summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2007-12-02 20:56:26 +0100
committerStefan Metzmacher <metze@samba.org>2007-12-21 05:47:11 +0100
commit120ecdb5cb7dbd7c650f3e9fbcefb925f695e0f2 (patch)
treeb7fa447f3959f84417d58a0b60ca8bb0c8de17b1 /source4
parentda0640518f67545df6a1da30c916fbc452d38a39 (diff)
downloadsamba-120ecdb5cb7dbd7c650f3e9fbcefb925f695e0f2.tar.gz
samba-120ecdb5cb7dbd7c650f3e9fbcefb925f695e0f2.tar.bz2
samba-120ecdb5cb7dbd7c650f3e9fbcefb925f695e0f2.zip
r26233: Pass loadparm context when creating krb5 contexts.
(This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4)
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/auth.c2
-rw-r--r--source4/auth/auth_util.c3
-rw-r--r--source4/auth/credentials/credentials_krb5.c16
-rw-r--r--source4/auth/gensec/gensec_gssapi.c1
-rw-r--r--source4/auth/kerberos/kerberos.h1
-rw-r--r--source4/auth/kerberos/krb5_init_context.c11
-rw-r--r--source4/auth/kerberos/krb5_init_context.h2
-rw-r--r--source4/dsdb/samdb/cracknames.c1
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c2
-rw-r--r--source4/kdc/kdc.c2
-rw-r--r--source4/torture/auth/pac.c2
11 files changed, 28 insertions, 15 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c
index b915a43e39..8e788ccca5 100644
--- a/source4/auth/auth.c
+++ b/source4/auth/auth.c
@@ -244,7 +244,7 @@ void auth_check_password_send(struct auth_context *auth_ctx,
req->callback.private_data = private_data;
if (!user_info->mapped_state) {
- nt_status = map_user_info(req, user_info, &user_info_tmp);
+ nt_status = map_user_info(req, lp_workgroup(auth_ctx->lp_ctx), user_info, &user_info_tmp);
if (!NT_STATUS_IS_OK(nt_status)) goto failed;
user_info = user_info_tmp;
req->user_info = user_info_tmp;
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index c3ecfece39..baecb15f1e 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -43,6 +43,7 @@ NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TAL
****************************************************************************/
NTSTATUS map_user_info(TALLOC_CTX *mem_ctx,
+ const char *default_domain,
const struct auth_usersupplied_info *user_info,
struct auth_usersupplied_info **user_info_mapped)
{
@@ -73,7 +74,7 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx,
d++;
domain = d;
} else {
- domain = lp_workgroup(global_loadparm);
+ domain = default_domain;
}
*user_info_mapped = talloc(mem_ctx, struct auth_usersupplied_info);
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index edc10d77c9..7bfad689ef 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -26,8 +26,10 @@
#include "auth/kerberos/kerberos.h"
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
+#include "param/param.h"
int cli_credentials_get_krb5_context(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context)
{
int ret;
@@ -37,7 +39,7 @@ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
}
ret = smb_krb5_init_context(cred, cli_credentials_get_event_context(cred),
- &cred->smb_krb5_context);
+ lp_ctx, &cred->smb_krb5_context);
if (ret) {
return ret;
}
@@ -139,7 +141,7 @@ int cli_credentials_set_ccache(struct cli_credentials *cred,
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, &ccc->smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, global_loadparm, &ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
return ret;
@@ -213,7 +215,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred, struct ccach
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, &ccc->smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, global_loadparm, &ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
return ret;
@@ -461,7 +463,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
return EINVAL;
}
- ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
if (ret) {
return ret;
}
@@ -507,7 +509,7 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
return 0;
}
- ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
if (ret) {
return ret;
}
@@ -545,7 +547,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred)
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
if (ret) {
talloc_free(mem_ctx);
return ret;
@@ -585,7 +587,7 @@ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
return 0;
}
- ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
if (ret) {
return ret;
}
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 98d8a40672..fabdfb4308 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -239,6 +239,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
ret = smb_krb5_init_context(gensec_gssapi_state,
gensec_security->event_ctx,
+ global_loadparm,
&gensec_gssapi_state->smb_krb5_context);
if (ret) {
DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n",
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index a3005b5019..f8fb6a4157 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -151,6 +151,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
krb5_principal client_principal,
time_t tgs_authtime,
DATA_BLOB *pac);
+struct loadparm_context;
#include "auth/kerberos/proto.h"
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 68e60dcdc5..9bcf8910d5 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -366,6 +366,7 @@ krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
krb5_error_code smb_krb5_init_context(void *parent_ctx,
struct event_context *ev,
+ struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context)
{
krb5_error_code ret;
@@ -393,7 +394,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy_1);
- config_file = config_path(tmp_ctx, global_loadparm, "krb5.conf");
+ config_file = config_path(tmp_ctx, lp_ctx, "krb5.conf");
if (!config_file) {
talloc_free(tmp_ctx);
return ENOMEM;
@@ -418,10 +419,10 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
return ret;
}
- if (lp_realm(global_loadparm) && *lp_realm(global_loadparm)) {
- char *upper_realm = strupper_talloc(tmp_ctx, lp_realm(global_loadparm));
+ if (lp_realm(lp_ctx) && *lp_realm(lp_ctx)) {
+ char *upper_realm = strupper_talloc(tmp_ctx, lp_realm(lp_ctx));
if (!upper_realm) {
- DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(global_loadparm)));
+ DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(lp_ctx)));
talloc_free(tmp_ctx);
return ENOMEM;
}
@@ -473,7 +474,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
/* Set options in kerberos */
krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context,
- lp_parm_bool(global_loadparm, NULL, "krb5", "set_dns_canonicalize", false));
+ lp_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
return 0;
}
diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h
index 1bad80357a..44771f2aec 100644
--- a/source4/auth/kerberos/krb5_init_context.h
+++ b/source4/auth/kerberos/krb5_init_context.h
@@ -23,7 +23,9 @@ struct smb_krb5_context {
};
struct event_context;
+struct loadparm_context;
krb5_error_code smb_krb5_init_context(void *parent_ctx, struct event_context *ev,
+ struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context);
void smb_krb5_free_context(struct smb_krb5_context *smb_krb5_context);
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index c5f1bdaffb..b8581275f5 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -358,6 +358,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
struct smb_krb5_context *smb_krb5_context;
ret = smb_krb5_init_context(mem_ctx,
(struct event_context *)ldb_get_opaque(sam_ctx, "EventContext"),
+ (struct loadparm_context *)ldb_get_opaque(sam_ctx, "loadparm"),
&smb_krb5_context);
if (ret) {
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index eecec6a55b..529b1aa96f 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1432,6 +1432,7 @@ static int password_hash_add_do_add(struct ldb_handle *h) {
/* Some operations below require kerberos contexts */
if (smb_krb5_init_context(ac->down_req,
ldb_get_opaque(h->module->ldb, "EventContext"),
+ (struct loadparm_context *)ldb_get_opaque(h->module->ldb, "loadparm"),
&smb_krb5_context) != 0) {
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -1759,6 +1760,7 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) {
/* Some operations below require kerberos contexts */
if (smb_krb5_init_context(ac->mod_req,
ldb_get_opaque(h->module->ldb, "EventContext"),
+ (struct loadparm_context *)ldb_get_opaque(h->module->ldb, "loadparm"),
&smb_krb5_context) != 0) {
return LDB_ERR_OPERATIONS_ERROR;
}
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index b24b58f8d4..6c1f20bf13 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -584,7 +584,7 @@ static void kdc_task_init(struct task_server *task)
initialize_krb5_error_table();
- ret = smb_krb5_init_context(kdc, task->event_ctx, &kdc->smb_krb5_context);
+ ret = smb_krb5_init_context(kdc, task->event_ctx, task->lp_ctx, &kdc->smb_krb5_context);
if (ret) {
DEBUG(1,("kdc_task_init: krb5_init_context failed (%s)\n",
error_message(ret)));
diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c
index baa3bdf39a..262cc70480 100644
--- a/source4/torture/auth/pac.c
+++ b/source4/torture/auth/pac.c
@@ -57,6 +57,7 @@ static bool torture_pac_self_check(struct torture_context *tctx)
torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx,
NULL,
+ global_loadparm,
&smb_krb5_context),
"smb_krb5_init_context");
@@ -285,6 +286,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
TALLOC_CTX *mem_ctx = tctx;
torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx, NULL,
+ global_loadparm,
&smb_krb5_context),
"smb_krb5_init_context");