[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Wed Mar 16 03:55:02 MDT 2011
The branch, master has been updated
via fad0112 s3-build: stop including ldap and lber headers everywhere in the code.
via d19ea55 s3-includes: avoid global include of gssapi headers.
via 6c8d802 s3-libsmb: move smb encryption structs into own header.
via e1f8433 libcli/security: move display_sec headers to own header file and add to security.h grouping header.
from 1d5f3c1 s4:ldb: don't install .pc files when building a private library
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fad0112373a9411c2a16eae03239aa0774a5e253
Author: Günther Deschner <gd at samba.org>
Date: Thu Feb 24 11:56:08 2011 +0100
s3-build: stop including ldap and lber headers everywhere in the code.
Instead use new header smb_ldap.h where all LDAP API related things are handled,
while smbldap.h only deals with our smbldap_X() API.
Guenther
Autobuild-User: Günther Deschner <gd at samba.org>
Autobuild-Date: Wed Mar 16 10:54:51 CET 2011 on sn-devel-104
commit d19ea55e9e48ccb1ca63bfc0ec97f0ba7b26f7fd
Author: Günther Deschner <gd at samba.org>
Date: Wed Mar 2 14:03:30 2011 +0100
s3-includes: avoid global include of gssapi headers.
Guenther
commit 6c8d802391e0aaf375108bcd1270565983d735a8
Author: Günther Deschner <gd at samba.org>
Date: Wed Mar 2 14:00:23 2011 +0100
s3-libsmb: move smb encryption structs into own header.
Guenther
commit e1f84330baa544ebaef42492a7ea2d69cb844fea
Author: Günther Deschner <gd at samba.org>
Date: Thu Feb 24 10:47:16 2011 +0100
libcli/security: move display_sec headers to own header file and add to
security.h grouping header.
Guenther
-----------------------------------------------------------------------
Summary of changes:
libcli/security/display_sec.c | 1 +
libcli/security/{sddl.h => display_sec.h} | 24 ++++++-----
libcli/security/security.h | 1 +
source3/include/ads.h | 2 +
source3/include/client.h | 27 ------------
source3/include/includes.h | 52 +-----------------------
source3/include/proto.h | 12 +-----
source3/include/smb_crypt.h | 62 +++++++++++++++++++++++++++++
source3/include/smb_krb5.h | 12 ++++++
source3/include/smb_ldap.h | 58 +++++++++++++++++++++++++++
source3/include/smbldap.h | 14 +------
source3/lib/ldap_debug_handler.c | 1 +
source3/libads/ads_status.c | 1 +
source3/libsmb/async_smb.c | 1 +
source3/libsmb/clifsinfo.c | 1 +
source3/libsmb/errormap.c | 8 ++++
source3/libsmb/nterr.c | 1 +
source3/libsmb/smb_seal.c | 1 +
source3/rpcclient/cmd_spoolss.c | 1 +
source3/rpcclient/cmd_srvsvc.c | 1 +
source3/smbd/seal.c | 1 +
source3/utils/net_registry.c | 1 +
source3/utils/net_rpc_registry.c | 1 +
source3/winbindd/winbindd.h | 1 +
24 files changed, 173 insertions(+), 112 deletions(-)
copy libcli/security/{sddl.h => display_sec.h} (53%)
create mode 100644 source3/include/smb_crypt.h
create mode 100644 source3/include/smb_ldap.h
Changeset truncated at 500 lines:
diff --git a/libcli/security/display_sec.c b/libcli/security/display_sec.c
index 0aa89b4..de8bb8b 100644
--- a/libcli/security/display_sec.c
+++ b/libcli/security/display_sec.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "libcli/security/security.h"
#include "librpc/ndr/libndr.h"
+#include "libcli/security/display_sec.h"
/****************************************************************************
convert a security permissions into a string
diff --git a/libcli/security/sddl.h b/libcli/security/display_sec.h
similarity index 53%
copy from libcli/security/sddl.h
copy to libcli/security/display_sec.h
index e8bc25a..336e04c 100644
--- a/libcli/security/sddl.h
+++ b/libcli/security/display_sec.h
@@ -1,8 +1,8 @@
/*
Unix SMB/CIFS implementation.
Samba utility functions
-
- Copyright (C) 2009 Jelmer Vernooij <jelmer at samba.org>
+ Copyright (C) Andrew Tridgell 1992-1999
+ Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -18,15 +18,17 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef __SDDL_H__
-#define __SDDL_H__
-
-#include "librpc/gen_ndr/security.h"
+#ifndef _LIBCLI_SECURITY_DISPLAY_SEC_H
+#define _LIBCLI_SECURITY_DISPLAY_SEC_H
-struct security_descriptor *sddl_decode(TALLOC_CTX *mem_ctx, const char *sddl,
- const struct dom_sid *domain_sid);
-char *sddl_encode(TALLOC_CTX *mem_ctx, const struct security_descriptor *sd,
- const struct dom_sid *domain_sid);
+/* The following definitions come from libcli/security/display_sec.c */
+char *get_sec_mask_str(TALLOC_CTX *ctx, uint32_t type);
+void display_sec_access(uint32_t *info);
+void display_sec_ace_flags(uint8_t flags);
+void display_sec_ace(struct security_ace *ace);
+void display_sec_acl(struct security_acl *sec_acl);
+void display_acl_type(uint16_t type);
+void display_sec_desc(struct security_descriptor *sec);
-#endif /* __SDDL_H__ */
+#endif /* _LIBCLI_SECURITY_DISPLAY_SEC_H */
diff --git a/libcli/security/security.h b/libcli/security/security.h
index bb7bc72..1a9f4fa 100644
--- a/libcli/security/security.h
+++ b/libcli/security/security.h
@@ -106,5 +106,6 @@ struct object_tree {
#include "libcli/security/privileges.h"
#include "libcli/security/access_check.h"
#include "libcli/security/session.h"
+#include "libcli/security/display_sec.h"
#endif
diff --git a/source3/include/ads.h b/source3/include/ads.h
index 6ef5455..ee6e5b8 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -6,6 +6,8 @@
basically this is a wrapper around ldap
*/
+#include "smb_ldap.h"
+
struct ads_struct;
struct ads_saslwrap_ops {
diff --git a/source3/include/client.h b/source3/include/client.h
index 03d4c85..9f8f46c 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -127,33 +127,6 @@ struct rpc_pipe_client {
struct netlogon_creds_CredentialState *dc;
};
-/* Transport encryption state. */
-enum smb_trans_enc_type {
- SMB_TRANS_ENC_NTLM
-#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
- , SMB_TRANS_ENC_GSS
-#endif
-};
-
-#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
-struct smb_tran_enc_state_gss {
- gss_ctx_id_t gss_ctx;
- gss_cred_id_t creds;
-};
-#endif
-
-struct smb_trans_enc_state {
- enum smb_trans_enc_type smb_enc_type;
- uint16 enc_ctx_num;
- bool enc_on;
- union {
- struct ntlmssp_state *ntlmssp_state;
-#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
- struct smb_tran_enc_state_gss *gss_state;
-#endif
- } s;
-};
-
struct cli_state_seqnum {
struct cli_state_seqnum *prev, *next;
uint16_t mid;
diff --git a/source3/include/includes.h b/source3/include/includes.h
index c79c962..eafecb7 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -136,60 +136,10 @@
#undef HAVE_KRB5
#endif
-#if HAVE_LBER_H
-#include <lber.h>
-#if defined(HPUX) && !defined(_LBER_TYPES_H)
-/* Define ber_tag_t and ber_int_t for using
- * HP LDAP-UX Integration products' LDAP libraries.
-*/
-#ifndef ber_tag_t
-typedef unsigned long ber_tag_t;
-typedef int ber_int_t;
-#endif
-#endif /* defined(HPUX) && !defined(_LBER_TYPES_H) */
-#ifndef LBER_USE_DER
-#define LBER_USE_DER 0x01
-#endif
-#endif
-
-#if HAVE_LDAP_H
-#include <ldap.h>
-#ifndef LDAP_CONST
-#define LDAP_CONST const
-#endif
-#ifndef LDAP_OPT_SUCCESS
-#define LDAP_OPT_SUCCESS 0
-#endif
-/* Solaris 8 and maybe other LDAP implementations spell this "..._INPROGRESS": */
-#if defined(LDAP_SASL_BIND_INPROGRESS) && !defined(LDAP_SASL_BIND_IN_PROGRESS)
-#define LDAP_SASL_BIND_IN_PROGRESS LDAP_SASL_BIND_INPROGRESS
-#endif
-/* Solaris 8 defines SSL_LDAP_PORT, not LDAPS_PORT and it only does so if
- LDAP_SSL is defined - but SSL is not working. We just want the
- port number! Let's just define LDAPS_PORT correct. */
-#if !defined(LDAPS_PORT)
-#define LDAPS_PORT 636
-#endif
-
-/* function declarations not included in proto.h */
-LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to);
-
-#else
+#ifndef HAVE_LDAP_H
#undef HAVE_LDAP
#endif
-#if HAVE_GSSAPI_GSSAPI_H
-#include <gssapi/gssapi.h>
-#elif HAVE_GSSAPI_GSSAPI_GENERIC_H
-#include <gssapi/gssapi_generic.h>
-#elif HAVE_GSSAPI_H
-#include <gssapi.h>
-#endif
-
-#if HAVE_COM_ERR_H
-#include <com_err.h>
-#endif
-
#if HAVE_SYS_ATTRIBUTES_H
#include <sys/attributes.h>
#endif
diff --git a/source3/include/proto.h b/source3/include/proto.h
index e8971c3..caa2d29 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -502,16 +502,6 @@ int connections_forall_read(int (*fn)(const struct connections_key *key,
void *private_data);
bool connections_init(bool rw);
-/* The following definitions come from lib/display_sec.c */
-
-char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type);
-void display_sec_access(uint32_t *info);
-void display_sec_ace_flags(uint8_t flags);
-void display_sec_ace(struct security_ace *ace);
-void display_sec_acl(struct security_acl *sec_acl);
-void display_acl_type(uint16 type);
-void display_sec_desc(struct security_descriptor *sec);
-
/* The following definitions come from lib/dmallocmsg.c */
void register_dmalloc_msgs(struct messaging_context *msg_ctx);
@@ -2561,7 +2551,7 @@ NTSTATUS nt_status_string_to_code(const char *nt_status_str);
NTSTATUS nt_status_squash(NTSTATUS nt_status);
/* The following definitions come from libsmb/ntlmssp.c */
-
+struct ntlmssp_state;
NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user) ;
NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state,
const uint8_t lm_hash[16],
diff --git a/source3/include/smb_crypt.h b/source3/include/smb_crypt.h
new file mode 100644
index 0000000..a5930d1
--- /dev/null
+++ b/source3/include/smb_crypt.h
@@ -0,0 +1,62 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB Transport encryption code.
+ Copyright (C) Jeremy Allison 2007.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _HEADER_SMB_CRYPT_H
+#define _HEADER_SMB_CRYPT_H
+
+#if HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#elif HAVE_GSSAPI_GSSAPI_GENERIC_H
+#include <gssapi/gssapi_generic.h>
+#elif HAVE_GSSAPI_H
+#include <gssapi.h>
+#endif
+
+#if HAVE_COM_ERR_H
+#include <com_err.h>
+#endif
+
+/* Transport encryption state. */
+enum smb_trans_enc_type {
+ SMB_TRANS_ENC_NTLM
+#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
+ , SMB_TRANS_ENC_GSS
+#endif
+};
+
+#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
+struct smb_tran_enc_state_gss {
+ gss_ctx_id_t gss_ctx;
+ gss_cred_id_t creds;
+};
+#endif
+
+struct smb_trans_enc_state {
+ enum smb_trans_enc_type smb_enc_type;
+ uint16 enc_ctx_num;
+ bool enc_on;
+ union {
+ struct ntlmssp_state *ntlmssp_state;
+#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
+ struct smb_tran_enc_state_gss *gss_state;
+#endif
+ } s;
+};
+
+#endif /* _HEADER_SMB_CRYPT_H */
diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h
index 64c5136..adbb0de 100644
--- a/source3/include/smb_krb5.h
+++ b/source3/include/smb_krb5.h
@@ -14,6 +14,18 @@
#include <krb5.h>
#endif
+#if HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#elif HAVE_GSSAPI_GSSAPI_GENERIC_H
+#include <gssapi/gssapi_generic.h>
+#elif HAVE_GSSAPI_H
+#include <gssapi.h>
+#endif
+
+#if HAVE_COM_ERR_H
+#include <com_err.h>
+#endif
+
#ifndef KRB5_ADDR_NETBIOS
#define KRB5_ADDR_NETBIOS 0x14
#endif
diff --git a/source3/include/smb_ldap.h b/source3/include/smb_ldap.h
new file mode 100644
index 0000000..45e5868
--- /dev/null
+++ b/source3/include/smb_ldap.h
@@ -0,0 +1,58 @@
+#ifndef _SMB_LDAP_H
+#define _SMB_LDAP_H
+
+#if HAVE_LBER_H
+#include <lber.h>
+#if defined(HPUX) && !defined(_LBER_TYPES_H)
+/* Define ber_tag_t and ber_int_t for using
+ * HP LDAP-UX Integration products' LDAP libraries.
+*/
+#ifndef ber_tag_t
+typedef unsigned long ber_tag_t;
+typedef int ber_int_t;
+#endif
+#endif /* defined(HPUX) && !defined(_LBER_TYPES_H) */
+#ifndef LBER_USE_DER
+#define LBER_USE_DER 0x01
+#endif
+#endif /* HAVE_LBER_H */
+
+#if HAVE_LDAP_H
+#include <ldap.h>
+#ifndef LDAP_CONST
+#define LDAP_CONST const
+#endif
+#ifndef LDAP_OPT_SUCCESS
+#define LDAP_OPT_SUCCESS 0
+#endif
+/* Solaris 8 and maybe other LDAP implementations spell this "..._INPROGRESS": */
+#if defined(LDAP_SASL_BIND_INPROGRESS) && !defined(LDAP_SASL_BIND_IN_PROGRESS)
+#define LDAP_SASL_BIND_IN_PROGRESS LDAP_SASL_BIND_INPROGRESS
+#endif
+/* Solaris 8 defines SSL_LDAP_PORT, not LDAPS_PORT and it only does so if
+ LDAP_SSL is defined - but SSL is not working. We just want the
+ port number! Let's just define LDAPS_PORT correct. */
+#if !defined(LDAPS_PORT)
+#define LDAPS_PORT 636
+#endif
+
+/* function declarations not included in proto.h */
+LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to);
+
+#endif /* HAVE_LDAP_H */
+
+#ifndef HAVE_LDAP
+#define LDAP void
+#define LDAPMessage void
+#define LDAPMod void
+#define LDAP_CONST const
+#define LDAPControl void
+struct berval;
+struct ldapsam_privates;
+#endif /* HAVE_LDAP */
+
+#ifndef LDAP_OPT_SUCCESS
+#define LDAP_OPT_SUCCESS 0
+#endif
+
+#endif /* _SMB_LDAP_H */
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index 3427ab5..7872ce4 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -23,6 +23,8 @@
struct smbldap_state;
+#include "smb_ldap.h"
+
#ifdef HAVE_LDAP
/* specify schema versions between 2.2. and 3.0 */
@@ -277,24 +279,12 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state,
LDAPMessage ** result, const char *domain_name,
bool try_add);
-#else
-#define LDAP void
-#define LDAPMessage void
-#define LDAPMod void
-#define LDAP_CONST const
-#define LDAPControl void
-struct berval;
-struct ldapsam_privates;
#endif /* HAVE_LDAP */
#define LDAP_DEFAULT_TIMEOUT 15
#define LDAP_CONNECTION_DEFAULT_TIMEOUT 2
#define LDAP_PAGE_SIZE 1024
-#ifndef LDAP_OPT_SUCCESS
-#define LDAP_OPT_SUCCESS 0
-#endif
-
#define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319"
/*
diff --git a/source3/lib/ldap_debug_handler.c b/source3/lib/ldap_debug_handler.c
index 98623d1..27d9a20 100644
--- a/source3/lib/ldap_debug_handler.c
+++ b/source3/lib/ldap_debug_handler.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "smb_ldap.h"
#if defined(HAVE_LDAP) && defined(HAVE_LBER_LOG_PRINT_FN)
static void samba_ldap_log_print_fn(LDAP_CONST char *data)
diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c
index 6680766..b994641 100644
--- a/source3/libads/ads_status.c
+++ b/source3/libads/ads_status.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "smb_krb5.h"
+#include "smb_ldap.h"
/*
build a ADS_STATUS structure
diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c
index 24df6a6..9708e3c 100644
--- a/source3/libsmb/async_smb.c
+++ b/source3/libsmb/async_smb.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "../lib/async_req/async_sock.h"
#include "async_smb.h"
+#include "smb_crypt.h"
/*
* Read an smb packet asynchronously, discard keepalives
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index a5f58bb..7845a9d 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -22,6 +22,7 @@
#include "../libcli/auth/spnego.h"
#include "../libcli/auth/ntlmssp.h"
#include "async_smb.h"
+#include "smb_crypt.h"
/****************************************************************************
Get UNIX extensions version info.
diff --git a/source3/libsmb/errormap.c b/source3/libsmb/errormap.c
index 71efff3..049929f 100644
--- a/source3/libsmb/errormap.c
+++ b/source3/libsmb/errormap.c
@@ -22,6 +22,14 @@
#include "includes.h"
#include "nsswitch/libwbclient/wbclient.h"
+#if HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#elif HAVE_GSSAPI_GSSAPI_GENERIC_H
+#include <gssapi/gssapi_generic.h>
+#elif HAVE_GSSAPI_H
+#include <gssapi.h>
+#endif
+
/* This map was extracted by the ERRMAPEXTRACT smbtorture command.
The setup was a Samba HEAD (2002-01-03) PDC and an Win2k member
workstation. The PDC was modified (by using the 'name_to_nt_status'
diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c
index 1ba2691..3219658 100644
--- a/source3/libsmb/nterr.c
+++ b/source3/libsmb/nterr.c
@@ -20,6 +20,7 @@
/* NT error codes. please read nterr.h */
#include "includes.h"
+#include "smb_ldap.h"
#undef strcasecmp
#if !defined(N_)
diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c
index 4610850..0eed15d 100644
--- a/source3/libsmb/smb_seal.c
+++ b/source3/libsmb/smb_seal.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "../libcli/auth/ntlmssp.h"
+#include "smb_crypt.h"
/******************************************************************************
Pull out the encryption context for this packet. 0 means global context.
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
--
Samba Shared Repository
More information about the samba-cvs
mailing list