diff options
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/gensec/cyrus_sasl.c | 2 | ||||
| -rw-r--r-- | source4/auth/gensec/gensec.c | 8 | ||||
| -rw-r--r-- | source4/auth/gensec/gensec.h | 2 | ||||
| -rw-r--r-- | source4/auth/gensec/schannel_state.c | 2 | ||||
| -rw-r--r-- | source4/auth/gensec/spnego.c | 15 | ||||
| -rw-r--r-- | source4/auth/kerberos/kerberos.c | 4 | ||||
| -rw-r--r-- | source4/auth/kerberos/kerberos_util.c | 18 | ||||
| -rw-r--r-- | source4/auth/kerberos/krb5_init_context.c | 4 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_server.c | 1 |
9 files changed, 39 insertions, 17 deletions
diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c index 06a7b8a382..6f82de82fc 100644 --- a/source4/auth/gensec/cyrus_sasl.c +++ b/source4/auth/gensec/cyrus_sasl.c @@ -110,7 +110,7 @@ static int gensec_sasl_get_password(sasl_conn_t *conn, void *context, int id, static int gensec_sasl_dispose(struct gensec_sasl_state *gensec_sasl_state) { sasl_dispose(&gensec_sasl_state->conn); - return 0; + return SASL_OK; } static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security) diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 0edb34d740..5d57383d2a 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -490,6 +490,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(*gensec_security); (*gensec_security)->ops = NULL; + (*gensec_security)->private_data = NULL; ZERO_STRUCT((*gensec_security)->target); ZERO_STRUCT((*gensec_security)->peer_addr); @@ -525,6 +526,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, (*gensec_security)->private_data = NULL; (*gensec_security)->subcontext = true; + (*gensec_security)->want_features = parent->want_features; (*gensec_security)->event_ctx = parent->event_ctx; (*gensec_security)->msg_ctx = parent->msg_ctx; (*gensec_security)->lp_ctx = parent->lp_ctx; @@ -1015,7 +1017,11 @@ _PUBLIC_ NTSTATUS gensec_update_recv(struct gensec_update_request *req, TALLOC_C _PUBLIC_ void gensec_want_feature(struct gensec_security *gensec_security, uint32_t feature) { - gensec_security->want_features |= feature; + if (!gensec_security->ops || !gensec_security->ops->want_feature) { + gensec_security->want_features |= feature; + return; + } + gensec_security->ops->want_feature(gensec_security, feature); } /** diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 84fc26d127..0b31882ddd 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -133,6 +133,8 @@ struct gensec_security_ops { NTSTATUS (*session_key)(struct gensec_security *gensec_security, DATA_BLOB *session_key); NTSTATUS (*session_info)(struct gensec_security *gensec_security, struct auth_session_info **session_info); + void (*want_feature)(struct gensec_security *gensec_security, + uint32_t feature); bool (*have_feature)(struct gensec_security *gensec_security, uint32_t feature); bool enabled; diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 0388b3caf6..64c21d0c3e 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -44,7 +44,7 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct event_contex "computerName: CASE_INSENSITIVE\n" \ "flatname: CASE_INSENSITIVE\n"; - path = smbd_tmp_path(mem_ctx, lp_ctx, "schannel.ldb"); + path = private_path(mem_ctx, lp_ctx, "schannel.ldb"); if (!path) { return NULL; } diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index 1855e0583d..bf991616bd 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -1094,6 +1094,20 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA return NT_STATUS_INVALID_PARAMETER; } +static void gensec_spnego_want_feature(struct gensec_security *gensec_security, + uint32_t feature) +{ + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; + + if (!spnego_state || !spnego_state->sub_sec_security) { + gensec_security->want_features |= feature; + return; + } + + gensec_want_feature(spnego_state->sub_sec_security, + feature); +} + static bool gensec_spnego_have_feature(struct gensec_security *gensec_security, uint32_t feature) { @@ -1133,6 +1147,7 @@ static const struct gensec_security_ops gensec_spnego_security_ops = { .unwrap_packets = gensec_spnego_unwrap_packets, .session_key = gensec_spnego_session_key, .session_info = gensec_spnego_session_info, + .want_feature = gensec_spnego_want_feature, .have_feature = gensec_spnego_have_feature, .enabled = true, .priority = GENSEC_SPNEGO diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c index 2579ab20cc..d54664fe66 100644 --- a/source4/auth/kerberos/kerberos.c +++ b/source4/auth/kerberos/kerberos.c @@ -33,7 +33,7 @@ This version is built to use a keyblock, rather than needing the original password. */ - int kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, + krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, krb5_principal principal, krb5_keyblock *keyblock, time_t *expire_time, time_t *kdc_time) { @@ -77,7 +77,7 @@ simulate a kinit, putting the tgt in the given credentials cache. Orignally by remus@snapserver.com */ - int kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, + krb5_error_code kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, krb5_principal principal, const char *password, time_t *expire_time, time_t *kdc_time) { diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 9002715065..0567565d33 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -32,7 +32,7 @@ struct principal_container { krb5_principal principal; }; -static int free_principal(struct principal_container *pc) +static krb5_error_code free_principal(struct principal_container *pc) { /* current heimdal - 0.6.3, which we need anyway, fixes segfaults here */ krb5_free_principal(pc->smb_krb5_context->krb5_context, pc->principal); @@ -241,19 +241,17 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, return 0; } -static int free_keytab(struct keytab_container *ktc) +static krb5_error_code free_keytab(struct keytab_container *ktc) { - krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); - - return 0; + return krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); } -int smb_krb5_open_keytab(TALLOC_CTX *mem_ctx, +krb5_error_code smb_krb5_open_keytab(TALLOC_CTX *mem_ctx, struct smb_krb5_context *smb_krb5_context, const char *keytab_name, struct keytab_container **ktc) { krb5_keytab keytab; - int ret; + krb5_error_code ret; ret = krb5_kt_resolve(smb_krb5_context->krb5_context, keytab_name, &keytab); if (ret) { DEBUG(1,("failed to open krb5 keytab: %s\n", @@ -339,7 +337,7 @@ static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx, return 0; } -static int create_keytab(TALLOC_CTX *parent_ctx, +static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, const char **enctype_strings, @@ -603,7 +601,7 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx, return ret; } -int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, +krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, const char **enctype_strings, @@ -635,7 +633,7 @@ int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, return ret; } -int smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, +krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, const char **enctype_strings, diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 82e42a4560..90b542c4c4 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -49,13 +49,13 @@ struct smb_krb5_socket { krb5_krbhst_info *hi; }; -static int smb_krb5_context_destroy_1(struct smb_krb5_context *ctx) +static krb5_error_code smb_krb5_context_destroy_1(struct smb_krb5_context *ctx) { krb5_free_context(ctx->krb5_context); return 0; } -static int smb_krb5_context_destroy_2(struct smb_krb5_context *ctx) +static krb5_error_code smb_krb5_context_destroy_2(struct smb_krb5_context *ctx) { /* Otherwise krb5_free_context will try and close what we have already free()ed */ krb5_set_warn_dest(ctx->krb5_context, NULL); diff --git a/source4/auth/ntlm/auth_server.c b/source4/auth/ntlm/auth_server.c index bb8773e75e..539ae6aa80 100644 --- a/source4/auth/ntlm/auth_server.c +++ b/source4/auth/ntlm/auth_server.c @@ -80,6 +80,7 @@ static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX io.in.workgroup = ""; /* only used with SPNEGO, disabled above */ io.in.options = smb_options; + lp_smbcli_session_options(ctx->auth_ctx->lp_ctx, &io.in.session_options); status = smb_composite_connect(&io, mem_ctx, lp_resolve_context(ctx->auth_ctx->lp_ctx), ctx->auth_ctx->event_ctx); |