summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2009-02-05 16:39:28 +0100
committerJelmer Vernooij <jelmer@samba.org>2009-02-05 16:39:28 +0100
commit6d139ca4680abcbda5110f2f0886aa038ff62088 (patch)
tree7d61db40fb058bcbf08ccd8e0dadc365b819371b /source4/auth
parent4a9b3052caeb8bb144803b49dcfae82395172bc3 (diff)
parentafa960cbbcd609123d710c301e7a9a070c1fed70 (diff)
downloadsamba-6d139ca4680abcbda5110f2f0886aa038ff62088.tar.gz
samba-6d139ca4680abcbda5110f2f0886aa038ff62088.tar.bz2
samba-6d139ca4680abcbda5110f2f0886aa038ff62088.zip
Merge branch 'master' of ssh://git.samba.org/data/git/samba
Conflicts: librpc/ndr.pc.in
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/config.mk5
-rw-r--r--source4/auth/credentials/config.mk6
-rw-r--r--source4/auth/gensec/config.mk2
-rw-r--r--source4/auth/gensec/schannel_state.c65
-rw-r--r--source4/auth/gensec/socket.c20
-rw-r--r--source4/auth/kerberos/krb5_init_context.c20
-rw-r--r--source4/auth/ntlmssp/ntlmssp_server.c1
7 files changed, 86 insertions, 33 deletions
diff --git a/source4/auth/config.mk b/source4/auth/config.mk
index b238caa2e5..baf4346b4a 100644
--- a/source4/auth/config.mk
+++ b/source4/auth/config.mk
@@ -36,11 +36,10 @@ auth_sam_reply_OBJ_FILES = $(addprefix $(authsrcdir)/, auth_sam_reply.o)
$(eval $(call proto_header_template,$(authsrcdir)/auth_sam_reply.h,$(auth_sam_reply_OBJ_FILES:.o=.c)))
-[PYTHON::swig_auth]
+[PYTHON::pyauth]
LIBRARY_REALNAME = samba/auth.$(SHLIBEXT)
PUBLIC_DEPENDENCIES = auth_system_session
PRIVATE_DEPENDENCIES = SAMDB PYTALLOC param
-swig_auth_OBJ_FILES = $(authsrcdir)/pyauth.o
+pyauth_OBJ_FILES = $(authsrcdir)/pyauth.o
-$(swig_auth_OBJ_FILES): CFLAGS+=$(CFLAG_NO_CAST_QUAL)
diff --git a/source4/auth/credentials/config.mk b/source4/auth/credentials/config.mk
index e4d14dde58..2402c732b3 100644
--- a/source4/auth/credentials/config.mk
+++ b/source4/auth/credentials/config.mk
@@ -13,10 +13,8 @@ $(eval $(call proto_header_template,$(authsrcdir)/credentials/credentials_proto.
PUBLIC_HEADERS += $(authsrcdir)/credentials/credentials.h
-[PYTHON::swig_credentials]
+[PYTHON::pycredentials]
LIBRARY_REALNAME = samba/credentials.$(SHLIBEXT)
PUBLIC_DEPENDENCIES = CREDENTIALS LIBCMDLINE_CREDENTIALS PYTALLOC param
-swig_credentials_OBJ_FILES = $(authsrcdir)/credentials/pycredentials.o
-
-$(swig_credentials_OBJ_FILES): CFLAGS+=$(CFLAG_NO_CAST_QUAL)
+pycredentials_OBJ_FILES = $(authsrcdir)/credentials/pycredentials.o
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk
index 3c2fa51f78..3d13ce7f6d 100644
--- a/source4/auth/gensec/config.mk
+++ b/source4/auth/gensec/config.mk
@@ -78,7 +78,7 @@ $(eval $(call proto_header_template,$(gensecsrcdir)/schannel_proto.h,$(gensec_sc
################################################
# Start SUBSYSTEM SCHANNELDB
[SUBSYSTEM::SCHANNELDB]
-PRIVATE_DEPENDENCIES = LDB_WRAP SAMDB
+PRIVATE_DEPENDENCIES = LDB_WRAP
# End SUBSYSTEM SCHANNELDB
################################################
diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c
index d86b1f2b9c..ca8537cac9 100644
--- a/source4/auth/gensec/schannel_state.c
+++ b/source4/auth/gensec/schannel_state.c
@@ -20,10 +20,8 @@
*/
#include "includes.h"
-#include "lib/events/events.h"
#include "lib/ldb/include/ldb.h"
-#include "lib/ldb/include/ldb_errors.h"
-#include "dsdb/samdb/samdb.h"
+#include "librpc/gen_ndr/ndr_security.h"
#include "ldb_wrap.h"
#include "../lib/util/util_ldb.h"
#include "libcli/auth/libcli_auth.h"
@@ -31,6 +29,45 @@
#include "param/param.h"
#include "auth/gensec/schannel_state.h"
+static struct ldb_val *schannel_dom_sid_ldb_val(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *smbiconv,
+ struct dom_sid *sid)
+{
+ enum ndr_err_code ndr_err;
+ struct ldb_val *v;
+
+ v = talloc(mem_ctx, struct ldb_val);
+ if (!v) return NULL;
+
+ ndr_err = ndr_push_struct_blob(v, mem_ctx, smbiconv, sid,
+ (ndr_push_flags_fn_t)ndr_push_dom_sid);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(v);
+ return NULL;
+ }
+
+ return v;
+}
+
+static struct dom_sid *schannel_ldb_val_dom_sid(TALLOC_CTX *mem_ctx,
+ const struct ldb_val *v)
+{
+ enum ndr_err_code ndr_err;
+ struct dom_sid *sid;
+
+ sid = talloc(mem_ctx, struct dom_sid);
+ if (!sid) return NULL;
+
+ ndr_err = ndr_pull_struct_blob(v, sid, NULL, sid,
+ (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(sid);
+ return NULL;
+ }
+ return sid;
+}
+
+
/**
connect to the schannel ldb
*/
@@ -77,6 +114,8 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx,
{
struct ldb_message *msg;
struct ldb_val val, seed, client_state, server_state;
+ struct smb_iconv_convenience *smbiconv;
+ struct ldb_val *sid_val;
char *f;
char *sct;
int ret;
@@ -103,6 +142,12 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
+ smbiconv = lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm"));
+ sid_val = schannel_dom_sid_ldb_val(msg, smbiconv, creds->sid);
+ if (sid_val == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
val.data = creds->session_key;
val.length = sizeof(creds->session_key);
@@ -124,7 +169,7 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx,
ldb_msg_add_string(msg, "accountName", creds->account_name);
ldb_msg_add_string(msg, "computerName", creds->computer_name);
ldb_msg_add_string(msg, "flatname", creds->domain);
- samdb_msg_add_dom_sid(ldb, mem_ctx, msg, "objectSid", creds->sid);
+ ldb_msg_add_value(msg, "objectSid", sid_val, NULL);
ldb_delete(ldb, msg->dn);
@@ -265,7 +310,17 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- (*creds)->sid = samdb_result_dom_sid(*creds, res->msgs[0], "objectSid");
+ val = ldb_msg_find_ldb_val(res->msgs[0], "objectSid");
+ if (val == NULL) {
+ DEBUG(1,("schannel: missing ObjectSid for client: %s\n", computer_name));
+ talloc_free(res);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ (*creds)->sid = schannel_ldb_val_dom_sid(*creds, val);
+ if ((*creds)->sid == NULL) {
+ talloc_free(res);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
talloc_free(res);
return NT_STATUS_OK;
diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c
index a338797ecf..6a03f0bcec 100644
--- a/source4/auth/gensec/socket.c
+++ b/source4/auth/gensec/socket.c
@@ -158,9 +158,9 @@ NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
return packet_full_request_u32(NULL, blob, size);
}
-static NTSTATUS gensec_socket_full_request(void *private, DATA_BLOB blob, size_t *size)
+static NTSTATUS gensec_socket_full_request(void *private_data, DATA_BLOB blob, size_t *size)
{
- struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket);
+ struct gensec_socket *gensec_socket = talloc_get_type(private_data, struct gensec_socket);
struct gensec_security *gensec_security = gensec_socket->gensec_security;
return gensec_packet_full_request(gensec_security, blob, size);
}
@@ -187,9 +187,9 @@ static NTSTATUS gensec_socket_pending(struct socket_context *sock, size_t *npend
}
/* Note if an error occours, so we can return it up the stack */
-static void gensec_socket_error_handler(void *private, NTSTATUS status)
+static void gensec_socket_error_handler(void *private_data, NTSTATUS status)
{
- struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket);
+ struct gensec_socket *gensec_socket = talloc_get_type(private_data, struct gensec_socket);
if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
gensec_socket->eof = true;
} else {
@@ -199,9 +199,9 @@ static void gensec_socket_error_handler(void *private, NTSTATUS status)
static void gensec_socket_trigger_read(struct tevent_context *ev,
struct tevent_timer *te,
- struct timeval t, void *private)
+ struct timeval t, void *private_data)
{
- struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket);
+ struct gensec_socket *gensec_socket = talloc_get_type(private_data, struct gensec_socket);
gensec_socket->in_extra_read++;
gensec_socket->recv_handler(gensec_socket->recv_private, EVENT_FD_READ);
@@ -287,9 +287,9 @@ static NTSTATUS gensec_socket_recv(struct socket_context *sock, void *buf,
*
* This function (and anything under it) MUST NOT call the event system
*/
-static NTSTATUS gensec_socket_unwrap(void *private, DATA_BLOB blob)
+static NTSTATUS gensec_socket_unwrap(void *private_data, DATA_BLOB blob)
{
- struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket);
+ struct gensec_socket *gensec_socket = talloc_get_type(private_data, struct gensec_socket);
DATA_BLOB unwrapped;
NTSTATUS nt_status;
TALLOC_CTX *mem_ctx;
@@ -329,9 +329,9 @@ static NTSTATUS gensec_socket_unwrap(void *private, DATA_BLOB blob)
}
/* when the data is sent, we know we have not been interrupted */
-static void send_callback(void *private)
+static void send_callback(void *private_data)
{
- struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket);
+ struct gensec_socket *gensec_socket = talloc_get_type(private_data, struct gensec_socket);
gensec_socket->interrupted = false;
}
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 6e885842f3..04f0718a62 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -65,11 +65,11 @@ static krb5_error_code smb_krb5_context_destroy_2(struct smb_krb5_context *ctx)
}
/* We never close down the DEBUG system, and no need to unreference the use */
-static void smb_krb5_debug_close(void *private) {
+static void smb_krb5_debug_close(void *private_data) {
return;
}
-static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private)
+static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private_data)
{
DEBUG(2, ("Kerberos: %s\n", msg));
}
@@ -117,9 +117,9 @@ static void smb_krb5_socket_recv(struct smb_krb5_socket *smb_krb5)
talloc_free(tmp_ctx);
}
-static NTSTATUS smb_krb5_full_packet(void *private, DATA_BLOB data)
+static NTSTATUS smb_krb5_full_packet(void *private_data, DATA_BLOB data)
{
- struct smb_krb5_socket *smb_krb5 = talloc_get_type(private, struct smb_krb5_socket);
+ struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket);
talloc_steal(smb_krb5, data.data);
smb_krb5->reply = data;
smb_krb5->reply.length -= 4;
@@ -132,16 +132,16 @@ static NTSTATUS smb_krb5_full_packet(void *private, DATA_BLOB data)
*/
static void smb_krb5_request_timeout(struct tevent_context *event_ctx,
struct tevent_timer *te, struct timeval t,
- void *private)
+ void *private_data)
{
- struct smb_krb5_socket *smb_krb5 = talloc_get_type(private, struct smb_krb5_socket);
+ struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket);
DEBUG(5,("Timed out smb_krb5 packet\n"));
smb_krb5->status = NT_STATUS_IO_TIMEOUT;
}
-static void smb_krb5_error_handler(void *private, NTSTATUS status)
+static void smb_krb5_error_handler(void *private_data, NTSTATUS status)
{
- struct smb_krb5_socket *smb_krb5 = talloc_get_type(private, struct smb_krb5_socket);
+ struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket);
smb_krb5->status = status;
}
@@ -170,9 +170,9 @@ static void smb_krb5_socket_send(struct smb_krb5_socket *smb_krb5)
handle fd events on a smb_krb5_socket
*/
static void smb_krb5_socket_handler(struct tevent_context *ev, struct tevent_fd *fde,
- uint16_t flags, void *private)
+ uint16_t flags, void *private_data)
{
- struct smb_krb5_socket *smb_krb5 = talloc_get_type(private, struct smb_krb5_socket);
+ struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket);
switch (smb_krb5->hi->proto) {
case KRB5_KRBHST_UDP:
if (flags & TEVENT_FD_READ) {
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 37cc5f318f..30bf159df1 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -22,6 +22,7 @@
*/
#include "includes.h"
+#include "system/network.h"
#include "auth/ntlmssp/ntlmssp.h"
#include "auth/ntlmssp/msrpc_parse.h"
#include "../lib/crypto/crypto.h"