diff options
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/config.mk | 5 | ||||
-rw-r--r-- | source4/auth/credentials/config.mk | 6 | ||||
-rw-r--r-- | source4/auth/gensec/config.mk | 2 | ||||
-rw-r--r-- | source4/auth/gensec/schannel_state.c | 65 | ||||
-rw-r--r-- | source4/auth/gensec/socket.c | 20 | ||||
-rw-r--r-- | source4/auth/kerberos/krb5_init_context.c | 20 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_server.c | 1 |
7 files changed, 86 insertions, 33 deletions
diff --git a/source4/auth/config.mk b/source4/auth/config.mk index b238caa2e5..baf4346b4a 100644 --- a/source4/auth/config.mk +++ b/source4/auth/config.mk @@ -36,11 +36,10 @@ auth_sam_reply_OBJ_FILES = $(addprefix $(authsrcdir)/, auth_sam_reply.o) $(eval $(call proto_header_template,$(authsrcdir)/auth_sam_reply.h,$(auth_sam_reply_OBJ_FILES:.o=.c))) -[PYTHON::swig_auth] +[PYTHON::pyauth] LIBRARY_REALNAME = samba/auth.$(SHLIBEXT) PUBLIC_DEPENDENCIES = auth_system_session PRIVATE_DEPENDENCIES = SAMDB PYTALLOC param -swig_auth_OBJ_FILES = $(authsrcdir)/pyauth.o +pyauth_OBJ_FILES = $(authsrcdir)/pyauth.o -$(swig_auth_OBJ_FILES): CFLAGS+=$(CFLAG_NO_CAST_QUAL) diff --git a/source4/auth/credentials/config.mk b/source4/auth/credentials/config.mk index e4d14dde58..2402c732b3 100644 --- a/source4/auth/credentials/config.mk +++ b/source4/auth/credentials/config.mk @@ -13,10 +13,8 @@ $(eval $(call proto_header_template,$(authsrcdir)/credentials/credentials_proto. PUBLIC_HEADERS += $(authsrcdir)/credentials/credentials.h -[PYTHON::swig_credentials] +[PYTHON::pycredentials] LIBRARY_REALNAME = samba/credentials.$(SHLIBEXT) PUBLIC_DEPENDENCIES = CREDENTIALS LIBCMDLINE_CREDENTIALS PYTALLOC param -swig_credentials_OBJ_FILES = $(authsrcdir)/credentials/pycredentials.o - -$(swig_credentials_OBJ_FILES): CFLAGS+=$(CFLAG_NO_CAST_QUAL) +pycredentials_OBJ_FILES = $(authsrcdir)/credentials/pycredentials.o diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk index 3c2fa51f78..3d13ce7f6d 100644 --- a/source4/auth/gensec/config.mk +++ b/source4/auth/gensec/config.mk @@ -78,7 +78,7 @@ $(eval $(call proto_header_template,$(gensecsrcdir)/schannel_proto.h,$(gensec_sc ################################################ # Start SUBSYSTEM SCHANNELDB [SUBSYSTEM::SCHANNELDB] -PRIVATE_DEPENDENCIES = LDB_WRAP SAMDB +PRIVATE_DEPENDENCIES = LDB_WRAP # End SUBSYSTEM SCHANNELDB ################################################ diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index d86b1f2b9c..ca8537cac9 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -20,10 +20,8 @@ */ #include "includes.h" -#include "lib/events/events.h" #include "lib/ldb/include/ldb.h" -#include "lib/ldb/include/ldb_errors.h" -#include "dsdb/samdb/samdb.h" +#include "librpc/gen_ndr/ndr_security.h" #include "ldb_wrap.h" #include "../lib/util/util_ldb.h" #include "libcli/auth/libcli_auth.h" @@ -31,6 +29,45 @@ #include "param/param.h" #include "auth/gensec/schannel_state.h" +static struct ldb_val *schannel_dom_sid_ldb_val(TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *smbiconv, + struct dom_sid *sid) +{ + enum ndr_err_code ndr_err; + struct ldb_val *v; + + v = talloc(mem_ctx, struct ldb_val); + if (!v) return NULL; + + ndr_err = ndr_push_struct_blob(v, mem_ctx, smbiconv, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(v); + return NULL; + } + + return v; +} + +static struct dom_sid *schannel_ldb_val_dom_sid(TALLOC_CTX *mem_ctx, + const struct ldb_val *v) +{ + enum ndr_err_code ndr_err; + struct dom_sid *sid; + + sid = talloc(mem_ctx, struct dom_sid); + if (!sid) return NULL; + + ndr_err = ndr_pull_struct_blob(v, sid, NULL, sid, + (ndr_pull_flags_fn_t)ndr_pull_dom_sid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(sid); + return NULL; + } + return sid; +} + + /** connect to the schannel ldb */ @@ -77,6 +114,8 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx, { struct ldb_message *msg; struct ldb_val val, seed, client_state, server_state; + struct smb_iconv_convenience *smbiconv; + struct ldb_val *sid_val; char *f; char *sct; int ret; @@ -103,6 +142,12 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } + smbiconv = lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")); + sid_val = schannel_dom_sid_ldb_val(msg, smbiconv, creds->sid); + if (sid_val == NULL) { + return NT_STATUS_NO_MEMORY; + } + val.data = creds->session_key; val.length = sizeof(creds->session_key); @@ -124,7 +169,7 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx, ldb_msg_add_string(msg, "accountName", creds->account_name); ldb_msg_add_string(msg, "computerName", creds->computer_name); ldb_msg_add_string(msg, "flatname", creds->domain); - samdb_msg_add_dom_sid(ldb, mem_ctx, msg, "objectSid", creds->sid); + ldb_msg_add_value(msg, "objectSid", sid_val, NULL); ldb_delete(ldb, msg->dn); @@ -265,7 +310,17 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - (*creds)->sid = samdb_result_dom_sid(*creds, res->msgs[0], "objectSid"); + val = ldb_msg_find_ldb_val(res->msgs[0], "objectSid"); + if (val == NULL) { + DEBUG(1,("schannel: missing ObjectSid for client: %s\n", computer_name)); + talloc_free(res); + return NT_STATUS_INTERNAL_ERROR; + } + (*creds)->sid = schannel_ldb_val_dom_sid(*creds, val); + if ((*creds)->sid == NULL) { + talloc_free(res); + return NT_STATUS_INTERNAL_ERROR; + } talloc_free(res); return NT_STATUS_OK; diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c index a338797ecf..6a03f0bcec 100644 --- a/source4/auth/gensec/socket.c +++ b/source4/auth/gensec/socket.c @@ -158,9 +158,9 @@ NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security, return packet_full_request_u32(NULL, blob, size); } -static NTSTATUS gensec_socket_full_request(void *private, DATA_BLOB blob, size_t *size) +static NTSTATUS gensec_socket_full_request(void *private_data, DATA_BLOB blob, size_t *size) { - struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket); + struct gensec_socket *gensec_socket = talloc_get_type(private_data, struct gensec_socket); struct gensec_security *gensec_security = gensec_socket->gensec_security; return gensec_packet_full_request(gensec_security, blob, size); } @@ -187,9 +187,9 @@ static NTSTATUS gensec_socket_pending(struct socket_context *sock, size_t *npend } /* Note if an error occours, so we can return it up the stack */ -static void gensec_socket_error_handler(void *private, NTSTATUS status) +static void gensec_socket_error_handler(void *private_data, NTSTATUS status) { - struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket); + struct gensec_socket *gensec_socket = talloc_get_type(private_data, struct gensec_socket); if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) { gensec_socket->eof = true; } else { @@ -199,9 +199,9 @@ static void gensec_socket_error_handler(void *private, NTSTATUS status) static void gensec_socket_trigger_read(struct tevent_context *ev, struct tevent_timer *te, - struct timeval t, void *private) + struct timeval t, void *private_data) { - struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket); + struct gensec_socket *gensec_socket = talloc_get_type(private_data, struct gensec_socket); gensec_socket->in_extra_read++; gensec_socket->recv_handler(gensec_socket->recv_private, EVENT_FD_READ); @@ -287,9 +287,9 @@ static NTSTATUS gensec_socket_recv(struct socket_context *sock, void *buf, * * This function (and anything under it) MUST NOT call the event system */ -static NTSTATUS gensec_socket_unwrap(void *private, DATA_BLOB blob) +static NTSTATUS gensec_socket_unwrap(void *private_data, DATA_BLOB blob) { - struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket); + struct gensec_socket *gensec_socket = talloc_get_type(private_data, struct gensec_socket); DATA_BLOB unwrapped; NTSTATUS nt_status; TALLOC_CTX *mem_ctx; @@ -329,9 +329,9 @@ static NTSTATUS gensec_socket_unwrap(void *private, DATA_BLOB blob) } /* when the data is sent, we know we have not been interrupted */ -static void send_callback(void *private) +static void send_callback(void *private_data) { - struct gensec_socket *gensec_socket = talloc_get_type(private, struct gensec_socket); + struct gensec_socket *gensec_socket = talloc_get_type(private_data, struct gensec_socket); gensec_socket->interrupted = false; } diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 6e885842f3..04f0718a62 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -65,11 +65,11 @@ static krb5_error_code smb_krb5_context_destroy_2(struct smb_krb5_context *ctx) } /* We never close down the DEBUG system, and no need to unreference the use */ -static void smb_krb5_debug_close(void *private) { +static void smb_krb5_debug_close(void *private_data) { return; } -static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private) +static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private_data) { DEBUG(2, ("Kerberos: %s\n", msg)); } @@ -117,9 +117,9 @@ static void smb_krb5_socket_recv(struct smb_krb5_socket *smb_krb5) talloc_free(tmp_ctx); } -static NTSTATUS smb_krb5_full_packet(void *private, DATA_BLOB data) +static NTSTATUS smb_krb5_full_packet(void *private_data, DATA_BLOB data) { - struct smb_krb5_socket *smb_krb5 = talloc_get_type(private, struct smb_krb5_socket); + struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket); talloc_steal(smb_krb5, data.data); smb_krb5->reply = data; smb_krb5->reply.length -= 4; @@ -132,16 +132,16 @@ static NTSTATUS smb_krb5_full_packet(void *private, DATA_BLOB data) */ static void smb_krb5_request_timeout(struct tevent_context *event_ctx, struct tevent_timer *te, struct timeval t, - void *private) + void *private_data) { - struct smb_krb5_socket *smb_krb5 = talloc_get_type(private, struct smb_krb5_socket); + struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket); DEBUG(5,("Timed out smb_krb5 packet\n")); smb_krb5->status = NT_STATUS_IO_TIMEOUT; } -static void smb_krb5_error_handler(void *private, NTSTATUS status) +static void smb_krb5_error_handler(void *private_data, NTSTATUS status) { - struct smb_krb5_socket *smb_krb5 = talloc_get_type(private, struct smb_krb5_socket); + struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket); smb_krb5->status = status; } @@ -170,9 +170,9 @@ static void smb_krb5_socket_send(struct smb_krb5_socket *smb_krb5) handle fd events on a smb_krb5_socket */ static void smb_krb5_socket_handler(struct tevent_context *ev, struct tevent_fd *fde, - uint16_t flags, void *private) + uint16_t flags, void *private_data) { - struct smb_krb5_socket *smb_krb5 = talloc_get_type(private, struct smb_krb5_socket); + struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket); switch (smb_krb5->hi->proto) { case KRB5_KRBHST_UDP: if (flags & TEVENT_FD_READ) { diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 37cc5f318f..30bf159df1 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -22,6 +22,7 @@ */ #include "includes.h" +#include "system/network.h" #include "auth/ntlmssp/ntlmssp.h" #include "auth/ntlmssp/msrpc_parse.h" #include "../lib/crypto/crypto.h" |