
-void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev);
void cli_credentials_set_kerberos_state(struct cli_credentials *creds,
enum credentials_use_kerberos use_kerberos);
-struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred);
bool cli_credentials_set_domain(struct cli_credentials *cred,
const char *val,
enum credentials_obtained obtained);
@@ -199,6 +200,7 @@ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
struct smb_krb5_context *smb_krb5_context);
NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *serviceprincipal);
NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
@@ -220,14 +222,17 @@ bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
const struct samr_Password *nt_hash,
enum credentials_obtained obtained);
int cli_credentials_set_keytab_name(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *keytab_name,
enum credentials_obtained obtained);
int cli_credentials_update_keytab(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx);
void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features);
uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds);
int cli_credentials_set_ccache(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *name,
enum credentials_obtained obtained);
@@ -239,6 +244,7 @@ void cli_credentials_invalidate_ccache(struct cli_credentials *cred,
void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal);
enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ldb_context *ldb,
const char *base,
diff --git a/source4/auth/credentials/credentials.i b/source4/auth/credentials/credentials.i
index 0a604cf002..152d2e673c 100644
--- a/source4/auth/credentials/credentials.i
+++ b/source4/auth/credentials/credentials.i
@@ -95,6 +95,8 @@ typedef struct cli_credentials {
bool set_workstation(const char *workstation,
enum credentials_obtained obtained=CRED_SPECIFIED);
+ NTSTATUS set_machine_account(struct loadparm_context *lp_ctx);
+
void guess(struct loadparm_context *lp_ctx);
bool is_anonymous(void);
diff --git a/source4/auth/credentials/credentials.py b/source4/auth/credentials/credentials.py
index 2b40fbeead..ba0000dcda 100644
--- a/source4/auth/credentials/credentials.py
+++ b/source4/auth/credentials/credentials.py
@@ -82,6 +82,7 @@ Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_d
Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials)
Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials)
Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials)
+Credentials.set_machine_account = new_instancemethod(_credentials.Credentials_set_machine_account,None,Credentials)
Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials)
Credentials.is_anonymous = new_instancemethod(_credentials.Credentials_is_anonymous,None,Credentials)
Credentials.get_nt_hash = new_instancemethod(_credentials.Credentials_get_nt_hash,None,Credentials)
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index 8bcbc65575..ab76ea2cde 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -30,6 +30,7 @@
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
#include "param/param.h"
+#include "lib/events/events.h"
/**
* Read a file descriptor, and parse it for a password (eg from a file or stdin)
@@ -169,6 +170,7 @@ _PUBLIC_ bool cli_credentials_parse_file(struct cli_credentials *cred, const cha
* @retval NTSTATUS error detailing any failure
*/
_PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ldb_context *ldb,
const char *base,
@@ -305,13 +307,13 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
* (chewing CPU time) from the password */
keytab = ldb_msg_find_attr_as_string(msgs[0], "krb5Keytab", NULL);
if (keytab) {
- cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, event_ctx, lp_ctx, keytab, CRED_SPECIFIED);
} else {
keytab = ldb_msg_find_attr_as_string(msgs[0], "privateKeytab", NULL);
if (keytab) {
keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, lp_ctx, keytab));
if (keytab) {
- cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, event_ctx, lp_ctx, keytab, CRED_SPECIFIED);
}
}
}
@@ -327,7 +329,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
* @retval NTSTATUS error detailing any failure
*/
_PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
- struct loadparm_context *lp_ctx)
+ struct loadparm_context *lp_ctx)
{
char *filter;
/* Bleh, nasty recursion issues: We are setting a machine
@@ -336,7 +338,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
cred->machine_account_pending = false;
filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,
cli_credentials_get_domain(cred));
- return cli_credentials_set_secrets(cred, lp_ctx, NULL,
+ return cli_credentials_set_secrets(cred, event_context_find(cred), lp_ctx, NULL,
SECRETS_PRIMARY_DOMAIN_DN,
filter);
}
@@ -348,6 +350,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
* @retval NTSTATUS error detailing any failure
*/
NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx)
{
char *filter;
@@ -358,7 +361,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH,
cli_credentials_get_realm(cred),
cli_credentials_get_domain(cred));
- return cli_credentials_set_secrets(cred, lp_ctx, NULL,
+ return cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL,
SECRETS_PRINCIPALS_DN,
filter);
}
@@ -370,6 +373,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
* @retval NTSTATUS error detailing any failure
*/
_PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *serviceprincipal)
{
@@ -382,7 +386,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *c
cli_credentials_get_realm(cred),
cli_credentials_get_domain(cred),
serviceprincipal);
- return cli_credentials_set_secrets(cred, lp_ctx, NULL,
+ return cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL,
SECRETS_PRINCIPALS_DN, filter);
}
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index cd9285b09d..3bc1764448 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -30,6 +30,7 @@
#include "param/param.h"
_PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context)
{
@@ -39,8 +40,7 @@ _PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
return 0;
}
- ret = smb_krb5_init_context(cred, cli_credentials_get_event_context(cred),
- lp_ctx, &cred->smb_krb5_context);
+ ret = smb_krb5_init_context(cred, event_ctx, lp_ctx, &cred->smb_krb5_context);
if (ret) {
cred->smb_krb5_context = NULL;
return ret;
@@ -128,6 +128,7 @@ static int free_dccache(struct ccache_container *ccc) {
}
_PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *name,
enum credentials_obtained obtained)
@@ -144,7 +145,7 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, lp_ctx,
+ ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
&ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
@@ -203,6 +204,7 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
static int cli_credentials_new_ccache(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ccache_container **_ccc)
{
@@ -221,7 +223,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, lp_ctx,
+ ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
&ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
@@ -253,6 +255,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
}
_PUBLIC_ int cli_credentials_get_ccache(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ccache_container **ccc)
{
@@ -271,7 +274,7 @@ _PUBLIC_ int cli_credentials_get_ccache(struct cli_credentials *cred,
return EINVAL;
}
- ret = cli_credentials_new_ccache(cred, lp_ctx, ccc);
+ ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, ccc);
if (ret) {
return ret;
}
@@ -348,6 +351,7 @@ static int free_gssapi_creds(struct gssapi_creds_container *gcc)
}
_PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc)
{
@@ -360,7 +364,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
*_gcc = cred->client_gss_creds;
return 0;
}
- ret = cli_credentials_get_ccache(cred, lp_ctx,
+ ret = cli_credentials_get_ccache(cred, event_ctx, lp_ctx,
&ccache);
if (ret) {
DEBUG(1, ("Failed to get CCACHE for GSSAPI client: %s\n", error_message(ret)));
@@ -402,6 +406,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
*/
int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
gss_cred_id_t gssapi_cred,
enum credentials_obtained obtained)
@@ -419,7 +424,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
return ENOMEM;
}
- ret = cli_credentials_new_ccache(cred, lp_ctx, &ccc);
+ ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, &ccc);
if (ret != 0) {
return ret;
}
@@ -456,6 +461,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
* it will be generated from the password.
*/
_PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct keytab_container **_ktc)
{
@@ -475,7 +481,7 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
return EINVAL;
}
- ret = cli_credentials_get_krb5_context(cred, lp_ctx,
+ ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
&smb_krb5_context);
if (ret) {
return ret;
@@ -510,6 +516,7 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
* FILE:/etc/krb5.keytab), open it and attach it */
_PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *keytab_name,
enum credentials_obtained obtained)
@@ -523,7 +530,7 @@ _PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
return 0;
}
- ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context);
if (ret) {
return ret;
}
@@ -549,6 +556,7 @@ _PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
}
_PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx)
{
krb5_error_code ret;
@@ -562,7 +570,7 @@ _PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred,
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context);
if (ret) {
talloc_free(mem_ctx);
return ret;
@@ -570,7 +578,7 @@ _PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred,
enctype_strings = cli_credentials_get_enctype_strings(cred);
- ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc);
+ ret = cli_credentials_get_keytab(cred, event_ctx, lp_ctx, &ktc);
if (ret != 0) {
talloc_free(mem_ctx);
return ret;
@@ -585,6 +593,7 @@ _PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred,
/* Get server gss credentials (in gsskrb5, this means the keytab) */
_PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc)
{
@@ -603,12 +612,12 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
return 0;
}
- ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context);
if (ret) {
return ret;
}
- ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc);
+ ret = cli_credentials_get_keytab(cred, event_ctx, lp_ctx, &ktc);
if (ret) {
DEBUG(1, ("Failed to get keytab for GSSAPI server: %s\n", error_message(ret)));
return ret;
diff --git a/source4/auth/credentials/credentials_krb5.h b/source4/auth/credentials/credentials_krb5.h
index aaa7d7f0da..f672b0ad9a 100644
--- a/source4/auth/credentials/credentials_krb5.h
+++ b/source4/auth/credentials/credentials_krb5.h
@@ -32,6 +32,7 @@ struct gssapi_creds_container {
/* Manually prototyped here to avoid needing gss headers in most callers */
int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
gss_cred_id_t gssapi_cred,
enum credentials_obtained obtained);
diff --git a/source4/auth/credentials/credentials_wrap.c b/source4/auth/credentials/credentials_wrap.c
index 909233aaff..6c99802b09 100644
--- a/source4/auth/credentials/credentials_wrap.c
+++ b/source4/auth/credentials/credentials_wrap.c
@@ -2456,24 +2456,25 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
/* -------- TYPES TABLE (BEGIN) -------- */
-#define SWIGTYPE_p_TALLOC_CTX swig_types[0]
-#define SWIGTYPE_p_char swig_types[1]
-#define SWIGTYPE_p_cli_credentials swig_types[2]
-#define SWIGTYPE_p_int swig_types[3]
-#define SWIGTYPE_p_loadparm_context swig_types[4]
-#define SWIGTYPE_p_loadparm_service swig_types[5]
-#define SWIGTYPE_p_long swig_types[6]
-#define SWIGTYPE_p_param_context swig_types[7]
-#define SWIGTYPE_p_param_opt swig_types[8]
-#define SWIGTYPE_p_param_section swig_types[9]
-#define SWIGTYPE_p_short swig_types[10]
-#define SWIGTYPE_p_signed_char swig_types[11]
-#define SWIGTYPE_p_unsigned_char swig_types[12]
-#define SWIGTYPE_p_unsigned_int swig_types[13]
-#define SWIGTYPE_p_unsigned_long swig_types[14]
-#define SWIGTYPE_p_unsigned_short swig_types[15]
-static swig_type_info *swig_types[17];
-static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
+#define SWIGTYPE_p_NTSTATUS swig_types[0]
+#define SWIGTYPE_p_TALLOC_CTX swig_types[1]
+#define SWIGTYPE_p_char swig_types[2]
+#define SWIGTYPE_p_cli_credentials swig_types[3]
+#define SWIGTYPE_p_int swig_types[4]
+#define SWIGTYPE_p_loadparm_context swig_types[5]
+#define SWIGTYPE_p_loadparm_service swig_types[6]
+#define SWIGTYPE_p_long_long swig_types[7]
+#define SWIGTYPE_p_param_context swig_types[8]
+#define SWIGTYPE_p_param_opt swig_types[9]
+#define SWIGTYPE_p_param_section swig_types[10]
+#define SWIGTYPE_p_short swig_types[11]
+#define SWIGTYPE_p_signed_char swig_types[12]
+#define SWIGTYPE_p_unsigned_char swig_types[13]
+#define SWIGTYPE_p_unsigned_int swig_types[14]
+#define SWIGTYPE_p_unsigned_long_long swig_types[15]
+#define SWIGTYPE_p_unsigned_short swig_types[16]
+static swig_type_info *swig_types[18];
+static swig_module_info swig_module = {swig_types, 17, 0, 0, 0, 0};
#define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name)
#define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name)
@@ -3409,6 +3410,46 @@ fail:
}
+SWIGINTERN PyObject *_wrap_Credentials_set_machine_account(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+ PyObject *resultobj = 0;
+ cli_credentials *arg1 = (cli_credentials *) 0 ;
+ struct loadparm_context *arg2 = (struct loadparm_context *) 0 ;
+ NTSTATUS result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ char * kwnames[] = {
+ (char *) "self",(char *) "lp_ctx", NULL
+ };
+
+ arg1 = NULL;
+ arg2 = loadparm_init(NULL);
+ if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_machine_account",kwnames,&obj0,&obj1)) SWIG_fail;
+ if (obj0) {
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_machine_account" "', argument " "1"" of type '" "cli_credentials *""'");
+ }
+ arg1 = (cli_credentials *)(argp1);
+ }
+ if (obj1) {
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_loadparm_context, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "Credentials_set_machine_account" "', argument " "2"" of type '" "struct loadparm_context *""'");
+ }
+ arg2 = (struct loadparm_context *)(argp2);
+ }
+ result = cli_credentials_set_machine_account(arg1,arg2);
+ resultobj = SWIG_NewPointerObj((NTSTATUS *)memcpy((NTSTATUS *)malloc(sizeof(NTSTATUS)),&result,sizeof(NTSTATUS)), SWIGTYPE_p_NTSTATUS, SWIG_POINTER_OWN | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_Credentials_guess(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
PyObject *resultobj = 0;
cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3646,6 +3687,7 @@ static PyMethodDef SwigMethods[] = {
{ (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"Credentials_set_machine_account", (PyCFunction) _wrap_Credentials_set_machine_account, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_is_anonymous", (PyCFunction) _wrap_Credentials_is_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_nt_hash", (PyCFunction) _wrap_Credentials_get_nt_hash, METH_VARARGS | METH_KEYWORDS, NULL},
@@ -3661,31 +3703,33 @@ static PyMethodDef SwigMethods[] = {
/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */
+static swig_type_info _swigt__p_NTSTATUS = {"_p_NTSTATUS", "NTSTATUS *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0};
static swig_type_info *swig_type_initial[] = {
+ &_swigt__p_NTSTATUS,
&_swigt__p_TALLOC_CTX,
&_swigt__p_char,
&_swigt__p_cli_credentials,
&_swigt__p_int,
&_swigt__p_loadparm_context,
&_swigt__p_loadparm_service,
- &_swigt__p_long,
+ &_swigt__p_long_long,
&_swigt__p_param_context,
&_swigt__p_param_opt,
&_swigt__p_param_section,
@@ -3693,17 +3737,18 @@ static swig_type_info *swig_type_initial[] = {
&_swigt__p_signed_char,
&_swigt__p_unsigned_char,
&_swigt__p_unsigned_int,
- &_swigt__p_unsigned_long,
+ &_swigt__p_unsigned_long_long,
&_swigt__p_unsigned_short,
};
+static swig_cast_info _swigc__p_NTSTATUS[] = { {&_swigt__p_NTSTATUS, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_TALLOC_CTX[] = { {&_swigt__p_TALLOC_CTX, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_cli_credentials[] = { {&_swigt__p_cli_credentials, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}};
@@ -3711,17 +3756,18 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0,
static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info *swig_cast_initial[] = {
+ _swigc__p_NTSTATUS,
_swigc__p_TALLOC_CTX,
_swigc__p_char,
_swigc__p_cli_credentials,
_swigc__p_int,
_swigc__p_loadparm_context,
_swigc__p_loadparm_service,
- _swigc__p_long,
+ _swigc__p_long_long,
_swigc__p_param_context,
_swigc__p_param_opt,
_swigc__p_param_section,
@@ -3729,7 +3775,7 @@ static swig_cast_info *swig_cast_initial[] = {
_swigc__p_signed_char,
_swigc__p_unsigned_char,
_swigc__p_unsigned_int,
- _swigc__p_unsigned_long,
+ _swigc__p_unsigned_long_long,
_swigc__p_unsigned_short,
};
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 3393ce0178..0edb34d740 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -481,6 +481,11 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
struct messaging_context *msg,
struct gensec_security **gensec_security)
{
+ if (ev == NULL) {
+ DEBUG(0, ("No event context available!\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
(*gensec_security) = talloc(mem_ctx, struct gensec_security);
NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
@@ -492,14 +497,6 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
(*gensec_security)->subcontext = false;
(*gensec_security)->want_features = 0;
-
- if (ev == NULL) {
- ev = event_context_init(*gensec_security);
- if (ev == NULL) {
- talloc_free(*gensec_security);
- return NT_STATUS_NO_MEMORY;
- }
- }
(*gensec_security)->event_ctx = ev;
(*gensec_security)->msg_ctx = msg;
@@ -547,20 +544,11 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx)
{
NTSTATUS status;
- struct event_context *new_ev = NULL;
-
- if (ev == NULL) {
- new_ev = event_context_init(mem_ctx);
- NT_STATUS_HAVE_NO_MEMORY(new_ev);
- ev = new_ev;
- }
status = gensec_start(mem_ctx, ev, lp_ctx, NULL, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
- talloc_free(new_ev);
return status;
}
- talloc_steal((*gensec_security), new_ev);
(*gensec_security)->gensec_role = GENSEC_CLIENT;
return status;
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index e7dcb4ea68..cc0d40469e 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -273,7 +273,9 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi
DEBUG(3, ("No machine account credentials specified\n"));
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
} else {
- ret = cli_credentials_get_server_gss_creds(machine_account, gensec_security->lp_ctx, &gcc);
+ ret = cli_credentials_get_server_gss_creds(machine_account,
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &gcc);
if (ret) {
DEBUG(1, ("Aquiring acceptor credentials failed: %s\n",
error_message(ret)));
@@ -359,7 +361,9 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
return NT_STATUS_INVALID_PARAMETER;
}
- ret = cli_credentials_get_client_gss_creds(creds, gensec_security->lp_ctx, &gcc);
+ ret = cli_credentials_get_client_gss_creds(creds,
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &gcc);
switch (ret) {
case 0:
break;
@@ -1323,7 +1327,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
} else if (!lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
- nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string,
+ nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string,
&server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -1338,7 +1342,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
}
/* references the server_info into the session_info */
- nt_status = auth_generate_session_info(mem_ctx, gensec_security->lp_ctx, server_info, &session_info);
+ nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
@@ -1361,12 +1365,12 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
return NT_STATUS_NO_MEMORY;
}
- cli_credentials_set_event_context(session_info->credentials, gensec_security->event_ctx);
cli_credentials_set_conf(session_info->credentials, gensec_security->lp_ctx);
/* Just so we don't segfault trying to get at a username */
cli_credentials_set_anonymous(session_info->credentials);
ret = cli_credentials_set_client_gss_creds(session_info->credentials,
+ gensec_security->event_ctx,
gensec_security->lp_ctx,
gensec_gssapi_state->delegated_cred_handle,
CRED_SPECIFIED);
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index ae601b19c2..47df2ccfcc 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -118,7 +118,9 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy);
- if (cli_credentials_get_krb5_context(creds, gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
+ if (cli_credentials_get_krb5_context(creds,
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
talloc_free(gensec_krb5_state);
return NT_STATUS_INTERNAL_ERROR;
}
@@ -248,7 +250,9 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
principal = gensec_get_target_principal(gensec_security);
- ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &ccache_container);
+ ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security),
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &ccache_container);
switch (ret) {
case 0:
break;
@@ -446,7 +450,9 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
}
/* Grab the keytab, however generated */
- ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &keytab);
+ ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security),
+ gensec_security->event_ctx,
+ gensec_security->lp_ctx, &keytab);
if (ret) {
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
@@ -597,7 +603,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n",
smb_get_krb5_error_message(context,
ret, mem_ctx)));
- nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string,
+ nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string,
&server_info);
krb5_free_principal(context, client_principal);
free(principal_string);
@@ -645,7 +651,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
}
/* references the server_info into the session_info */
- nt_status = auth_generate_session_info(mem_ctx, gensec_security->lp_ctx, server_info, &session_info);
+ nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index b3117ee9b2..f21202b86f 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -125,7 +125,8 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
}
/* pull the session key for this client */
- status = schannel_fetch_session_key(out_mem_ctx, gensec_security->lp_ctx, workstation,
+ status = schannel_fetch_session_key(out_mem_ctx, gensec_security->event_ctx,
+ gensec_security->lp_ctx, workstation,
domain, &creds);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
@@ -189,7 +190,7 @@ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security,
struct auth_session_info **_session_info)
{
struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
- return auth_anonymous_session_info(state, gensec_security->lp_ctx, _session_info);
+ return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->lp_ctx, _session_info);
}
static NTSTATUS schannel_start(struct gensec_security *gensec_security)
diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c
index 0c7c509954..0f7c4ca11d 100644
--- a/source4/auth/gensec/schannel_state.c
+++ b/source4/auth/gensec/schannel_state.c
@@ -32,7 +32,8 @@
/**
connect to the schannel ldb
*/
-struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct event_context *ev_ctx,
+ struct loadparm_context *lp_ctx)
{
char *path;
struct ldb_context *ldb;
@@ -49,7 +50,7 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_con
existed = file_exist(path);
- ldb = ldb_wrap_connect(mem_ctx, lp_ctx, path,
+ ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, path,
system_session(mem_ctx, lp_ctx),
NULL, LDB_FLG_NOSYNC, NULL);
talloc_free(path);
@@ -137,6 +138,7 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx,
}
NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
+ struct event_context *ev_ctx,
struct loadparm_context *lp_ctx,
struct creds_CredentialState *creds)
{
@@ -144,7 +146,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
NTSTATUS nt_status;
int ret;
- ldb = schannel_db_connect(mem_ctx, lp_ctx);
+ ldb = schannel_db_connect(mem_ctx, ev_ctx, lp_ctx);
if (!ldb) {
return NT_STATUS_ACCESS_DENIED;
}
@@ -268,6 +270,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
}
NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
+ struct event_context *ev_ctx,
struct loadparm_context *lp_ctx,
const char *computer_name,
const char *domain,
@@ -276,7 +279,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
NTSTATUS nt_status;
struct ldb_context *ldb;
- ldb = schannel_db_connect(mem_ctx, lp_ctx);
+ ldb = schannel_db_connect(mem_ctx, ev_ctx, lp_ctx);
if (!ldb) {
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 12802b7e79..d8ef2a20b8 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -725,7 +725,7 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
NTSTATUS nt_status;
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
- nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->lp_ctx, gensec_ntlmssp_state->server_info, session_info);
+ nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->lp_ctx, gensec_ntlmssp_state->server_info, session_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
(*session_info)->session_key = data_blob_talloc(*session_info,
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index ed44754993..a2090afcdc 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -428,6 +428,7 @@ NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx,
/* Used in the gensec_gssapi and gensec_krb5 server-side code, where the PAC isn't available */
NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *principal,
struct auth_serversupplied_info **server_info)
@@ -445,7 +446,7 @@ NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- sam_ctx = samdb_connect(tmp_ctx, lp_ctx, system_session(tmp_ctx, lp_ctx));
+ sam_ctx = samdb_connect(tmp_ctx, event_ctx, lp_ctx, system_session(tmp_ctx, lp_ctx));
if (sam_ctx == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
diff --git a/source4/auth/session.c b/source4/auth/session.c
index 112eac95d8..8f5e8d6c56 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -31,11 +31,12 @@
#include "auth/session_proto.h"
_PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx)
{
NTSTATUS nt_status;
struct auth_session_info *session_info = NULL;
- nt_status = auth_anonymous_session_info(mem_ctx, lp_ctx, &session_info);
+ nt_status = auth_anonymous_session_info(mem_ctx, event_ctx, lp_ctx, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
return NULL;
}
@@ -43,6 +44,7 @@ _PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
}
_PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct auth_session_info **_session_info)
{
@@ -60,7 +62,7 @@ _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
}
/* references the server_info into the session_info */
- nt_status = auth_generate_session_info(parent_ctx, lp_ctx, server_info, &session_info);
+ nt_status = auth_generate_session_info(parent_ctx, event_ctx, lp_ctx, server_info, &session_info);
talloc_free(mem_ctx);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -151,6 +153,7 @@ _PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
}
_PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct auth_serversupplied_info *server_info,
struct auth_session_info **_session_info)
@@ -168,6 +171,7 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
session_info->session_key = server_info->user_session_key;
nt_status = security_token_create(session_info,
+ event_ctx,
lp_ctx,
server_info->account_sid,
server_info->primary_group_sid,
diff --git a/source4/auth/session.h b/source4/auth/session.h
index 87fc47791a..9b5fba7f39 100644
--- a/source4/auth/session.h
+++ b/source4/auth/session.h
@@ -36,6 +36,7 @@ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
const char *netbios_name,
struct auth_serversupplied_info **_server_info) ;
NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx,
struct auth_serversupplied_info *server_info,
struct auth_session_info **_session_info) ;
@@ -46,10 +47,12 @@ NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
union netr_Validation *validation,
struct auth_serversupplied_info **_server_info);
NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
+ struct event_context *ev_ctx,
struct loadparm_context *lp_ctx,
struct auth_session_info **_session_info);
struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
+ struct event_context *event_ctx,
struct loadparm_context *lp_ctx);