[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Wed Mar 16 03:55:02 MDT 2011


The branch, master has been updated
       via  fad0112 s3-build: stop including ldap and lber headers everywhere in the code.
       via  d19ea55 s3-includes: avoid global include of gssapi headers.
       via  6c8d802 s3-libsmb: move smb encryption structs into own header.
       via  e1f8433 libcli/security: move display_sec headers to own header file and add to security.h grouping header.
      from  1d5f3c1 s4:ldb: don't install .pc files when building a private library

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit fad0112373a9411c2a16eae03239aa0774a5e253
Author: Günther Deschner <gd at samba.org>
Date:   Thu Feb 24 11:56:08 2011 +0100

    s3-build: stop including ldap and lber headers everywhere in the code.
    
    Instead use new header smb_ldap.h where all LDAP API related things are handled,
    while smbldap.h only deals with our smbldap_X() API.
    
    Guenther
    
    Autobuild-User: Günther Deschner <gd at samba.org>
    Autobuild-Date: Wed Mar 16 10:54:51 CET 2011 on sn-devel-104

commit d19ea55e9e48ccb1ca63bfc0ec97f0ba7b26f7fd
Author: Günther Deschner <gd at samba.org>
Date:   Wed Mar 2 14:03:30 2011 +0100

    s3-includes: avoid global include of gssapi headers.
    
    Guenther

commit 6c8d802391e0aaf375108bcd1270565983d735a8
Author: Günther Deschner <gd at samba.org>
Date:   Wed Mar 2 14:00:23 2011 +0100

    s3-libsmb: move smb encryption structs into own header.
    
    Guenther

commit e1f84330baa544ebaef42492a7ea2d69cb844fea
Author: Günther Deschner <gd at samba.org>
Date:   Thu Feb 24 10:47:16 2011 +0100

    libcli/security: move display_sec headers to own header file and add to
    security.h grouping header.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 libcli/security/display_sec.c             |    1 +
 libcli/security/{sddl.h => display_sec.h} |   24 ++++++-----
 libcli/security/security.h                |    1 +
 source3/include/ads.h                     |    2 +
 source3/include/client.h                  |   27 ------------
 source3/include/includes.h                |   52 +-----------------------
 source3/include/proto.h                   |   12 +-----
 source3/include/smb_crypt.h               |   62 +++++++++++++++++++++++++++++
 source3/include/smb_krb5.h                |   12 ++++++
 source3/include/smb_ldap.h                |   58 +++++++++++++++++++++++++++
 source3/include/smbldap.h                 |   14 +------
 source3/lib/ldap_debug_handler.c          |    1 +
 source3/libads/ads_status.c               |    1 +
 source3/libsmb/async_smb.c                |    1 +
 source3/libsmb/clifsinfo.c                |    1 +
 source3/libsmb/errormap.c                 |    8 ++++
 source3/libsmb/nterr.c                    |    1 +
 source3/libsmb/smb_seal.c                 |    1 +
 source3/rpcclient/cmd_spoolss.c           |    1 +
 source3/rpcclient/cmd_srvsvc.c            |    1 +
 source3/smbd/seal.c                       |    1 +
 source3/utils/net_registry.c              |    1 +
 source3/utils/net_rpc_registry.c          |    1 +
 source3/winbindd/winbindd.h               |    1 +
 24 files changed, 173 insertions(+), 112 deletions(-)
 copy libcli/security/{sddl.h => display_sec.h} (53%)
 create mode 100644 source3/include/smb_crypt.h
 create mode 100644 source3/include/smb_ldap.h


Changeset truncated at 500 lines:

diff --git a/libcli/security/display_sec.c b/libcli/security/display_sec.c
index 0aa89b4..de8bb8b 100644
--- a/libcli/security/display_sec.c
+++ b/libcli/security/display_sec.c
@@ -21,6 +21,7 @@
 #include "includes.h"
 #include "libcli/security/security.h"
 #include "librpc/ndr/libndr.h"
+#include "libcli/security/display_sec.h"
 
 /****************************************************************************
 convert a security permissions into a string
diff --git a/libcli/security/sddl.h b/libcli/security/display_sec.h
similarity index 53%
copy from libcli/security/sddl.h
copy to libcli/security/display_sec.h
index e8bc25a..336e04c 100644
--- a/libcli/security/sddl.h
+++ b/libcli/security/display_sec.h
@@ -1,8 +1,8 @@
 /*
    Unix SMB/CIFS implementation.
    Samba utility functions
-
-   Copyright (C) 2009 Jelmer Vernooij <jelmer at samba.org>
+   Copyright (C) Andrew Tridgell 1992-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -18,15 +18,17 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#ifndef __SDDL_H__
-#define __SDDL_H__
-
-#include "librpc/gen_ndr/security.h"
+#ifndef _LIBCLI_SECURITY_DISPLAY_SEC_H
+#define _LIBCLI_SECURITY_DISPLAY_SEC_H
 
-struct security_descriptor *sddl_decode(TALLOC_CTX *mem_ctx, const char *sddl,
-					const struct dom_sid *domain_sid);
-char *sddl_encode(TALLOC_CTX *mem_ctx, const struct security_descriptor *sd,
-		  const struct dom_sid *domain_sid);
+/* The following definitions come from libcli/security/display_sec.c */
 
+char *get_sec_mask_str(TALLOC_CTX *ctx, uint32_t type);
+void display_sec_access(uint32_t *info);
+void display_sec_ace_flags(uint8_t flags);
+void display_sec_ace(struct security_ace *ace);
+void display_sec_acl(struct security_acl *sec_acl);
+void display_acl_type(uint16_t type);
+void display_sec_desc(struct security_descriptor *sec);
 
-#endif /* __SDDL_H__ */
+#endif /* _LIBCLI_SECURITY_DISPLAY_SEC_H */
diff --git a/libcli/security/security.h b/libcli/security/security.h
index bb7bc72..1a9f4fa 100644
--- a/libcli/security/security.h
+++ b/libcli/security/security.h
@@ -106,5 +106,6 @@ struct object_tree {
 #include "libcli/security/privileges.h"
 #include "libcli/security/access_check.h"
 #include "libcli/security/session.h"
+#include "libcli/security/display_sec.h"
 
 #endif
diff --git a/source3/include/ads.h b/source3/include/ads.h
index 6ef5455..ee6e5b8 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -6,6 +6,8 @@
   basically this is a wrapper around ldap
 */
 
+#include "smb_ldap.h"
+
 struct ads_struct;
 
 struct ads_saslwrap_ops {
diff --git a/source3/include/client.h b/source3/include/client.h
index 03d4c85..9f8f46c 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -127,33 +127,6 @@ struct rpc_pipe_client {
 	struct netlogon_creds_CredentialState *dc;
 };
 
-/* Transport encryption state. */
-enum smb_trans_enc_type {
-		SMB_TRANS_ENC_NTLM
-#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
-		, SMB_TRANS_ENC_GSS
-#endif
-};
-
-#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
-struct smb_tran_enc_state_gss {
-        gss_ctx_id_t gss_ctx;
-        gss_cred_id_t creds;
-};
-#endif
-
-struct smb_trans_enc_state {
-        enum smb_trans_enc_type smb_enc_type;
-        uint16 enc_ctx_num;
-        bool enc_on;
-        union {
-                struct ntlmssp_state *ntlmssp_state;
-#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
-                struct smb_tran_enc_state_gss *gss_state;
-#endif
-        } s;
-};
-
 struct cli_state_seqnum {
 	struct cli_state_seqnum *prev, *next;
 	uint16_t mid;
diff --git a/source3/include/includes.h b/source3/include/includes.h
index c79c962..eafecb7 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -136,60 +136,10 @@
 #undef HAVE_KRB5
 #endif
 
-#if HAVE_LBER_H
-#include <lber.h>
-#if defined(HPUX) && !defined(_LBER_TYPES_H)
-/* Define ber_tag_t and ber_int_t for using
- * HP LDAP-UX Integration products' LDAP libraries.
-*/
-#ifndef ber_tag_t
-typedef unsigned long ber_tag_t;
-typedef int ber_int_t;
-#endif
-#endif /* defined(HPUX) && !defined(_LBER_TYPES_H) */
-#ifndef LBER_USE_DER
-#define LBER_USE_DER 0x01
-#endif
-#endif
-
-#if HAVE_LDAP_H
-#include <ldap.h>
-#ifndef LDAP_CONST
-#define LDAP_CONST const
-#endif
-#ifndef LDAP_OPT_SUCCESS
-#define LDAP_OPT_SUCCESS 0
-#endif
-/* Solaris 8 and maybe other LDAP implementations spell this "..._INPROGRESS": */
-#if defined(LDAP_SASL_BIND_INPROGRESS) && !defined(LDAP_SASL_BIND_IN_PROGRESS)
-#define LDAP_SASL_BIND_IN_PROGRESS LDAP_SASL_BIND_INPROGRESS
-#endif
-/* Solaris 8 defines SSL_LDAP_PORT, not LDAPS_PORT and it only does so if
-   LDAP_SSL is defined - but SSL is not working. We just want the
-   port number! Let's just define LDAPS_PORT correct. */
-#if !defined(LDAPS_PORT)
-#define LDAPS_PORT 636
-#endif
-
-/* function declarations not included in proto.h */
-LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to);
-
-#else
+#ifndef HAVE_LDAP_H
 #undef HAVE_LDAP
 #endif
 
-#if HAVE_GSSAPI_GSSAPI_H
-#include <gssapi/gssapi.h>
-#elif HAVE_GSSAPI_GSSAPI_GENERIC_H
-#include <gssapi/gssapi_generic.h>
-#elif HAVE_GSSAPI_H
-#include <gssapi.h>
-#endif
-
-#if HAVE_COM_ERR_H
-#include <com_err.h>
-#endif
-
 #if HAVE_SYS_ATTRIBUTES_H
 #include <sys/attributes.h>
 #endif
diff --git a/source3/include/proto.h b/source3/include/proto.h
index e8971c3..caa2d29 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -502,16 +502,6 @@ int connections_forall_read(int (*fn)(const struct connections_key *key,
 			    void *private_data);
 bool connections_init(bool rw);
 
-/* The following definitions come from lib/display_sec.c  */
-
-char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type);
-void display_sec_access(uint32_t *info);
-void display_sec_ace_flags(uint8_t flags);
-void display_sec_ace(struct security_ace *ace);
-void display_sec_acl(struct security_acl *sec_acl);
-void display_acl_type(uint16 type);
-void display_sec_desc(struct security_descriptor *sec);
-
 /* The following definitions come from lib/dmallocmsg.c  */
 
 void register_dmalloc_msgs(struct messaging_context *msg_ctx);
@@ -2561,7 +2551,7 @@ NTSTATUS nt_status_string_to_code(const char *nt_status_str);
 NTSTATUS nt_status_squash(NTSTATUS nt_status);
 
 /* The following definitions come from libsmb/ntlmssp.c  */
-
+struct ntlmssp_state;
 NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user) ;
 NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state,
 			    const uint8_t lm_hash[16],
diff --git a/source3/include/smb_crypt.h b/source3/include/smb_crypt.h
new file mode 100644
index 0000000..a5930d1
--- /dev/null
+++ b/source3/include/smb_crypt.h
@@ -0,0 +1,62 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB Transport encryption code.
+   Copyright (C) Jeremy Allison 2007.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _HEADER_SMB_CRYPT_H
+#define _HEADER_SMB_CRYPT_H
+
+#if HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#elif HAVE_GSSAPI_GSSAPI_GENERIC_H
+#include <gssapi/gssapi_generic.h>
+#elif HAVE_GSSAPI_H
+#include <gssapi.h>
+#endif
+
+#if HAVE_COM_ERR_H
+#include <com_err.h>
+#endif
+
+/* Transport encryption state. */
+enum smb_trans_enc_type {
+		SMB_TRANS_ENC_NTLM
+#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
+		, SMB_TRANS_ENC_GSS
+#endif
+};
+
+#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
+struct smb_tran_enc_state_gss {
+        gss_ctx_id_t gss_ctx;
+        gss_cred_id_t creds;
+};
+#endif
+
+struct smb_trans_enc_state {
+        enum smb_trans_enc_type smb_enc_type;
+        uint16 enc_ctx_num;
+        bool enc_on;
+        union {
+                struct ntlmssp_state *ntlmssp_state;
+#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
+                struct smb_tran_enc_state_gss *gss_state;
+#endif
+        } s;
+};
+
+#endif /* _HEADER_SMB_CRYPT_H */
diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h
index 64c5136..adbb0de 100644
--- a/source3/include/smb_krb5.h
+++ b/source3/include/smb_krb5.h
@@ -14,6 +14,18 @@
 #include <krb5.h>
 #endif
 
+#if HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#elif HAVE_GSSAPI_GSSAPI_GENERIC_H
+#include <gssapi/gssapi_generic.h>
+#elif HAVE_GSSAPI_H
+#include <gssapi.h>
+#endif
+
+#if HAVE_COM_ERR_H
+#include <com_err.h>
+#endif
+
 #ifndef KRB5_ADDR_NETBIOS
 #define KRB5_ADDR_NETBIOS 0x14
 #endif
diff --git a/source3/include/smb_ldap.h b/source3/include/smb_ldap.h
new file mode 100644
index 0000000..45e5868
--- /dev/null
+++ b/source3/include/smb_ldap.h
@@ -0,0 +1,58 @@
+#ifndef _SMB_LDAP_H
+#define _SMB_LDAP_H
+
+#if HAVE_LBER_H
+#include <lber.h>
+#if defined(HPUX) && !defined(_LBER_TYPES_H)
+/* Define ber_tag_t and ber_int_t for using
+ * HP LDAP-UX Integration products' LDAP libraries.
+*/
+#ifndef ber_tag_t
+typedef unsigned long ber_tag_t;
+typedef int ber_int_t;
+#endif
+#endif /* defined(HPUX) && !defined(_LBER_TYPES_H) */
+#ifndef LBER_USE_DER
+#define LBER_USE_DER 0x01
+#endif
+#endif /* HAVE_LBER_H */
+
+#if HAVE_LDAP_H
+#include <ldap.h>
+#ifndef LDAP_CONST
+#define LDAP_CONST const
+#endif
+#ifndef LDAP_OPT_SUCCESS
+#define LDAP_OPT_SUCCESS 0
+#endif
+/* Solaris 8 and maybe other LDAP implementations spell this "..._INPROGRESS": */
+#if defined(LDAP_SASL_BIND_INPROGRESS) && !defined(LDAP_SASL_BIND_IN_PROGRESS)
+#define LDAP_SASL_BIND_IN_PROGRESS LDAP_SASL_BIND_INPROGRESS
+#endif
+/* Solaris 8 defines SSL_LDAP_PORT, not LDAPS_PORT and it only does so if
+   LDAP_SSL is defined - but SSL is not working. We just want the
+   port number! Let's just define LDAPS_PORT correct. */
+#if !defined(LDAPS_PORT)
+#define LDAPS_PORT 636
+#endif
+
+/* function declarations not included in proto.h */
+LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to);
+
+#endif /* HAVE_LDAP_H */
+
+#ifndef HAVE_LDAP
+#define LDAP void
+#define LDAPMessage void
+#define LDAPMod void
+#define LDAP_CONST const
+#define LDAPControl void
+struct berval;
+struct ldapsam_privates;
+#endif /* HAVE_LDAP */
+
+#ifndef LDAP_OPT_SUCCESS
+#define LDAP_OPT_SUCCESS 0
+#endif
+
+#endif /* _SMB_LDAP_H */
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index 3427ab5..7872ce4 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -23,6 +23,8 @@
 
 struct smbldap_state;
 
+#include "smb_ldap.h"
+
 #ifdef HAVE_LDAP
 
 /* specify schema versions between 2.2. and 3.0 */
@@ -277,24 +279,12 @@ NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state,
                                     LDAPMessage ** result, const char *domain_name,
                                     bool try_add);
 
-#else
-#define LDAP void
-#define LDAPMessage void
-#define LDAPMod void
-#define LDAP_CONST const
-#define LDAPControl void
-struct berval;
-struct ldapsam_privates;
 #endif 	/* HAVE_LDAP */
 
 #define LDAP_DEFAULT_TIMEOUT   15
 #define LDAP_CONNECTION_DEFAULT_TIMEOUT 2
 #define LDAP_PAGE_SIZE 1024
 
-#ifndef LDAP_OPT_SUCCESS
-#define LDAP_OPT_SUCCESS 0
-#endif
-
 #define ADS_PAGE_CTL_OID 	"1.2.840.113556.1.4.319"
 
 /*
diff --git a/source3/lib/ldap_debug_handler.c b/source3/lib/ldap_debug_handler.c
index 98623d1..27d9a20 100644
--- a/source3/lib/ldap_debug_handler.c
+++ b/source3/lib/ldap_debug_handler.c
@@ -18,6 +18,7 @@
  */
 
 #include "includes.h"
+#include "smb_ldap.h"
 
 #if defined(HAVE_LDAP) && defined(HAVE_LBER_LOG_PRINT_FN)
 static void samba_ldap_log_print_fn(LDAP_CONST char *data)
diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c
index 6680766..b994641 100644
--- a/source3/libads/ads_status.c
+++ b/source3/libads/ads_status.c
@@ -22,6 +22,7 @@
 
 #include "includes.h"
 #include "smb_krb5.h"
+#include "smb_ldap.h"
 
 /*
   build a ADS_STATUS structure
diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c
index 24df6a6..9708e3c 100644
--- a/source3/libsmb/async_smb.c
+++ b/source3/libsmb/async_smb.c
@@ -20,6 +20,7 @@
 #include "includes.h"
 #include "../lib/async_req/async_sock.h"
 #include "async_smb.h"
+#include "smb_crypt.h"
 
 /*
  * Read an smb packet asynchronously, discard keepalives
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index a5f58bb..7845a9d 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -22,6 +22,7 @@
 #include "../libcli/auth/spnego.h"
 #include "../libcli/auth/ntlmssp.h"
 #include "async_smb.h"
+#include "smb_crypt.h"
 
 /****************************************************************************
  Get UNIX extensions version info.
diff --git a/source3/libsmb/errormap.c b/source3/libsmb/errormap.c
index 71efff3..049929f 100644
--- a/source3/libsmb/errormap.c
+++ b/source3/libsmb/errormap.c
@@ -22,6 +22,14 @@
 #include "includes.h"
 #include "nsswitch/libwbclient/wbclient.h"
 
+#if HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#elif HAVE_GSSAPI_GSSAPI_GENERIC_H
+#include <gssapi/gssapi_generic.h>
+#elif HAVE_GSSAPI_H
+#include <gssapi.h>
+#endif
+
 /* This map was extracted by the ERRMAPEXTRACT smbtorture command. 
    The setup was a Samba HEAD (2002-01-03) PDC and an Win2k member 
    workstation.  The PDC was modified (by using the 'name_to_nt_status'
diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c
index 1ba2691..3219658 100644
--- a/source3/libsmb/nterr.c
+++ b/source3/libsmb/nterr.c
@@ -20,6 +20,7 @@
 /* NT error codes.  please read nterr.h */
 
 #include "includes.h"
+#include "smb_ldap.h"
 #undef strcasecmp
 
 #if !defined(N_)
diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c
index 4610850..0eed15d 100644
--- a/source3/libsmb/smb_seal.c
+++ b/source3/libsmb/smb_seal.c
@@ -19,6 +19,7 @@
 
 #include "includes.h"
 #include "../libcli/auth/ntlmssp.h"
+#include "smb_crypt.h"
 
 /******************************************************************************
  Pull out the encryption context for this packet. 0 means global context.
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c


-- 
Samba Shared Repository


More information about the samba-cvs mailing list