From 120ecdb5cb7dbd7c650f3e9fbcefb925f695e0f2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 20:56:26 +0100 Subject: r26233: Pass loadparm context when creating krb5 contexts. (This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4) --- source4/auth/auth.c | 2 +- source4/auth/auth_util.c | 3 ++- source4/auth/credentials/credentials_krb5.c | 16 +++++++++------- source4/auth/gensec/gensec_gssapi.c | 1 + source4/auth/kerberos/kerberos.h | 1 + source4/auth/kerberos/krb5_init_context.c | 11 ++++++----- source4/auth/kerberos/krb5_init_context.h | 2 ++ source4/dsdb/samdb/cracknames.c | 1 + source4/dsdb/samdb/ldb_modules/password_hash.c | 2 ++ source4/kdc/kdc.c | 2 +- source4/torture/auth/pac.c | 2 ++ 11 files changed, 28 insertions(+), 15 deletions(-) diff --git a/source4/auth/auth.c b/source4/auth/auth.c index b915a43e39..8e788ccca5 100644 --- a/source4/auth/auth.c +++ b/source4/auth/auth.c @@ -244,7 +244,7 @@ void auth_check_password_send(struct auth_context *auth_ctx, req->callback.private_data = private_data; if (!user_info->mapped_state) { - nt_status = map_user_info(req, user_info, &user_info_tmp); + nt_status = map_user_info(req, lp_workgroup(auth_ctx->lp_ctx), user_info, &user_info_tmp); if (!NT_STATUS_IS_OK(nt_status)) goto failed; user_info = user_info_tmp; req->user_info = user_info_tmp; diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index c3ecfece39..baecb15f1e 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -43,6 +43,7 @@ NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TAL ****************************************************************************/ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx, + const char *default_domain, const struct auth_usersupplied_info *user_info, struct auth_usersupplied_info **user_info_mapped) { @@ -73,7 +74,7 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx, d++; domain = d; } else { - domain = lp_workgroup(global_loadparm); + domain = default_domain; } *user_info_mapped = talloc(mem_ctx, struct auth_usersupplied_info); diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index edc10d77c9..7bfad689ef 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -26,8 +26,10 @@ #include "auth/kerberos/kerberos.h" #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_krb5.h" +#include "param/param.h" int cli_credentials_get_krb5_context(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, struct smb_krb5_context **smb_krb5_context) { int ret; @@ -37,7 +39,7 @@ int cli_credentials_get_krb5_context(struct cli_credentials *cred, } ret = smb_krb5_init_context(cred, cli_credentials_get_event_context(cred), - &cred->smb_krb5_context); + lp_ctx, &cred->smb_krb5_context); if (ret) { return ret; } @@ -139,7 +141,7 @@ int cli_credentials_set_ccache(struct cli_credentials *cred, return ENOMEM; } - ret = cli_credentials_get_krb5_context(cred, &ccc->smb_krb5_context); + ret = cli_credentials_get_krb5_context(cred, global_loadparm, &ccc->smb_krb5_context); if (ret) { talloc_free(ccc); return ret; @@ -213,7 +215,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred, struct ccach return ENOMEM; } - ret = cli_credentials_get_krb5_context(cred, &ccc->smb_krb5_context); + ret = cli_credentials_get_krb5_context(cred, global_loadparm, &ccc->smb_krb5_context); if (ret) { talloc_free(ccc); return ret; @@ -461,7 +463,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred, return EINVAL; } - ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context); + ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context); if (ret) { return ret; } @@ -507,7 +509,7 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred, return 0; } - ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context); + ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context); if (ret) { return ret; } @@ -545,7 +547,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred) return ENOMEM; } - ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context); + ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context); if (ret) { talloc_free(mem_ctx); return ret; @@ -585,7 +587,7 @@ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, return 0; } - ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context); + ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context); if (ret) { return ret; } diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 98d8a40672..fabdfb4308 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -239,6 +239,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) ret = smb_krb5_init_context(gensec_gssapi_state, gensec_security->event_ctx, + global_loadparm, &gensec_gssapi_state->smb_krb5_context); if (ret) { DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n", diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h index a3005b5019..f8fb6a4157 100644 --- a/source4/auth/kerberos/kerberos.h +++ b/source4/auth/kerberos/kerberos.h @@ -151,6 +151,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, krb5_principal client_principal, time_t tgs_authtime, DATA_BLOB *pac); +struct loadparm_context; #include "auth/kerberos/proto.h" diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 68e60dcdc5..9bcf8910d5 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -366,6 +366,7 @@ krb5_error_code smb_krb5_send_and_recv_func(krb5_context context, krb5_error_code smb_krb5_init_context(void *parent_ctx, struct event_context *ev, + struct loadparm_context *lp_ctx, struct smb_krb5_context **smb_krb5_context) { krb5_error_code ret; @@ -393,7 +394,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy_1); - config_file = config_path(tmp_ctx, global_loadparm, "krb5.conf"); + config_file = config_path(tmp_ctx, lp_ctx, "krb5.conf"); if (!config_file) { talloc_free(tmp_ctx); return ENOMEM; @@ -418,10 +419,10 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, return ret; } - if (lp_realm(global_loadparm) && *lp_realm(global_loadparm)) { - char *upper_realm = strupper_talloc(tmp_ctx, lp_realm(global_loadparm)); + if (lp_realm(lp_ctx) && *lp_realm(lp_ctx)) { + char *upper_realm = strupper_talloc(tmp_ctx, lp_realm(lp_ctx)); if (!upper_realm) { - DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(global_loadparm))); + DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(lp_ctx))); talloc_free(tmp_ctx); return ENOMEM; } @@ -473,7 +474,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, /* Set options in kerberos */ krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context, - lp_parm_bool(global_loadparm, NULL, "krb5", "set_dns_canonicalize", false)); + lp_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false)); return 0; } diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h index 1bad80357a..44771f2aec 100644 --- a/source4/auth/kerberos/krb5_init_context.h +++ b/source4/auth/kerberos/krb5_init_context.h @@ -23,7 +23,9 @@ struct smb_krb5_context { }; struct event_context; +struct loadparm_context; krb5_error_code smb_krb5_init_context(void *parent_ctx, struct event_context *ev, + struct loadparm_context *lp_ctx, struct smb_krb5_context **smb_krb5_context); void smb_krb5_free_context(struct smb_krb5_context *smb_krb5_context); diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index c5f1bdaffb..b8581275f5 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -358,6 +358,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, struct smb_krb5_context *smb_krb5_context; ret = smb_krb5_init_context(mem_ctx, (struct event_context *)ldb_get_opaque(sam_ctx, "EventContext"), + (struct loadparm_context *)ldb_get_opaque(sam_ctx, "loadparm"), &smb_krb5_context); if (ret) { diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index eecec6a55b..529b1aa96f 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1432,6 +1432,7 @@ static int password_hash_add_do_add(struct ldb_handle *h) { /* Some operations below require kerberos contexts */ if (smb_krb5_init_context(ac->down_req, ldb_get_opaque(h->module->ldb, "EventContext"), + (struct loadparm_context *)ldb_get_opaque(h->module->ldb, "loadparm"), &smb_krb5_context) != 0) { return LDB_ERR_OPERATIONS_ERROR; } @@ -1759,6 +1760,7 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { /* Some operations below require kerberos contexts */ if (smb_krb5_init_context(ac->mod_req, ldb_get_opaque(h->module->ldb, "EventContext"), + (struct loadparm_context *)ldb_get_opaque(h->module->ldb, "loadparm"), &smb_krb5_context) != 0) { return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index b24b58f8d4..6c1f20bf13 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -584,7 +584,7 @@ static void kdc_task_init(struct task_server *task) initialize_krb5_error_table(); - ret = smb_krb5_init_context(kdc, task->event_ctx, &kdc->smb_krb5_context); + ret = smb_krb5_init_context(kdc, task->event_ctx, task->lp_ctx, &kdc->smb_krb5_context); if (ret) { DEBUG(1,("kdc_task_init: krb5_init_context failed (%s)\n", error_message(ret))); diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c index baa3bdf39a..262cc70480 100644 --- a/source4/torture/auth/pac.c +++ b/source4/torture/auth/pac.c @@ -57,6 +57,7 @@ static bool torture_pac_self_check(struct torture_context *tctx) torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx, NULL, + global_loadparm, &smb_krb5_context), "smb_krb5_init_context"); @@ -285,6 +286,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx) TALLOC_CTX *mem_ctx = tctx; torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx, NULL, + global_loadparm, &smb_krb5_context), "smb_krb5_init_context"); -- cgit