From 7cabdeb7ec84c7c0b3e9b907e19f4e240b7fc4ca Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 29 Mar 2005 08:24:03 +0000 Subject: r6113: Move GENSEC and the kerberos code out of libcli/auth, and into auth/gensec and auth/kerberos. This also pulls the kerberos configure code out of libads (which is otherwise dead), and into auth/kerberos/kerberos.m4 Andrew Bartlett (This used to be commit e074d63f3dcf4f84239a10879112ebaf1cfa6c4f) --- source4/auth/gensec/schannel_state.c | 229 +++++++++++++++++++++++++++++++++++ 1 file changed, 229 insertions(+) create mode 100644 source4/auth/gensec/schannel_state.c (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c new file mode 100644 index 0000000000..b2d632a1f0 --- /dev/null +++ b/source4/auth/gensec/schannel_state.c @@ -0,0 +1,229 @@ +/* + Unix SMB/CIFS implementation. + + module to store/fetch session keys for the schannel server + + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "system/time.h" +#include "auth/auth.h" +#include "lib/ldb/include/ldb.h" +#include "db_wrap.h" + +/* a reasonable amount of time to keep credentials live */ +#define SCHANNEL_CREDENTIALS_EXPIRY 600 + +/* + connect to the schannel ldb +*/ +static struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) +{ + char *path; + struct ldb_context *ldb; + + path = smbd_tmp_path(mem_ctx, "schannel.ldb"); + if (!path) { + return NULL; + } + + ldb = ldb_wrap_connect(mem_ctx, path, 0, NULL); + talloc_free(path); + if (!ldb) { + return NULL; + } + + return ldb; +} + +/* + remember an established session key for a netr server authentication + use a simple ldb structure +*/ +NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, + struct creds_CredentialState *creds) +{ + struct ldb_context *ldb; + struct ldb_message *msg; + struct ldb_val val, seed; + char *s; + char *f; + char *sct; + char *rid; + time_t expiry = time(NULL) + SCHANNEL_CREDENTIALS_EXPIRY; + int ret; + + ldb = schannel_db_connect(mem_ctx); + if (ldb == NULL) { + return NT_STATUS_NO_MEMORY; + } + + s = talloc_asprintf(mem_ctx, "%u", (unsigned int)expiry); + + if (s == NULL) { + talloc_free(ldb); + return NT_STATUS_NO_MEMORY; + } + + f = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->negotiate_flags); + + if (f == NULL) { + talloc_free(ldb); + return NT_STATUS_NO_MEMORY; + } + + sct = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->secure_channel_type); + + if (sct == NULL) { + talloc_free(ldb); + return NT_STATUS_NO_MEMORY; + } + + rid = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->rid); + + if (rid == NULL) { + talloc_free(ldb); + return NT_STATUS_NO_MEMORY; + } + + msg = ldb_msg_new(mem_ctx); + if (msg == NULL) { + talloc_free(ldb); + return NT_STATUS_NO_MEMORY; + } + + msg->dn = talloc_asprintf(msg, "computerName=%s", creds->computer_name); + if (msg->dn == NULL) { + talloc_free(ldb); + talloc_free(msg); + return NT_STATUS_NO_MEMORY; + } + + val.data = creds->session_key; + val.length = sizeof(creds->session_key); + + seed.data = creds->seed.data; + seed.length = sizeof(creds->seed.data); + + ldb_msg_add_value(ldb, msg, "sessionKey", &val); + ldb_msg_add_value(ldb, msg, "seed", &seed); + ldb_msg_add_string(ldb, msg, "expiry", s); + ldb_msg_add_string(ldb, msg, "negotiateFlags", f); + ldb_msg_add_string(ldb, msg, "secureChannelType", sct); + ldb_msg_add_string(ldb, msg, "accountName", creds->account_name); + ldb_msg_add_string(ldb, msg, "computerName", creds->computer_name); + ldb_msg_add_string(ldb, msg, "flatname", creds->domain); + ldb_msg_add_string(ldb, msg, "rid", rid); + + ldb_delete(ldb, msg->dn); + + ret = ldb_add(ldb, msg); + + talloc_free(s); + + if (ret != 0) { + DEBUG(0,("Unable to add %s to session key db - %s\n", + msg->dn, ldb_errstring(ldb))); + talloc_free(ldb); + talloc_free(msg); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + talloc_free(msg); + talloc_free(ldb); + + return NT_STATUS_OK; +} + + +/* + read back a credentials back for a computer +*/ +NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, + const char *computer_name, + const char *domain, + struct creds_CredentialState **creds) +{ + struct ldb_context *ldb; + time_t expiry; + struct ldb_message **res; + int ret; + const struct ldb_val *val; + char *expr=NULL; + + *creds = talloc_zero(mem_ctx, struct creds_CredentialState); + if (!*creds) { + return NT_STATUS_NO_MEMORY; + } + + ldb = schannel_db_connect(mem_ctx); + if (ldb == NULL) { + return NT_STATUS_NO_MEMORY; + } + + expr = talloc_asprintf(mem_ctx, "(&(computerName=%s)(flatname=%s))", computer_name, domain); + if (expr == NULL) { + talloc_free(ldb); + return NT_STATUS_NO_MEMORY; + } + + ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res); + if (ret != 1) { + talloc_free(ldb); + return NT_STATUS_INVALID_HANDLE; + } + + expiry = ldb_msg_find_uint(res[0], "expiry", 0); + if (expiry < time(NULL)) { + DEBUG(1,("schannel: attempt to use expired session key for %s\n", computer_name)); + talloc_free(ldb); + return NT_STATUS_INVALID_HANDLE; + } + + val = ldb_msg_find_ldb_val(res[0], "sessionKey"); + if (val == NULL || val->length != 16) { + talloc_free(ldb); + return NT_STATUS_INVALID_HANDLE; + } + + memcpy((*creds)->session_key, val->data, 16); + + val = ldb_msg_find_ldb_val(res[0], "seed"); + if (val == NULL || val->length != 8) { + talloc_free(ldb); + return NT_STATUS_INVALID_HANDLE; + } + + memcpy((*creds)->seed.data, val->data, 8); + + (*creds)->negotiate_flags = ldb_msg_find_int(res[0], "negotiateFlags", 0); + + (*creds)->secure_channel_type = ldb_msg_find_int(res[0], "secureChannelType", 0); + + (*creds)->account_name = talloc_reference(*creds, ldb_msg_find_string(res[0], "accountName", NULL)); + + (*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_string(res[0], "computerName", NULL)); + + (*creds)->domain = talloc_reference(*creds, ldb_msg_find_string(res[0], "flatname", NULL)); + + (*creds)->rid = ldb_msg_find_uint(res[0], "rid", 0); + + talloc_free(ldb); + + return NT_STATUS_OK; +} -- cgit From 9bf2c694010ae9b2773bfe738a1f88c4b6693e48 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 14 Apr 2005 08:24:36 +0000 Subject: r6340: - added an easy to use function to initialise a temporary ldb with some ldif - init the schannel.ldb with some CASE_INSENSITIVE attributes (This used to be commit e6376b24303dc513e15c7e640c8c1c8d8ca11091) --- source4/auth/gensec/schannel_state.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index b2d632a1f0..dea204e622 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -36,17 +36,28 @@ static struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) { char *path; struct ldb_context *ldb; + BOOL existed; + const char *init_ldif = + "dn: @ATTRIBUTES\n" \ + "computerName: CASE_INSENSITIVE\n" \ + "flatname: CASE_INSENSITIVE\n"; path = smbd_tmp_path(mem_ctx, "schannel.ldb"); if (!path) { return NULL; } + + existed = file_exists(path); ldb = ldb_wrap_connect(mem_ctx, path, 0, NULL); talloc_free(path); if (!ldb) { return NULL; } + + if (!existed) { + gendb_add_ldif(ldb, init_ldif); + } return ldb; } -- cgit From a2abd01cca389f6d48fefde5cd1a19aaffdb97a3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 25 Apr 2005 03:28:17 +0000 Subject: r6453: Move verbose errors for the schannel 'not in the DB, or DB corrupt' error cases. Andrew Bartlett (This used to be commit 24f98f32aae3b8c45283715b27fa67b1d2e5c0f2) --- source4/auth/gensec/schannel_state.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index dea204e622..99d5fdef53 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -208,16 +208,18 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, val = ldb_msg_find_ldb_val(res[0], "sessionKey"); if (val == NULL || val->length != 16) { + DEBUG(1,("schannel: record in schannel DB must contain a sessionKey of length 16, when searching for client: %s\n", computer_name)); talloc_free(ldb); - return NT_STATUS_INVALID_HANDLE; + return NT_STATUS_INTERNAL_ERROR; } memcpy((*creds)->session_key, val->data, 16); val = ldb_msg_find_ldb_val(res[0], "seed"); if (val == NULL || val->length != 8) { + DEBUG(1,("schannel: record in schannel DB must contain a vaid seed of length 8, when searching for client: %s\n", computer_name)); talloc_free(ldb); - return NT_STATUS_INVALID_HANDLE; + return NT_STATUS_INTERNAL_ERROR; } memcpy((*creds)->seed.data, val->data, 8); -- cgit From 1d0e2b9569be6f2e8a5495ead1f92c9855f0e7f9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 16 May 2005 01:31:22 +0000 Subject: r6803: Try to bring in the correct GSSAPI headers for the krb5 mech. This should allow us to ditch the local static storage for OIDs, as well as fix the build on non-heimdal platforms. Andrew Bartlett (This used to be commit a7e2ecfac9aaacd673e3583b62139e4f4e114429) --- source4/auth/gensec/schannel_state.c | 23 ----------------------- 1 file changed, 23 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 99d5fdef53..0c5ce09637 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -26,9 +26,6 @@ #include "lib/ldb/include/ldb.h" #include "db_wrap.h" -/* a reasonable amount of time to keep credentials live */ -#define SCHANNEL_CREDENTIALS_EXPIRY 600 - /* connect to the schannel ldb */ @@ -72,11 +69,9 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, struct ldb_context *ldb; struct ldb_message *msg; struct ldb_val val, seed; - char *s; char *f; char *sct; char *rid; - time_t expiry = time(NULL) + SCHANNEL_CREDENTIALS_EXPIRY; int ret; ldb = schannel_db_connect(mem_ctx); @@ -84,13 +79,6 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - s = talloc_asprintf(mem_ctx, "%u", (unsigned int)expiry); - - if (s == NULL) { - talloc_free(ldb); - return NT_STATUS_NO_MEMORY; - } - f = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->negotiate_flags); if (f == NULL) { @@ -133,7 +121,6 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, ldb_msg_add_value(ldb, msg, "sessionKey", &val); ldb_msg_add_value(ldb, msg, "seed", &seed); - ldb_msg_add_string(ldb, msg, "expiry", s); ldb_msg_add_string(ldb, msg, "negotiateFlags", f); ldb_msg_add_string(ldb, msg, "secureChannelType", sct); ldb_msg_add_string(ldb, msg, "accountName", creds->account_name); @@ -145,8 +132,6 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, ret = ldb_add(ldb, msg); - talloc_free(s); - if (ret != 0) { DEBUG(0,("Unable to add %s to session key db - %s\n", msg->dn, ldb_errstring(ldb))); @@ -171,7 +156,6 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, struct creds_CredentialState **creds) { struct ldb_context *ldb; - time_t expiry; struct ldb_message **res; int ret; const struct ldb_val *val; @@ -199,13 +183,6 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_HANDLE; } - expiry = ldb_msg_find_uint(res[0], "expiry", 0); - if (expiry < time(NULL)) { - DEBUG(1,("schannel: attempt to use expired session key for %s\n", computer_name)); - talloc_free(ldb); - return NT_STATUS_INVALID_HANDLE; - } - val = ldb_msg_find_ldb_val(res[0], "sessionKey"); if (val == NULL || val->length != 16) { DEBUG(1,("schannel: record in schannel DB must contain a sessionKey of length 16, when searching for client: %s\n", computer_name)); -- cgit From 3e4c4cff2177af33efdb15f03a1bbcb639505cee Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 18 Aug 2005 15:02:01 +0000 Subject: r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba) --- source4/auth/gensec/schannel_state.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 0c5ce09637..4864221ade 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -100,16 +100,15 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - msg = ldb_msg_new(mem_ctx); + msg = ldb_msg_new(ldb); if (msg == NULL) { talloc_free(ldb); return NT_STATUS_NO_MEMORY; } - msg->dn = talloc_asprintf(msg, "computerName=%s", creds->computer_name); + msg->dn = ldb_dn_build_child(msg, "computerName", creds->computer_name, NULL); if (msg->dn == NULL) { talloc_free(ldb); - talloc_free(msg); return NT_STATUS_NO_MEMORY; } @@ -134,13 +133,11 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, if (ret != 0) { DEBUG(0,("Unable to add %s to session key db - %s\n", - msg->dn, ldb_errstring(ldb))); + ldb_dn_linearize(msg, msg->dn), ldb_errstring(ldb))); talloc_free(ldb); - talloc_free(msg); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - talloc_free(msg); talloc_free(ldb); return NT_STATUS_OK; -- cgit From 6fe9eee3c4dbd6fde48a80261f39081e659d2f55 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 22 Sep 2005 04:19:57 +0000 Subject: r10407: the schannel database does not need to be synchronous (and thus crash safe) as it is removed on smbd restart (This used to be commit 0951db6a89d15792ee1ea6b9f37c45486958ad57) --- source4/auth/gensec/schannel_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 4864221ade..632deb4326 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -46,7 +46,7 @@ static struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) existed = file_exists(path); - ldb = ldb_wrap_connect(mem_ctx, path, 0, NULL); + ldb = ldb_wrap_connect(mem_ctx, path, LDB_FLG_NOSYNC, NULL); talloc_free(path); if (!ldb) { return NULL; -- cgit From 36d73b0e71eb3fbbe8d660b7609806b0355bd09c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 11 Oct 2005 11:00:16 +0000 Subject: r10894: make the handling of dn/distinguishedName much closer to real ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a) --- source4/auth/gensec/schannel_state.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 632deb4326..0c4f99499c 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -118,6 +118,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, seed.data = creds->seed.data; seed.length = sizeof(creds->seed.data); + ldb_msg_add_string(ldb, msg, "objectClass", "schannelState"); ldb_msg_add_value(ldb, msg, "sessionKey", &val); ldb_msg_add_value(ldb, msg, "seed", &seed); ldb_msg_add_string(ldb, msg, "negotiateFlags", f); -- cgit From a599edf04cbdeef9014923ba0d3713b8ff84f266 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 12 Oct 2005 06:10:23 +0000 Subject: r10913: This patch isn't as big as it looks ... most of the changes are fixes to make all the ldb code compile without warnings on gcc4. Unfortunately That required a lot of casts :-( I have also added the start of an 'operational' module, which will replace the timestamp module, plus add support for some other operational attributes In ldb_msg_*() I added some new utility functions to make the operational module sane, and remove the 'ldb' argument from the ldb_msg_add_*() functions. That argument was only needed back in the early days of ldb when we didn't use the hierarchical talloc and thus needed a place to get the allocation function from. Now its just a pain to pass around everywhere. Also added a ldb_debug_set() function that calls ldb_debug() plus sets the result using ldb_set_errstring(). That saves on some awkward coding in a few places. (This used to be commit f6818daecca95760c12f79fd307770cbe3346f57) --- source4/auth/gensec/schannel_state.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 0c4f99499c..5b398b2996 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -118,15 +118,15 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, seed.data = creds->seed.data; seed.length = sizeof(creds->seed.data); - ldb_msg_add_string(ldb, msg, "objectClass", "schannelState"); - ldb_msg_add_value(ldb, msg, "sessionKey", &val); - ldb_msg_add_value(ldb, msg, "seed", &seed); - ldb_msg_add_string(ldb, msg, "negotiateFlags", f); - ldb_msg_add_string(ldb, msg, "secureChannelType", sct); - ldb_msg_add_string(ldb, msg, "accountName", creds->account_name); - ldb_msg_add_string(ldb, msg, "computerName", creds->computer_name); - ldb_msg_add_string(ldb, msg, "flatname", creds->domain); - ldb_msg_add_string(ldb, msg, "rid", rid); + ldb_msg_add_string(msg, "objectClass", "schannelState"); + ldb_msg_add_value(msg, "sessionKey", &val); + ldb_msg_add_value(msg, "seed", &seed); + ldb_msg_add_string(msg, "negotiateFlags", f); + ldb_msg_add_string(msg, "secureChannelType", sct); + ldb_msg_add_string(msg, "accountName", creds->account_name); + ldb_msg_add_string(msg, "computerName", creds->computer_name); + ldb_msg_add_string(msg, "flatname", creds->domain); + ldb_msg_add_string(msg, "rid", rid); ldb_delete(ldb, msg->dn); -- cgit From 9e25f33a1a06e1374bb643cb087af0e0bedb99c7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 20 Oct 2005 03:38:01 +0000 Subject: r11199: Push an objectSid into the schannel state database, to match the new header. Andrew Bartlett (This used to be commit a665b56085cbf89c6deaeef0deaed31fcbc07458) --- source4/auth/gensec/schannel_state.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 5b398b2996..5c789b3f2e 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -71,7 +71,6 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, struct ldb_val val, seed; char *f; char *sct; - char *rid; int ret; ldb = schannel_db_connect(mem_ctx); @@ -93,13 +92,6 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - rid = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->rid); - - if (rid == NULL) { - talloc_free(ldb); - return NT_STATUS_NO_MEMORY; - } - msg = ldb_msg_new(ldb); if (msg == NULL) { talloc_free(ldb); @@ -126,7 +118,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, ldb_msg_add_string(msg, "accountName", creds->account_name); ldb_msg_add_string(msg, "computerName", creds->computer_name); ldb_msg_add_string(msg, "flatname", creds->domain); - ldb_msg_add_string(msg, "rid", rid); + samdb_msg_add_dom_sid(ldb, mem_ctx, msg, "objectSid", creds->sid); ldb_delete(ldb, msg->dn); @@ -209,7 +201,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, (*creds)->domain = talloc_reference(*creds, ldb_msg_find_string(res[0], "flatname", NULL)); - (*creds)->rid = ldb_msg_find_uint(res[0], "rid", 0); + (*creds)->sid = samdb_result_dom_sid(*creds, res[0], "objectSid"); talloc_free(ldb); -- cgit From 5c9590587197dcb95007fdc54318187d5716c7c6 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 8 Nov 2005 00:11:45 +0000 Subject: r11567: Ldb API change patch. This patch changes the way lsb_search is called and the meaning of the returned integer. The last argument of ldb_search is changed from struct ldb_message to struct ldb_result which contains a pointer to a struct ldb_message list and a count of the number of messages. The return is not the count of messages anymore but instead it is an ldb error value. I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good amount of places. I also tried to double check all my changes being sure that the calling functions would still behave as before. But this patch is big enough that I fear some bug may have been introduced anyway even if it passes the test suite. So if you are currently working on any file being touched please give it a deep look and blame me for any error. Simo. (This used to be commit 22c8c97e6fb466b41859e090e959d7f1134be780) --- source4/auth/gensec/schannel_state.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 5c789b3f2e..83776c4187 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -24,6 +24,7 @@ #include "system/time.h" #include "auth/auth.h" #include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" #include "db_wrap.h" /* @@ -146,7 +147,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, struct creds_CredentialState **creds) { struct ldb_context *ldb; - struct ldb_message **res; + struct ldb_result *res; int ret; const struct ldb_val *val; char *expr=NULL; @@ -168,12 +169,12 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, } ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res); - if (ret != 1) { + if (ret != LDB_SUCCESS || res->count != 1) { talloc_free(ldb); return NT_STATUS_INVALID_HANDLE; } - val = ldb_msg_find_ldb_val(res[0], "sessionKey"); + val = ldb_msg_find_ldb_val(res->msgs[0], "sessionKey"); if (val == NULL || val->length != 16) { DEBUG(1,("schannel: record in schannel DB must contain a sessionKey of length 16, when searching for client: %s\n", computer_name)); talloc_free(ldb); @@ -182,7 +183,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, memcpy((*creds)->session_key, val->data, 16); - val = ldb_msg_find_ldb_val(res[0], "seed"); + val = ldb_msg_find_ldb_val(res->msgs[0], "seed"); if (val == NULL || val->length != 8) { DEBUG(1,("schannel: record in schannel DB must contain a vaid seed of length 8, when searching for client: %s\n", computer_name)); talloc_free(ldb); @@ -191,17 +192,17 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, memcpy((*creds)->seed.data, val->data, 8); - (*creds)->negotiate_flags = ldb_msg_find_int(res[0], "negotiateFlags", 0); + (*creds)->negotiate_flags = ldb_msg_find_int(res->msgs[0], "negotiateFlags", 0); - (*creds)->secure_channel_type = ldb_msg_find_int(res[0], "secureChannelType", 0); + (*creds)->secure_channel_type = ldb_msg_find_int(res->msgs[0], "secureChannelType", 0); - (*creds)->account_name = talloc_reference(*creds, ldb_msg_find_string(res[0], "accountName", NULL)); + (*creds)->account_name = talloc_reference(*creds, ldb_msg_find_string(res->msgs[0], "accountName", NULL)); - (*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_string(res[0], "computerName", NULL)); + (*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_string(res->msgs[0], "computerName", NULL)); - (*creds)->domain = talloc_reference(*creds, ldb_msg_find_string(res[0], "flatname", NULL)); + (*creds)->domain = talloc_reference(*creds, ldb_msg_find_string(res->msgs[0], "flatname", NULL)); - (*creds)->sid = samdb_result_dom_sid(*creds, res[0], "objectSid"); + (*creds)->sid = samdb_result_dom_sid(*creds, res->msgs[0], "objectSid"); talloc_free(ldb); -- cgit From a1827a1deba04e0b4b2a508dc4e4e66603a46d16 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 14 Dec 2005 07:22:25 +0000 Subject: r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b) --- source4/auth/gensec/schannel_state.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 83776c4187..8f9a8ef6b5 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -47,7 +47,8 @@ static struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) existed = file_exists(path); - ldb = ldb_wrap_connect(mem_ctx, path, LDB_FLG_NOSYNC, NULL); + ldb = ldb_wrap_connect(mem_ctx, path, system_session(mem_ctx), + NULL, LDB_FLG_NOSYNC, NULL); talloc_free(path); if (!ldb) { return NULL; -- cgit From d8966dcd7e88df9817c81434056628c0beff21e3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 15 Dec 2005 20:29:02 +0000 Subject: r12268: Use transactions to ensure that the schannel db is consistant. Andrew Bartlett (This used to be commit 949137e3122a3163a9fc923a418633a791364afe) --- source4/auth/gensec/schannel_state.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 8f9a8ef6b5..edc7b8445b 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -122,6 +122,14 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, ldb_msg_add_string(msg, "flatname", creds->domain); samdb_msg_add_dom_sid(ldb, mem_ctx, msg, "objectSid", creds->sid); + ret = ldb_transaction_start(ldb); + if (ret != 0) { + DEBUG(0,("Unable to start transaction to add %s to session key db - %s\n", + ldb_dn_linearize(msg, msg->dn), ldb_errstring(ldb))); + talloc_free(ldb); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + ldb_delete(ldb, msg->dn); ret = ldb_add(ldb, msg); @@ -133,6 +141,15 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_DB_CORRUPTION; } + ret = ldb_transaction_commit(ldb); + + if (ret != 0) { + DEBUG(0,("Unable to commit adding %s to session key db - %s\n", + ldb_dn_linearize(msg, msg->dn), ldb_errstring(ldb))); + talloc_free(ldb); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + talloc_free(ldb); return NT_STATUS_OK; -- cgit From 2cd5ca7d25f12aa9198bf8c2deb6aea282f573ee Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 28 Dec 2005 15:38:36 +0000 Subject: r12542: Move some more prototypes out to seperate headers (This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2) --- source4/auth/gensec/schannel_state.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index edc7b8445b..43391b3a69 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -26,6 +26,7 @@ #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "db_wrap.h" +#include "dsdb/samdb/samdb.h" /* connect to the schannel ldb -- cgit From d4de4c2d210d2e8c9b5aedf70695594809ad6a0b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 30 Dec 2005 13:16:54 +0000 Subject: r12608: Remove some unused #include lines. (This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981) --- source4/auth/gensec/schannel_state.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 43391b3a69..7ef64ca00b 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -21,11 +21,9 @@ */ #include "includes.h" -#include "system/time.h" #include "auth/auth.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" -#include "db_wrap.h" #include "dsdb/samdb/samdb.h" /* -- cgit From 5cecce1761c06b0641190cf7bb8e93bff9a88cf4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 9 Feb 2006 02:30:43 +0000 Subject: r13402: Make Samba4 pass a nastier RPC-SCHANNEL test. The new RPC-SCHANNEL test shows that the full credentials state must be kept in some shared memory, for some length of time. In particular, clients will reconnect with SCHANNEL (after loosing all connections) and expect that the credentials chain will remain in the same place. To achive this, we do the server-side crypto in a transaction, including the fetch/store of the shared state. Andrew Bartlett (This used to be commit 982a6aa871c9fce17410a9712cd9fa726025ff90) --- source4/auth/gensec/schannel_state.c | 127 +++++++++++++++++++++++------------ 1 file changed, 83 insertions(+), 44 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 7ef64ca00b..a73e450ec8 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -29,7 +29,7 @@ /* connect to the schannel ldb */ -static struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) +struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) { char *path; struct ldb_context *ldb; @@ -64,44 +64,35 @@ static struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) remember an established session key for a netr server authentication use a simple ldb structure */ -NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, - struct creds_CredentialState *creds) +NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx, + struct ldb_context *ldb, + struct creds_CredentialState *creds) { - struct ldb_context *ldb; struct ldb_message *msg; - struct ldb_val val, seed; + struct ldb_val val, seed, client_state, server_state; char *f; char *sct; int ret; - ldb = schannel_db_connect(mem_ctx); - if (ldb == NULL) { - return NT_STATUS_NO_MEMORY; - } - f = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->negotiate_flags); if (f == NULL) { - talloc_free(ldb); return NT_STATUS_NO_MEMORY; } sct = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->secure_channel_type); if (sct == NULL) { - talloc_free(ldb); return NT_STATUS_NO_MEMORY; } msg = ldb_msg_new(ldb); if (msg == NULL) { - talloc_free(ldb); return NT_STATUS_NO_MEMORY; } msg->dn = ldb_dn_build_child(msg, "computerName", creds->computer_name, NULL); if (msg->dn == NULL) { - talloc_free(ldb); return NT_STATUS_NO_MEMORY; } @@ -111,9 +102,16 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, seed.data = creds->seed.data; seed.length = sizeof(creds->seed.data); + client_state.data = creds->client.data; + client_state.length = sizeof(creds->client.data); + server_state.data = creds->server.data; + server_state.length = sizeof(creds->server.data); + ldb_msg_add_string(msg, "objectClass", "schannelState"); ldb_msg_add_value(msg, "sessionKey", &val); ldb_msg_add_value(msg, "seed", &seed); + ldb_msg_add_value(msg, "clientState", &client_state); + ldb_msg_add_value(msg, "serverState", &server_state); ldb_msg_add_string(msg, "negotiateFlags", f); ldb_msg_add_string(msg, "secureChannelType", sct); ldb_msg_add_string(msg, "accountName", creds->account_name); @@ -121,49 +119,65 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, ldb_msg_add_string(msg, "flatname", creds->domain); samdb_msg_add_dom_sid(ldb, mem_ctx, msg, "objectSid", creds->sid); - ret = ldb_transaction_start(ldb); + ldb_delete(ldb, msg->dn); + + ret = ldb_add(ldb, msg); + if (ret != 0) { - DEBUG(0,("Unable to start transaction to add %s to session key db - %s\n", + DEBUG(0,("Unable to add %s to session key db - %s\n", ldb_dn_linearize(msg, msg->dn), ldb_errstring(ldb))); - talloc_free(ldb); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - ldb_delete(ldb, msg->dn); + return NT_STATUS_OK; +} - ret = ldb_add(ldb, msg); +NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, + struct creds_CredentialState *creds) +{ + struct ldb_context *ldb; + NTSTATUS nt_status; + int ret; + + ldb = schannel_db_connect(mem_ctx); + if (!ldb) { + return NT_STATUS_ACCESS_DENIED; + } + ret = ldb_transaction_start(ldb); if (ret != 0) { - DEBUG(0,("Unable to add %s to session key db - %s\n", - ldb_dn_linearize(msg, msg->dn), ldb_errstring(ldb))); talloc_free(ldb); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - ret = ldb_transaction_commit(ldb); + nt_status = schannel_store_session_key_ldb(mem_ctx, ldb, creds); + + if (NT_STATUS_IS_OK(nt_status)) { + ret = ldb_transaction_commit(ldb); + } else { + ret = ldb_transaction_cancel(ldb); + } if (ret != 0) { - DEBUG(0,("Unable to commit adding %s to session key db - %s\n", - ldb_dn_linearize(msg, msg->dn), ldb_errstring(ldb))); + DEBUG(0,("Unable to commit adding credentials for %s to schannel key db - %s\n", + creds->computer_name, ldb_errstring(ldb))); talloc_free(ldb); return NT_STATUS_INTERNAL_DB_CORRUPTION; } talloc_free(ldb); - - return NT_STATUS_OK; + return nt_status; } - /* read back a credentials back for a computer */ -NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, - const char *computer_name, - const char *domain, - struct creds_CredentialState **creds) +NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, + struct ldb_context *ldb, + const char *computer_name, + const char *domain, + struct creds_CredentialState **creds) { - struct ldb_context *ldb; struct ldb_result *res; int ret; const struct ldb_val *val; @@ -174,27 +188,21 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - ldb = schannel_db_connect(mem_ctx); - if (ldb == NULL) { - return NT_STATUS_NO_MEMORY; - } - - expr = talloc_asprintf(mem_ctx, "(&(computerName=%s)(flatname=%s))", computer_name, domain); + expr = talloc_asprintf(mem_ctx, "(&(computerName=%s)(flatname=%s))", + computer_name, domain); if (expr == NULL) { - talloc_free(ldb); return NT_STATUS_NO_MEMORY; } ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res); if (ret != LDB_SUCCESS || res->count != 1) { - talloc_free(ldb); + DEBUG(3,("schannel: Failed to find a record for client: %s\n", computer_name)); return NT_STATUS_INVALID_HANDLE; } val = ldb_msg_find_ldb_val(res->msgs[0], "sessionKey"); if (val == NULL || val->length != 16) { DEBUG(1,("schannel: record in schannel DB must contain a sessionKey of length 16, when searching for client: %s\n", computer_name)); - talloc_free(ldb); return NT_STATUS_INTERNAL_ERROR; } @@ -203,12 +211,25 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, val = ldb_msg_find_ldb_val(res->msgs[0], "seed"); if (val == NULL || val->length != 8) { DEBUG(1,("schannel: record in schannel DB must contain a vaid seed of length 8, when searching for client: %s\n", computer_name)); - talloc_free(ldb); return NT_STATUS_INTERNAL_ERROR; } memcpy((*creds)->seed.data, val->data, 8); + val = ldb_msg_find_ldb_val(res->msgs[0], "clientState"); + if (val == NULL || val->length != 8) { + DEBUG(1,("schannel: record in schannel DB must contain a vaid clientState of length 8, when searching for client: %s\n", computer_name)); + return NT_STATUS_INTERNAL_ERROR; + } + memcpy((*creds)->client.data, val->data, 8); + + val = ldb_msg_find_ldb_val(res->msgs[0], "serverState"); + if (val == NULL || val->length != 8) { + DEBUG(1,("schannel: record in schannel DB must contain a vaid serverState of length 8, when searching for client: %s\n", computer_name)); + return NT_STATUS_INTERNAL_ERROR; + } + memcpy((*creds)->server.data, val->data, 8); + (*creds)->negotiate_flags = ldb_msg_find_int(res->msgs[0], "negotiateFlags", 0); (*creds)->secure_channel_type = ldb_msg_find_int(res->msgs[0], "secureChannelType", 0); @@ -221,7 +242,25 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, (*creds)->sid = samdb_result_dom_sid(*creds, res->msgs[0], "objectSid"); - talloc_free(ldb); - return NT_STATUS_OK; } + +NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, + const char *computer_name, + const char *domain, + struct creds_CredentialState **creds) +{ + NTSTATUS nt_status; + struct ldb_context *ldb; + + ldb = schannel_db_connect(mem_ctx); + if (!ldb) { + return NT_STATUS_ACCESS_DENIED; + } + + nt_status = schannel_fetch_session_key_ldb(mem_ctx, ldb, + computer_name, domain, + creds); + talloc_free(ldb); + return nt_status; +} -- cgit From 9d1954c25d646c46daa38c3f96f4c4029b9bb417 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 21 Feb 2006 00:07:59 +0000 Subject: r13583: Realise that the member server name appears in all calls that use the credentials. Consistantly rename these elements in the IDL to computer_name. Fix the server-side code to always lookup by this name. Add new, even nastier tests to RPC-SCHANNEL to prove this. Andrew Bartlett (This used to be commit 341a0abeb4a9f88d64ffd4681249cb1f643a7a5a) --- source4/auth/gensec/schannel_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index a73e450ec8..beaa8cfb08 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -175,7 +175,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *computer_name, - const char *domain, + const char *domain, struct creds_CredentialState **creds) { struct ldb_result *res; -- cgit From 4ac2be99588b48b0652a524bf12fb1aa9c3f5fbb Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 7 Mar 2006 11:07:23 +0000 Subject: r13924: Split more prototypes out of include/proto.h + initial work on header file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781) --- source4/auth/gensec/schannel_state.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index beaa8cfb08..b9cee49f5a 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -25,8 +25,9 @@ #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "dsdb/samdb/samdb.h" +#include "db_wrap.h" -/* +/** connect to the schannel ldb */ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) -- cgit From 4bd40183afd6d423ccbe5f43dac83bd299f86c50 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 26 Jun 2006 11:23:06 +0000 Subject: r16516: Get rid of file_exists() as there already is a file_exist(). (This used to be commit c4b3c2b18c6df43c8a4808fab72bc45439ba9421) --- source4/auth/gensec/schannel_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index b9cee49f5a..97bcd40d09 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -45,7 +45,7 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) return NULL; } - existed = file_exists(path); + existed = file_exist(path); ldb = ldb_wrap_connect(mem_ctx, path, system_session(mem_ctx), NULL, LDB_FLG_NOSYNC, NULL); -- cgit From a23b63a8e54db7d0ec98ad95cdca11dd4d039e17 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 13 Aug 2006 08:00:36 +0000 Subject: r17516: Change helper function names to make more clear what they are meant to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02) --- source4/auth/gensec/schannel_state.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 97bcd40d09..e8d0f8388b 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -231,15 +231,15 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, } memcpy((*creds)->server.data, val->data, 8); - (*creds)->negotiate_flags = ldb_msg_find_int(res->msgs[0], "negotiateFlags", 0); + (*creds)->negotiate_flags = ldb_msg_find_attr_as_int(res->msgs[0], "negotiateFlags", 0); - (*creds)->secure_channel_type = ldb_msg_find_int(res->msgs[0], "secureChannelType", 0); + (*creds)->secure_channel_type = ldb_msg_find_attr_as_int(res->msgs[0], "secureChannelType", 0); - (*creds)->account_name = talloc_reference(*creds, ldb_msg_find_string(res->msgs[0], "accountName", NULL)); + (*creds)->account_name = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "accountName", NULL)); - (*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_string(res->msgs[0], "computerName", NULL)); + (*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "computerName", NULL)); - (*creds)->domain = talloc_reference(*creds, ldb_msg_find_string(res->msgs[0], "flatname", NULL)); + (*creds)->domain = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "flatname", NULL)); (*creds)->sid = samdb_result_dom_sid(*creds, res->msgs[0], "objectSid"); -- cgit From 59b66744f7318d8197f0d2029bf3b641dafa327e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 15 Oct 2006 23:14:19 +0000 Subject: r19299: Fix possible memleaks (This used to be commit 6fad80bb09113a60689061a2de67711c9924708b) --- source4/auth/gensec/schannel_state.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index e8d0f8388b..855f159981 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -198,12 +198,14 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res); if (ret != LDB_SUCCESS || res->count != 1) { DEBUG(3,("schannel: Failed to find a record for client: %s\n", computer_name)); + talloc_free(res); return NT_STATUS_INVALID_HANDLE; } val = ldb_msg_find_ldb_val(res->msgs[0], "sessionKey"); if (val == NULL || val->length != 16) { DEBUG(1,("schannel: record in schannel DB must contain a sessionKey of length 16, when searching for client: %s\n", computer_name)); + talloc_free(res); return NT_STATUS_INTERNAL_ERROR; } @@ -212,6 +214,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, val = ldb_msg_find_ldb_val(res->msgs[0], "seed"); if (val == NULL || val->length != 8) { DEBUG(1,("schannel: record in schannel DB must contain a vaid seed of length 8, when searching for client: %s\n", computer_name)); + talloc_free(res); return NT_STATUS_INTERNAL_ERROR; } @@ -220,6 +223,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, val = ldb_msg_find_ldb_val(res->msgs[0], "clientState"); if (val == NULL || val->length != 8) { DEBUG(1,("schannel: record in schannel DB must contain a vaid clientState of length 8, when searching for client: %s\n", computer_name)); + talloc_free(res); return NT_STATUS_INTERNAL_ERROR; } memcpy((*creds)->client.data, val->data, 8); @@ -227,6 +231,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, val = ldb_msg_find_ldb_val(res->msgs[0], "serverState"); if (val == NULL || val->length != 8) { DEBUG(1,("schannel: record in schannel DB must contain a vaid serverState of length 8, when searching for client: %s\n", computer_name)); + talloc_free(res); return NT_STATUS_INTERNAL_ERROR; } memcpy((*creds)->server.data, val->data, 8); @@ -235,14 +240,27 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, (*creds)->secure_channel_type = ldb_msg_find_attr_as_int(res->msgs[0], "secureChannelType", 0); - (*creds)->account_name = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "accountName", NULL)); + (*creds)->account_name = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "accountName", NULL)); + if ((*creds)->account_name == NULL) { + talloc_free(res); + return NT_STATUS_NO_MEMORY; + } - (*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "computerName", NULL)); + (*creds)->computer_name = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "computerName", NULL)); + if ((*creds)->computer_name == NULL) { + talloc_free(res); + return NT_STATUS_NO_MEMORY; + } - (*creds)->domain = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "flatname", NULL)); + (*creds)->domain = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "flatname", NULL)); + if ((*creds)->domain == NULL) { + talloc_free(res); + return NT_STATUS_NO_MEMORY; + } (*creds)->sid = samdb_result_dom_sid(*creds, res->msgs[0], "objectSid"); + talloc_free(res); return NT_STATUS_OK; } -- cgit From 7f833458ca0083654e34cbfde1c6c6510cab1826 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 25 Oct 2006 01:42:59 +0000 Subject: r19489: Change ldb_msg_add_value and ldb_msg_add_empty to take a foruth argument. This is a pointer to an element pointer. If it is not null it will be filled with the pointer of the manipulated element. Will avoid double searches on the elements list in some cases. (This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620) --- source4/auth/gensec/schannel_state.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 855f159981..2f33b12a8d 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -109,10 +109,10 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx, server_state.length = sizeof(creds->server.data); ldb_msg_add_string(msg, "objectClass", "schannelState"); - ldb_msg_add_value(msg, "sessionKey", &val); - ldb_msg_add_value(msg, "seed", &seed); - ldb_msg_add_value(msg, "clientState", &client_state); - ldb_msg_add_value(msg, "serverState", &server_state); + ldb_msg_add_value(msg, "sessionKey", &val, NULL); + ldb_msg_add_value(msg, "seed", &seed, NULL); + ldb_msg_add_value(msg, "clientState", &client_state, NULL); + ldb_msg_add_value(msg, "serverState", &server_state, NULL); ldb_msg_add_string(msg, "negotiateFlags", f); ldb_msg_add_string(msg, "secureChannelType", sct); ldb_msg_add_string(msg, "accountName", creds->account_name); -- cgit From 97aec1a70c260f19e21d56ed08b155f80370e71b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Nov 2006 00:19:16 +0000 Subject: r19595: Seperate debug messages between database failure and simple lack of records. Andrew Bartlett (This used to be commit 163f75372792b0afa72f48d64d78d82b72d8eda5) --- source4/auth/gensec/schannel_state.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 2f33b12a8d..e9c81f370c 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -196,8 +196,15 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, } ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res); - if (ret != LDB_SUCCESS || res->count != 1) { - DEBUG(3,("schannel: Failed to find a record for client: %s\n", computer_name)); + talloc_free(expr); + if (ret != LDB_SUCCESS) { + DEBUG(3,("schannel: Failed to find a record for client %s: %s\n", computer_name, ldb_errstring(ldb))); + talloc_free(res); + return NT_STATUS_INVALID_HANDLE; + } + talloc_steal(mem_ctx, res); + if (res->count != 1) { + DEBUG(3,("schannel: Failed to find a record for client: %s (found %d records)\n", computer_name, res->count)); talloc_free(res); return NT_STATUS_INVALID_HANDLE; } -- cgit From 13dbee3ffea6065a826f010e50c9b4eb2c6ad109 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Nov 2006 00:48:36 +0000 Subject: r19598: Ahead of a merge to current lorikeet-heimdal: Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9) --- source4/auth/gensec/schannel_state.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index e9c81f370c..3c9ff64147 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -21,11 +21,12 @@ */ #include "includes.h" -#include "auth/auth.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "dsdb/samdb/samdb.h" #include "db_wrap.h" +#include "libcli/auth/libcli_auth.h" +#include "auth/auth.h" /** connect to the schannel ldb -- cgit From 4889eb9f7aae9349e426d0f6d2217adff67eaebd Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 22 Nov 2006 00:59:34 +0000 Subject: r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63) --- source4/auth/gensec/schannel_state.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 3c9ff64147..7ba35abd19 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -93,8 +93,8 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - msg->dn = ldb_dn_build_child(msg, "computerName", creds->computer_name, NULL); - if (msg->dn == NULL) { + msg->dn = ldb_dn_new_fmt(msg, ldb, "computerName=%s", creds->computer_name); + if ( ! msg->dn) { return NT_STATUS_NO_MEMORY; } -- cgit From a9e31b33b55a873c2f01db5e348560176adf863d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 22 Nov 2006 02:05:19 +0000 Subject: r19832: better prototypes for the linearization functions: - ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd) --- source4/auth/gensec/schannel_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 7ba35abd19..4969e9aeaa 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -127,7 +127,7 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx, if (ret != 0) { DEBUG(0,("Unable to add %s to session key db - %s\n", - ldb_dn_linearize(msg, msg->dn), ldb_errstring(ldb))); + ldb_dn_get_linearized(msg->dn), ldb_errstring(ldb))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } -- cgit From ea212eb00fd358e7335648b9cd556227e53df367 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 5 Dec 2006 04:25:27 +0000 Subject: r20034: Start using ldb_search_exp_fmt() (This used to be commit 4f07542143ddf5066f0360d965f26a8470504047) --- source4/auth/gensec/schannel_state.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 4969e9aeaa..466df33b67 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -183,27 +183,19 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, struct ldb_result *res; int ret; const struct ldb_val *val; - char *expr=NULL; *creds = talloc_zero(mem_ctx, struct creds_CredentialState); if (!*creds) { return NT_STATUS_NO_MEMORY; } - expr = talloc_asprintf(mem_ctx, "(&(computerName=%s)(flatname=%s))", - computer_name, domain); - if (expr == NULL) { - return NT_STATUS_NO_MEMORY; - } - - ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res); - talloc_free(expr); + ret = ldb_search_exp_fmt(ldb, mem_ctx, &res, + NULL, LDB_SCOPE_SUBTREE, NULL, + "(&(computerName=%s)(flatname=%s))", computer_name, domain); if (ret != LDB_SUCCESS) { DEBUG(3,("schannel: Failed to find a record for client %s: %s\n", computer_name, ldb_errstring(ldb))); - talloc_free(res); return NT_STATUS_INVALID_HANDLE; } - talloc_steal(mem_ctx, res); if (res->count != 1) { DEBUG(3,("schannel: Failed to find a record for client: %s (found %d records)\n", computer_name, res->count)); talloc_free(res); -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/auth/gensec/schannel_state.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 466df33b67..a911ed9288 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -7,7 +7,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -16,8 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From ffeee68e4b72dd94fee57366bd8d38b8c284c3d4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 8 Sep 2007 12:42:09 +0000 Subject: r25026: Move param/param.h out of includes.h (This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31) --- source4/auth/gensec/schannel_state.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index a911ed9288..afbbd618eb 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -26,6 +26,7 @@ #include "db_wrap.h" #include "libcli/auth/libcli_auth.h" #include "auth/auth.h" +#include "param/param.h" /** connect to the schannel ldb -- cgit From 2f3551ca7cee59d4d053cceb87abdf1da1b3a1ad Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 1 Oct 2007 18:52:55 +0000 Subject: r25446: Merge some changes I made on the way home from SFO: 2007-09-29 More higher-level passing around of lp_ctx. 2007-09-29 Fix warning. 2007-09-29 Pass loadparm contexts on a higher level. 2007-09-29 Avoid using global loadparm context. (This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42) --- source4/auth/gensec/schannel_state.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index afbbd618eb..46fb48ffd3 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -41,14 +41,15 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) "computerName: CASE_INSENSITIVE\n" \ "flatname: CASE_INSENSITIVE\n"; - path = smbd_tmp_path(mem_ctx, "schannel.ldb"); + path = smbd_tmp_path(mem_ctx, global_loadparm, "schannel.ldb"); if (!path) { return NULL; } existed = file_exist(path); - ldb = ldb_wrap_connect(mem_ctx, path, system_session(mem_ctx), + ldb = ldb_wrap_connect(mem_ctx, global_loadparm, path, + system_session(mem_ctx), NULL, LDB_FLG_NOSYNC, NULL); talloc_free(path); if (!ldb) { -- cgit From 3642f3b40d755209a843745f160a9d7962a6deca Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 6 Oct 2007 22:16:19 +0000 Subject: r25552: Convert to standard bool type. (This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245) --- source4/auth/gensec/schannel_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 46fb48ffd3..808240c4f4 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -35,7 +35,7 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) { char *path; struct ldb_context *ldb; - BOOL existed; + bool existed; const char *init_ldif = "dn: @ATTRIBUTES\n" \ "computerName: CASE_INSENSITIVE\n" \ -- cgit From ca0b72a1fdb7bd965065e833df34662afef0423e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 16 Nov 2007 20:12:00 +0100 Subject: r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies. (This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555) --- source4/auth/gensec/schannel_state.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 808240c4f4..1bb71d8fc9 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -23,7 +23,8 @@ #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "dsdb/samdb/samdb.h" -#include "db_wrap.h" +#include "ldb_wrap.h" +#include "util/util_ldb.h" #include "libcli/auth/libcli_auth.h" #include "auth/auth.h" #include "param/param.h" -- cgit From 51db4c3f3d81d1ed03beae6426786c843ac59807 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 17:56:09 +0100 Subject: r26228: Store loadparm context in auth context, move more loadparm_contexts up the call stack. (This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166) --- source4/auth/gensec/schannel_state.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 1bb71d8fc9..77f5dfb599 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -32,7 +32,7 @@ /** connect to the schannel ldb */ -struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) +struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) { char *path; struct ldb_context *ldb; @@ -42,14 +42,14 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) "computerName: CASE_INSENSITIVE\n" \ "flatname: CASE_INSENSITIVE\n"; - path = smbd_tmp_path(mem_ctx, global_loadparm, "schannel.ldb"); + path = smbd_tmp_path(mem_ctx, lp_ctx, "schannel.ldb"); if (!path) { return NULL; } existed = file_exist(path); - ldb = ldb_wrap_connect(mem_ctx, global_loadparm, path, + ldb = ldb_wrap_connect(mem_ctx, lp_ctx, path, system_session(mem_ctx), NULL, LDB_FLG_NOSYNC, NULL); talloc_free(path); @@ -143,7 +143,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; int ret; - ldb = schannel_db_connect(mem_ctx); + ldb = schannel_db_connect(mem_ctx, global_loadparm); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } @@ -274,7 +274,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; struct ldb_context *ldb; - ldb = schannel_db_connect(mem_ctx); + ldb = schannel_db_connect(mem_ctx, global_loadparm); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } -- cgit From 7e298580e06a5b9a0c1210937af47f277849080e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 21:14:16 +0100 Subject: r26234: More global_loadparm fixes. (This used to be commit 84892d030de6266fc0f3a699cade960dd5dc37bc) --- source4/auth/gensec/schannel_state.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 77f5dfb599..66358d7830 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -137,13 +137,14 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx, } NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, struct creds_CredentialState *creds) { struct ldb_context *ldb; NTSTATUS nt_status; int ret; - ldb = schannel_db_connect(mem_ctx, global_loadparm); + ldb = schannel_db_connect(mem_ctx, lp_ctx); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } @@ -267,6 +268,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, } NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, const char *computer_name, const char *domain, struct creds_CredentialState **creds) @@ -274,7 +276,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; struct ldb_context *ldb; - ldb = schannel_db_connect(mem_ctx, global_loadparm); + ldb = schannel_db_connect(mem_ctx, lp_ctx); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } -- cgit From 43696d2752e2faad34fb3ed2a7dbf01d40ffdc46 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 15:53:28 +0100 Subject: r26252: Specify loadparm_context explicitly when creating sessions. (This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede) --- source4/auth/gensec/schannel_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 66358d7830..0c7c509954 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -50,7 +50,7 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_con existed = file_exist(path); ldb = ldb_wrap_connect(mem_ctx, lp_ctx, path, - system_session(mem_ctx), + system_session(mem_ctx, lp_ctx), NULL, LDB_FLG_NOSYNC, NULL); talloc_free(path); if (!ldb) { -- cgit From 21fc7673780aa1d7c0caab7b17ff9171238913ba Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 17 Apr 2008 12:23:44 +0200 Subject: Specify event_context to ldb_wrap_connect explicitly. (This used to be commit b4e1ae07a284c044704322446c94351c2decff91) --- source4/auth/gensec/schannel_state.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 0c7c509954..0f7c4ca11d 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -32,7 +32,8 @@ /** connect to the schannel ldb */ -struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct event_context *ev_ctx, + struct loadparm_context *lp_ctx) { char *path; struct ldb_context *ldb; @@ -49,7 +50,7 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_con existed = file_exist(path); - ldb = ldb_wrap_connect(mem_ctx, lp_ctx, path, + ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, path, system_session(mem_ctx, lp_ctx), NULL, LDB_FLG_NOSYNC, NULL); talloc_free(path); @@ -137,6 +138,7 @@ NTSTATUS schannel_store_session_key_ldb(TALLOC_CTX *mem_ctx, } NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, + struct event_context *ev_ctx, struct loadparm_context *lp_ctx, struct creds_CredentialState *creds) { @@ -144,7 +146,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; int ret; - ldb = schannel_db_connect(mem_ctx, lp_ctx); + ldb = schannel_db_connect(mem_ctx, ev_ctx, lp_ctx); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } @@ -268,6 +270,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, } NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, + struct event_context *ev_ctx, struct loadparm_context *lp_ctx, const char *computer_name, const char *domain, @@ -276,7 +279,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; struct ldb_context *ldb; - ldb = schannel_db_connect(mem_ctx, lp_ctx); + ldb = schannel_db_connect(mem_ctx, ev_ctx, lp_ctx); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } -- cgit From 929adc9efa5cf985f0585214d30d18521aa1a821 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 14 Jun 2008 11:24:17 -0400 Subject: Make up the right dependencies now that ldb depends on libevents (This used to be commit 3b8eec7ca334528cad3cdcd5e3fc5ee555d8d0e0) --- source4/auth/gensec/schannel_state.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/auth/gensec/schannel_state.c') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 0f7c4ca11d..f0710c5581 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -20,6 +20,7 @@ */ #include "includes.h" +#include "lib/events/events.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "dsdb/samdb/samdb.h" -- cgit