diff options
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/auth_sam.c | 2 | ||||
| -rw-r--r-- | source4/auth/auth_simple.c | 2 | ||||
| -rw-r--r-- | source4/auth/credentials/credentials.c | 22 | ||||
| -rw-r--r-- | source4/auth/credentials/credentials.h | 16 | ||||
| -rw-r--r-- | source4/auth/credentials/credentials_files.c | 14 | ||||
| -rw-r--r-- | source4/auth/credentials/credentials_krb5.c | 35 | ||||
| -rw-r--r-- | source4/auth/credentials/credentials_krb5.h | 1 | ||||
| -rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 14 | ||||
| -rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 16 | ||||
| -rw-r--r-- | source4/auth/gensec/schannel.c | 5 | ||||
| -rw-r--r-- | source4/auth/gensec/schannel_state.c | 11 | ||||
| -rw-r--r-- | source4/auth/ntlmssp/ntlmssp_server.c | 2 | ||||
| -rw-r--r-- | source4/auth/sam.c | 3 | ||||
| -rw-r--r-- | source4/auth/session.c | 8 | ||||
| -rw-r--r-- | source4/auth/session.h | 3 |
15 files changed, 88 insertions, 66 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index 4b467cee75..731e489ba0 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -289,7 +289,7 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx return NT_STATUS_NO_MEMORY; } - sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx, ctx->auth_ctx->lp_ctx)); + sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx, ctx->auth_ctx->lp_ctx)); if (sam_ctx == NULL) { talloc_free(tmp_ctx); return NT_STATUS_INVALID_SYSTEM_SERVICE; diff --git a/source4/auth/auth_simple.c b/source4/auth/auth_simple.c index 50be02a353..e7039c3657 100644 --- a/source4/auth/auth_simple.c +++ b/source4/auth/auth_simple.c @@ -90,7 +90,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, } if (session_info) { - nt_status = auth_generate_session_info(tmp_ctx, lp_ctx, server_info, session_info); + nt_status = auth_generate_session_info(tmp_ctx, ev, lp_ctx, server_info, session_info); if (NT_STATUS_IS_OK(nt_status)) { talloc_steal(mem_ctx, *session_info); diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c index 89dddc9e05..bfed451689 100644 --- a/source4/auth/credentials/credentials.c +++ b/source4/auth/credentials/credentials.c @@ -65,7 +65,6 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) cred->tries = 3; cred->callback_running = false; - cred->ev = NULL; cli_credentials_set_kerberos_state(cred, CRED_AUTO_USE_KERBEROS); cli_credentials_set_gensec_features(cred, 0); @@ -675,7 +674,7 @@ _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred, } if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) { - cli_credentials_set_ccache(cred, lp_ctx, NULL, CRED_GUESS_FILE); + cli_credentials_set_ccache(cred, event_context_find(cred), lp_ctx, NULL, CRED_GUESS_FILE); } } @@ -775,22 +774,3 @@ _PUBLIC_ bool cli_credentials_wrong_password(struct cli_credentials *cred) return (cred->tries > 0); } - -/* - set the common event context for this set of credentials - */ -_PUBLIC_ void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev) -{ - cred->ev = ev; -} - -/* - set the common event context for this set of credentials - */ -_PUBLIC_ struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred) -{ - if (cred->ev == NULL) { - cred->ev = event_context_find(cred); - } - return cred->ev; -} diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index afcb300638..2514b5b1ce 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -26,6 +26,7 @@ #include "librpc/gen_ndr/misc.h" struct ccache_container; +struct event_context; /* In order of priority */ enum credentials_obtained { @@ -121,9 +122,6 @@ struct cli_credentials { /* Whether any callback is currently running */ bool callback_running; - - /* an event context for anyone wanting to use the credentials */ - struct event_context *ev; }; struct ldb_context; @@ -152,12 +150,15 @@ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_ const char *cli_credentials_get_realm(struct cli_credentials *cred); const char *cli_credentials_get_username(struct cli_credentials *cred); int cli_credentials_get_krb5_context(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct smb_krb5_context **smb_krb5_context); int cli_credentials_get_ccache(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct ccache_container **ccc); int cli_credentials_get_keytab(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct keytab_container **_ktc); const char *cli_credentials_get_domain(struct cli_credentials *cred); @@ -168,15 +169,15 @@ void cli_credentials_set_conf(struct cli_credentials *cred, struct loadparm_context *lp_ctx); const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx); int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc); int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc); -void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev); void cli_credentials_set_kerberos_state(struct cli_credentials *creds, enum credentials_use_kerberos use_kerberos); -struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred); bool cli_credentials_set_domain(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained); @@ -199,6 +200,7 @@ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, struct smb_krb5_context *smb_krb5_context); NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, const char *serviceprincipal); NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred, @@ -220,14 +222,17 @@ bool cli_credentials_set_nt_hash(struct cli_credentials *cred, const struct samr_Password *nt_hash, enum credentials_obtained obtained); int cli_credentials_set_keytab_name(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, const char *keytab_name, enum credentials_obtained obtained); int cli_credentials_update_keytab(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx); void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features); uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds); int cli_credentials_set_ccache(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, const char *name, enum credentials_obtained obtained); @@ -239,6 +244,7 @@ void cli_credentials_invalidate_ccache(struct cli_credentials *cred, void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal); enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds); NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct ldb_context *ldb, const char *base, diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index 1bbdf8a5ad..ab76ea2cde 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -30,6 +30,7 @@ #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" #include "param/param.h" +#include "lib/events/events.h" /** * Read a file descriptor, and parse it for a password (eg from a file or stdin) @@ -169,6 +170,7 @@ _PUBLIC_ bool cli_credentials_parse_file(struct cli_credentials *cred, const cha * @retval NTSTATUS error detailing any failure */ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct ldb_context *ldb, const char *base, @@ -305,13 +307,13 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, * (chewing CPU time) from the password */ keytab = ldb_msg_find_attr_as_string(msgs[0], "krb5Keytab", NULL); if (keytab) { - cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED); + cli_credentials_set_keytab_name(cred, event_ctx, lp_ctx, keytab, CRED_SPECIFIED); } else { keytab = ldb_msg_find_attr_as_string(msgs[0], "privateKeytab", NULL); if (keytab) { keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, lp_ctx, keytab)); if (keytab) { - cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED); + cli_credentials_set_keytab_name(cred, event_ctx, lp_ctx, keytab, CRED_SPECIFIED); } } } @@ -336,7 +338,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr cred->machine_account_pending = false; filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, cli_credentials_get_domain(cred)); - return cli_credentials_set_secrets(cred, lp_ctx, NULL, + return cli_credentials_set_secrets(cred, event_context_find(cred), lp_ctx, NULL, SECRETS_PRIMARY_DOMAIN_DN, filter); } @@ -348,6 +350,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr * @retval NTSTATUS error detailing any failure */ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx) { char *filter; @@ -358,7 +361,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred, filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH, cli_credentials_get_realm(cred), cli_credentials_get_domain(cred)); - return cli_credentials_set_secrets(cred, lp_ctx, NULL, + return cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL, SECRETS_PRINCIPALS_DN, filter); } @@ -370,6 +373,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred, * @retval NTSTATUS error detailing any failure */ _PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, const char *serviceprincipal) { @@ -382,7 +386,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *c cli_credentials_get_realm(cred), cli_credentials_get_domain(cred), serviceprincipal); - return cli_credentials_set_secrets(cred, lp_ctx, NULL, + return cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL, SECRETS_PRINCIPALS_DN, filter); } diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index cd9285b09d..3bc1764448 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -30,6 +30,7 @@ #include "param/param.h" _PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct smb_krb5_context **smb_krb5_context) { @@ -39,8 +40,7 @@ _PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred, return 0; } - ret = smb_krb5_init_context(cred, cli_credentials_get_event_context(cred), - lp_ctx, &cred->smb_krb5_context); + ret = smb_krb5_init_context(cred, event_ctx, lp_ctx, &cred->smb_krb5_context); if (ret) { cred->smb_krb5_context = NULL; return ret; @@ -128,6 +128,7 @@ static int free_dccache(struct ccache_container *ccc) { } _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, const char *name, enum credentials_obtained obtained) @@ -144,7 +145,7 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred, return ENOMEM; } - ret = cli_credentials_get_krb5_context(cred, lp_ctx, + ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &ccc->smb_krb5_context); if (ret) { talloc_free(ccc); @@ -203,6 +204,7 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred, static int cli_credentials_new_ccache(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct ccache_container **_ccc) { @@ -221,7 +223,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred, return ENOMEM; } - ret = cli_credentials_get_krb5_context(cred, lp_ctx, + ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &ccc->smb_krb5_context); if (ret) { talloc_free(ccc); @@ -253,6 +255,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred, } _PUBLIC_ int cli_credentials_get_ccache(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct ccache_container **ccc) { @@ -271,7 +274,7 @@ _PUBLIC_ int cli_credentials_get_ccache(struct cli_credentials *cred, return EINVAL; } - ret = cli_credentials_new_ccache(cred, lp_ctx, ccc); + ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, ccc); if (ret) { return ret; } @@ -348,6 +351,7 @@ static int free_gssapi_creds(struct gssapi_creds_container *gcc) } _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc) { @@ -360,7 +364,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, *_gcc = cred->client_gss_creds; return 0; } - ret = cli_credentials_get_ccache(cred, lp_ctx, + ret = cli_credentials_get_ccache(cred, event_ctx, lp_ctx, &ccache); if (ret) { DEBUG(1, ("Failed to get CCACHE for GSSAPI client: %s\n", error_message(ret))); @@ -402,6 +406,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, */ int cli_credentials_set_client_gss_creds(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, gss_cred_id_t gssapi_cred, enum credentials_obtained obtained) @@ -419,7 +424,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, return ENOMEM; } - ret = cli_credentials_new_ccache(cred, lp_ctx, &ccc); + ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, &ccc); if (ret != 0) { return ret; } @@ -456,6 +461,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, * it will be generated from the password. */ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct keytab_container **_ktc) { @@ -475,7 +481,7 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred, return EINVAL; } - ret = cli_credentials_get_krb5_context(cred, lp_ctx, + ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context); if (ret) { return ret; @@ -510,6 +516,7 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred, * FILE:/etc/krb5.keytab), open it and attach it */ _PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, const char *keytab_name, enum credentials_obtained obtained) @@ -523,7 +530,7 @@ _PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred, return 0; } - ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context); + ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context); if (ret) { return ret; } @@ -549,6 +556,7 @@ _PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred, } _PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx) { krb5_error_code ret; @@ -562,7 +570,7 @@ _PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred, return ENOMEM; } - ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context); + ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context); if (ret) { talloc_free(mem_ctx); return ret; @@ -570,7 +578,7 @@ _PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred, enctype_strings = cli_credentials_get_enctype_strings(cred); - ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc); + ret = cli_credentials_get_keytab(cred, event_ctx, lp_ctx, &ktc); if (ret != 0) { talloc_free(mem_ctx); return ret; @@ -585,6 +593,7 @@ _PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred, /* Get server gss credentials (in gsskrb5, this means the keytab) */ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc) { @@ -603,12 +612,12 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, return 0; } - ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context); + ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context); if (ret) { return ret; } - ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc); + ret = cli_credentials_get_keytab(cred, event_ctx, lp_ctx, &ktc); if (ret) { DEBUG(1, ("Failed to get keytab for GSSAPI server: %s\n", error_message(ret))); return ret; diff --git a/source4/auth/credentials/credentials_krb5.h b/source4/auth/credentials/credentials_krb5.h index aaa7d7f0da..f672b0ad9a 100644 --- a/source4/auth/credentials/credentials_krb5.h +++ b/source4/auth/credentials/credentials_krb5.h @@ -32,6 +32,7 @@ struct gssapi_creds_container { /* Manually prototyped here to avoid needing gss headers in most callers */ int cli_credentials_set_client_gss_creds(struct cli_credentials *cred, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, gss_cred_id_t gssapi_cred, enum credentials_obtained obtained); diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index e7dcb4ea68..cc0d40469e 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -273,7 +273,9 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi DEBUG(3, ("No machine account credentials specified\n")); return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } else { - ret = cli_credentials_get_server_gss_creds(machine_account, gensec_security->lp_ctx, &gcc); + ret = cli_credentials_get_server_gss_creds(machine_account, + gensec_security->event_ctx, + gensec_security->lp_ctx, &gcc); if (ret) { DEBUG(1, ("Aquiring acceptor credentials failed: %s\n", error_message(ret))); @@ -359,7 +361,9 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi return NT_STATUS_INVALID_PARAMETER; } - ret = cli_credentials_get_client_gss_creds(creds, gensec_security->lp_ctx, &gcc); + ret = cli_credentials_get_client_gss_creds(creds, + gensec_security->event_ctx, + gensec_security->lp_ctx, &gcc); switch (ret) { case 0: break; @@ -1323,7 +1327,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } else if (!lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) { DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n", gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid))); - nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string, + nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { @@ -1338,7 +1342,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } /* references the server_info into the session_info */ - nt_status = auth_generate_session_info(mem_ctx, gensec_security->lp_ctx, server_info, &session_info); + nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); return nt_status; @@ -1361,12 +1365,12 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi return NT_STATUS_NO_MEMORY; } - cli_credentials_set_event_context(session_info->credentials, gensec_security->event_ctx); cli_credentials_set_conf(session_info->credentials, gensec_security->lp_ctx); /* Just so we don't segfault trying to get at a username */ cli_credentials_set_anonymous(session_info->credentials); ret = cli_credentials_set_client_gss_creds(session_info->credentials, + gensec_security->event_ctx, gensec_security->lp_ctx, gensec_gssapi_state->delegated_cred_handle, CRED_SPECIFIED); diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index ae601b19c2..47df2ccfcc 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -118,7 +118,9 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy); - if (cli_credentials_get_krb5_context(creds, gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) { + if (cli_credentials_get_krb5_context(creds, + gensec_security->event_ctx, + gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) { talloc_free(gensec_krb5_state); return NT_STATUS_INTERNAL_ERROR; } @@ -248,7 +250,9 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security principal = gensec_get_target_principal(gensec_security); - ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &ccache_container); + ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), + gensec_security->event_ctx, + gensec_security->lp_ctx, &ccache_container); switch (ret) { case 0: break; @@ -446,7 +450,9 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, } /* Grab the keytab, however generated */ - ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &keytab); + ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), + gensec_security->event_ctx, + gensec_security->lp_ctx, &keytab); if (ret) { return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } @@ -597,7 +603,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); - nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string, + nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string, &server_info); krb5_free_principal(context, client_principal); free(principal_string); @@ -645,7 +651,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security } /* references the server_info into the session_info */ - nt_status = auth_generate_session_info(mem_ctx, gensec_security->lp_ctx, server_info, &session_info); + nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index b3117ee9b2..f21202b86f 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -125,7 +125,8 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ } /* pull the session key for this client */ - status = schannel_fetch_session_key(out_mem_ctx, gensec_security->lp_ctx, workstation, + status = schannel_fetch_session_key(out_mem_ctx, gensec_security->event_ctx, + gensec_security->lp_ctx, workstation, domain, &creds); if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n", @@ -189,7 +190,7 @@ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security, struct auth_session_info **_session_info) { struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); - return auth_anonymous_session_info(state, gensec_security->lp_ctx, _session_info); + return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->lp_ctx, _session_info); } static NTSTATUS schannel_start(struct gensec_security *gensec_security) diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 0c7c509954..0f7c4ca11d 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -32,7 +32,8 @@ /** connect to the schannel ldb */ -struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct event_context *ev_ctx, + struct loadparm_context *lp_ctx) { char *path; struct ldb_context *ldb; @@ -49,7 +50,7 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_con existed = file_exist(path); - ldb = ldb_wrap_connect(mem_ctx, lp_ctx, path, + ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, path, system_session(mem_ctx, lp_ctx), NULL, LDB_FLG_NOSYNC, NULL); talloc_free(path); @@ -137,6 +138,7 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx, } NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, + struct event_context *ev_ctx, struct loadparm_context *lp_ctx, struct creds_CredentialState *creds) { @@ -144,7 +146,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; int ret; - ldb = schannel_db_connect(mem_ctx, lp_ctx); + ldb = schannel_db_connect(mem_ctx, ev_ctx, lp_ctx); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } @@ -268,6 +270,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, } NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, + struct event_context *ev_ctx, struct loadparm_context *lp_ctx, const char *computer_name, const char *domain, @@ -276,7 +279,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; struct ldb_context *ldb; - ldb = schannel_db_connect(mem_ctx, lp_ctx); + ldb = schannel_db_connect(mem_ctx, ev_ctx, lp_ctx); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 12802b7e79..d8ef2a20b8 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -725,7 +725,7 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security, NTSTATUS nt_status; struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; - nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->lp_ctx, gensec_ntlmssp_state->server_info, session_info); + nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->lp_ctx, gensec_ntlmssp_state->server_info, session_info); NT_STATUS_NOT_OK_RETURN(nt_status); (*session_info)->session_key = data_blob_talloc(*session_info, diff --git a/source4/auth/sam.c b/source4/auth/sam.c index ed44754993..a2090afcdc 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -428,6 +428,7 @@ NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx, /* Used in the gensec_gssapi and gensec_krb5 server-side code, where the PAC isn't available */ NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, const char *principal, struct auth_serversupplied_info **server_info) @@ -445,7 +446,7 @@ NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - sam_ctx = samdb_connect(tmp_ctx, lp_ctx, system_session(tmp_ctx, lp_ctx)); + sam_ctx = samdb_connect(tmp_ctx, event_ctx, lp_ctx, system_session(tmp_ctx, lp_ctx)); if (sam_ctx == NULL) { talloc_free(tmp_ctx); return NT_STATUS_INVALID_SYSTEM_SERVICE; diff --git a/source4/auth/session.c b/source4/auth/session.c index 112eac95d8..8f5e8d6c56 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -31,11 +31,12 @@ #include "auth/session_proto.h" _PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, + struct event_context *event_ctx, struct loadparm_context *lp_ctx) { NTSTATUS nt_status; struct auth_session_info *session_info = NULL; - nt_status = auth_anonymous_session_info(mem_ctx, lp_ctx, &session_info); + nt_status = auth_anonymous_session_info(mem_ctx, event_ctx, lp_ctx, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { return NULL; } @@ -43,6 +44,7 @@ _PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, } _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct auth_session_info **_session_info) { @@ -60,7 +62,7 @@ _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, } /* references the server_info into the session_info */ - nt_status = auth_generate_session_info(parent_ctx, lp_ctx, server_info, &session_info); + nt_status = auth_generate_session_info(parent_ctx, event_ctx, lp_ctx, server_info, &session_info); talloc_free(mem_ctx); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -151,6 +153,7 @@ _PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, } _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct auth_serversupplied_info *server_info, struct auth_session_info **_session_info) @@ -168,6 +171,7 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, session_info->session_key = server_info->user_session_key; nt_status = security_token_create(session_info, + event_ctx, lp_ctx, server_info->account_sid, server_info->primary_group_sid, diff --git a/source4/auth/session.h b/source4/auth/session.h index 87fc47791a..9b5fba7f39 100644 --- a/source4/auth/session.h +++ b/source4/auth/session.h @@ -36,6 +36,7 @@ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, const char *netbios_name, struct auth_serversupplied_info **_server_info) ; NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, + struct event_context *event_ctx, struct loadparm_context *lp_ctx, struct auth_serversupplied_info *server_info, struct auth_session_info **_session_info) ; @@ -46,10 +47,12 @@ NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx, union netr_Validation *validation, struct auth_serversupplied_info **_server_info); NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, + struct event_context *ev_ctx, struct loadparm_context *lp_ctx, struct auth_session_info **_session_info); struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, + struct event_context *event_ctx, struct loadparm_context *lp_ctx); |