Merge branch 'master' of ssh://git.samba.org/data/git/samba into arc4

author: Jelmer Vernooij <jelmer@samba.org> 2008-10-11 14:44:10 +0200
committer: Jelmer Vernooij <jelmer@samba.org> 2008-10-11 14:44:10 +0200
commit: 6a78e56277799672b7ac187c57e546836e136f79 (patch)
tree: 87f0336cb1908d01690b74c56a44f4713559b5bc /source4/auth
parent: ddbddbd80c80b872cdd36a01f9a3a6bc2eca1b1f (diff)
parent: f0a27064869871806343648de3b5a0667118872f (diff)
download: samba-6a78e56277799672b7ac187c57e546836e136f79.tar.gz
samba-6a78e56277799672b7ac187c57e546836e136f79.tar.bz2
samba-6a78e56277799672b7ac187c57e546836e136f79.zip
9 files changed, 39 insertions, 17 deletions
diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c
index 06a7b8a382..6f82de82fc 100644
--- a/source4/auth/gensec/cyrus_sasl.c
+++ b/source4/auth/gensec/cyrus_sasl.c
@@ -110,7 +110,7 @@ static int gensec_sasl_get_password(sasl_conn_t *conn, void *context, int id,
 static int gensec_sasl_dispose(struct gensec_sasl_state *gensec_sasl_state)
 {
 	sasl_dispose(&gensec_sasl_state->conn);
-	return 0;
+	return SASL_OK;
 }
 
 static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security)
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 0edb34d740..5d57383d2a 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -490,6 +490,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
 	NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
 
 	(*gensec_security)->ops = NULL;
+	(*gensec_security)->private_data = NULL;
 
 	ZERO_STRUCT((*gensec_security)->target);
 	ZERO_STRUCT((*gensec_security)->peer_addr);
@@ -525,6 +526,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
 	(*gensec_security)->private_data = NULL;
 
 	(*gensec_security)->subcontext = true;
+	(*gensec_security)->want_features = parent->want_features;
 	(*gensec_security)->event_ctx = parent->event_ctx;
 	(*gensec_security)->msg_ctx = parent->msg_ctx;
 	(*gensec_security)->lp_ctx = parent->lp_ctx;
@@ -1015,7 +1017,11 @@ _PUBLIC_ NTSTATUS gensec_update_recv(struct gensec_update_request *req, TALLOC_C
 _PUBLIC_ void gensec_want_feature(struct gensec_security *gensec_security,
 			 uint32_t feature) 
 {
-	gensec_security->want_features |= feature;
+	if (!gensec_security->ops || !gensec_security->ops->want_feature) {
+		gensec_security->want_features |= feature;
+		return;
+	}
+	gensec_security->ops->want_feature(gensec_security, feature);
 }
 
 /** 
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 84fc26d127..0b31882ddd 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -133,6 +133,8 @@ struct gensec_security_ops {
 	NTSTATUS (*session_key)(struct gensec_security *gensec_security, DATA_BLOB *session_key);
 	NTSTATUS (*session_info)(struct gensec_security *gensec_security, 
 				 struct auth_session_info **session_info); 
+	void (*want_feature)(struct gensec_security *gensec_security,
+				    uint32_t feature);
 	bool (*have_feature)(struct gensec_security *gensec_security,
 				    uint32_t feature); 
 	bool enabled;
diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c
index 0388b3caf6..64c21d0c3e 100644
--- a/source4/auth/gensec/schannel_state.c
+++ b/source4/auth/gensec/schannel_state.c
@@ -44,7 +44,7 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct event_contex
 		"computerName: CASE_INSENSITIVE\n" \
 		"flatname: CASE_INSENSITIVE\n";
 
-	path = smbd_tmp_path(mem_ctx, lp_ctx, "schannel.ldb");
+	path = private_path(mem_ctx, lp_ctx, "schannel.ldb");
 	if (!path) {
 		return NULL;
 	}
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index 1855e0583d..bf991616bd 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -1094,6 +1094,20 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 	return NT_STATUS_INVALID_PARAMETER;
 }
 
+static void gensec_spnego_want_feature(struct gensec_security *gensec_security,
+				       uint32_t feature)
+{
+	struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
+
+	if (!spnego_state || !spnego_state->sub_sec_security) {
+		gensec_security->want_features |= feature;
+		return;
+	}
+
+	gensec_want_feature(spnego_state->sub_sec_security,
+			    feature);
+}
+
 static bool gensec_spnego_have_feature(struct gensec_security *gensec_security,
 				       uint32_t feature) 
 {
@@ -1133,6 +1147,7 @@ static const struct gensec_security_ops gensec_spnego_security_ops = {
 	.unwrap_packets   = gensec_spnego_unwrap_packets,
 	.session_key	  = gensec_spnego_session_key,
 	.session_info     = gensec_spnego_session_info,
+	.want_feature     = gensec_spnego_want_feature,
 	.have_feature     = gensec_spnego_have_feature,
 	.enabled          = true,
 	.priority         = GENSEC_SPNEGO
diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c
index 2579ab20cc..d54664fe66 100644
--- a/source4/auth/kerberos/kerberos.c
+++ b/source4/auth/kerberos/kerberos.c
@@ -33,7 +33,7 @@
   This version is built to use a keyblock, rather than needing the
   original password.
 */
- int kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, 
+ krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, 
 				krb5_principal principal, krb5_keyblock *keyblock,
 				time_t *expire_time, time_t *kdc_time)
 {
@@ -77,7 +77,7 @@
   simulate a kinit, putting the tgt in the given credentials cache. 
   Orignally by remus@snapserver.com
 */
- int kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, 
+ krb5_error_code kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, 
 				krb5_principal principal, const char *password, 
 				time_t *expire_time, time_t *kdc_time)
 {
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index 9002715065..0567565d33 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -32,7 +32,7 @@ struct principal_container {
 	krb5_principal principal;
 };
 
-static int free_principal(struct principal_container *pc)
+static krb5_error_code free_principal(struct principal_container *pc)
 {
 	/* current heimdal - 0.6.3, which we need anyway, fixes segfaults here */
 	krb5_free_principal(pc->smb_krb5_context->krb5_context, pc->principal);
@@ -241,19 +241,17 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx,
 	return 0;
 }
 
-static int free_keytab(struct keytab_container *ktc)
+static krb5_error_code free_keytab(struct keytab_container *ktc)
 {
-	krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab);
-
-	return 0;
+	return krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab);
 }
 
-int smb_krb5_open_keytab(TALLOC_CTX *mem_ctx,
+krb5_error_code smb_krb5_open_keytab(TALLOC_CTX *mem_ctx,
 			 struct smb_krb5_context *smb_krb5_context, 
 			 const char *keytab_name, struct keytab_container **ktc) 
 {
 	krb5_keytab keytab;
-	int ret;
+	krb5_error_code ret;
 	ret = krb5_kt_resolve(smb_krb5_context->krb5_context, keytab_name, &keytab);
 	if (ret) {
 		DEBUG(1,("failed to open krb5 keytab: %s\n", 
@@ -339,7 +337,7 @@ static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx,
 	return 0;
 }
 
-static int create_keytab(TALLOC_CTX *parent_ctx,
+static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx,
 			 struct cli_credentials *machine_account,
 			 struct smb_krb5_context *smb_krb5_context,
 			 const char **enctype_strings,
@@ -603,7 +601,7 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx,
 	return ret;
 }
 
-int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
+krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
 			   struct cli_credentials *machine_account,
 			   struct smb_krb5_context *smb_krb5_context,
 			   const char **enctype_strings,
@@ -635,7 +633,7 @@ int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
 	return ret;
 }
 
-int smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx,
+krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx,
 					   struct cli_credentials *machine_account,
 					   struct smb_krb5_context *smb_krb5_context,
 					   const char **enctype_strings,
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 82e42a4560..90b542c4c4 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -49,13 +49,13 @@ struct smb_krb5_socket {
 	krb5_krbhst_info *hi;
 };
 
-static int smb_krb5_context_destroy_1(struct smb_krb5_context *ctx)
+static krb5_error_code smb_krb5_context_destroy_1(struct smb_krb5_context *ctx)
 {
 	krb5_free_context(ctx->krb5_context); 
 	return 0;
 }
 
-static int smb_krb5_context_destroy_2(struct smb_krb5_context *ctx)
+static krb5_error_code smb_krb5_context_destroy_2(struct smb_krb5_context *ctx)
 {
 	/* Otherwise krb5_free_context will try and close what we have already free()ed */
 	krb5_set_warn_dest(ctx->krb5_context, NULL);
diff --git a/source4/auth/ntlm/auth_server.c b/source4/auth/ntlm/auth_server.c
index bb8773e75e..539ae6aa80 100644
--- a/source4/auth/ntlm/auth_server.c
+++ b/source4/auth/ntlm/auth_server.c
@@ -80,6 +80,7 @@ static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX
 	io.in.workgroup = ""; /* only used with SPNEGO, disabled above */
 
 	io.in.options = smb_options;
+	lp_smbcli_session_options(ctx->auth_ctx->lp_ctx, &io.in.session_options);
 
 	status = smb_composite_connect(&io, mem_ctx, lp_resolve_context(ctx->auth_ctx->lp_ctx),
 				       ctx->auth_ctx->event_ctx);
author	Jelmer Vernooij <jelmer@samba.org>	2008-10-11 14:44:10 +0200
committer	Jelmer Vernooij <jelmer@samba.org>	2008-10-11 14:44:10 +0200
commit	6a78e56277799672b7ac187c57e546836e136f79 (patch)
tree	87f0336cb1908d01690b74c56a44f4713559b5bc /source4/auth
parent	ddbddbd80c80b872cdd36a01f9a3a6bc2eca1b1f (diff)
parent	f0a27064869871806343648de3b5a0667118872f (diff)
download	samba-6a78e56277799672b7ac187c57e546836e136f79.tar.gz samba-6a78e56277799672b7ac187c57e546836e136f79.tar.bz2 samba-6a78e56277799672b7ac187c57e546836e136f79.zip