From f77714c8874a5caaca74d8176259604bc8c32117 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 31 Jan 2010 13:28:04 -0500 Subject: s4:kdc streamline context initialization Allow other plugins to init the context without having it try to grab sockets or set samba specific logging. --- source4/auth/kerberos/krb5_init_context.c | 87 ++++++++++++++++++------------- source4/auth/kerberos/krb5_init_context.h | 8 ++- 2 files changed, 58 insertions(+), 37 deletions(-) (limited to 'source4/auth/kerberos') diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 7e75029363..3bd938f0f0 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -49,18 +49,12 @@ struct smb_krb5_socket { krb5_krbhst_info *hi; }; -static krb5_error_code smb_krb5_context_destroy_1(struct smb_krb5_context *ctx) -{ - krb5_free_context(ctx->krb5_context); - return 0; -} - -static krb5_error_code smb_krb5_context_destroy_2(struct smb_krb5_context *ctx) +static krb5_error_code smb_krb5_context_destroy(struct smb_krb5_context *ctx) { /* Otherwise krb5_free_context will try and close what we have already free()ed */ krb5_set_warn_dest(ctx->krb5_context, NULL); krb5_closelog(ctx->krb5_context, ctx->logf); - smb_krb5_context_destroy_1(ctx); + krb5_free_context(ctx->krb5_context); return 0; } @@ -360,39 +354,29 @@ krb5_error_code smb_krb5_send_and_recv_func(krb5_context context, return KRB5_KDC_UNREACH; } -krb5_error_code smb_krb5_init_context(void *parent_ctx, - struct tevent_context *ev, - struct loadparm_context *lp_ctx, - struct smb_krb5_context **smb_krb5_context) +krb5_error_code +smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx, + struct tevent_context *ev, + struct loadparm_context *lp_ctx, + krb5_context *_krb5_context) { krb5_error_code ret; - TALLOC_CTX *tmp_ctx; char **config_files; const char *config_file, *realm; + krb5_context krb5_ctx; initialize_krb5_error_table(); - tmp_ctx = talloc_new(parent_ctx); - *smb_krb5_context = talloc(tmp_ctx, struct smb_krb5_context); - - if (!*smb_krb5_context || !tmp_ctx) { - talloc_free(tmp_ctx); - return ENOMEM; - } - - ret = krb5_init_context(&(*smb_krb5_context)->krb5_context); + ret = krb5_init_context(&krb5_ctx); if (ret) { DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret))); - talloc_free(tmp_ctx); return ret; } - talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy_1); - config_file = config_path(tmp_ctx, lp_ctx, "krb5.conf"); if (!config_file) { - talloc_free(tmp_ctx); + krb5_free_context(krb5_ctx); return ENOMEM; } @@ -400,43 +384,74 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, ret = krb5_prepend_config_files_default(config_file == NULL?"":config_file, &config_files); if (ret) { DEBUG(1,("krb5_prepend_config_files_default failed (%s)\n", - smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx))); - talloc_free(tmp_ctx); + smb_get_krb5_error_message(krb5_ctx, ret, tmp_ctx))); + krb5_free_context(krb5_ctx); return ret; } - ret = krb5_set_config_files((*smb_krb5_context)->krb5_context, - config_files); + ret = krb5_set_config_files(krb5_ctx, config_files); krb5_free_config_files(config_files); if (ret) { DEBUG(1,("krb5_set_config_files failed (%s)\n", - smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx))); - talloc_free(tmp_ctx); + smb_get_krb5_error_message(krb5_ctx, ret, tmp_ctx))); + krb5_free_context(krb5_ctx); return ret; } realm = lp_realm(lp_ctx); if (realm != NULL) { - ret = krb5_set_default_realm((*smb_krb5_context)->krb5_context, realm); + ret = krb5_set_default_realm(krb5_ctx, realm); if (ret) { DEBUG(1,("krb5_set_default_realm failed (%s)\n", - smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx))); - talloc_free(tmp_ctx); + smb_get_krb5_error_message(krb5_ctx, ret, tmp_ctx))); + krb5_free_context(krb5_ctx); return ret; } } + *_krb5_context = krb5_ctx; + return 0; +} + +krb5_error_code smb_krb5_init_context(void *parent_ctx, + struct tevent_context *ev, + struct loadparm_context *lp_ctx, + struct smb_krb5_context **smb_krb5_context) +{ + krb5_error_code ret; + TALLOC_CTX *tmp_ctx; + + initialize_krb5_error_table(); + + tmp_ctx = talloc_new(parent_ctx); + *smb_krb5_context = talloc(tmp_ctx, struct smb_krb5_context); + + if (!*smb_krb5_context || !tmp_ctx) { + talloc_free(tmp_ctx); + return ENOMEM; + } + + ret = smb_krb5_init_context_basic(tmp_ctx, ev, lp_ctx, + &(*smb_krb5_context)->krb5_context); + if (ret) { + DEBUG(1,("smb_krb5_context_init_basic failed (%s)\n", + error_message(ret))); + talloc_free(tmp_ctx); + return ret; + } + /* TODO: Should we have a different name here? */ ret = krb5_initlog((*smb_krb5_context)->krb5_context, "Samba", &(*smb_krb5_context)->logf); if (ret) { DEBUG(1,("krb5_initlog failed (%s)\n", smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx))); + krb5_free_context((*smb_krb5_context)->krb5_context); talloc_free(tmp_ctx); return ret; } - talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy_2); + talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy); ret = krb5_addlog_func((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf, 0 /* min */, -1 /* max */, smb_krb5_debug_wrapper, smb_krb5_debug_close, NULL); diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h index 3f1425ea92..f9e88ceef8 100644 --- a/source4/auth/kerberos/krb5_init_context.h +++ b/source4/auth/kerberos/krb5_init_context.h @@ -24,10 +24,16 @@ struct smb_krb5_context { struct tevent_context; struct loadparm_context; + +krb5_error_code +smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx, + struct tevent_context *ev, + struct loadparm_context *lp_ctx, + krb5_context *_krb5_context); + krb5_error_code smb_krb5_init_context(void *parent_ctx, struct tevent_context *ev, struct loadparm_context *lp_ctx, struct smb_krb5_context **smb_krb5_context); -void smb_krb5_free_context(struct smb_krb5_context *smb_krb5_context); krb5_error_code smb_krb5_send_and_recv_func(krb5_context context, void *data, -- cgit