[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Wed Sep 21 11:14:03 MDT 2011
The branch, master has been updated
via 60d91f2 s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin.
via a9a8164 s3-netapi: allow to use default krb5 credential cache for libnetapi users.
from 39dcf4b s3:smb2-server: session setup replies should always be signed (except for guest sessions)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 60d91f2c561fb3467a2cc73377f9ba9204ddd496
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 21 17:28:58 2011 +0200
s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin.
We force using a MEMORY ccache though in the wkssvc server.
Guenther
Autobuild-User: Günther Deschner <gd at samba.org>
Autobuild-Date: Wed Sep 21 19:13:33 CEST 2011 on sn-devel-104
commit a9a81648e974b62e67fe42313ab32024d72d9007
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 21 17:28:02 2011 +0200
s3-netapi: allow to use default krb5 credential cache for libnetapi users.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/lib/netapi/netapi.c | 25 +++++++++++++++-------
source3/lib/netapi/netapi.h | 6 +++++
source3/libnet/libnet_join.c | 31 -----------------------------
source3/rpc_server/wkssvc/srv_wkssvc_nt.c | 5 ++++
4 files changed, 28 insertions(+), 39 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c
index a4a8e44..9ed13fc 100644
--- a/source3/lib/netapi/netapi.c
+++ b/source3/lib/netapi/netapi.c
@@ -106,8 +106,6 @@ NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context)
{
NET_API_STATUS status;
struct libnetapi_ctx *ctx = NULL;
- char *krb5_cc_env = NULL;
-
TALLOC_CTX *frame = talloc_stackframe();
ctx = talloc_zero(frame, struct libnetapi_ctx);
@@ -118,12 +116,6 @@ NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context)
BlockSignals(True, SIGPIPE);
- krb5_cc_env = getenv(KRB5_ENV_CCNAME);
- if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) {
- ctx->krb5_cc_env = talloc_strdup(ctx, "MEMORY:libnetapi");
- setenv(KRB5_ENV_CCNAME, ctx->krb5_cc_env, 1);
- }
-
if (getenv("USER")) {
ctx->username = talloc_strdup(ctx, getenv("USER"));
} else {
@@ -276,6 +268,9 @@ NET_API_STATUS libnetapi_set_use_kerberos(struct libnetapi_ctx *ctx)
return NET_API_STATUS_SUCCESS;
}
+/****************************************************************
+****************************************************************/
+
NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx)
{
ctx->use_ccache = true;
@@ -283,6 +278,20 @@ NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx)
}
/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_use_memory_krb5_ccache(struct libnetapi_ctx *ctx)
+{
+ ctx->krb5_cc_env = talloc_strdup(ctx, "MEMORY:libnetapi");
+ if (!ctx->krb5_cc_env) {
+ return W_ERROR_V(WERR_NOMEM);
+ }
+ setenv(KRB5_ENV_CCNAME, ctx->krb5_cc_env, 1);
+ ctx->use_memory_krb5_ccache = 1;
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
Return a libnetapi error as a string, caller must free with NetApiBufferFree
****************************************************************/
diff --git a/source3/lib/netapi/netapi.h b/source3/lib/netapi/netapi.h
index 620d8cf..2a52321 100644
--- a/source3/lib/netapi/netapi.h
+++ b/source3/lib/netapi/netapi.h
@@ -1356,6 +1356,7 @@ struct libnetapi_ctx {
char *krb5_cc_env;
int use_kerberos;
int use_ccache;
+ int use_memory_krb5_ccache;
int disable_policy_handle_cache;
void *private_data;
@@ -1411,6 +1412,11 @@ NET_API_STATUS libnetapi_set_use_kerberos(struct libnetapi_ctx *ctx);
NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx);
/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_use_memory_krb5_ccache(struct libnetapi_ctx *ctx);
+
+/****************************************************************
Return a specific libnetapi error as a string, caller must free with NetApiBufferFree
****************************************************************/
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 20d4f21..757225f 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -35,7 +35,6 @@
#include "secrets.h"
#include "rpc_client/init_lsa.h"
#include "rpc_client/cli_pipe.h"
-#include "krb5_env.h"
#include "../libcli/security/security.h"
#include "passdb.h"
#include "libsmb/libsmb.h"
@@ -1766,17 +1765,10 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx,
static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r)
{
- const char *krb5_cc_env = NULL;
-
if (r->in.ads) {
ads_destroy(&r->in.ads);
}
- krb5_cc_env = getenv(KRB5_ENV_CCNAME);
- if (krb5_cc_env && strcasecmp_m(krb5_cc_env, "MEMORY:libnetjoin")) {
- unsetenv(KRB5_ENV_CCNAME);
- }
-
return 0;
}
@@ -1785,17 +1777,10 @@ static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r)
static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r)
{
- const char *krb5_cc_env = NULL;
-
if (r->in.ads) {
ads_destroy(&r->in.ads);
}
- krb5_cc_env = getenv(KRB5_ENV_CCNAME);
- if (krb5_cc_env && strcasecmp_m(krb5_cc_env, "MEMORY:libnetjoin")) {
- unsetenv(KRB5_ENV_CCNAME);
- }
-
return 0;
}
@@ -1806,7 +1791,6 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx **r)
{
struct libnet_JoinCtx *ctx;
- const char *krb5_cc_env = NULL;
ctx = talloc_zero(mem_ctx, struct libnet_JoinCtx);
if (!ctx) {
@@ -1818,13 +1802,6 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx,
ctx->in.machine_name = talloc_strdup(mem_ctx, lp_netbios_name());
W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name);
- krb5_cc_env = getenv(KRB5_ENV_CCNAME);
- if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) {
- krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin");
- W_ERROR_HAVE_NO_MEMORY(krb5_cc_env);
- setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1);
- }
-
ctx->in.secure_channel_type = SEC_CHAN_WKSTA;
*r = ctx;
@@ -1839,7 +1816,6 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx,
struct libnet_UnjoinCtx **r)
{
struct libnet_UnjoinCtx *ctx;
- const char *krb5_cc_env = NULL;
ctx = talloc_zero(mem_ctx, struct libnet_UnjoinCtx);
if (!ctx) {
@@ -1851,13 +1827,6 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx,
ctx->in.machine_name = talloc_strdup(mem_ctx, lp_netbios_name());
W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name);
- krb5_cc_env = getenv(KRB5_ENV_CCNAME);
- if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) {
- krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin");
- W_ERROR_HAVE_NO_MEMORY(krb5_cc_env);
- setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1);
- }
-
*r = ctx;
return WERR_OK;
diff --git a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
index 49c71b8..e65aa49 100644
--- a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
+++ b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
@@ -32,6 +32,7 @@
#include "session.h"
#include "smbd/smbd.h"
#include "auth.h"
+#include "krb5_env.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
@@ -867,7 +868,9 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p,
j->in.msg_ctx = p->msg_ctx;
become_root();
+ setenv(KRB5_ENV_CCNAME, "MEMORY:_wkssvc_NetrJoinDomain2", 1);
werr = libnet_Join(p->mem_ctx, j);
+ unsetenv(KRB5_ENV_CCNAME);
unbecome_root();
if (!W_ERROR_IS_OK(werr)) {
@@ -933,7 +936,9 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p,
u->in.msg_ctx = p->msg_ctx;
become_root();
+ setenv(KRB5_ENV_CCNAME, "MEMORY:_wkssvc_NetrUnjoinDomain2", 1);
werr = libnet_Unjoin(p->mem_ctx, u);
+ unsetenv(KRB5_ENV_CCNAME);
unbecome_root();
if (!W_ERROR_IS_OK(werr)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list