diff options
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/gensec/gensec.h | 1 | ||||
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 1 | ||||
-rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 1 | ||||
-rw-r--r-- | source4/auth/gensec/pygensec.c | 1 | ||||
-rw-r--r-- | source4/auth/gensec/schannel.c | 11 | ||||
-rw-r--r-- | source4/auth/kerberos/kerberos.h | 4 | ||||
-rw-r--r-- | source4/auth/kerberos/kerberos_pac.c | 30 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_winbind.c | 11 |
8 files changed, 15 insertions, 45 deletions
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 45e24f194f..886f8fb171 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -73,7 +73,6 @@ struct tevent_req; struct gensec_settings { struct loadparm_context *lp_ctx; - struct smb_iconv_convenience *iconv_convenience; const char *target_hostname; }; diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index c6901a7b5e..73c12a20ff 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -1268,7 +1268,6 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi */ if (pac_blob.length) { nt_status = kerberos_pac_blob_to_server_info(mem_ctx, - gensec_security->settings->iconv_convenience, pac_blob, gensec_gssapi_state->smb_krb5_context->krb5_context, &server_info); diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index d051b7f227..77b50cb41c 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -685,7 +685,6 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security /* decode and verify the pac */ nt_status = kerberos_pac_logon_info(gensec_krb5_state, - gensec_security->settings->iconv_convenience, &logon_info, pac, gensec_krb5_state->smb_krb5_context->krb5_context, NULL, gensec_krb5_state->keyblock, diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c index 2b4963c843..3ae80ddaf3 100644 --- a/source4/auth/gensec/pygensec.c +++ b/source4/auth/gensec/pygensec.c @@ -70,7 +70,6 @@ static struct gensec_settings *settings_from_object(TALLOC_CTX *mem_ctx, PyObjec s->target_hostname = PyString_AsString(py_hostname); s->lp_ctx = lp_from_py_object(s, py_lp_ctx); - s->iconv_convenience = py_iconv_convenience(s); return s; } diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 7877ea461a..d4b29484f1 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -87,8 +87,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ bind_schannel.oem_netbios_computer.a = cli_credentials_get_workstation(gensec_security->credentials); #endif - ndr_err = ndr_push_struct_blob(out, out_mem_ctx, - gensec_security->settings->iconv_convenience, &bind_schannel, + ndr_err = ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel, (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -111,9 +110,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ } /* parse the schannel startup blob */ - ndr_err = ndr_pull_struct_blob(&in, out_mem_ctx, - gensec_security->settings->iconv_convenience, - &bind_schannel, + ndr_err = ndr_pull_struct_blob(&in, out_mem_ctx, &bind_schannel, (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -137,7 +134,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ } status = schannel_get_creds_state(out_mem_ctx, - gensec_security->settings->iconv_convenience, lp_private_dir(gensec_security->settings->lp_ctx), workstation, &creds); if (!NT_STATUS_IS_OK(status)) { @@ -158,8 +154,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ * any meaning here * - gd */ - ndr_err = ndr_push_struct_blob(out, out_mem_ctx, - gensec_security->settings->iconv_convenience, &bind_schannel_ack, + ndr_err = ndr_push_struct_blob(out, out_mem_ctx, &bind_schannel_ack, (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h index 1990343808..96c11a4ce1 100644 --- a/source4/auth/kerberos/kerberos.h +++ b/source4/auth/kerberos/kerberos.h @@ -105,7 +105,6 @@ void kerberos_free_data_contents(krb5_context context, krb5_data *pdata); krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry); char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx); NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - struct smb_iconv_convenience *iconv_convenience, struct PAC_DATA **pac_data_out, DATA_BLOB blob, krb5_context context, @@ -115,7 +114,6 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, time_t tgs_authtime, krb5_error_code *k5ret); NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, - struct smb_iconv_convenience *iconv_convenience, struct PAC_LOGON_INFO **logon_info, DATA_BLOB blob, krb5_context context, @@ -125,14 +123,12 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, time_t tgs_authtime, krb5_error_code *k5ret); krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx, - struct smb_iconv_convenience *iconv_convenience, struct PAC_DATA *pac_data, krb5_context context, const krb5_keyblock *krbtgt_keyblock, const krb5_keyblock *service_keyblock, DATA_BLOB *pac); krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx, - struct smb_iconv_convenience *iconv_convenience, struct auth_serversupplied_info *server_info, krb5_context context, const krb5_keyblock *krbtgt_keyblock, diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c index ecd35f3dfa..aca807e78d 100644 --- a/source4/auth/kerberos/kerberos_pac.c +++ b/source4/auth/kerberos/kerberos_pac.c @@ -66,7 +66,6 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - struct smb_iconv_convenience *iconv_convenience, struct PAC_DATA **pac_data_out, DATA_BLOB blob, krb5_context context, @@ -114,8 +113,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } ndr_err = ndr_pull_struct_blob(&blob, pac_data, - iconv_convenience, pac_data, - (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA); + pac_data, (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); DEBUG(0,("can't parse the PAC: %s\n", @@ -130,7 +128,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } ndr_err = ndr_pull_struct_blob(&blob, pac_data_raw, - iconv_convenience, pac_data_raw, + pac_data_raw, (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA_RAW); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -211,7 +209,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, /* We find the data blobs above, now we parse them to get at the exact portion we should zero */ ndr_err = ndr_pull_struct_blob(kdc_sig_blob, kdc_sig_wipe, - iconv_convenience, kdc_sig_wipe, + kdc_sig_wipe, (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -221,7 +219,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } ndr_err = ndr_pull_struct_blob(srv_sig_blob, srv_sig_wipe, - iconv_convenience, srv_sig_wipe, + srv_sig_wipe, (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -236,7 +234,6 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, /* and reencode, back into the same place it came from */ ndr_err = ndr_push_struct_blob(kdc_sig_blob, pac_data_raw, - iconv_convenience, kdc_sig_wipe, (ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -246,7 +243,6 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, return status; } ndr_err = ndr_push_struct_blob(srv_sig_blob, pac_data_raw, - iconv_convenience, srv_sig_wipe, (ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -258,7 +254,6 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, /* push out the whole structure, but now with zero'ed signatures */ ndr_err = ndr_push_struct_blob(&modified_pac_blob, pac_data_raw, - iconv_convenience, pac_data_raw, (ndr_push_flags_fn_t)ndr_push_PAC_DATA_RAW); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -340,7 +335,6 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, - struct smb_iconv_convenience *iconv_convenience, struct PAC_LOGON_INFO **logon_info, DATA_BLOB blob, krb5_context context, @@ -354,7 +348,6 @@ _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, struct PAC_DATA *pac_data; int i; nt_status = kerberos_decode_pac(mem_ctx, - iconv_convenience, &pac_data, blob, context, @@ -426,7 +419,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, } krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx, - struct smb_iconv_convenience *iconv_convenience, struct PAC_DATA *pac_data, krb5_context context, const krb5_keyblock *krbtgt_keyblock, @@ -489,7 +481,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, memset(srv_checksum->signature.data, '\0', srv_checksum->signature.length); ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx, - iconv_convenience, pac_data, (ndr_push_flags_fn_t)ndr_push_PAC_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -514,7 +505,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, /* And push it out again, this time to the world. This relies on determanistic pointer values */ ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx, - iconv_convenience, pac_data, (ndr_push_flags_fn_t)ndr_push_PAC_DATA); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -531,7 +521,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx, - struct smb_iconv_convenience *iconv_convenience, struct auth_serversupplied_info *server_info, krb5_context context, const krb5_keyblock *krbtgt_keyblock, @@ -644,7 +633,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, unix_to_nt_time(&LOGON_NAME->logon_time, tgs_authtime); ret = kerberos_encode_pac(mem_ctx, - iconv_convenience, pac_data, context, krbtgt_keyblock, @@ -655,7 +643,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, } krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx, - struct smb_iconv_convenience *iconv_convenience, krb5_pac pac, krb5_context context, struct auth_serversupplied_info **server_info) @@ -685,7 +672,7 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx, pac_logon_info_in = data_blob_const(k5pac_logon_info_in.data, k5pac_logon_info_in.length); - ndr_err = ndr_pull_union_blob(&pac_logon_info_in, tmp_ctx, iconv_convenience, &info, + ndr_err = ndr_pull_union_blob(&pac_logon_info_in, tmp_ctx, &info, PAC_TYPE_LOGON_INFO, (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO); krb5_data_free(&k5pac_logon_info_in); @@ -716,7 +703,7 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx, pac_srv_checksum_in = data_blob_const(k5pac_srv_checksum_in.data, k5pac_srv_checksum_in.length); ndr_err = ndr_pull_struct_blob(&pac_srv_checksum_in, server_info_out, - iconv_convenience, &server_info_out->pac_srv_sig, + &server_info_out->pac_srv_sig, (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA); krb5_data_free(&k5pac_srv_checksum_in); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -735,7 +722,7 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx, pac_kdc_checksum_in = data_blob_const(k5pac_kdc_checksum_in.data, k5pac_kdc_checksum_in.length); ndr_err = ndr_pull_struct_blob(&pac_kdc_checksum_in, server_info_out, - iconv_convenience, &server_info_out->pac_kdc_sig, + &server_info_out->pac_kdc_sig, (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA); krb5_data_free(&k5pac_kdc_checksum_in); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -752,7 +739,6 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx, NTSTATUS kerberos_pac_blob_to_server_info(TALLOC_CTX *mem_ctx, - struct smb_iconv_convenience *iconv_convenience, DATA_BLOB pac_blob, krb5_context context, struct auth_serversupplied_info **server_info) @@ -767,7 +753,7 @@ NTSTATUS kerberos_pac_blob_to_server_info(TALLOC_CTX *mem_ctx, } - ret = kerberos_pac_to_server_info(mem_ctx, iconv_convenience, pac, context, server_info); + ret = kerberos_pac_to_server_info(mem_ctx, pac, context, server_info); krb5_pac_free(context, pac); if (ret) { return map_nt_error_from_unix(ret); diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c index 173a895390..7406a94275 100644 --- a/source4/auth/ntlm/auth_winbind.c +++ b/source4/auth/ntlm/auth_winbind.c @@ -33,7 +33,7 @@ #include "nsswitch/libwbclient/wbclient.h" #include "libcli/security/dom_sid.h" -static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience, struct winbindd_response *response, struct netr_SamInfo3 *info3) +static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, struct netr_SamInfo3 *info3) { size_t len = response->length - sizeof(struct winbindd_response); if (len > 4) { @@ -43,7 +43,7 @@ static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct smb_iconv_conveni blob.data = (uint8_t *)(((char *)response->extra_data.data) + 4); ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, - iconv_convenience, info3, + info3, (ndr_pull_flags_fn_t)ndr_pull_netr_SamInfo3); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return ndr_map_error2ntstatus(ndr_err); @@ -57,7 +57,6 @@ static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct smb_iconv_conveni } static NTSTATUS get_info3_from_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, - struct smb_iconv_convenience *ic, struct wbcAuthUserInfo *info, struct netr_SamInfo3 *info3) { @@ -197,7 +196,7 @@ static NTSTATUS winbind_check_password_samba3(struct auth_method_context *ctx, if (result == NSS_STATUS_SUCCESS && response.extra_data.data) { union netr_Validation validation; - nt_status = get_info3_from_ndr(mem_ctx, lp_iconv_convenience(ctx->auth_ctx->lp_ctx), &response, &info3); + nt_status = get_info3_from_ndr(mem_ctx, &response, &info3); SAFE_FREE(response.extra_data.data); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -389,9 +388,7 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx, wbcFreeMemory(err); NT_STATUS_NOT_OK_RETURN(nt_status); } - nt_status = get_info3_from_wbcAuthUserInfo(mem_ctx, - lp_iconv_convenience(ctx->auth_ctx->lp_ctx), - info, &info3); + nt_status = get_info3_from_wbcAuthUserInfo(mem_ctx, info, &info3); wbcFreeMemory(info); NT_STATUS_NOT_OK_RETURN(nt_status); |