summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/gensec/gensec.h1
-rw-r--r--source4/auth/gensec/gensec_gssapi.c1
-rw-r--r--source4/auth/gensec/gensec_krb5.c1
-rw-r--r--source4/auth/gensec/pygensec.c1
-rw-r--r--source4/auth/gensec/schannel.c11
-rw-r--r--source4/auth/kerberos/kerberos.h4
-rw-r--r--source4/auth/kerberos/kerberos_pac.c30
-rw-r--r--source4/auth/ntlm/auth_winbind.c11
8 files changed, 15 insertions, 45 deletions
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 45e24f194f..886f8fb171 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -73,7 +73,6 @@ struct tevent_req;
struct gensec_settings {
struct loadparm_context *lp_ctx;
- struct smb_iconv_convenience *iconv_convenience;
const char *target_hostname;
};
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index c6901a7b5e..73c12a20ff 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -1268,7 +1268,6 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
*/
if (pac_blob.length) {
nt_status = kerberos_pac_blob_to_server_info(mem_ctx,
- gensec_security->settings->iconv_convenience,
pac_blob,
gensec_gssapi_state->smb_krb5_context->krb5_context,
&server_info);
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index d051b7f227..77b50cb41c 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -685,7 +685,6 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
/* decode and verify the pac */
nt_status = kerberos_pac_logon_info(gensec_krb5_state,
- gensec_security->settings->iconv_convenience,
&logon_info, pac,
gensec_krb5_state->smb_krb5_context->krb5_context,
NULL, gensec_krb5_state->keyblock,
diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
index 2b4963c843..3ae80ddaf3 100644
--- a/source4/auth/gensec/pygensec.c
+++ b/source4/auth/gensec/pygensec.c
@@ -70,7 +70,6 @@ static struct gensec_settings *settings_from_object(TALLOC_CTX *mem_ctx, PyObjec
s->target_hostname = PyString_AsString(py_hostname);
s->lp_ctx = lp_from_py_object(s, py_lp_ctx);
- s->iconv_convenience = py_iconv_convenience(s);
return s;
}
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 7877ea461a..d4b29484f1 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -87,8 +87,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
bind_schannel.oem_netbios_computer.a = cli_credentials_get_workstation(gensec_security->credentials);
#endif
- ndr_err = ndr_push_struct_blob(out, out_mem_ctx,
- gensec_security->settings->iconv_convenience, &bind_schannel,
+ ndr_err = ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel,
(ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
@@ -111,9 +110,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
}
/* parse the schannel startup blob */
- ndr_err = ndr_pull_struct_blob(&in, out_mem_ctx,
- gensec_security->settings->iconv_convenience,
- &bind_schannel,
+ ndr_err = ndr_pull_struct_blob(&in, out_mem_ctx, &bind_schannel,
(ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
@@ -137,7 +134,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
}
status = schannel_get_creds_state(out_mem_ctx,
- gensec_security->settings->iconv_convenience,
lp_private_dir(gensec_security->settings->lp_ctx),
workstation, &creds);
if (!NT_STATUS_IS_OK(status)) {
@@ -158,8 +154,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
* any meaning here
* - gd */
- ndr_err = ndr_push_struct_blob(out, out_mem_ctx,
- gensec_security->settings->iconv_convenience, &bind_schannel_ack,
+ ndr_err = ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel_ack,
(ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index 1990343808..96c11a4ce1 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -105,7 +105,6 @@ void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx);
NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
- struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA **pac_data_out,
DATA_BLOB blob,
krb5_context context,
@@ -115,7 +114,6 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
time_t tgs_authtime,
krb5_error_code *k5ret);
NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
- struct smb_iconv_convenience *iconv_convenience,
struct PAC_LOGON_INFO **logon_info,
DATA_BLOB blob,
krb5_context context,
@@ -125,14 +123,12 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
time_t tgs_authtime,
krb5_error_code *k5ret);
krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
- struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA *pac_data,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
const krb5_keyblock *service_keyblock,
DATA_BLOB *pac);
krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
- struct smb_iconv_convenience *iconv_convenience,
struct auth_serversupplied_info *server_info,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index ecd35f3dfa..aca807e78d 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -66,7 +66,6 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
- struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA **pac_data_out,
DATA_BLOB blob,
krb5_context context,
@@ -114,8 +113,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
ndr_err = ndr_pull_struct_blob(&blob, pac_data,
- iconv_convenience, pac_data,
- (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
+ pac_data, (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
DEBUG(0,("can't parse the PAC: %s\n",
@@ -130,7 +128,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
ndr_err = ndr_pull_struct_blob(&blob, pac_data_raw,
- iconv_convenience, pac_data_raw,
+ pac_data_raw,
(ndr_pull_flags_fn_t)ndr_pull_PAC_DATA_RAW);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
@@ -211,7 +209,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
/* We find the data blobs above, now we parse them to get at the exact portion we should zero */
ndr_err = ndr_pull_struct_blob(kdc_sig_blob, kdc_sig_wipe,
- iconv_convenience, kdc_sig_wipe,
+ kdc_sig_wipe,
(ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
@@ -221,7 +219,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
ndr_err = ndr_pull_struct_blob(srv_sig_blob, srv_sig_wipe,
- iconv_convenience, srv_sig_wipe,
+ srv_sig_wipe,
(ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
@@ -236,7 +234,6 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
/* and reencode, back into the same place it came from */
ndr_err = ndr_push_struct_blob(kdc_sig_blob, pac_data_raw,
- iconv_convenience,
kdc_sig_wipe,
(ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -246,7 +243,6 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
return status;
}
ndr_err = ndr_push_struct_blob(srv_sig_blob, pac_data_raw,
- iconv_convenience,
srv_sig_wipe,
(ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -258,7 +254,6 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
/* push out the whole structure, but now with zero'ed signatures */
ndr_err = ndr_push_struct_blob(&modified_pac_blob, pac_data_raw,
- iconv_convenience,
pac_data_raw,
(ndr_push_flags_fn_t)ndr_push_PAC_DATA_RAW);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -340,7 +335,6 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
_PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
- struct smb_iconv_convenience *iconv_convenience,
struct PAC_LOGON_INFO **logon_info,
DATA_BLOB blob,
krb5_context context,
@@ -354,7 +348,6 @@ _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
struct PAC_DATA *pac_data;
int i;
nt_status = kerberos_decode_pac(mem_ctx,
- iconv_convenience,
&pac_data,
blob,
context,
@@ -426,7 +419,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
}
krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
- struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA *pac_data,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
@@ -489,7 +481,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
memset(srv_checksum->signature.data, '\0', srv_checksum->signature.length);
ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx,
- iconv_convenience,
pac_data,
(ndr_push_flags_fn_t)ndr_push_PAC_DATA);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -514,7 +505,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
/* And push it out again, this time to the world. This relies on determanistic pointer values */
ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx,
- iconv_convenience,
pac_data,
(ndr_push_flags_fn_t)ndr_push_PAC_DATA);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -531,7 +521,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
- struct smb_iconv_convenience *iconv_convenience,
struct auth_serversupplied_info *server_info,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
@@ -644,7 +633,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
unix_to_nt_time(&LOGON_NAME->logon_time, tgs_authtime);
ret = kerberos_encode_pac(mem_ctx,
- iconv_convenience,
pac_data,
context,
krbtgt_keyblock,
@@ -655,7 +643,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
}
krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
- struct smb_iconv_convenience *iconv_convenience,
krb5_pac pac,
krb5_context context,
struct auth_serversupplied_info **server_info)
@@ -685,7 +672,7 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
pac_logon_info_in = data_blob_const(k5pac_logon_info_in.data, k5pac_logon_info_in.length);
- ndr_err = ndr_pull_union_blob(&pac_logon_info_in, tmp_ctx, iconv_convenience, &info,
+ ndr_err = ndr_pull_union_blob(&pac_logon_info_in, tmp_ctx, &info,
PAC_TYPE_LOGON_INFO,
(ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
krb5_data_free(&k5pac_logon_info_in);
@@ -716,7 +703,7 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
pac_srv_checksum_in = data_blob_const(k5pac_srv_checksum_in.data, k5pac_srv_checksum_in.length);
ndr_err = ndr_pull_struct_blob(&pac_srv_checksum_in, server_info_out,
- iconv_convenience, &server_info_out->pac_srv_sig,
+ &server_info_out->pac_srv_sig,
(ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
krb5_data_free(&k5pac_srv_checksum_in);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -735,7 +722,7 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
pac_kdc_checksum_in = data_blob_const(k5pac_kdc_checksum_in.data, k5pac_kdc_checksum_in.length);
ndr_err = ndr_pull_struct_blob(&pac_kdc_checksum_in, server_info_out,
- iconv_convenience, &server_info_out->pac_kdc_sig,
+ &server_info_out->pac_kdc_sig,
(ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
krb5_data_free(&k5pac_kdc_checksum_in);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -752,7 +739,6 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
NTSTATUS kerberos_pac_blob_to_server_info(TALLOC_CTX *mem_ctx,
- struct smb_iconv_convenience *iconv_convenience,
DATA_BLOB pac_blob,
krb5_context context,
struct auth_serversupplied_info **server_info)
@@ -767,7 +753,7 @@ NTSTATUS kerberos_pac_blob_to_server_info(TALLOC_CTX *mem_ctx,
}
- ret = kerberos_pac_to_server_info(mem_ctx, iconv_convenience, pac, context, server_info);
+ ret = kerberos_pac_to_server_info(mem_ctx, pac, context, server_info);
krb5_pac_free(context, pac);
if (ret) {
return map_nt_error_from_unix(ret);
diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index 173a895390..7406a94275 100644
--- a/source4/auth/ntlm/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -33,7 +33,7 @@
#include "nsswitch/libwbclient/wbclient.h"
#include "libcli/security/dom_sid.h"
-static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience, struct winbindd_response *response, struct netr_SamInfo3 *info3)
+static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, struct netr_SamInfo3 *info3)
{
size_t len = response->length - sizeof(struct winbindd_response);
if (len > 4) {
@@ -43,7 +43,7 @@ static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct smb_iconv_conveni
blob.data = (uint8_t *)(((char *)response->extra_data.data) + 4);
ndr_err = ndr_pull_struct_blob(&blob, mem_ctx,
- iconv_convenience, info3,
+ info3,
(ndr_pull_flags_fn_t)ndr_pull_netr_SamInfo3);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return ndr_map_error2ntstatus(ndr_err);
@@ -57,7 +57,6 @@ static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct smb_iconv_conveni
}
static NTSTATUS get_info3_from_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
- struct smb_iconv_convenience *ic,
struct wbcAuthUserInfo *info,
struct netr_SamInfo3 *info3)
{
@@ -197,7 +196,7 @@ static NTSTATUS winbind_check_password_samba3(struct auth_method_context *ctx,
if (result == NSS_STATUS_SUCCESS && response.extra_data.data) {
union netr_Validation validation;
- nt_status = get_info3_from_ndr(mem_ctx, lp_iconv_convenience(ctx->auth_ctx->lp_ctx), &response, &info3);
+ nt_status = get_info3_from_ndr(mem_ctx, &response, &info3);
SAFE_FREE(response.extra_data.data);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -389,9 +388,7 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
wbcFreeMemory(err);
NT_STATUS_NOT_OK_RETURN(nt_status);
}
- nt_status = get_info3_from_wbcAuthUserInfo(mem_ctx,
- lp_iconv_convenience(ctx->auth_ctx->lp_ctx),
- info, &info3);
+ nt_status = get_info3_from_wbcAuthUserInfo(mem_ctx, info, &info3);
wbcFreeMemory(info);
NT_STATUS_NOT_OK_RETURN(nt_status);