summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2008-02-21 14:16:02 +0100
committerJelmer Vernooij <jelmer@samba.org>2008-02-21 14:16:02 +0100
commit37deca2d41d74faa7abe060a21340263bd6d66f7 (patch)
tree6518c1de676c2ceb9358128fc6a7ff8900186499 /source4/auth
parentee6f838d3a5aaa54b105249391aae89803901a2e (diff)
downloadsamba-37deca2d41d74faa7abe060a21340263bd6d66f7.tar.gz
samba-37deca2d41d74faa7abe060a21340263bd6d66f7.tar.bz2
samba-37deca2d41d74faa7abe060a21340263bd6d66f7.zip
Avoid use of global_loadparm.
(This used to be commit c5a95bbe0ce55c29e135a9c6058bf192ec3bb546)
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c2
-rw-r--r--source4/auth/gensec/gensec_krb5.c4
-rw-r--r--source4/auth/kerberos/kerberos.h4
-rw-r--r--source4/auth/kerberos/kerberos_pac.c11
4 files changed, 16 insertions, 5 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 8361b115d7..d8cdb90197 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -1298,7 +1298,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
}
/* decode and verify the pac */
- nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info, pac_blob,
+ nt_status = kerberos_pac_logon_info(mem_ctx, lp_iconv_convenience(gensec_security->lp_ctx), &logon_info, pac_blob,
gensec_gssapi_state->smb_krb5_context->krb5_context,
NULL, keyblock, principal, authtime, NULL);
krb5_free_principal(gensec_gssapi_state->smb_krb5_context->krb5_context, principal);
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index d9addcaa3c..88432c7f89 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -617,7 +617,9 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
}
/* decode and verify the pac */
- nt_status = kerberos_pac_logon_info(gensec_krb5_state, &logon_info, pac,
+ nt_status = kerberos_pac_logon_info(gensec_krb5_state,
+ lp_iconv_convenience(gensec_security->lp_ctx),
+ &logon_info, pac,
gensec_krb5_state->smb_krb5_context->krb5_context,
NULL, gensec_krb5_state->keyblock,
client_principal,
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index bafd58a048..8585aa321b 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -111,6 +111,7 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
struct smb_krb5_context *smb_krb5_context,
krb5_principal *princ);
NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA **pac_data_out,
DATA_BLOB blob,
krb5_context context,
@@ -120,6 +121,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
time_t tgs_authtime,
krb5_error_code *k5ret);
NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct PAC_LOGON_INFO **logon_info,
DATA_BLOB blob,
krb5_context context,
@@ -129,12 +131,14 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
time_t tgs_authtime,
krb5_error_code *k5ret);
krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA *pac_data,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
const krb5_keyblock *service_keyblock,
DATA_BLOB *pac);
krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct auth_serversupplied_info *server_info,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index c46e06bc72..e485f75302 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -66,6 +66,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA **pac_data_out,
DATA_BLOB blob,
krb5_context context,
@@ -86,7 +87,6 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
struct PAC_LOGON_NAME *logon_name = NULL;
struct PAC_DATA *pac_data;
struct PAC_DATA_RAW *pac_data_raw;
- struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(global_loadparm);
DATA_BLOB *srv_sig_blob = NULL;
DATA_BLOB *kdc_sig_blob = NULL;
@@ -340,6 +340,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
_PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct PAC_LOGON_INFO **logon_info,
DATA_BLOB blob,
krb5_context context,
@@ -352,7 +353,9 @@ _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
NTSTATUS nt_status;
struct PAC_DATA *pac_data;
int i;
- nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
+ nt_status = kerberos_decode_pac(mem_ctx,
+ iconv_convenience,
+ &pac_data,
blob,
context,
krbtgt_keyblock,
@@ -423,6 +426,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
}
krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA *pac_data,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
@@ -437,7 +441,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
struct PAC_SIGNATURE_DATA *kdc_checksum = NULL;
struct PAC_SIGNATURE_DATA *srv_checksum = NULL;
int i;
- struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(global_loadparm);
/* First, just get the keytypes filled in (and lengths right, eventually) */
for (i=0; i < pac_data->num_buffers; i++) {
@@ -528,6 +531,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct auth_serversupplied_info *server_info,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
@@ -640,6 +644,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
unix_to_nt_time(&LOGON_NAME->logon_time, tgs_authtime);
ret = kerberos_encode_pac(mem_ctx,
+ iconv_convenience,
pac_data,
context,
krbtgt_keyblock,