diff options
-rw-r--r-- | source4/auth/kerberos/clikrb5.c | 96 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/entryUUID.c | 8 | ||||
-rw-r--r-- | source4/libcli/ldap/ldap_ildap.c | 114 | ||||
-rw-r--r-- | source4/torture/basic/locking.c | 34 | ||||
-rw-r--r-- | source4/torture/nbt/winsbench.c | 2 | ||||
-rw-r--r-- | source4/winbind/wb_async_helpers.c | 231 |
6 files changed, 22 insertions, 463 deletions
diff --git a/source4/auth/kerberos/clikrb5.c b/source4/auth/kerberos/clikrb5.c index bc640c5670..cf87d13cf2 100644 --- a/source4/auth/kerberos/clikrb5.c +++ b/source4/auth/kerberos/clikrb5.c @@ -27,33 +27,6 @@ #ifdef HAVE_KRB5 -#if defined(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES) && !defined(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES) - krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc) -{ - return krb5_set_default_in_tkt_etypes(ctx, enc); -} -#endif - -#if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS) -/* HEIMDAL */ - void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr) -{ - pkaddr->addr_type = KRB5_ADDRESS_INET; - pkaddr->address.length = sizeof(((struct sockaddr_in *)paddr)->sin_addr); - pkaddr->address.data = (char *)&(((struct sockaddr_in *)paddr)->sin_addr); -} -#elif defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) -/* MIT */ - void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr) -{ - pkaddr->addrtype = ADDRTYPE_INET; - pkaddr->length = sizeof(((struct sockaddr_in *)paddr)->sin_addr); - pkaddr->contents = (krb5_octet *)&(((struct sockaddr_in *)paddr)->sin_addr); -} -#else -#error UNKNOWN_ADDRTYPE -#endif - #if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_USE_ENCTYPE) && defined(HAVE_KRB5_STRING_TO_KEY) && defined(HAVE_KRB5_ENCRYPT_BLOCK) int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, @@ -99,50 +72,6 @@ #error UNKNOWN_CREATE_KEY_FUNCTIONS #endif -#if defined(HAVE_KRB5_GET_PERMITTED_ENCTYPES) - krb5_error_code get_kerberos_allowed_etypes(krb5_context context, - krb5_enctype **enctypes) -{ - return krb5_get_permitted_enctypes(context, enctypes); -} -#elif defined(HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES) - krb5_error_code get_kerberos_allowed_etypes(krb5_context context, - krb5_enctype **enctypes) -{ - return krb5_get_default_in_tkt_etypes(context, enctypes); -} -#else -#error UNKNOWN_GET_ENCTYPES_FUNCTIONS -#endif - - void free_kerberos_etypes(krb5_context context, - krb5_enctype *enctypes) -{ -#if defined(HAVE_KRB5_FREE_KTYPES) - krb5_free_ktypes(context, enctypes); - return; -#else - SAFE_FREE(enctypes); - return; -#endif -} - -#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) - krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, - krb5_auth_context auth_context, - krb5_keyblock *keyblock) -{ - return krb5_auth_con_setkey(context, auth_context, keyblock); -} -#endif - -#if !defined(HAVE_KRB5_FREE_UNPARSED_NAME) - void krb5_free_unparsed_name(krb5_context context, char *val) -{ - SAFE_FREE(val); -} -#endif - void kerberos_free_data_contents(krb5_context context, krb5_data *pdata) { #if defined(HAVE_KRB5_FREE_DATA_CONTENTS) @@ -154,31 +83,6 @@ #endif } - void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype) -{ -#if defined(HAVE_KRB5_KEYBLOCK_IN_CREDS) - KRB5_KEY_TYPE((&pcreds->keyblock)) = enctype; -#elif defined(HAVE_KRB5_SESSION_IN_CREDS) - KRB5_KEY_TYPE((&pcreds->session)) = enctype; -#else -#error UNKNOWN_KEYBLOCK_MEMBER_IN_KRB5_CREDS_STRUCT -#endif -} - - BOOL kerberos_compatible_enctypes(krb5_context context, - krb5_enctype enctype1, - krb5_enctype enctype2) -{ -#if defined(HAVE_KRB5_C_ENCTYPE_COMPARE) - krb5_boolean similar = 0; - - krb5_c_enctype_compare(context, enctype1, enctype2, &similar); - return similar ? True : False; -#elif defined(HAVE_KRB5_ENCTYPES_COMPATIBLE_KEYS) - return krb5_enctypes_compatible_keys(context, enctype1, enctype2) ? True : False; -#endif -} - krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry) { #if defined(HAVE_KRB5_KT_FREE_ENTRY) diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 4373863caf..51a2badfeb 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -306,7 +306,7 @@ static struct ldb_val timestamp_to_usn(struct ldb_module *module, TALLOC_CTX *ct } -const struct ldb_map_attribute entryUUID_attributes[] = +static const struct ldb_map_attribute entryUUID_attributes[] = { /* objectGUID */ { @@ -498,7 +498,7 @@ const struct ldb_map_objectclass entryUUID_objectclasses[] = /* These things do not show up in wildcard searches in OpenLDAP, but * we need them to show up in the AD-like view */ -const char * const entryUUID_wildcard_attributes[] = { +static const char * const entryUUID_wildcard_attributes[] = { "objectGUID", "whenCreated", "whenChanged", @@ -507,7 +507,7 @@ const char * const entryUUID_wildcard_attributes[] = { NULL }; -const struct ldb_map_attribute nsuniqueid_attributes[] = +static const struct ldb_map_attribute nsuniqueid_attributes[] = { /* objectGUID */ { @@ -648,7 +648,7 @@ const struct ldb_map_attribute nsuniqueid_attributes[] = /* These things do not show up in wildcard searches in OpenLDAP, but * we need them to show up in the AD-like view */ -const char * const nsuniqueid_wildcard_attributes[] = { +static const char * const nsuniqueid_wildcard_attributes[] = { "objectGUID", "whenCreated", "whenChanged", diff --git a/source4/libcli/ldap/ldap_ildap.c b/source4/libcli/ldap/ldap_ildap.c index 5366e325cb..62019b8cc1 100644 --- a/source4/libcli/ldap/ldap_ildap.c +++ b/source4/libcli/ldap/ldap_ildap.c @@ -24,120 +24,6 @@ #include "libcli/ldap/ldap.h" #include "libcli/ldap/ldap_client.h" -/* - delete a record - */ -NTSTATUS ildap_delete(struct ldap_connection *conn, const char *dn) -{ - struct ldap_message *msg; - NTSTATUS status; - - msg = new_ldap_message(conn); - NT_STATUS_HAVE_NO_MEMORY(msg); - - msg->type = LDAP_TAG_DelRequest; - msg->r.DelRequest.dn = dn; - - status = ldap_transaction(conn, msg); - - talloc_free(msg); - - return status; -} - -/* - add a record - */ -NTSTATUS ildap_add(struct ldap_connection *conn, const char *dn, struct ldap_mod **mods) -{ - struct ldap_message *msg; - int n, i; - NTSTATUS status; - - msg = new_ldap_message(conn); - NT_STATUS_HAVE_NO_MEMORY(msg); - - for (n=0;mods[n];n++) /* noop */ ; - - msg->type = LDAP_TAG_AddRequest; - msg->r.AddRequest.dn = dn; - msg->r.AddRequest.num_attributes = n; - msg->r.AddRequest.attributes = talloc_array(msg, struct ldb_message_element, n); - if (msg->r.AddRequest.attributes == NULL) { - talloc_free(msg); - return NT_STATUS_NO_MEMORY; - } - for (i=0;i<n;i++) { - msg->r.AddRequest.attributes[i] = mods[i]->attrib; - } - - status = ldap_transaction(conn, msg); - - talloc_free(msg); - - return status; -} - - -/* - modify a record - */ -NTSTATUS ildap_modify(struct ldap_connection *conn, const char *dn, struct ldap_mod **mods) -{ - struct ldap_message *msg; - int n, i; - NTSTATUS status; - - msg = new_ldap_message(conn); - NT_STATUS_HAVE_NO_MEMORY(msg); - - for (n=0;mods[n];n++) /* noop */ ; - - msg->type = LDAP_TAG_ModifyRequest; - msg->r.ModifyRequest.dn = dn; - msg->r.ModifyRequest.num_mods = n; - msg->r.ModifyRequest.mods = talloc_array(msg, struct ldap_mod, n); - if (msg->r.ModifyRequest.mods == NULL) { - talloc_free(msg); - return NT_STATUS_NO_MEMORY; - } - for (i=0;i<n;i++) { - msg->r.ModifyRequest.mods[i] = *mods[i]; - } - - status = ldap_transaction(conn, msg); - - talloc_free(msg); - - return status; -} - - -/* - rename a record - */ -NTSTATUS ildap_rename(struct ldap_connection *conn, const char *dn, const char *newrdn, - const char *parentdn, BOOL deleteolddn) -{ - struct ldap_message *msg; - NTSTATUS status; - - msg = new_ldap_message(conn); - NT_STATUS_HAVE_NO_MEMORY(msg); - - msg->type = LDAP_TAG_ModifyDNRequest; - msg->r.ModifyDNRequest.dn = dn; - msg->r.ModifyDNRequest.newrdn = newrdn; - msg->r.ModifyDNRequest.deleteolddn = deleteolddn; - msg->r.ModifyDNRequest.newsuperior = parentdn; - - status = ldap_transaction(conn, msg); - - talloc_free(msg); - - return status; -} - /* count the returned search entries diff --git a/source4/torture/basic/locking.c b/source4/torture/basic/locking.c index 5570af17d6..aa3168fb08 100644 --- a/source4/torture/basic/locking.c +++ b/source4/torture/basic/locking.c @@ -38,9 +38,9 @@ must not use posix semantics) 2) support for lock timeouts */ -bool torture_locktest1(struct torture_context *tctx, - struct smbcli_state *cli1, - struct smbcli_state *cli2) +static bool torture_locktest1(struct torture_context *tctx, + struct smbcli_state *cli1, + struct smbcli_state *cli2) { const char *fname = BASEDIR "\\lockt1.lck"; int fnum1, fnum2, fnum3; @@ -159,8 +159,8 @@ bool torture_locktest1(struct torture_context *tctx, 3) the server denies unlock requests by an incorrect client PID */ -bool torture_locktest2(struct torture_context *tctx, - struct smbcli_state *cli) +static bool torture_locktest2(struct torture_context *tctx, + struct smbcli_state *cli) { const char *fname = BASEDIR "\\lockt2.lck"; int fnum1, fnum2, fnum3; @@ -271,9 +271,9 @@ bool torture_locktest2(struct torture_context *tctx, 1) the server supports the full offset range in lock requests */ -bool torture_locktest3(struct torture_context *tctx, - struct smbcli_state *cli1, - struct smbcli_state *cli2) +static bool torture_locktest3(struct torture_context *tctx, + struct smbcli_state *cli1, + struct smbcli_state *cli2) { const char *fname = BASEDIR "\\lockt3.lck"; int fnum1, fnum2, i; @@ -368,9 +368,9 @@ bool torture_locktest3(struct torture_context *tctx, /* looks at overlapping locks */ -BOOL torture_locktest4(struct torture_context *tctx, - struct smbcli_state *cli1, - struct smbcli_state *cli2) +static bool torture_locktest4(struct torture_context *tctx, + struct smbcli_state *cli1, + struct smbcli_state *cli2) { const char *fname = BASEDIR "\\lockt4.lck"; int fnum1, fnum2, f; @@ -530,8 +530,8 @@ BOOL torture_locktest4(struct torture_context *tctx, /* looks at lock upgrade/downgrade. */ -BOOL torture_locktest5(struct torture_context *tctx, struct smbcli_state *cli1, - struct smbcli_state *cli2) +static bool torture_locktest5(struct torture_context *tctx, struct smbcli_state *cli1, + struct smbcli_state *cli2) { const char *fname = BASEDIR "\\lockt5.lck"; int fnum1, fnum2, fnum3; @@ -635,8 +635,8 @@ ret = NT_STATUS_IS_OK(smbcli_unlock(cli1->tree, fnum1, 0, 4)) && /* tries the unusual lockingX locktype bits */ -BOOL torture_locktest6(struct torture_context *tctx, - struct smbcli_state *cli) +static bool torture_locktest6(struct torture_context *tctx, + struct smbcli_state *cli) { const char *fname[1] = { "\\lock6.txt" }; int i; @@ -668,8 +668,8 @@ BOOL torture_locktest6(struct torture_context *tctx, return True; } -BOOL torture_locktest7(struct torture_context *tctx, - struct smbcli_state *cli1) +static bool torture_locktest7(struct torture_context *tctx, + struct smbcli_state *cli1) { const char *fname = BASEDIR "\\lockt7.lck"; int fnum1; diff --git a/source4/torture/nbt/winsbench.c b/source4/torture/nbt/winsbench.c index 56247d8289..f06db648fc 100644 --- a/source4/torture/nbt/winsbench.c +++ b/source4/torture/nbt/winsbench.c @@ -43,7 +43,7 @@ struct idx_state { struct wins_state *state; }; -struct nbt_name generate_name(TALLOC_CTX *tctx, int idx) +static struct nbt_name generate_name(TALLOC_CTX *tctx, int idx) { struct nbt_name name; name.name = talloc_asprintf(tctx, "WINSBench%6u", idx); diff --git a/source4/winbind/wb_async_helpers.c b/source4/winbind/wb_async_helpers.c index 21b00adf60..662dd111dd 100644 --- a/source4/winbind/wb_async_helpers.c +++ b/source4/winbind/wb_async_helpers.c @@ -35,213 +35,6 @@ #include "winbind/wb_helper.h" -struct get_schannel_creds_state { - struct cli_credentials *wks_creds; - struct dcerpc_pipe *p; - struct netr_ServerReqChallenge r; - - struct creds_CredentialState *creds_state; - struct netr_Credential netr_cred; - uint32_t negotiate_flags; - struct netr_ServerAuthenticate2 a; -}; - -static void get_schannel_creds_recv_anonbind(struct composite_context *creq); -static void get_schannel_creds_recv_auth(struct rpc_request *req); -static void get_schannel_creds_recv_chal(struct rpc_request *req); -static void get_schannel_creds_recv_pipe(struct composite_context *ctx); - -struct composite_context *wb_get_schannel_creds_send(TALLOC_CTX *mem_ctx, - struct cli_credentials *wks_creds, - struct smbcli_tree *tree, - struct event_context *ev) -{ - struct composite_context *c, *creq; - struct get_schannel_creds_state *state; - - c = composite_create(mem_ctx, ev); - if (c == NULL) goto failed; - - state = talloc(c, struct get_schannel_creds_state); - if (state == NULL) { - c->status = NT_STATUS_NO_MEMORY; - goto failed; - } - - c->private_data = state; - - state->wks_creds = wks_creds; - - state->p = dcerpc_pipe_init(state, ev); - if (state->p == NULL) { - c->status = NT_STATUS_NO_MEMORY; - goto failed; - } - - creq = dcerpc_pipe_open_smb_send(state->p, tree, "\\netlogon"); - if (creq == NULL) { - c->status = NT_STATUS_NO_MEMORY; - goto failed; - } - - creq->async.fn = get_schannel_creds_recv_pipe; - creq->async.private_data = c; - - return c; - - failed: - composite_error(c, c->status); - return c; -} - -static void get_schannel_creds_recv_pipe(struct composite_context *creq) -{ - struct composite_context *c = - talloc_get_type(creq->async.private_data, - struct composite_context); - struct get_schannel_creds_state *state = - talloc_get_type(c->private_data, - struct get_schannel_creds_state); - - c->status = dcerpc_pipe_open_smb_recv(creq); - if (!composite_is_ok(c)) return; - - creq = dcerpc_bind_auth_none_send(state, state->p, - &dcerpc_table_netlogon); - composite_continue(c, creq, get_schannel_creds_recv_anonbind, c); -} - -static void get_schannel_creds_recv_anonbind(struct composite_context *creq) -{ - struct composite_context *c = - talloc_get_type(creq->async.private_data, - struct composite_context); - struct get_schannel_creds_state *state = - talloc_get_type(c->private_data, - struct get_schannel_creds_state); - struct rpc_request *req; - - c->status = dcerpc_bind_auth_none_recv(creq); - if (!composite_is_ok(c)) return; - - state->r.in.computer_name = - cli_credentials_get_workstation(state->wks_creds); - state->r.in.server_name = - talloc_asprintf(state, "\\\\%s", - dcerpc_server_name(state->p)); - if (composite_nomem(state->r.in.server_name, c)) return; - - state->r.in.credentials = talloc(state, struct netr_Credential); - if (composite_nomem(state->r.in.credentials, c)) return; - - state->r.out.credentials = talloc(state, struct netr_Credential); - if (composite_nomem(state->r.out.credentials, c)) return; - - generate_random_buffer(state->r.in.credentials->data, - sizeof(state->r.in.credentials->data)); - - req = dcerpc_netr_ServerReqChallenge_send(state->p, state, &state->r); - composite_continue_rpc(c, req, get_schannel_creds_recv_chal, c); -} - -static void get_schannel_creds_recv_chal(struct rpc_request *req) -{ - struct composite_context *c = - talloc_get_type(req->async.private_data, - struct composite_context); - struct get_schannel_creds_state *state = - talloc_get_type(c->private_data, - struct get_schannel_creds_state); - const struct samr_Password *mach_pwd; - - c->status = dcerpc_ndr_request_recv(req); - if (!composite_is_ok(c)) return; - c->status = state->r.out.result; - if (!composite_is_ok(c)) return; - - state->creds_state = talloc(state, struct creds_CredentialState); - if (composite_nomem(state->creds_state, c)) return; - - mach_pwd = cli_credentials_get_nt_hash(state->wks_creds, state); - if (composite_nomem(mach_pwd, c)) return; - - state->negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS; - - creds_client_init(state->creds_state, state->r.in.credentials, - state->r.out.credentials, mach_pwd, - &state->netr_cred, state->negotiate_flags); - - state->a.in.server_name = - talloc_reference(state, state->r.in.server_name); - state->a.in.account_name = - cli_credentials_get_username(state->wks_creds); - state->a.in.secure_channel_type = - cli_credentials_get_secure_channel_type(state->wks_creds); - state->a.in.computer_name = - cli_credentials_get_workstation(state->wks_creds); - state->a.in.negotiate_flags = &state->negotiate_flags; - state->a.out.negotiate_flags = &state->negotiate_flags; - state->a.in.credentials = &state->netr_cred; - state->a.out.credentials = &state->netr_cred; - - req = dcerpc_netr_ServerAuthenticate2_send(state->p, state, &state->a); - composite_continue_rpc(c, req, get_schannel_creds_recv_auth, c); -} - -static void get_schannel_creds_recv_auth(struct rpc_request *req) -{ - struct composite_context *c = - talloc_get_type(req->async.private_data, - struct composite_context); - struct get_schannel_creds_state *state = - talloc_get_type(c->private_data, - struct get_schannel_creds_state); - - c->status = dcerpc_ndr_request_recv(req); - if (!composite_is_ok(c)) return; - c->status = state->a.out.result; - if (!composite_is_ok(c)) return; - - if (!creds_client_check(state->creds_state, - state->a.out.credentials)) { - DEBUG(5, ("Server got us invalid creds\n")); - composite_error(c, NT_STATUS_UNSUCCESSFUL); - return; - } - - cli_credentials_set_netlogon_creds(state->wks_creds, - state->creds_state); - - composite_done(c); -} - -NTSTATUS wb_get_schannel_creds_recv(struct composite_context *c, - TALLOC_CTX *mem_ctx, - struct dcerpc_pipe **netlogon_pipe) -{ - NTSTATUS status = composite_wait(c); - if (NT_STATUS_IS_OK(status)) { - struct get_schannel_creds_state *state = - talloc_get_type(c->private_data, - struct get_schannel_creds_state); - *netlogon_pipe = talloc_steal(mem_ctx, state->p); - } - talloc_free(c); - return status; -} - -NTSTATUS wb_get_schannel_creds(TALLOC_CTX *mem_ctx, - struct cli_credentials *wks_creds, - struct smbcli_tree *tree, - struct event_context *event_ctx, - struct dcerpc_pipe **netlogon_pipe) -{ - struct composite_context *c = - wb_get_schannel_creds_send(mem_ctx, wks_creds, tree, - event_ctx); - return wb_get_schannel_creds_recv(c, mem_ctx, netlogon_pipe); -} - struct lsa_lookupsids_state { struct composite_context *ctx; int num_sids; @@ -384,19 +177,6 @@ NTSTATUS wb_lsa_lookupsids_recv(struct composite_context *c, return status; } -NTSTATUS wb_lsa_lookupsids(TALLOC_CTX *mem_ctx, - struct dcerpc_pipe *lsa_pipe, - struct policy_handle *handle, - int num_sids, const struct dom_sid **sids, - struct wb_sid_object ***names) -{ - struct composite_context *c = - wb_lsa_lookupsids_send(mem_ctx, lsa_pipe, handle, - num_sids, sids); - return wb_lsa_lookupnames_recv(c, mem_ctx, names); -} - - struct lsa_lookupnames_state { struct composite_context *ctx; @@ -526,17 +306,6 @@ NTSTATUS wb_lsa_lookupnames_recv(struct composite_context *c, return status; } -NTSTATUS wb_lsa_lookupnames(TALLOC_CTX *mem_ctx, - struct dcerpc_pipe *lsa_pipe, - struct policy_handle *handle, - int num_names, const char **names, - struct wb_sid_object ***sids) -{ - struct composite_context *c = - wb_lsa_lookupnames_send(mem_ctx, lsa_pipe, handle, - num_names, names); - return wb_lsa_lookupnames_recv(c, mem_ctx, sids); -} #if 0 |