summaryrefslogtreecommitdiff
path: root/source4/auth/credentials
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/credentials')
-rw-r--r--source4/auth/credentials/config.mk24
-rw-r--r--source4/auth/credentials/credentials.c26
-rw-r--r--source4/auth/credentials/credentials.h3
-rw-r--r--source4/auth/credentials/credentials.i10
-rw-r--r--source4/auth/credentials/credentials.py60
-rw-r--r--source4/auth/credentials/credentials_files.c16
-rw-r--r--source4/auth/credentials/credentials_krb5.c36
-rw-r--r--source4/auth/credentials/credentials_krb5.h6
-rw-r--r--source4/auth/credentials/credentials_wrap.c176
9 files changed, 224 insertions, 133 deletions
diff --git a/source4/auth/credentials/config.mk b/source4/auth/credentials/config.mk
index 7b091313c9..4c8308d01f 100644
--- a/source4/auth/credentials/config.mk
+++ b/source4/auth/credentials/config.mk
@@ -2,26 +2,16 @@
# Start SUBSYSTEM CREDENTIALS
[SUBSYSTEM::CREDENTIALS]
PUBLIC_PROTO_HEADER = credentials_proto.h
-PUBLIC_HEADERS = credentials.h
+PUBLIC_HEADERS = credentials.h credentials_krb5.h
OBJ_FILES = credentials.o \
credentials_files.o \
- credentials_ntlm.o
+ credentials_ntlm.o \
+ credentials_krb5.o \
+ ../kerberos/kerberos_util.o
PUBLIC_DEPENDENCIES = \
- LIBCLI_AUTH SECRETS LIBCRYPTO KERBEROS
-PRIVATE_DEPENDENCIES = CREDENTIALS_KRB5
-# End SUBSYSTEM CREDENTIALS
-#################################
-
-#################################
-# Start SUBSYSTEM CREDENTIALS
-[SUBSYSTEM::CREDENTIALS_KRB5]
-PUBLIC_PROTO_HEADER = credentials_krb5_proto.h
-PUBLIC_HEADERS = credentials_krb5.h
-OBJ_FILES = credentials_krb5.o
-PUBLIC_DEPENDENCIES = \
- HEIMDAL_GSSAPI
-# End SUBSYSTEM CREDENTIALS
-#################################
+ LIBCLI_AUTH SECRETS LIBCRYPTO KERBEROS UTIL_LDB HEIMDAL_GSSAPI
+PRIVATE_DEPENDENCIES = \
+ SECRETS
[PYTHON::swig_credentials]
PUBLIC_DEPENDENCIES = CREDENTIALS LIBPYTHON
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index f4530f4b3c..6d5c1210c9 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -82,7 +82,6 @@ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx)
struct cli_credentials *anon_credentials;
anon_credentials = cli_credentials_init(mem_ctx);
- cli_credentials_set_conf(anon_credentials, global_loadparm);
cli_credentials_set_anonymous(anon_credentials);
return anon_credentials;
@@ -119,7 +118,8 @@ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
const char *cli_credentials_get_username(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
if (cred->username_obtained == CRED_CALLBACK &&
@@ -187,7 +187,8 @@ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
if (cred->principal_obtained == CRED_CALLBACK &&
@@ -277,7 +278,8 @@ bool cli_credentials_authentication_requested(struct cli_credentials *cred)
const char *cli_credentials_get_password(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
if (cred->password_obtained == CRED_CALLBACK &&
@@ -332,7 +334,8 @@ bool cli_credentials_set_password_callback(struct cli_credentials *cred,
const char *cli_credentials_get_old_password(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
return cred->old_password;
@@ -401,7 +404,8 @@ bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
const char *cli_credentials_get_domain(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
if (cred->domain_obtained == CRED_CALLBACK &&
@@ -455,7 +459,8 @@ bool cli_credentials_set_domain_callback(struct cli_credentials *cred,
const char *cli_credentials_get_realm(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
if (cred->realm_obtained == CRED_CALLBACK &&
@@ -670,7 +675,7 @@ void cli_credentials_guess(struct cli_credentials *cred,
}
if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
- cli_credentials_set_ccache(cred, NULL, CRED_GUESS_FILE);
+ cli_credentials_set_ccache(cred, lp_ctx, NULL, CRED_GUESS_FILE);
}
}
@@ -720,6 +725,8 @@ void cli_credentials_set_anonymous(struct cli_credentials *cred)
cli_credentials_set_username(cred, "", CRED_SPECIFIED);
cli_credentials_set_domain(cred, "", CRED_SPECIFIED);
cli_credentials_set_password(cred, NULL, CRED_SPECIFIED);
+ cli_credentials_set_realm(cred, NULL, CRED_SPECIFIED);
+ cli_credentials_set_workstation(cred, "", CRED_UNINITIALISED);
}
/**
@@ -732,7 +739,8 @@ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
const char *username;
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
username = cli_credentials_get_username(cred);
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index 7ea37e40d1..a3da5c6054 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -104,8 +104,8 @@ struct cli_credentials {
/* We are flagged to get machine account details from the
* secrets.ldb when we are asked for a username or password */
-
bool machine_account_pending;
+ struct loadparm_context *machine_account_pending_lp_ctx;
/* Is this a machine account? */
bool machine_account;
@@ -128,6 +128,7 @@ struct cli_credentials {
struct ldb_context;
struct loadparm_context;
+#include "auth/credentials/credentials_krb5.h"
#include "auth/credentials/credentials_proto.h"
#endif /* __CREDENTIALS_H__ */
diff --git a/source4/auth/credentials/credentials.i b/source4/auth/credentials/credentials.i
index 456ea75519..78660bc46c 100644
--- a/source4/auth/credentials/credentials.i
+++ b/source4/auth/credentials/credentials.i
@@ -26,11 +26,13 @@
#include "includes.h"
#include "auth/credentials/credentials.h"
+#include "param/param.h"
typedef struct cli_credentials cli_credentials;
%}
-%include "carrays.i"
-%include "typemaps.i"
+%import "carrays.i"
+%import "typemaps.i"
+%import "param/param.i"
%typemap(default) struct cli_credentials * {
$1 = NULL;
@@ -44,13 +46,13 @@ typedef struct cli_credentials cli_credentials;
$result = PyString_FromStringAndSize($1->hash, 16);
}
+%talloctype(cli_credentials);
%rename(Credentials) cli_credentials;
typedef struct cli_credentials {
%extend {
cli_credentials() {
return cli_credentials_init(NULL);
}
- ~cli_credentials() { talloc_free($self); }
/* username */
const char *get_username(void);
bool set_username(const char *value,
@@ -83,7 +85,7 @@ typedef struct cli_credentials {
bool set_workstation(const char *workstation,
enum credentials_obtained obtained=CRED_SPECIFIED);
- void guess(struct loadparm_context *lp_ctx = NULL);
+ void guess(struct loadparm_context *lp_ctx);
bool is_anonymous(void);
const struct samr_Password *get_nt_hash(TALLOC_CTX *mem_ctx);
diff --git a/source4/auth/credentials/credentials.py b/source4/auth/credentials/credentials.py
index eb44b0789a..0d91526b8f 100644
--- a/source4/auth/credentials/credentials.py
+++ b/source4/auth/credentials/credentials.py
@@ -2,7 +2,6 @@
# Version 1.3.33
#
# Don't modify this file, modify the SWIG interface instead.
-# This file is compatible with both classic and new-style classes.
import _credentials
import new
@@ -48,36 +47,41 @@ except AttributeError:
del types
-class Credentials(_object):
- __swig_setmethods__ = {}
- __setattr__ = lambda self, name, value: _swig_setattr(self, Credentials, name, value)
- __swig_getmethods__ = {}
- __getattr__ = lambda self, name: _swig_getattr(self, Credentials, name)
+def _swig_setattr_nondynamic_method(set):
+ def set_attr(self,name,value):
+ if (name == "thisown"): return self.this.own(value)
+ if hasattr(self,name) or (name == "this"):
+ set(self,name,value)
+ else:
+ raise AttributeError("You cannot add attributes to %s" % self)
+ return set_attr
+
+
+import param
+class Credentials(object):
+ thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag')
__repr__ = _swig_repr
def __init__(self, *args, **kwargs):
- this = _credentials.new_Credentials(*args, **kwargs)
- try: self.this.append(this)
- except: self.this = this
+ _credentials.Credentials_swiginit(self,_credentials.new_Credentials(*args, **kwargs))
__swig_destroy__ = _credentials.delete_Credentials
- __del__ = lambda self : None;
- def get_username(*args, **kwargs): return _credentials.Credentials_get_username(*args, **kwargs)
- def set_username(*args, **kwargs): return _credentials.Credentials_set_username(*args, **kwargs)
- def get_password(*args, **kwargs): return _credentials.Credentials_get_password(*args, **kwargs)
- def set_password(*args, **kwargs): return _credentials.Credentials_set_password(*args, **kwargs)
- def get_domain(*args, **kwargs): return _credentials.Credentials_get_domain(*args, **kwargs)
- def set_domain(*args, **kwargs): return _credentials.Credentials_set_domain(*args, **kwargs)
- def get_realm(*args, **kwargs): return _credentials.Credentials_get_realm(*args, **kwargs)
- def set_realm(*args, **kwargs): return _credentials.Credentials_set_realm(*args, **kwargs)
- def parse_string(*args, **kwargs): return _credentials.Credentials_parse_string(*args, **kwargs)
- def get_bind_dn(*args, **kwargs): return _credentials.Credentials_get_bind_dn(*args, **kwargs)
- def set_bind_dn(*args, **kwargs): return _credentials.Credentials_set_bind_dn(*args, **kwargs)
- def get_workstation(*args, **kwargs): return _credentials.Credentials_get_workstation(*args, **kwargs)
- def set_workstation(*args, **kwargs): return _credentials.Credentials_set_workstation(*args, **kwargs)
- def guess(*args, **kwargs): return _credentials.Credentials_guess(*args, **kwargs)
- def is_anonymous(*args, **kwargs): return _credentials.Credentials_is_anonymous(*args, **kwargs)
- def get_nt_hash(*args, **kwargs): return _credentials.Credentials_get_nt_hash(*args, **kwargs)
- def authentication_requested(*args, **kwargs): return _credentials.Credentials_authentication_requested(*args, **kwargs)
- def wrong_password(*args, **kwargs): return _credentials.Credentials_wrong_password(*args, **kwargs)
+Credentials.get_username = new_instancemethod(_credentials.Credentials_get_username,None,Credentials)
+Credentials.set_username = new_instancemethod(_credentials.Credentials_set_username,None,Credentials)
+Credentials.get_password = new_instancemethod(_credentials.Credentials_get_password,None,Credentials)
+Credentials.set_password = new_instancemethod(_credentials.Credentials_set_password,None,Credentials)
+Credentials.get_domain = new_instancemethod(_credentials.Credentials_get_domain,None,Credentials)
+Credentials.set_domain = new_instancemethod(_credentials.Credentials_set_domain,None,Credentials)
+Credentials.get_realm = new_instancemethod(_credentials.Credentials_get_realm,None,Credentials)
+Credentials.set_realm = new_instancemethod(_credentials.Credentials_set_realm,None,Credentials)
+Credentials.parse_string = new_instancemethod(_credentials.Credentials_parse_string,None,Credentials)
+Credentials.get_bind_dn = new_instancemethod(_credentials.Credentials_get_bind_dn,None,Credentials)
+Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_dn,None,Credentials)
+Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials)
+Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials)
+Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials)
+Credentials.is_anonymous = new_instancemethod(_credentials.Credentials_is_anonymous,None,Credentials)
+Credentials.get_nt_hash = new_instancemethod(_credentials.Credentials_get_nt_hash,None,Credentials)
+Credentials.authentication_requested = new_instancemethod(_credentials.Credentials_authentication_requested,None,Credentials)
+Credentials.wrong_password = new_instancemethod(_credentials.Credentials_wrong_password,None,Credentials)
Credentials_swigregister = _credentials.Credentials_swigregister
Credentials_swigregister(Credentials)
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index e7435f56f8..c1001c9622 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -305,13 +305,13 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
* (chewing CPU time) from the password */
keytab = ldb_msg_find_attr_as_string(msgs[0], "krb5Keytab", NULL);
if (keytab) {
- cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED);
} else {
keytab = ldb_msg_find_attr_as_string(msgs[0], "privateKeytab", NULL);
if (keytab) {
keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, lp_ctx, keytab));
if (keytab) {
- cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED);
}
}
}
@@ -326,7 +326,8 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
* @param cred Credentials structure to fill in
* @retval NTSTATUS error detailing any failure
*/
-NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred)
+NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx)
{
char *filter;
/* Bleh, nasty recursion issues: We are setting a machine
@@ -335,7 +336,7 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred)
cred->machine_account_pending = false;
filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,
cli_credentials_get_domain(cred));
- return cli_credentials_set_secrets(cred, global_loadparm, NULL,
+ return cli_credentials_set_secrets(cred, lp_ctx, NULL,
SECRETS_PRIMARY_DOMAIN_DN,
filter);
}
@@ -369,6 +370,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
* @retval NTSTATUS error detailing any failure
*/
NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
const char *serviceprincipal)
{
char *filter;
@@ -380,7 +382,7 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
cli_credentials_get_realm(cred),
cli_credentials_get_domain(cred),
serviceprincipal);
- return cli_credentials_set_secrets(cred, global_loadparm, NULL,
+ return cli_credentials_set_secrets(cred, lp_ctx, NULL,
SECRETS_PRINCIPALS_DN, filter);
}
@@ -393,9 +395,11 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
* than during, popt processing.
*
*/
-void cli_credentials_set_machine_account_pending(struct cli_credentials *cred)
+void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx)
{
cred->machine_account_pending = true;
+ cred->machine_account_pending_lp_ctx = lp_ctx;
}
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index cfdc2e3f5a..90b196e99e 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -127,6 +127,7 @@ static int free_dccache(struct ccache_container *ccc) {
}
int cli_credentials_set_ccache(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
const char *name,
enum credentials_obtained obtained)
{
@@ -142,7 +143,7 @@ int cli_credentials_set_ccache(struct cli_credentials *cred,
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, global_loadparm,
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx,
&ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
@@ -201,6 +202,7 @@ int cli_credentials_set_ccache(struct cli_credentials *cred,
static int cli_credentials_new_ccache(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
struct ccache_container **_ccc)
{
krb5_error_code ret;
@@ -218,7 +220,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, global_loadparm,
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx,
&ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
@@ -250,12 +252,13 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
}
int cli_credentials_get_ccache(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
struct ccache_container **ccc)
{
krb5_error_code ret;
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred, lp_ctx);
}
if (cred->ccache_obtained >= cred->ccache_threshold &&
@@ -267,7 +270,7 @@ int cli_credentials_get_ccache(struct cli_credentials *cred,
return EINVAL;
}
- ret = cli_credentials_new_ccache(cred, ccc);
+ ret = cli_credentials_new_ccache(cred, lp_ctx, ccc);
if (ret) {
return ret;
}
@@ -344,6 +347,7 @@ static int free_gssapi_creds(struct gssapi_creds_container *gcc)
}
int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc)
{
int ret = 0;
@@ -355,7 +359,7 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
*_gcc = cred->client_gss_creds;
return 0;
}
- ret = cli_credentials_get_ccache(cred,
+ ret = cli_credentials_get_ccache(cred, lp_ctx,
&ccache);
if (ret) {
DEBUG(1, ("Failed to get CCACHE for GSSAPI client: %s\n", error_message(ret)));
@@ -397,6 +401,7 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
*/
int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
gss_cred_id_t gssapi_cred,
enum credentials_obtained obtained)
{
@@ -413,7 +418,7 @@ int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
return ENOMEM;
}
- ret = cli_credentials_new_ccache(cred, &ccc);
+ ret = cli_credentials_new_ccache(cred, lp_ctx, &ccc);
if (ret != 0) {
return ret;
}
@@ -450,6 +455,7 @@ int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
* it will be generated from the password.
*/
int cli_credentials_get_keytab(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
struct keytab_container **_ktc)
{
krb5_error_code ret;
@@ -468,7 +474,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
return EINVAL;
}
- ret = cli_credentials_get_krb5_context(cred, global_loadparm,
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx,
&smb_krb5_context);
if (ret) {
return ret;
@@ -503,6 +509,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
* FILE:/etc/krb5.keytab), open it and attach it */
int cli_credentials_set_keytab_name(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
const char *keytab_name,
enum credentials_obtained obtained)
{
@@ -515,7 +522,7 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
return 0;
}
- ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
if (ret) {
return ret;
}
@@ -540,7 +547,8 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
return ret;
}
-int cli_credentials_update_keytab(struct cli_credentials *cred)
+int cli_credentials_update_keytab(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx)
{
krb5_error_code ret;
struct keytab_container *ktc;
@@ -553,7 +561,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred)
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
if (ret) {
talloc_free(mem_ctx);
return ret;
@@ -561,7 +569,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred)
enctype_strings = cli_credentials_get_enctype_strings(cred);
- ret = cli_credentials_get_keytab(cred, &ktc);
+ ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc);
if (ret != 0) {
talloc_free(mem_ctx);
return ret;
@@ -576,6 +584,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred)
/* Get server gss credentials (in gsskrb5, this means the keytab) */
int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc)
{
int ret = 0;
@@ -593,13 +602,12 @@ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
return 0;
}
- ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
if (ret) {
return ret;
}
- ret = cli_credentials_get_keytab(cred,
- &ktc);
+ ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc);
if (ret) {
DEBUG(1, ("Failed to get keytab for GSSAPI server: %s\n", error_message(ret)));
return ret;
diff --git a/source4/auth/credentials/credentials_krb5.h b/source4/auth/credentials/credentials_krb5.h
index 1026508601..b963fbdca4 100644
--- a/source4/auth/credentials/credentials_krb5.h
+++ b/source4/auth/credentials/credentials_krb5.h
@@ -20,7 +20,11 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#ifndef __CREDENTIALS_KRB5_H__
+#define __CREDENTIALS_KRB5_H__
+
#include <gssapi/gssapi.h>
+#include <krb5.h>
struct ccache_container;
@@ -28,4 +32,4 @@ struct gssapi_creds_container {
gss_cred_id_t creds;
};
-#include "auth/credentials/credentials_krb5_proto.h"
+#endif /* __CREDENTIALS_KRB5_H__ */
diff --git a/source4/auth/credentials/credentials_wrap.c b/source4/auth/credentials/credentials_wrap.c
index 9887061a7e..f8bd32af03 100644
--- a/source4/auth/credentials/credentials_wrap.c
+++ b/source4/auth/credentials/credentials_wrap.c
@@ -9,7 +9,7 @@
* ----------------------------------------------------------------------------- */
#define SWIGPYTHON
-#define SWIG_PYTHON_DIRECTOR_NO_VTABLE
+#define SWIG_PYTHON_NO_BUILD_NONE
/* -----------------------------------------------------------------------------
* This section contains generic SWIG labels for method/variable
* declarations/attributes, and other compiler dependent labels.
@@ -2459,9 +2459,20 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
#define SWIGTYPE_p_TALLOC_CTX swig_types[0]
#define SWIGTYPE_p_char swig_types[1]
#define SWIGTYPE_p_cli_credentials swig_types[2]
-#define SWIGTYPE_p_loadparm_context swig_types[3]
-static swig_type_info *swig_types[5];
-static swig_module_info swig_module = {swig_types, 4, 0, 0, 0, 0};
+#define SWIGTYPE_p_int swig_types[3]
+#define SWIGTYPE_p_loadparm_context swig_types[4]
+#define SWIGTYPE_p_loadparm_service swig_types[5]
+#define SWIGTYPE_p_long_long swig_types[6]
+#define SWIGTYPE_p_param_context swig_types[7]
+#define SWIGTYPE_p_param_section swig_types[8]
+#define SWIGTYPE_p_short swig_types[9]
+#define SWIGTYPE_p_signed_char swig_types[10]
+#define SWIGTYPE_p_unsigned_char swig_types[11]
+#define SWIGTYPE_p_unsigned_int swig_types[12]
+#define SWIGTYPE_p_unsigned_long_long swig_types[13]
+#define SWIGTYPE_p_unsigned_short swig_types[14]
+static swig_type_info *swig_types[16];
+static swig_module_info swig_module = {swig_types, 15, 0, 0, 0, 0};
#define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name)
#define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name)
@@ -2472,6 +2483,19 @@ static swig_module_info swig_module = {swig_types, 4, 0, 0, 0, 0};
# error "This python version requires swig to be run with the '-classic' option"
# endif
#endif
+#if (PY_VERSION_HEX <= 0x02020000)
+# error "This python version requires swig to be run with the '-nomodern' option"
+#endif
+#if (PY_VERSION_HEX <= 0x02020000)
+# error "This python version requires swig to be run with the '-nomodernargs' option"
+#endif
+#ifndef METH_O
+# error "This python version requires swig to be run with the '-nofastunpack' option"
+#endif
+#ifdef SWIG_TypeQuery
+# undef SWIG_TypeQuery
+#endif
+#define SWIG_TypeQuery SWIG_Python_TypeQuery
/*-----------------------------------------------
@(target):= _credentials.so
@@ -2495,6 +2519,7 @@ static swig_module_info swig_module = {swig_types, 4, 0, 0, 0, 0};
#include "includes.h"
#include "auth/credentials/credentials.h"
+#include "param/param.h"
typedef struct cli_credentials cli_credentials;
@@ -2503,7 +2528,6 @@ typedef struct cli_credentials cli_credentials;
SWIGINTERN cli_credentials *new_cli_credentials(){
return cli_credentials_init(NULL);
}
-SWIGINTERN void delete_cli_credentials(cli_credentials *self){ talloc_free(self); }
SWIGINTERN swig_type_info*
SWIG_pchar_descriptor(void)
@@ -2748,6 +2772,7 @@ SWIGINTERNINLINE PyObject*
return PyBool_FromLong(value ? 1 : 0);
}
+SWIGINTERN void delete_cli_credentials(cli_credentials *self){ talloc_free(self); }
#ifdef __cplusplus
extern "C" {
#endif
@@ -2755,7 +2780,7 @@ SWIGINTERN PyObject *_wrap_new_Credentials(PyObject *SWIGUNUSEDPARM(self), PyObj
PyObject *resultobj = 0;
cli_credentials *result = 0 ;
- if (!PyArg_ParseTuple(args,(char *)":new_Credentials")) SWIG_fail;
+ if (!SWIG_Python_UnpackTuple(args,"new_Credentials",0,0,0)) SWIG_fail;
result = (cli_credentials *)new_cli_credentials();
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_cli_credentials, SWIG_POINTER_NEW | 0 );
return resultobj;
@@ -2764,36 +2789,6 @@ fail:
}
-SWIGINTERN PyObject *_wrap_delete_Credentials(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
- PyObject *resultobj = 0;
- cli_credentials *arg1 = (cli_credentials *) 0 ;
- void *argp1 = 0 ;
- int res1 = 0 ;
- PyObject * obj0 = 0 ;
- char * kwnames[] = {
- (char *) "self", NULL
- };
-
- {
- arg1 = NULL;
- }
- if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|O:delete_Credentials",kwnames,&obj0)) SWIG_fail;
- if (obj0) {
- res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, SWIG_POINTER_DISOWN | 0 );
- if (!SWIG_IsOK(res1)) {
- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_Credentials" "', argument " "1"" of type '" "cli_credentials *""'");
- }
- arg1 = (cli_credentials *)(argp1);
- }
- delete_cli_credentials(arg1);
-
- resultobj = SWIG_Py_Void();
- return resultobj;
-fail:
- return NULL;
-}
-
-
SWIGINTERN PyObject *_wrap_Credentials_get_username(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
PyObject *resultobj = 0;
cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3350,7 +3345,7 @@ fail:
SWIGINTERN PyObject *_wrap_Credentials_guess(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
PyObject *resultobj = 0;
cli_credentials *arg1 = (cli_credentials *) 0 ;
- struct loadparm_context *arg2 = (struct loadparm_context *) NULL ;
+ struct loadparm_context *arg2 = (struct loadparm_context *) 0 ;
void *argp1 = 0 ;
int res1 = 0 ;
void *argp2 = 0 ;
@@ -3364,6 +3359,9 @@ SWIGINTERN PyObject *_wrap_Credentials_guess(PyObject *SWIGUNUSEDPARM(self), PyO
{
arg1 = NULL;
}
+ {
+ arg2 = loadparm_init(NULL);
+ }
if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_guess",kwnames,&obj0,&obj1)) SWIG_fail;
if (obj0) {
res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 );
@@ -3424,18 +3422,18 @@ SWIGINTERN PyObject *_wrap_Credentials_get_nt_hash(PyObject *SWIGUNUSEDPARM(self
struct samr_Password *result = 0 ;
void *argp1 = 0 ;
int res1 = 0 ;
- void *argp2 = 0 ;
- int res2 = 0 ;
PyObject * obj0 = 0 ;
- PyObject * obj1 = 0 ;
char * kwnames[] = {
- (char *) "self",(char *) "mem_ctx", NULL
+ (char *) "self", NULL
};
{
arg1 = NULL;
}
- if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_get_nt_hash",kwnames,&obj0,&obj1)) SWIG_fail;
+ {
+ arg2 = NULL;
+ }
+ if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|O:Credentials_get_nt_hash",kwnames,&obj0)) SWIG_fail;
if (obj0) {
res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 );
if (!SWIG_IsOK(res1)) {
@@ -3443,13 +3441,6 @@ SWIGINTERN PyObject *_wrap_Credentials_get_nt_hash(PyObject *SWIGUNUSEDPARM(self
}
arg1 = (cli_credentials *)(argp1);
}
- if (obj1) {
- res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_TALLOC_CTX, 0 | 0 );
- if (!SWIG_IsOK(res2)) {
- SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "Credentials_get_nt_hash" "', argument " "2"" of type '" "TALLOC_CTX *""'");
- }
- arg2 = (TALLOC_CTX *)(argp2);
- }
result = (struct samr_Password *)cli_credentials_get_nt_hash(arg1,arg2);
{
resultobj = PyString_FromStringAndSize(result->hash, 16);
@@ -3520,16 +3511,49 @@ fail:
}
+SWIGINTERN PyObject *_wrap_delete_Credentials(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+ PyObject *resultobj = 0;
+ cli_credentials *arg1 = (cli_credentials *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ char * kwnames[] = {
+ (char *) "self", NULL
+ };
+
+ {
+ arg1 = NULL;
+ }
+ if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|O:delete_Credentials",kwnames,&obj0)) SWIG_fail;
+ if (obj0) {
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_Credentials" "', argument " "1"" of type '" "cli_credentials *""'");
+ }
+ arg1 = (cli_credentials *)(argp1);
+ }
+ delete_cli_credentials(arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *Credentials_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!SWIG_Python_UnpackTuple(args,(char*)"swigregister", 1, 1,&obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_cli_credentials, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
+SWIGINTERN PyObject *Credentials_swiginit(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ return SWIG_Python_InitShadowInstance(args);
+}
+
static PyMethodDef SwigMethods[] = {
- { (char *)"new_Credentials", _wrap_new_Credentials, METH_VARARGS, NULL},
- { (char *)"delete_Credentials", (PyCFunction) _wrap_delete_Credentials, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"new_Credentials", (PyCFunction)_wrap_new_Credentials, METH_NOARGS, NULL},
{ (char *)"Credentials_get_username", (PyCFunction) _wrap_Credentials_get_username, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_username", (PyCFunction) _wrap_Credentials_set_username, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_password", (PyCFunction) _wrap_Credentials_get_password, METH_VARARGS | METH_KEYWORDS, NULL},
@@ -3548,7 +3572,9 @@ static PyMethodDef SwigMethods[] = {
{ (char *)"Credentials_get_nt_hash", (PyCFunction) _wrap_Credentials_get_nt_hash, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_authentication_requested", (PyCFunction) _wrap_Credentials_authentication_requested, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_wrong_password", (PyCFunction) _wrap_Credentials_wrong_password, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"delete_Credentials", (PyCFunction) _wrap_delete_Credentials, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_swigregister", Credentials_swigregister, METH_VARARGS, NULL},
+ { (char *)"Credentials_swiginit", Credentials_swiginit, METH_VARARGS, NULL},
{ NULL, NULL, 0, NULL }
};
@@ -3558,25 +3584,69 @@ static PyMethodDef SwigMethods[] = {
static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0};
static swig_type_info *swig_type_initial[] = {
&_swigt__p_TALLOC_CTX,
&_swigt__p_char,
&_swigt__p_cli_credentials,
+ &_swigt__p_int,
&_swigt__p_loadparm_context,
+ &_swigt__p_loadparm_service,
+ &_swigt__p_long_long,
+ &_swigt__p_param_context,
+ &_swigt__p_param_section,
+ &_swigt__p_short,
+ &_swigt__p_signed_char,
+ &_swigt__p_unsigned_char,
+ &_swigt__p_unsigned_int,
+ &_swigt__p_unsigned_long_long,
+ &_swigt__p_unsigned_short,
};
static swig_cast_info _swigc__p_TALLOC_CTX[] = { {&_swigt__p_TALLOC_CTX, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_cli_credentials[] = { {&_swigt__p_cli_credentials, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info *swig_cast_initial[] = {
_swigc__p_TALLOC_CTX,
_swigc__p_char,
_swigc__p_cli_credentials,
+ _swigc__p_int,
_swigc__p_loadparm_context,
+ _swigc__p_loadparm_service,
+ _swigc__p_long_long,
+ _swigc__p_param_context,
+ _swigc__p_param_section,
+ _swigc__p_short,
+ _swigc__p_signed_char,
+ _swigc__p_unsigned_char,
+ _swigc__p_unsigned_int,
+ _swigc__p_unsigned_long_long,
+ _swigc__p_unsigned_short,
};
generated by cgit (git 2.34.1) at 2025-01-16 18:15:10 +0000