[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Oct 11 07:46:01 MDT 2010
The branch, master has been updated
via 13ba346 ldb The use of a private event context isn't a hack
via 7013a3e s4-ldb Allow a NULL event context in samba_ldb_init()
via 1555d5a s4-ldb Don't use talloc_autofree_context() in ldb
via 69199a9 s4-tevent Remove event_contex_find() and event_context_set_default()
via bae09a0 s4-smbd Remove event_context_set_default()
via 42127cd s4-credentials Add explicit event context handling to Kerberos calls (only)
via 5cd9495 s4-param Refactor secrets code to not require an event context.
via baeaa17 s4-kerberos Remove unused parameter
via 1ef59ea s4-kerberos Remove unsued variable
from edc5ccc credentials: Avoid unnecessary includes.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 13ba3464c08208a1dc00a3edb55281b15ddd44a7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 11 17:22:24 2010 +1100
ldb The use of a private event context isn't a hack
This is deliberate behaviour.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Mon Oct 11 13:45:14 UTC 2010 on sn-devel-104
commit 7013a3e39090dcac768d551a1c5cd0112f53a050
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 11 17:26:52 2010 +1100
s4-ldb Allow a NULL event context in samba_ldb_init()
commit 1555d5acf52bcb6459b209a59c877221ee0fea72
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 11 17:20:19 2010 +1100
s4-ldb Don't use talloc_autofree_context() in ldb
The private event context only needs to live as long as ldb itself.
Andrew Bartlett
commit 69199a96d1a3f134e2c80ef338b5600baabae8f9
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 11 17:08:33 2010 +1100
s4-tevent Remove event_contex_find() and event_context_set_default()
It is considered that it is better to create a new event context
rather than 'finding' some other event context, in the case
where we do not have one specified.
Andrew Bartlett
commit bae09a0921ed6b6885972cbaa4f277e5b2ae3dc7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 11 17:08:01 2010 +1100
s4-smbd Remove event_context_set_default()
The last callers to event_context_find() have been removed
so this is no longer required.
Andrew Bartlett
commit 42127cdbb040a260c2c745e9114b600f2186794a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 11 16:53:08 2010 +1100
s4-credentials Add explicit event context handling to Kerberos calls (only)
By setting the event context to use for this operation (only) onto
the krb5_context just before we call that operation, we can try
and emulate the specification of an event context to the actual send_to_kdc()
This eliminates the specification of an event context to many other
cli_credentials calls, and the last use of event_context_find()
Special care is taken to restore the event context in the event of
nesting in the send_to_kdc function.
Andrew Bartlett
commit 5cd9495fb3f74d8e896c81e5c060a1643722870e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 11 16:43:07 2010 +1100
s4-param Refactor secrets code to not require an event context.
A new event context is constructed by LDB when required for secrets.ldb
This will be essentially unused, as LDB on TDB will only trigger 'fake'
events, and blocks on transactions and lock operations anyway.
Andrew Bartlett
commit baeaa179868fedb797df811bdf4d4a87bf604b8c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 11 13:19:32 2010 +1100
s4-kerberos Remove unused parameter
commit 1ef59ea9db447ffe0ed32ca3f9c20788e143fbcd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 11 13:19:18 2010 +1100
s4-kerberos Remove unsued variable
-----------------------------------------------------------------------
Summary of changes:
source4/auth/credentials/credentials.c | 2 +-
source4/auth/credentials/credentials.h | 7 --
source4/auth/credentials/credentials_krb5.c | 41 +++-----
source4/auth/credentials/credentials_krb5.h | 1 -
source4/auth/credentials/credentials_secrets.c | 17 ++--
source4/auth/gensec/gensec_gssapi.c | 36 ++++---
source4/auth/gensec/gensec_krb5.c | 12 ++-
source4/auth/kerberos/kerberos_credentials.h | 11 +-
source4/auth/kerberos/kerberos_pac.c | 1 -
source4/auth/kerberos/kerberos_util.c | 13 +++
source4/auth/kerberos/krb5_init_context.c | 128 ++++++++++++++++++++----
source4/auth/kerberos/krb5_init_context.h | 2 +-
source4/dsdb/samdb/samdb.c | 7 +-
source4/kdc/kpasswdd.c | 2 +-
source4/kdc/mit_samba.c | 1 -
source4/lib/events/tevent_s4.c | 30 ------
source4/lib/ldb-samba/ldb_wrap.c | 7 --
source4/lib/ldb/common/ldb.c | 7 +-
source4/param/provision.c | 2 +-
source4/param/secrets.c | 6 +-
source4/param/secrets.h | 3 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 4 +-
source4/smbd/process_prefork.c | 6 -
source4/smbd/server.c | 3 -
source4/smbd/service_named_pipe.c | 1 -
source4/winbind/wb_server.c | 3 -
26 files changed, 199 insertions(+), 154 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 2bd0414..21ee987 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -727,7 +727,7 @@ _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
}
if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
- cli_credentials_set_ccache(cred, event_context_find(cred), lp_ctx, NULL, CRED_GUESS_FILE,
+ cli_credentials_set_ccache(cred, lp_ctx, NULL, CRED_GUESS_FILE,
&error_string);
}
}
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index a468624..0b0de59 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -168,7 +168,6 @@ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_
const char *cli_credentials_get_realm(struct cli_credentials *cred);
const char *cli_credentials_get_username(struct cli_credentials *cred);
int cli_credentials_get_krb5_context(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context);
int cli_credentials_get_ccache(struct cli_credentials *cred,
@@ -182,7 +181,6 @@ int cli_credentials_get_named_ccache(struct cli_credentials *cred,
char *ccache_name,
struct ccache_container **ccc, const char **error_string);
int cli_credentials_get_keytab(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
struct keytab_container **_ktc);
const char *cli_credentials_get_domain(struct cli_credentials *cred);
@@ -193,7 +191,6 @@ void cli_credentials_set_conf(struct cli_credentials *cred,
struct loadparm_context *lp_ctx);
const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx);
int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc);
int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
@@ -238,7 +235,6 @@ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
struct smb_krb5_context *smb_krb5_context);
NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *serviceprincipal);
NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
@@ -265,14 +261,12 @@ bool cli_credentials_set_ntlm_response(struct cli_credentials *cred,
const DATA_BLOB *nt_response,
enum credentials_obtained obtained);
int cli_credentials_set_keytab_name(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *keytab_name,
enum credentials_obtained obtained);
void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features);
uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds);
int cli_credentials_set_ccache(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *name,
enum credentials_obtained obtained,
@@ -291,7 +285,6 @@ const char *cli_credentials_get_target_service(struct cli_credentials *cred);
enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds);
NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ldb_context *ldb,
const char *base,
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index c678b80..fb4b440 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -32,7 +32,6 @@
#include "param/param.h"
_PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context)
{
@@ -42,7 +41,7 @@ _PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
return 0;
}
- ret = smb_krb5_init_context(cred, event_ctx, lp_ctx,
+ ret = smb_krb5_init_context(cred, NULL, lp_ctx,
&cred->smb_krb5_context);
if (ret) {
cred->smb_krb5_context = NULL;
@@ -126,7 +125,6 @@ static int free_dccache(struct ccache_container *ccc) {
}
_PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *name,
enum credentials_obtained obtained,
@@ -145,7 +143,7 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx,
&ccc->smb_krb5_context);
if (ret) {
(*error_string) = error_message(ret);
@@ -204,7 +202,6 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
static int cli_credentials_new_ccache(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
char *ccache_name,
struct ccache_container **_ccc,
@@ -217,7 +214,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx,
&ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
@@ -294,12 +291,12 @@ _PUBLIC_ int cli_credentials_get_named_ccache(struct cli_credentials *cred,
return EINVAL;
}
- ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, ccache_name, ccc, error_string);
+ ret = cli_credentials_new_ccache(cred, lp_ctx, ccache_name, ccc, error_string);
if (ret) {
return ret;
}
- ret = kinit_to_ccache(cred, cred, (*ccc)->smb_krb5_context, (*ccc)->ccache, &obtained, error_string);
+ ret = kinit_to_ccache(cred, cred, (*ccc)->smb_krb5_context, event_ctx, (*ccc)->ccache, &obtained, error_string);
if (ret) {
return ret;
}
@@ -529,7 +526,6 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
*/
int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
gss_cred_id_t gssapi_cred,
enum credentials_obtained obtained,
@@ -549,7 +545,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
return ENOMEM;
}
- ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, NULL, &ccc, error_string);
+ ret = cli_credentials_new_ccache(cred, lp_ctx, NULL, &ccc, error_string);
if (ret != 0) {
return ret;
}
@@ -589,9 +585,8 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
* it will be generated from the password.
*/
_PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
- struct loadparm_context *lp_ctx,
- struct keytab_container **_ktc)
+ struct loadparm_context *lp_ctx,
+ struct keytab_container **_ktc)
{
krb5_error_code ret;
struct keytab_container *ktc;
@@ -608,7 +603,7 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
return EINVAL;
}
- ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx,
&smb_krb5_context);
if (ret) {
return ret;
@@ -640,10 +635,9 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
* FILE:/etc/krb5.keytab), open it and attach it */
_PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
- struct loadparm_context *lp_ctx,
- const char *keytab_name,
- enum credentials_obtained obtained)
+ struct loadparm_context *lp_ctx,
+ const char *keytab_name,
+ enum credentials_obtained obtained)
{
krb5_error_code ret;
struct keytab_container *ktc;
@@ -654,7 +648,7 @@ _PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
return 0;
}
- ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
if (ret) {
return ret;
}
@@ -682,9 +676,8 @@ _PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
/* Get server gss credentials (in gsskrb5, this means the keytab) */
_PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
- struct loadparm_context *lp_ctx,
- struct gssapi_creds_container **_gcc)
+ struct loadparm_context *lp_ctx,
+ struct gssapi_creds_container **_gcc)
{
int ret = 0;
OM_uint32 maj_stat, min_stat;
@@ -701,7 +694,7 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
if (ret) {
return ret;
}
@@ -720,7 +713,7 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
return 0;
}
- ret = cli_credentials_get_keytab(cred, event_ctx, lp_ctx, &ktc);
+ ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc);
if (ret) {
DEBUG(1, ("Failed to get keytab for GSSAPI server: %s\n", error_message(ret)));
return ret;
diff --git a/source4/auth/credentials/credentials_krb5.h b/source4/auth/credentials/credentials_krb5.h
index 1630b21..36bf03d 100644
--- a/source4/auth/credentials/credentials_krb5.h
+++ b/source4/auth/credentials/credentials_krb5.h
@@ -33,7 +33,6 @@ struct gssapi_creds_container {
/* Manually prototyped here to avoid needing gss headers in most callers */
int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
gss_cred_id_t gssapi_cred,
enum credentials_obtained obtained,
diff --git a/source4/auth/credentials/credentials_secrets.c b/source4/auth/credentials/credentials_secrets.c
index d68ed33..0f30dc5 100644
--- a/source4/auth/credentials/credentials_secrets.c
+++ b/source4/auth/credentials/credentials_secrets.c
@@ -42,7 +42,6 @@
* @retval NTSTATUS error detailing any failure
*/
_PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
struct ldb_context *ldb,
const char *base,
@@ -74,7 +73,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
if (!ldb) {
/* Local secrets are stored in secrets.ldb */
- ldb = secrets_db_connect(mem_ctx, event_ctx, lp_ctx);
+ ldb = secrets_db_connect(mem_ctx, lp_ctx);
if (!ldb) {
/* set anonymous as the fallback, if the machine account won't work */
cli_credentials_set_anonymous(cred);
@@ -180,7 +179,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
* (chewing CPU time) from the password */
keytab = keytab_name_from_msg(cred, ldb, msg);
if (keytab) {
- cli_credentials_set_keytab_name(cred, event_ctx, lp_ctx, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED);
talloc_free(keytab);
}
talloc_free(mem_ctx);
@@ -205,9 +204,9 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
* any more */
cred->machine_account_pending = false;
filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,
- cli_credentials_get_domain(cred));
- status = cli_credentials_set_secrets(cred, event_context_find(cred), lp_ctx, NULL,
- SECRETS_PRIMARY_DOMAIN_DN,
+ cli_credentials_get_domain(cred));
+ status = cli_credentials_set_secrets(cred, lp_ctx, NULL,
+ SECRETS_PRIMARY_DOMAIN_DN,
filter, &error_string);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Could not find machine account in secrets database: %s: %s", nt_errstr(status), error_string));
@@ -223,7 +222,6 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
* @retval NTSTATUS error detailing any failure
*/
NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx)
{
NTSTATUS status;
@@ -236,7 +234,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH,
cli_credentials_get_realm(cred),
cli_credentials_get_domain(cred));
- status = cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL,
+ status = cli_credentials_set_secrets(cred, lp_ctx, NULL,
SECRETS_PRINCIPALS_DN,
filter, &error_string);
if (!NT_STATUS_IS_OK(status)) {
@@ -253,7 +251,6 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
* @retval NTSTATUS error detailing any failure
*/
_PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
- struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx,
const char *serviceprincipal)
{
@@ -268,7 +265,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *c
cli_credentials_get_realm(cred),
cli_credentials_get_domain(cred),
serviceprincipal);
- status = cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL,
+ status = cli_credentials_set_secrets(cred, lp_ctx, NULL,
SECRETS_PRINCIPALS_DN, filter,
&error_string);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 51d59d9..4729ed6 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -147,7 +147,6 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
{
struct gensec_gssapi_state *gensec_gssapi_state;
krb5_error_code ret;
- struct gsskrb5_send_to_kdc send_to_kdc;
const char *realm;
gensec_gssapi_state = talloc(gensec_security, struct gensec_gssapi_state);
@@ -209,7 +208,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
gensec_gssapi_state->pac = data_blob(NULL, 0);
ret = smb_krb5_init_context(gensec_gssapi_state,
- gensec_security->event_ctx,
+ NULL,
gensec_security->settings->lp_ctx,
&gensec_gssapi_state->smb_krb5_context);
if (ret) {
@@ -237,16 +236,6 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
talloc_set_destructor(gensec_gssapi_state, gensec_gssapi_destructor);
- send_to_kdc.func = smb_krb5_send_and_recv_func;
- send_to_kdc.ptr = gensec_security->event_ctx;
-
- ret = gsskrb5_set_send_to_kdc(&send_to_kdc);
- if (ret) {
- DEBUG(1,("gensec_krb5_start: gsskrb5_set_send_to_kdc failed\n"));
- talloc_free(gensec_gssapi_state);
- return NT_STATUS_INTERNAL_ERROR;
- }
-
realm = lpcfg_realm(gensec_security->settings->lp_ctx);
if (realm != NULL) {
ret = gsskrb5_set_default_realm(realm);
@@ -290,7 +279,6 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
} else {
ret = cli_credentials_get_server_gss_creds(machine_account,
- gensec_security->event_ctx,
gensec_security->settings->lp_ctx, &gcc);
if (ret) {
DEBUG(1, ("Aquiring acceptor credentials failed: %s\n",
@@ -469,6 +457,17 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
switch (gensec_security->gensec_role) {
case GENSEC_CLIENT:
{
+ struct gsskrb5_send_to_kdc send_to_kdc;
+ krb5_error_code ret;
+ send_to_kdc.func = smb_krb5_send_and_recv_func;
+ send_to_kdc.ptr = gensec_security->event_ctx;
+
+ min_stat = gsskrb5_set_send_to_kdc(&send_to_kdc);
+ if (min_stat) {
+ DEBUG(1,("gensec_krb5_start: gsskrb5_set_send_to_kdc failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
maj_stat = gss_init_sec_context(&min_stat,
gensec_gssapi_state->client_cred->creds,
&gensec_gssapi_state->gssapi_context,
@@ -485,6 +484,16 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
if (gss_oid_p) {
gensec_gssapi_state->gss_oid = gss_oid_p;
}
+
+ send_to_kdc.func = smb_krb5_send_and_recv_func;
+ send_to_kdc.ptr = NULL;
+
+ ret = gsskrb5_set_send_to_kdc(&send_to_kdc);
+ if (ret) {
+ DEBUG(1,("gensec_krb5_start: gsskrb5_set_send_to_kdc failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
break;
}
case GENSEC_SERVER:
@@ -1369,7 +1378,6 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
cli_credentials_set_anonymous(session_info->credentials);
ret = cli_credentials_set_client_gss_creds(session_info->credentials,
- gensec_security->event_ctx,
gensec_security->settings->lp_ctx,
gensec_gssapi_state->delegated_cred_handle,
CRED_SPECIFIED, &error_string);
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index a0d880f..345ef36 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -119,7 +119,6 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool
talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy);
if (cli_credentials_get_krb5_context(creds,
- gensec_security->event_ctx,
gensec_security->settings->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
talloc_free(gensec_krb5_state);
return NT_STATUS_INTERNAL_ERROR;
@@ -240,6 +239,7 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
const char *error_string;
const char *principal;
krb5_data in_data;
+ struct tevent_context *previous_ev;
hostname = gensec_get_target_hostname(gensec_security);
if (!hostname) {
@@ -299,6 +299,12 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
}
in_data.length = 0;
+ /* Do this every time, in case we have weird recursive issues here */
+ ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, gensec_security->event_ctx, &previous_ev);
+ if (ret != 0) {
+ DEBUG(1, ("gensec_krb5_start: Setting event context failed\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
if (principal) {
krb5_principal target_principal;
ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal,
@@ -322,6 +328,9 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
&in_data, ccache_container->ccache,
&gensec_krb5_state->enc_ticket);
}
+
+ smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, gensec_security->event_ctx);
+
switch (ret) {
case 0:
return NT_STATUS_OK;
@@ -488,7 +497,6 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
/* Grab the keytab, however generated */
ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security),
- gensec_security->event_ctx,
gensec_security->settings->lp_ctx, &keytab);
if (ret) {
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
diff --git a/source4/auth/kerberos/kerberos_credentials.h b/source4/auth/kerberos/kerberos_credentials.h
index 5522775..e94b88e 100644
--- a/source4/auth/kerberos/kerberos_credentials.h
+++ b/source4/auth/kerberos/kerberos_credentials.h
@@ -21,8 +21,9 @@
*/
krb5_error_code kinit_to_ccache(TALLOC_CTX *parent_ctx,
- struct cli_credentials *credentials,
- struct smb_krb5_context *smb_krb5_context,
- krb5_ccache ccache,
- enum credentials_obtained *obtained,
- const char **error_string);
+ struct cli_credentials *credentials,
+ struct smb_krb5_context *smb_krb5_context,
+ struct tevent_context *event_ctx,
+ krb5_ccache ccache,
+ enum credentials_obtained *obtained,
+ const char **error_string);
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 40f0cf7..5e31c45 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -655,7 +655,6 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
krb5_data k5pac_logon_info_in, k5pac_srv_checksum_in, k5pac_kdc_checksum_in;
union PAC_INFO info;
- union netr_Validation validation;
struct auth_serversupplied_info *server_info_out;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index 3020e97..c507912 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -332,6 +332,7 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
krb5_error_code kinit_to_ccache(TALLOC_CTX *parent_ctx,
struct cli_credentials *credentials,
--
Samba Shared Repository
More information about the samba-cvs
mailing list