[SCM] Samba Shared Repository - branch master updated

Amitay Isaacs amitay at samba.org
Tue Jan 3 18:00:02 MST 2012 

The branch, master has been updated
       via  6a1201a dlz_bind9: create session info from PAC using auth context
      from  909056a s3-cli: fix bug 563, >8GB tar on BE machines

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6a1201a67b36bc1bb3214ee911b130c4affb8dec
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Tue Jan 3 15:39:20 2012 +1100

    dlz_bind9: create session info from PAC using auth context
    
    This fixes the creation of session info from PAC, after changes
    in gensec code.
    
    Autobuild-User: Amitay Isaacs <amitay at samba.org>
    Autobuild-Date: Wed Jan  4 01:59:09 CET 2012 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source4/dns_server/dlz_bind9.c |   66 +++++++++++++++++++++++++++++++++++----
 1 files changed, 59 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 97eaac8..549ae0d 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -54,6 +54,7 @@ struct dlz_bind9_data {
 
 	/* Used for dynamic update */
 	struct smb_krb5_context *smb_krb5_ctx;
+	struct auth4_context *auth_context;
 	struct auth_session_info *session_info;
 	char *update_name;
 
@@ -463,6 +464,50 @@ static isc_result_t parse_options(struct dlz_bind9_data *state,
 
 
 /*
+ * Create session info from PAC
+ * This is called as auth_context->generate_session_info_pac()
+ */
+static NTSTATUS b9_generate_session_info_pac(struct auth4_context *auth_context,
+					     TALLOC_CTX *mem_ctx,
+					     struct smb_krb5_context *smb_krb5_context,
+					     DATA_BLOB *pac_blob,
+					     const char *principal_name,
+					     const struct tsocket_address *remote_addr,
+					     uint32_t session_info_flags,
+					     struct auth_session_info **session_info)
+{
+	NTSTATUS status;
+	struct auth_user_info_dc *user_info_dc;
+	TALLOC_CTX *tmp_ctx;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+	status = kerberos_pac_blob_to_user_info_dc(tmp_ctx,
+						   *pac_blob,
+						   smb_krb5_context->krb5_context,
+						   &user_info_dc,
+						   NULL,
+						   NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
+	status = auth_generate_session_info(mem_ctx, NULL, NULL, user_info_dc,
+					    session_info_flags, session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return status;
+	}
+
+	talloc_free(tmp_ctx);
+	return status;
+}
+
+
+/*
   called to initialise the driver
  */
 _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
@@ -473,7 +518,6 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
 	const char *helper_name;
 	va_list ap;
 	isc_result_t result;
-	TALLOC_CTX *tmp_ctx;
 	struct ldb_dn *dn;
 	NTSTATUS nt_status;
 
@@ -482,8 +526,6 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
 		return ISC_R_NOMEMORY;
 	}
 
-	tmp_ctx = talloc_new(state);
-
 	/* fill in the helper functions */
 	va_start(ap, dbdata);
 	while ((helper_name = va_arg(ap, const char *)) != NULL) {
@@ -527,8 +569,14 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
 
 	nt_status = gensec_init();
 	if (!NT_STATUS_IS_OK(nt_status)) {
-		talloc_free(tmp_ctx);
-		return false;
+		result = ISC_R_NOMEMORY;
+		goto failed;
+	}
+
+	state->auth_context = talloc_zero(state, struct auth4_context);
+	if (state->auth_context == NULL) {
+		result = ISC_R_NOMEMORY;
+		goto failed;
 	}
 
 	if (state->options.url == NULL) {
@@ -559,9 +607,13 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
 	state->log(ISC_LOG_INFO, "samba_dlz: started for DN %s",
 		   ldb_dn_get_linearized(dn));
 
+	state->auth_context->event_ctx = state->ev_ctx;
+	state->auth_context->lp_ctx = state->lp;
+	state->auth_context->sam_ctx = state->samdb;
+	state->auth_context->generate_session_info_pac = b9_generate_session_info_pac;
+
 	*dbdata = state;
 
-	talloc_free(tmp_ctx);
 	return ISC_R_SUCCESS;
 
 failed:
@@ -1107,7 +1159,7 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const
 
 	nt_status = gensec_server_start(tmp_ctx,
 					lpcfg_gensec_settings(tmp_ctx, state->lp),
-					NULL, &gensec_ctx);
+					state->auth_context, &gensec_ctx);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		state->log(ISC_LOG_ERROR, "samba_dlz: failed to start gensec server");
 		talloc_free(tmp_ctx);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list