Breaking up some of samba's includes.
Andrew Bartlett
abartlet at samba.org
Sun Jun 23 19:39:03 GMT 2002
This patch breaks up some of samba's include files, so as to keep ADS,
smbclient, net etc headers seperate to the rest of samba - to try and
get some kind of subsystem thing happening.
I don't like the global namespace that every function in every part of
samba has - no matter if it is being used or not.
I've also broken up some of the dependencies, and have some other code
restructre going on. (Trying to use cli_full_connection more often
etc).
What do people think? Even if the ADS stuff doesn't get up, do the
other changes look OK?
I realise this is a sensitive issue, but I'm not convinced that the
current situation is ideal.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
? Makefile.in-
? config.abartlet
? nt_pwd
? auth/auth_ntlmssp.c
? bin/debug2html
? bin/stm2mPnL
? client/client_proto.h
? include/nmbd_dhcp_for_wins.h
? include/smb_interactive.h
? intl/Makefile
? intl/po
? intl/po2tbl.sed
? libads/kerberos_verify.c
? libsmb/.new.cliprint.
? nmbd/nmbd_dhcp_for_wins.c
? nsswitch/.libs
? nsswitch/ntlmauth.c
? po/Makefile
? po/POTFILES
? torture/map_extract.c
? utils/.cvsignore
Index: Makefile.in
===================================================================
RCS file: /data/cvs/samba/source/Makefile.in,v
retrieving revision 1.486
diff -u -r1.486 Makefile.in
--- Makefile.in 2002/06/15 23:55:52 1.486
+++ Makefile.in 2002/06/24 02:27:19
@@ -144,9 +144,13 @@
LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o libads/sasl.o \
libads/krb5_setpw.o libads/kerberos.o libads/ldap_user.o \
- libads/ads_struct.o libads/ads_status.o passdb/secrets.o \
- libads/util.o libads/disp_sec.o
+ libads/ads_struct.o libads/ads_status.o \
+ libads/disp_sec.o
+LIBADS_SERVER_OBJ = libads/util.o libads/kerberos_verify.o
+
+SECRETS_OBJ = passdb/secrets.o
+
LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
libsmb/clikrb5.o libsmb/clispnego.o libsmb/asn1.o \
libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \
@@ -157,7 +161,7 @@
libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \
libsmb/passchange.o libsmb/unexpected.o libsmb/doserr.o \
- $(RPC_PARSE_OBJ1) $(LIBADS_OBJ)
+ $(RPC_PARSE_OBJ1)
LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \
libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_wkssvc.o \
@@ -243,10 +247,11 @@
MSDFS_OBJ = msdfs/msdfs.o
SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
- $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) \
+ $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) $(SECRETS_OBJ) \
$(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) \
$(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \
- $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) $(LIBMSRPC_OBJ)
+ $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) $(LIBMSRPC_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
@@ -270,12 +275,13 @@
WREPL_OBJ = $(WREPL_OBJ1) $(PARAM_OBJ) $(UBIQX_OBJ) \
$(PROFILE_OBJ) $(LIB_OBJ)
+
+SWAT_OBJ1 = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \
+ web/swat.o web/neg_lang.o
-SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \
- web/swat.o web/neg_lang.o $(PRINTING_OBJ) $(LIBSMB_OBJ) $(LOCKING_OBJ) \
- $(PARAM_OBJ) $(PASSDB_OBJ) \
+SWAT_OBJ = $(SWAT_OBJ1) $(PRINTING_OBJ) $(LIBSMB_OBJ) $(LOCKING_OBJ) \
+ $(PARAM_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) \
- smbwrapper/shared.o
SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o \
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
@@ -290,7 +296,7 @@
$(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ)
SMBTREE_OBJ = utils/smbtree.o $(LOCKING_OBJ) $(PARAM_OBJ) \
- $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) $(LIBSMB_OBJ)
+ $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) $(LIBSMB_OBJ)
TESTPARM_OBJ = utils/testparm.o \
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
@@ -298,15 +304,15 @@
TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \
$(LIB_OBJ)
-SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) \
+SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(SECRETS_OBJ) \
$(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\
$(UBIQX_OBJ) $(LIB_OBJ)
PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \
- $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ)
SMBGROUPEDIT_OBJ = utils/smbgroupedit.o $(GROUPDB_OBJ) $(PARAM_OBJ) \
- $(LIBSMB_OBJ) $(PASSDB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(LIBSMB_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \
rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \
@@ -317,55 +323,66 @@
RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \
- $(READLINE_OBJ) $(GROUPDB_OBJ)
+ $(READLINE_OBJ) $(GROUPDB_OBJ) \
+ $(LIBADS_OBJ) $(SECRETS_OBJ)
SAMSYNC_OBJ1 = rpcclient/samsync.o rpcclient/display_sec.o
SAMSYNC_OBJ = $(SAMSYNC_OBJ1) \
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \
- $(GROUPDB_OBJ)
+ $(GROUPDB_OBJ) $(SECRETS_OBJ)
PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/wb_common.po lib/snprintf.po
-SMBW_OBJ = smbwrapper/smbw.o \
+SMBW_OBJ1 = smbwrapper/smbw.o \
smbwrapper/smbw_dir.o smbwrapper/smbw_stat.o \
smbwrapper/realcalls.o smbwrapper/shared.o \
- smbwrapper/smbw_cache.o \
- $(LIBSMB_OBJ) $(PARAM_OBJ) \
+ smbwrapper/smbw_cache.o
+
+SMBW_OBJ = $(SMBW_OBJ1) $(LIBSMB_OBJ) $(PARAM_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ)
+
+SMBWRAPPER_OBJ1 = smbwrapper/wrapped.o
-SMBWRAPPER_OBJ = $(SMBW_OBJ) smbwrapper/wrapped.o
+SMBWRAPPER_OBJ = $(SMBW_OBJ) $(SMBWRAPPER_OBJ1)
LIBSMBCLIENT_OBJ = libsmb/libsmbclient.o $(LIB_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ)
-CLIENT_OBJ = client/client.o client/clitar.o \
- $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
- $(READLINE_OBJ)
+CLIENT_OBJ1 = client/client.o client/clitar.o
-NET_OBJ = utils/net.o utils/net_ads.o utils/net_help.o \
+CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(READLINE_OBJ)
+
+NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \
utils/net_rap.o utils/net_rpc.o \
- utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \
+ utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o
+
+NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) \
$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \
- $(GROUPDB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(GROUPDB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
-CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
MOUNT_OBJ = client/smbmount.o \
- $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(LIBADS_OBJ)
MNT_OBJ = client/smbmnt.o \
- $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(PARAM_OBJ) $(LIB_OBJ)
UMOUNT_OBJ = client/smbumount.o \
- $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+ $(PARAM_OBJ) $(LIB_OBJ)
NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(UBIQX_OBJ) \
$(LIBSMB_OBJ) $(LIB_OBJ)
-SMBTORTURE_OBJ = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \
- torture/denytest.o torture/mangle_test.o \
+SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \
+ torture/denytest.o torture/mangle_test.o
+
+SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) \
$(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
MASKTEST_OBJ = torture/masktest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
@@ -385,7 +402,7 @@
SMBCACLS_OBJ = utils/smbcacls.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \
- $(LIBMSRPC_OBJ) $(GROUPDB_OBJ)
+ $(LIBMSRPC_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ)
TALLOCTORT_OBJ = lib/talloctort.o $(LIB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ)
@@ -404,9 +421,13 @@
SMBFILTER_OBJ = utils/smbfilter.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ)
-PROTO_OBJ = $(SMBD_OBJ) $(NMBD_OBJ) $(SWAT_OBJ) $(CLIENT_OBJ) \
- $(SMBWRAPPER_OBJ) $(SMBTORTURE_OBJ) $(RPCCLIENT_OBJ1) \
- $(LIBMSRPC_OBJ) $(RPC_CLIENT_OBJ) $(AUTH_OBJ) $(NET_OBJ)
+PROTO_OBJ = $(SMBD_OBJ1) $(NMBD_OBJ1) $(SWAT_OBJ1) $(LIB_OBJ) $(LIBSMB_OBJ) \
+ $(SMBWRAPPER_OBJ1) $(SMBTORTURE_OBJ1) $(RPCCLIENT_OBJ1) \
+ $(LIBMSRPC_OBJ) $(RPC_CLIENT_OBJ) $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) \
+ $(AUTH_OBJ) $(PARAM_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \
+ $(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \
+ $(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) $(READLINE_OBJ) \
+ $(PROFILE_OBJ)
NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) $(LIB_OBJ) $(NSSWINS_OBJ)
NSS_OBJ = $(NSS_OBJ_0:.o=.po)
@@ -447,13 +468,13 @@
nsswitch/winbindd_dual.o
WINBINDD_OBJ = \
- $(WINBINDD_OBJ1) $(NOPROTO_OBJ) $(PASSDB_OBJ) \
+ $(WINBINDD_OBJ1) $(PASSDB_OBJ) \
$(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
- $(GROUPDB_OBJ) $(PROFILE_OBJ) $(UNIGRP_OBJ)
+ $(GROUPDB_OBJ) $(PROFILE_OBJ) $(UNIGRP_OBJ) \
+ $(SECRETS_OBJ) $(LIBADS_OBJ)
-WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o \
- passdb/secrets.o
+WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o
WINBIND_NSS_OBJ = nsswitch/winbind_nss.o nsswitch/wb_common.o @WINBIND_NSS_EXTRA_OBJS@
@@ -742,11 +763,11 @@
@echo Linking $@
@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ)
-bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \
- $(UBIQX_OBJ) @BUILD_POPT@ bin/.dummy
+bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) \
+ $(UBIQX_OBJ) $(SECRETS_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
- @$(LINK) -o $@ $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \
- $(UBIQX_OBJ) $(LIBS) @BUILD_POPT@
+ @$(LINK) -o $@ $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) \
+ $(UBIQX_OBJ) $(SECRETS_OBJ) $(LIBS) @BUILD_POPT@
bin/pam_smbpass. at SHLIBEXT@: $(PAM_SMBPASS_PICOOBJ)
@echo "Linking shared library $@"
@@ -832,18 +853,31 @@
# exist, not necessarily that they are up to date. Since they're
# removed by "make clean" this will always be run when you do anything
# afterwards.
-proto_exists: include/proto.h include/wrepld_proto.h include/build_env.h nsswitch/winbindd_proto.h
+proto_exists: include/proto.h include/wrepld_proto.h include/build_env.h \
+ nsswitch/winbindd_proto.h libads/libads_proto.h web/swat_proto.h \
+ client/client_proto.h utils/net_proto.h
delheaders:
@echo Removing prototype headers
@/bin/rm -f $(srcdir)/include/proto.h $(srcdir)/include/build_env.h
@/bin/rm -f $(srcdir)/include/wrepld_proto.h $(srcdir)/nsswitch/winbindd_proto.h
- @/bin/rm -f include/proto.h include/build_env.h include/wrepld_proto.h nsswitch/winbindd_proto.h
+ @/bin/rm -f $(srcdir)/libads/libads_proto.h $(srcdir)/web/swat_proto.h
+ @/bin/rm -f $(srcdir)/client/client_proto.h $(srcdir)/utils/net_proto.h
+
+ @/bin/rm -f include/proto.h include/build_env.h include/wrepld_proto.h \
+ nsswitch/winbindd_proto.h libads/libads_proto.h web/swat_proto.h \
+ client/client_proto.h utils/net_proto.h
include/proto.h:
@echo Building include/proto.h
- @cd $(srcdir) && $(AWK) -f script/mkproto.awk `echo $(PROTO_OBJ) | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort -u | egrep -v 'ubiqx/|wrapped'` > $(builddir)/include/proto.h
+ @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
+ -h _PROTO_H_ $(builddir)/include/proto.h \
+ $(PROTO_OBJ)
+# @echo Building include/proto.h
+
+# @cd $(srcdir) && $(AWK) -f script/mkproto.awk `echo $(PROTO_OBJ) | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort -u | egrep -v 'ubiqx/|wrapped'` > $(builddir)/include/proto.h
+
include/build_env.h:
@echo Building include/build_env.h
@cd $(srcdir) && $(SHELL) script/build_env.sh $(srcdir) $(builddir) $(CC) > $(builddir)/include/build_env.h
@@ -859,15 +893,36 @@
-h _WINBINDD_PROTO_H_ nsswitch/winbindd_proto.h \
$(WINBINDD_OBJ1)
+libads/libads_proto.h:
+ @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
+ -h _LIBADS_PROTO_H_ libads/libads_proto.h \
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
+
+web/swat_proto.h:
+ @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
+ -h _SWAT_PROTO_H_ web/swat_proto.h \
+ $(SWAT_OBJ1)
+
+client/client_proto.h:
+ @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
+ -h _CLIENT_PROTO_H_ client/client_proto.h \
+ $(CLIENT_OBJ1)
+
+utils/net_proto.h:
+ @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
+ -h _CLIENT_PROTO_H_ utils/net_proto.h \
+ $(NET_OBJ1)
+
# "make headers" or "make proto" calls a subshell because we need to
# make sure these commands are executed in sequence even for a
# parallel make.
headers:
- $(MAKE) delheaders include/proto.h include/build_env.h include/wrepld_proto.h nsswitch/winbindd_proto.h
-
-proto: headers winbindd_proto
+ $(MAKE) delheaders include/proto.h include/build_env.h \
+ include/wrepld_proto.h nsswitch/winbindd_proto.h \
+ libads/libads_proto.h web/swat_proto.h client/client_proto.h \
+ utils/net_proto.h
-winbindd_proto: headers
+proto: headers
.PHONY: headers proto
Index: auth/auth_domain.c
===================================================================
RCS file: /data/cvs/samba/source/auth/auth_domain.c,v
retrieving revision 1.42
diff -u -r1.42 auth_domain.c
--- auth/auth_domain.c 2002/06/24 01:51:11 1.42
+++ auth/auth_domain.c 2002/06/24 02:27:19
@@ -102,7 +102,7 @@
/* Attempt connection */
result = cli_full_connection(cli, global_myname, server,
- &dest_ip, 0, "IPC$", "IPC", "", "", "");
+ &dest_ip, 0, "IPC$", "IPC", "", "", "", 0);
if (!NT_STATUS_IS_OK(result)) {
release_server_mutex();
Index: client/client.c
===================================================================
RCS file: /data/cvs/samba/source/client/client.c,v
retrieving revision 1.211
diff -u -r1.211 client.c
--- client/client.c 2002/05/17 12:42:33 1.211
+++ client/client.c 2002/06/24 02:27:21
@@ -22,7 +22,7 @@
#define NO_SYSLOG
#include "includes.h"
-
+#include "../client/client_proto.h"
#ifndef REGISTER
#define REGISTER 0
#endif
@@ -2869,13 +2869,8 @@
io_bufsize = MAX(1, atoi(optarg));
break;
case 'k':
-#ifdef HAVE_KRB5
use_kerberos = True;
got_pass = True;
-#else
- d_printf("No kerberos support compiled in\n");
- exit(1);
-#endif
break;
default:
usage(pname);
Index: client/clitar.c
===================================================================
RCS file: /data/cvs/samba/source/client/clitar.c,v
retrieving revision 1.88
diff -u -r1.88 clitar.c
--- client/clitar.c 2002/01/30 06:08:14 1.88
+++ client/clitar.c 2002/06/24 02:27:26
@@ -37,6 +37,7 @@
#include "includes.h"
#include "clitar.h"
+#include "../client/client_proto.h"
static int clipfind(char **aret, int ret, char *tok);
Index: client/smbspool.c
===================================================================
RCS file: /data/cvs/samba/source/client/smbspool.c,v
retrieving revision 1.15
diff -u -r1.15 smbspool.c
--- client/smbspool.c 2002/01/30 06:08:14 1.15
+++ client/smbspool.c 2002/06/24 02:27:26
@@ -271,72 +271,25 @@
char *password) /* I - Password */
{
struct cli_state *c; /* New connection */
- struct nmb_name called, /* NMB name of server */
- calling; /* NMB name of client */
- struct in_addr ip; /* IP address of server */
pstring myname; /* Client name */
+ NTSTATUS nt_status;
-
/*
* Get the names and addresses of the client and server...
*/
get_myname(myname);
-
- zero_ip(&ip);
-
- make_nmb_name(&calling, myname, 0x0);
- make_nmb_name(&called, server, 0x20);
-
- /*
- * Open a new connection to the SMB server...
- */
-
- if ((c = cli_initialise(NULL)) == NULL)
- {
- fputs("ERROR: cli_initialize() failed...\n", stderr);
- return (NULL);
+
+ nt_status = cli_full_connection(&c, myname, server, NULL, 0, share, "?????",
+ username, lp_workgroup(), password, 0);
+
+ if (NT_STATUS_IS_OK(nt_status)) {
+ return c;
+ } else {
+ fprintf(stderr, "error: Connection failed with error %s\n", nt_errstr(nt_status));
+ return NULL;
}
- if (!cli_connect(c, server, &ip))
- {
- fputs("ERROR: cli_connect() failed...\n", stderr);
- return (NULL);
- }
-
- if (!cli_session_request(c, &calling, &called))
- {
- fputs("ERROR: cli_session_request() failed...\n", stderr);
- return (NULL);
- }
-
- if (!cli_negprot(c))
- {
- fputs("ERROR: SMB protocol negotiation failed\n", stderr);
- cli_shutdown(c);
- return (NULL);
- }
-
- /*
- * Do password stuff...
- */
-
- if (!cli_session_setup(c, username,
- password, strlen(password),
- password, strlen(password),
- workgroup))
- {
- fprintf(stderr, "ERROR: SMB session setup failed: %s\n", cli_errstr(c));
- return (NULL);
- }
-
- if (!cli_send_tconX(c, share, "?????",
- password, strlen(password)+1))
- {
- fprintf(stderr, "ERROR: SMB tree connect failed: %s\n", cli_errstr(c));
- cli_shutdown(c);
- return (NULL);
- }
/*
* Return the new connection...
Index: include/ads.h
===================================================================
RCS file: /data/cvs/samba/source/include/ads.h,v
retrieving revision 1.13
diff -u -r1.13 ads.h
--- include/ads.h 2002/04/18 06:56:43 1.13
+++ include/ads.h 2002/06/24 02:27:26
@@ -1,9 +1,63 @@
+/*
+ Unix SMB/CIFS implementation.
+ header for ads (active directory) library routines
+ Copyright (C) Andrew Tridgell 1994-2002
+ Copyright (C) Andrew Bartlett 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
/*
header for ads (active directory) library routines
basically this is a wrapper around ldap
*/
+#if HAVE_KRB5_H
+#include <krb5.h>
+#else
+#undef HAVE_KRB5
+#endif
+
+#if HAVE_LBER_H
+#include <lber.h>
+#endif
+
+#if HAVE_LDAP_H
+#include <ldap.h>
+#else
+#undef HAVE_LDAP
+#endif
+
+#if HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#else
+#undef HAVE_KRB5
+#endif
+
+#if HAVE_GSSAPI_GSSAPI_GENERIC_H
+#include <gssapi/gssapi_generic.h>
+#else
+#undef HAVE_KRB5
+#endif
+
+/* we support ADS if we have krb5 and ldap libs */
+#if defined(HAVE_KRB5) && defined(HAVE_LDAP) && defined(HAVE_GSSAPI)
+#define HAVE_ADS
+#endif
+
typedef struct {
void *ld;
char *realm;
@@ -129,3 +183,6 @@
/* account types */
#define ATYPE_GROUP 0x10000000
#define ATYPE_USER 0x30000000
+
+#include "../libads/libads_proto.h"
+
Index: include/client.h
===================================================================
RCS file: /data/cvs/samba/source/include/client.h,v
retrieving revision 1.50
diff -u -r1.50 client.h
--- include/client.h 2002/06/16 04:21:56 1.50
+++ include/client.h 2002/06/24 02:27:26
@@ -73,6 +73,8 @@
uint16 pid;
uint16 mid;
uint16 vuid;
+ BOOL vuid_is_guest;
+
int protocol;
int sec_mode;
int rap_error;
@@ -154,5 +156,9 @@
/* Name of the pipe we're talking to, if any */
fstring pipe_name;
};
+
+#define CLI_FULL_CONNECTION_DONT_SPNEGO 0x0001
+#define CLI_FULL_CONNECTION_USE_KERBEROS 0x0002
+#define CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK 0x0004
#endif /* _CLIENT_H */
Index: include/includes.h
===================================================================
RCS file: /data/cvs/samba/source/include/includes.h,v
retrieving revision 1.267
diff -u -r1.267 includes.h
--- include/includes.h 2002/06/17 15:33:12 1.267
+++ include/includes.h 2002/06/24 02:27:26
@@ -388,39 +388,6 @@
#include <iconv.h>
#endif
-#if HAVE_KRB5_H
-#include <krb5.h>
-#else
-#undef HAVE_KRB5
-#endif
-
-#if HAVE_LBER_H
-#include <lber.h>
-#endif
-
-#if HAVE_LDAP_H
-#include <ldap.h>
-#else
-#undef HAVE_LDAP
-#endif
-
-#if HAVE_GSSAPI_GSSAPI_H
-#include <gssapi/gssapi.h>
-#else
-#undef HAVE_KRB5
-#endif
-
-#if HAVE_GSSAPI_GSSAPI_GENERIC_H
-#include <gssapi/gssapi_generic.h>
-#else
-#undef HAVE_KRB5
-#endif
-
-/* we support ADS if we have krb5 and ldap libs */
-#if defined(HAVE_KRB5) && defined(HAVE_LDAP) && defined(HAVE_GSSAPI)
-#define HAVE_ADS
-#endif
-
/*
* Define VOLATILE if needed.
*/
@@ -702,7 +669,6 @@
#include "../tdb/spinlock.h"
#include "../tdb/tdbutil.h"
#include "talloc.h"
-#include "ads.h"
#include "interfaces.h"
#include "hash.h"
#include "trans2.h"
@@ -895,24 +861,6 @@
#if defined(HAVE_CRYPT16) && defined(HAVE_GETAUTHUID)
#define ULTRIX_AUTH 1
-#endif
-
-#ifdef HAVE_LIBREADLINE
-# ifdef HAVE_READLINE_READLINE_H
-# include <readline/readline.h>
-# ifdef HAVE_READLINE_HISTORY_H
-# include <readline/history.h>
-# endif
-# else
-# ifdef HAVE_READLINE_H
-# include <readline.h>
-# ifdef HAVE_HISTORY_H
-# include <history.h>
-# endif
-# else
-# undef HAVE_LIBREADLINE
-# endif
-# endif
#endif
#ifndef HAVE_STRDUP
Index: lib/readline.c
===================================================================
RCS file: /data/cvs/samba/source/lib/readline.c,v
retrieving revision 1.19
diff -u -r1.19 readline.c
--- lib/readline.c 2002/01/31 23:26:10 1.19
+++ lib/readline.c 2002/06/24 02:27:26
@@ -21,6 +21,24 @@
#include "includes.h"
+#ifdef HAVE_LIBREADLINE
+# ifdef HAVE_READLINE_READLINE_H
+# include <readline/readline.h>
+# ifdef HAVE_READLINE_HISTORY_H
+# include <readline/history.h>
+# endif
+# else
+# ifdef HAVE_READLINE_H
+# include <readline.h>
+# ifdef HAVE_HISTORY_H
+# include <history.h>
+# endif
+# else
+# undef HAVE_LIBREADLINE
+# endif
+# endif
+#endif
+
#ifdef HAVE_NEW_LIBREADLINE
# define RL_COMPLETION_CAST (rl_completion_func_t *)
#else
Index: libads/.cvsignore
===================================================================
RCS file: /data/cvs/samba/source/libads/.cvsignore,v
retrieving revision 1.2
diff -u -r1.2 .cvsignore
--- libads/.cvsignore 2001/11/28 19:49:43 1.2
+++ libads/.cvsignore 2002/06/24 02:27:26
@@ -1,2 +1,3 @@
*.po
*.po32
+libads_proto.h
\ No newline at end of file
Index: libads/ads_status.c
===================================================================
RCS file: /data/cvs/samba/source/libads/ads_status.c,v
retrieving revision 1.5
diff -u -r1.5 ads_status.c
--- libads/ads_status.c 2002/01/30 06:08:18 1.5
+++ libads/ads_status.c 2002/06/24 02:27:26
@@ -22,6 +22,7 @@
*/
#include "includes.h"
+#include "ads.h"
/*
build a ADS_STATUS structure
Index: libads/ads_struct.c
===================================================================
RCS file: /data/cvs/samba/source/libads/ads_struct.c,v
retrieving revision 1.15
diff -u -r1.15 ads_struct.c
--- libads/ads_struct.c 2002/04/19 03:00:29 1.15
+++ libads/ads_struct.c 2002/06/24 02:27:26
@@ -20,6 +20,7 @@
*/
#include "includes.h"
+#include "ads.h"
/* return a ldap dn path from a string, given separators and field name
caller must free
Index: libads/disp_sec.c
===================================================================
RCS file: /data/cvs/samba/source/libads/disp_sec.c,v
retrieving revision 1.3
diff -u -r1.3 disp_sec.c
--- libads/disp_sec.c 2002/06/03 02:46:25 1.3
+++ libads/disp_sec.c 2002/06/24 02:27:26
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_ADS
Index: libads/kerberos.c
===================================================================
RCS file: /data/cvs/samba/source/libads/kerberos.c,v
retrieving revision 1.13
diff -u -r1.13 kerberos.c
--- libads/kerberos.c 2002/04/15 04:55:37 1.13
+++ libads/kerberos.c 2002/06/24 02:27:26
@@ -21,6 +21,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_KRB5
@@ -102,8 +103,6 @@
return 0;
}
-
-
/* run kinit to setup our ccache */
int ads_kinit_password(ADS_STRUCT *ads)
{
@@ -129,128 +128,5 @@
return ret;
}
-/*
- verify an incoming ticket and parse out the principal name and
- authorization_data if available
-*/
-NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
- char **principal, DATA_BLOB *auth_data)
-{
- krb5_context context;
- krb5_auth_context auth_context = NULL;
- krb5_keytab keytab = NULL;
- krb5_data packet;
- krb5_ticket *tkt = NULL;
- krb5_data salt;
- krb5_encrypt_block eblock;
- int ret;
- krb5_keyblock * key;
- krb5_principal host_princ;
- char *host_princ_s;
- extern pstring global_myname;
- fstring myname;
- char *password_s;
- krb5_data password;
-
- if (!secrets_init()) {
- DEBUG(1,("secrets_init failed\n"));
- return NT_STATUS_LOGON_FAILURE;
- }
-
- password_s = secrets_fetch_machine_password();
- if (!password_s) {
- DEBUG(1,("failed to fetch machine password\n"));
- return NT_STATUS_LOGON_FAILURE;
- }
-
- password.data = password_s;
- password.length = strlen(password_s);
-
- ret = krb5_init_context(&context);
- if (ret) {
- DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret)));
- return NT_STATUS_LOGON_FAILURE;
- }
-
- ret = krb5_set_default_realm(context, ads->realm);
- if (ret) {
- DEBUG(1,("krb5_set_default_realm failed (%s)\n", error_message(ret)));
- ads_destroy(&ads);
- return NT_STATUS_LOGON_FAILURE;
- }
-
- /* this whole process is far more complex than I would
- like. We have to go through all this to allow us to store
- the secret internally, instead of using /etc/krb5.keytab */
- ret = krb5_auth_con_init(context, &auth_context);
- if (ret) {
- DEBUG(1,("krb5_auth_con_init failed (%s)\n", error_message(ret)));
- return NT_STATUS_LOGON_FAILURE;
- }
-
- fstrcpy(myname, global_myname);
- strlower(myname);
- asprintf(&host_princ_s, "HOST/%s@%s", myname, lp_realm());
- ret = krb5_parse_name(context, host_princ_s, &host_princ);
- if (ret) {
- DEBUG(1,("krb5_parse_name(%s) failed (%s)\n", host_princ_s, error_message(ret)));
- return NT_STATUS_LOGON_FAILURE;
- }
-
- ret = krb5_principal2salt(context, host_princ, &salt);
- if (ret) {
- DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
- return NT_STATUS_LOGON_FAILURE;
- }
-
- if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
- return NT_STATUS_NO_MEMORY;
- }
-
- krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_MD5);
-
- ret = krb5_string_to_key(context, &eblock, key, &password, &salt);
- if (ret) {
- DEBUG(1,("krb5_string_to_key failed (%s)\n", error_message(ret)));
- return NT_STATUS_LOGON_FAILURE;
- }
-
- krb5_auth_con_setuseruserkey(context, auth_context, key);
-
- packet.length = ticket->length;
- packet.data = (krb5_pointer)ticket->data;
-
-#if 0
- file_save("/tmp/ticket.dat", ticket->data, ticket->length);
-#endif
-
- if ((ret = krb5_rd_req(context, &auth_context, &packet,
- NULL, keytab, NULL, &tkt))) {
- DEBUG(3,("krb5_rd_req with auth failed (%s)\n",
- error_message(ret)));
- return NT_STATUS_LOGON_FAILURE;
- }
-
- if (tkt->enc_part2) {
- *auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents,
- tkt->enc_part2->authorization_data[0]->length);
- }
-
-#if 0
- if (tkt->enc_part2) {
- file_save("/tmp/authdata.dat",
- tkt->enc_part2->authorization_data[0]->contents,
- tkt->enc_part2->authorization_data[0]->length);
- }
-#endif
-
- if ((ret = krb5_unparse_name(context, tkt->enc_part2->client, principal))) {
- DEBUG(3,("krb5_unparse_name failed (%s)\n",
- error_message(ret)));
- return NT_STATUS_LOGON_FAILURE;
- }
-
- return NT_STATUS_OK;
-}
#endif
Index: libads/krb5_setpw.c
===================================================================
RCS file: /data/cvs/samba/source/libads/krb5_setpw.c,v
retrieving revision 1.7
diff -u -r1.7 krb5_setpw.c
--- libads/krb5_setpw.c 2002/01/30 06:08:18 1.7
+++ libads/krb5_setpw.c 2002/06/24 02:27:26
@@ -20,6 +20,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_KRB5
Index: libads/ldap.c
===================================================================
RCS file: /data/cvs/samba/source/libads/ldap.c,v
retrieving revision 1.58
diff -u -r1.58 ldap.c
--- libads/ldap.c 2002/05/17 14:35:54 1.58
+++ libads/ldap.c 2002/06/24 02:27:26
@@ -21,6 +21,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_ADS
Index: libads/ldap_printer.c
===================================================================
RCS file: /data/cvs/samba/source/libads/ldap_printer.c,v
retrieving revision 1.7
diff -u -r1.7 ldap_printer.c
--- libads/ldap_printer.c 2002/02/12 18:22:47 1.7
+++ libads/ldap_printer.c 2002/06/24 02:27:26
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_ADS
Index: libads/ldap_user.c
===================================================================
RCS file: /data/cvs/samba/source/libads/ldap_user.c,v
retrieving revision 1.2
diff -u -r1.2 ldap_user.c
--- libads/ldap_user.c 2002/05/09 23:44:46 1.2
+++ libads/ldap_user.c 2002/06/24 02:27:26
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_ADS
Index: libads/sasl.c
===================================================================
RCS file: /data/cvs/samba/source/libads/sasl.c,v
retrieving revision 1.4
diff -u -r1.4 sasl.c
--- libads/sasl.c 2002/01/30 06:08:18 1.4
+++ libads/sasl.c 2002/06/24 02:27:26
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_ADS
Index: libads/util.c
===================================================================
RCS file: /data/cvs/samba/source/libads/util.c,v
retrieving revision 1.2
diff -u -r1.2 util.c
--- libads/util.c 2002/01/30 06:08:18 1.2
+++ libads/util.c 2002/06/24 02:27:26
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_KRB5
Index: libsmb/cliconnect.c
===================================================================
RCS file: /data/cvs/samba/source/libsmb/cliconnect.c,v
retrieving revision 1.83
diff -u -r1.83 cliconnect.c
--- libsmb/cliconnect.c 2002/06/21 17:23:18 1.83
+++ libsmb/cliconnect.c 2002/06/24 02:27:26
@@ -107,6 +107,8 @@
/* use the returned vuid from now on */
cli->vuid = SVAL(cli->inbuf,smb_uid);
+ cli->vuid_is_guest = SVAL(cli->inbuf,smb_vwv2); /* guest */
+
fstrcpy(cli->user_name, user);
return True;
@@ -174,6 +176,7 @@
}
cli->vuid = SVAL(cli->inbuf,smb_uid);
+ cli->vuid_is_guest = SVAL(cli->inbuf,smb_vwv2); /* guest */
p = smb_buf(cli->inbuf);
p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
@@ -230,6 +233,8 @@
return False;
}
+ cli->vuid_is_guest = SVAL(cli->inbuf,smb_vwv2); /* guest */
+
cli->vuid = SVAL(cli->inbuf,smb_uid);
p = smb_buf(cli->inbuf);
p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
@@ -259,6 +264,7 @@
fstring pword, ntpword;
char *p;
BOOL tried_signing = False;
+ BOOL vuid_is_guest;
if (passlen > sizeof(pword)-1 || ntpasslen > sizeof(ntpword)-1) {
return False;
@@ -309,7 +315,9 @@
show_msg(cli->inbuf);
- if (tried_signing && (cli_is_error(cli) || SVAL(cli->inbuf,smb_vwv2) /* guest */)) {
+ vuid_is_guest = SVAL(cli->inbuf,smb_vwv2); /* guest */
+
+ if (tried_signing && (cli_is_error(cli) || vuid_is_guest)) {
/* We only use it if we have a successful non-guest connect */
cli->sign_info.use_smb_signing = False;
}
@@ -318,6 +326,8 @@
return False;
}
+ cli->vuid_is_guest = vuid_is_guest;
+
/* use the returned vuid from now on */
cli->vuid = SVAL(cli->inbuf,smb_uid);
@@ -566,11 +576,15 @@
fstrcpy(cli->user_name, user);
-#ifdef HAVE_KRB5
if (got_kerberos_mechanism && cli->use_kerberos) {
+#ifdef HAVE_KRB5
return cli_session_setup_kerberos(cli, principal, workgroup);
- }
+#else
+ DEBUG(0, ("kerberos support not compiled in!\n"));
+ free(principal);
+ return NULL;
#endif
+ }
free(principal);
@@ -1096,7 +1110,7 @@
@param dest_host The netbios name of the remote host
@param dest_ip (optional) The the destination IP, NULL for name based lookup
@param port (optional) The destination port (0 for default)
- @param service The share to make the connection to. Should be 'unqualified' in any way.
+ @param service (optional) The share to make the connection to. Should be 'unqualified' in any way.
@param service_type The 'type' of serivice.
@param user Username, unix string
@param domain User's domain
@@ -1108,7 +1122,7 @@
struct in_addr *dest_ip, int port,
char *service, char *service_type,
char *user, char *domain,
- char *password)
+ char *password, int flags)
{
struct ntuser_creds creds;
NTSTATUS nt_status;
@@ -1172,6 +1186,12 @@
return NT_STATUS_UNSUCCESSFUL;
}
+ if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) {
+ cli->use_spnego = False;
+ } else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) {
+ cli->use_kerberos = True;
+ }
+
if (!cli_negprot(cli)) {
DEBUG(1,("failed negprot\n"));
nt_status = NT_STATUS_UNSUCCESSFUL;
@@ -1182,18 +1202,23 @@
if (!cli_session_setup(cli, user, password, strlen(password)+1,
password, strlen(password)+1,
domain)) {
- DEBUG(1,("failed session setup\n"));
- nt_status = cli_nt_error(cli);
- cli_shutdown(cli);
- if (NT_STATUS_IS_OK(nt_status))
- nt_status = NT_STATUS_UNSUCCESSFUL;
- return nt_status;
+ if (!(flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)
+ || cli_session_setup(cli, "", "", 0,
+ "", 0, domain)) {
+ } else {
+ nt_status = cli_nt_error(cli);
+ DEBUG(1,("failed session setup with %s\n", nt_errstr(nt_status)));
+ cli_shutdown(cli);
+ if (NT_STATUS_IS_OK(nt_status))
+ nt_status = NT_STATUS_UNSUCCESSFUL;
+ return nt_status;
+ }
}
if (service) {
if (!cli_send_tconX(cli, service, service_type,
(char*)password, strlen(password)+1)) {
- DEBUG(1,("failed tcon_X\n"));
+ DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status)));
nt_status = cli_nt_error(cli);
cli_shutdown(cli);
if (NT_STATUS_IS_OK(nt_status)) {
Index: libsmb/clikrb5.c
===================================================================
RCS file: /data/cvs/samba/source/libsmb/clikrb5.c,v
retrieving revision 1.15
diff -u -r1.15 clikrb5.c
--- libsmb/clikrb5.c 2002/01/30 06:08:19 1.15
+++ libsmb/clikrb5.c 2002/06/24 02:27:26
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_KRB5
/*
Index: nsswitch/winbindd.h
===================================================================
RCS file: /data/cvs/samba/source/nsswitch/winbindd.h,v
retrieving revision 1.34
diff -u -r1.34 winbindd.h
--- nsswitch/winbindd.h 2002/05/21 07:53:28 1.34
+++ nsswitch/winbindd.h 2002/06/24 02:27:26
@@ -25,7 +25,7 @@
#define _WINBINDD_H
#include "includes.h"
-#include "nterr.h"
+#include "ads.h"
#include "winbindd_nss.h"
Index: nsswitch/winbindd_cm.c
===================================================================
RCS file: /data/cvs/samba/source/nsswitch/winbindd_cm.c,v
retrieving revision 1.33
diff -u -r1.33 winbindd_cm.c
--- nsswitch/winbindd_cm.c 2002/06/18 09:20:08 1.33
+++ nsswitch/winbindd_cm.c 2002/06/24 02:27:26
@@ -351,7 +351,7 @@
result = cli_full_connection(&(new_conn->cli), global_myname, new_conn->controller,
&dc_ip, 0, "IPC$",
"IPC", ipc_username, ipc_domain,
- ipc_password);
+ ipc_password, 0);
SAFE_FREE(ipc_username);
SAFE_FREE(ipc_domain);
Index: nsswitch/winbindd_group.c
===================================================================
RCS file: /data/cvs/samba/source/nsswitch/winbindd_group.c,v
retrieving revision 1.53
diff -u -r1.53 winbindd_group.c
--- nsswitch/winbindd_group.c 2002/06/18 09:20:08 1.53
+++ nsswitch/winbindd_group.c 2002/06/24 02:27:26
@@ -84,8 +84,8 @@
status = domain->methods->lookup_groupmem(domain, mem_ctx, group_rid, &num_names,
&rid_mem, &names, &name_types);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("could not lookup membership for group rid %d in domain %s\n",
- group_rid, domain->name));
+ DEBUG(1, ("could not lookup membership for group rid %d in domain %s (error: %s)\n",
+ group_rid, domain->name, nt_errstr(status)));
goto done;
}
@@ -363,8 +363,10 @@
/* Create a state record for this domain */
if ((domain_state = (struct getent_state *)
- malloc(sizeof(struct getent_state))) == NULL)
+ malloc(sizeof(struct getent_state))) == NULL) {
+ DEBUG(1, ("winbindd_setgrent: malloc failed for domain_state!\n"));
return WINBINDD_ERROR;
+ }
ZERO_STRUCTP(domain_state);
@@ -411,8 +413,10 @@
return False;
if (!(mem_ctx = talloc_init_named("get_sam_group_entries(%s)",
- ent->domain_name)))
+ ent->domain_name))) {
+ DEBUG(1, ("get_sam_group_entries: could not create talloc context!\n"));
return False;
+ }
/* Free any existing group info */
@@ -435,6 +439,7 @@
&sam_grp_entries);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("get_sam_group_entries: could not enumerate domain groups! Error: %s", nt_errstr(status)));
result = False;
goto done;
}
Index: rpcclient/rpcclient.c
===================================================================
RCS file: /data/cvs/samba/source/rpcclient/rpcclient.c,v
retrieving revision 1.185
diff -u -r1.185 rpcclient.c
--- rpcclient/rpcclient.c 2002/05/24 05:14:15 1.185
+++ rpcclient/rpcclient.c 2002/06/24 02:27:27
@@ -757,7 +757,7 @@
&server_ip, 0,
"IPC$", "IPC",
username, domain,
- password);
+ password, 0);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));
Index: smbd/build_options.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/build_options.c,v
retrieving revision 1.12
diff -u -r1.12 build_options.c
--- smbd/build_options.c 2002/05/17 14:51:55 1.12
+++ smbd/build_options.c 2002/06/24 02:27:27
@@ -23,6 +23,8 @@
#include "build_env.h"
#include "dynconfig.h"
+#include "ads.h"
+
static void output(BOOL screen, char *format, ...) PRINTF_ATTRIBUTE(2,3);
/*
Index: smbd/change_trust_pw.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/change_trust_pw.c,v
retrieving revision 1.4
diff -u -r1.4 change_trust_pw.c
--- smbd/change_trust_pw.c 2002/06/21 03:19:30 1.4
+++ smbd/change_trust_pw.c 2002/06/24 02:27:29
@@ -35,7 +35,6 @@
{
struct cli_state *cli;
DOM_SID domain_sid;
- struct in_addr dest_ip;
NTSTATUS nt_status;
/*
@@ -47,16 +46,11 @@
return NT_STATUS_UNSUCCESSFUL;
}
- if(!resolve_name( remote_machine, &dest_ip, 0x20)) {
- DEBUG(0,("modify_trust_password: Can't resolve address for %s\n", remote_machine));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname, remote_machine,
- &dest_ip, 0,
+ NULL, 0,
"IPC$", "IPC",
"", "",
- ""))) {
+ "", 0))) {
DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine));
return NT_STATUS_UNSUCCESSFUL;
}
Index: smbd/negprot.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/negprot.c,v
retrieving revision 1.64
diff -u -r1.64 negprot.c
--- smbd/negprot.c 2002/05/31 22:18:07 1.64
+++ smbd/negprot.c 2002/06/24 02:27:29
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
extern int Protocol;
extern int max_recv;
Index: smbd/sesssetup.c
===================================================================
RCS file: /data/cvs/samba/source/smbd/sesssetup.c,v
retrieving revision 1.55
diff -u -r1.55 sesssetup.c
--- smbd/sesssetup.c 2002/05/31 22:18:07 1.55
+++ smbd/sesssetup.c 2002/06/24 02:27:29
@@ -20,6 +20,7 @@
*/
#include "includes.h"
+#include "ads.h"
uint32 global_client_caps = 0;
static struct auth_context *ntlmssp_auth_context = NULL;
Index: torture/locktest.c
===================================================================
RCS file: /data/cvs/samba/source/torture/locktest.c,v
retrieving revision 1.24
diff -u -r1.24 locktest.c
--- torture/locktest.c 2002/03/17 04:36:31 1.24
+++ torture/locktest.c 2002/06/24 02:27:29
@@ -600,13 +600,8 @@
while ((opt = getopt(argc, argv, "U:s:ho:aAW:OkR:B:M:EZ")) != EOF) {
switch (opt) {
case 'k':
-#ifdef HAVE_KRB5
use_kerberos = True;
got_pass = True;
-#else
- d_printf("No kerberos support compiled in\n");
- exit(1);
-#endif
break;
case 'U':
if (got_pass == 2) {
Index: torture/torture.c
===================================================================
RCS file: /data/cvs/samba/source/torture/torture.c,v
retrieving revision 1.66
diff -u -r1.66 torture.c
--- torture/torture.c 2002/04/18 18:36:17 1.66
+++ torture/torture.c 2002/06/24 02:27:30
@@ -3873,13 +3873,8 @@
client_txt = optarg;
break;
case 'k':
-#ifdef HAVE_KRB5
use_kerberos = True;
gotpass = True;
-#else
- d_printf("No kerberos support compiled in\n");
- exit(1);
-#endif
break;
case 'U':
pstrcpy(username,optarg);
Index: utils/net.c
===================================================================
RCS file: /data/cvs/samba/source/utils/net.c,v
retrieving revision 1.49
diff -u -r1.49 net.c
--- utils/net.c 2002/06/01 01:03:03 1.49
+++ utils/net.c 2002/06/24 02:27:30
@@ -120,7 +120,7 @@
server_ip, opt_port,
"IPC$", "IPC",
opt_user_name, opt_workgroup,
- opt_password);
+ opt_password, 0);
if (NT_STATUS_IS_OK(nt_status)) {
return nt_status;
@@ -150,7 +150,7 @@
server_ip, opt_port,
"IPC$", "IPC",
"", "",
- "");
+ "", 0);
if (NT_STATUS_IS_OK(nt_status)) {
return nt_status;
Index: utils/net.h
===================================================================
RCS file: /data/cvs/samba/source/utils/net.h,v
retrieving revision 1.8
diff -u -r1.8 net.h
--- utils/net.h 2002/05/31 17:03:48 1.8
+++ utils/net.h 2002/06/24 02:27:30
@@ -16,6 +16,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
+
+#include "../utils/net_proto.h"
#define NET_FLAGS_MASTER 1
#define NET_FLAGS_DMB 2
Index: utils/net_ads.c
===================================================================
RCS file: /data/cvs/samba/source/utils/net_ads.c,v
retrieving revision 1.41
diff -u -r1.41 net_ads.c
--- utils/net_ads.c 2002/06/03 02:43:06 1.41
+++ utils/net_ads.c 2002/06/24 02:27:31
@@ -22,6 +22,7 @@
#include "includes.h"
#include "../utils/net.h"
+#include "ads.h"
#ifdef HAVE_ADS
Index: utils/net_help.c
===================================================================
RCS file: /data/cvs/samba/source/utils/net_help.c,v
retrieving revision 1.6
diff -u -r1.6 net_help.c
--- utils/net_help.c 2002/06/01 01:03:04 1.6
+++ utils/net_help.c 2002/06/24 02:27:31
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "../utils/net.h"
int net_common_methods_usage(int argc, const char**argv)
{
Index: utils/net_lookup.c
===================================================================
RCS file: /data/cvs/samba/source/utils/net_lookup.c,v
retrieving revision 1.4
diff -u -r1.4 net_lookup.c
--- utils/net_lookup.c 2002/05/15 19:56:13 1.4
+++ utils/net_lookup.c 2002/06/24 02:27:31
@@ -19,6 +19,7 @@
#include "includes.h"
#include "../utils/net.h"
+#include "ads.h"
int net_lookup_usage(int argc, const char **argv)
{
Index: utils/smbcacls.c
===================================================================
RCS file: /data/cvs/samba/source/utils/smbcacls.c,v
retrieving revision 1.69
diff -u -r1.69 smbcacls.c
--- utils/smbcacls.c 2002/05/24 05:14:16 1.69
+++ utils/smbcacls.c 2002/06/24 02:27:31
@@ -722,7 +722,7 @@
&ip, 0,
share, "?????",
username, global_myworkgroup,
- password))) {
+ password, 0))) {
return c;
} else {
return NULL;
Index: utils/smbtree.c
===================================================================
RCS file: /data/cvs/samba/source/utils/smbtree.c,v
retrieving revision 1.13
diff -u -r1.13 smbtree.c
--- utils/smbtree.c 2002/01/30 06:08:45 1.13
+++ utils/smbtree.c 2002/06/24 02:27:31
@@ -87,81 +87,26 @@
DLIST_ADD(*name_list, new_name);
}
-/* Return a cli_state pointing at the IPC$ share for the given workgroup */
+/* Return a cli_state pointing at the IPC$ share for the given server */
-static struct cli_state *get_ipc_connect(char *server,
+static struct cli_state *get_ipc_connect(char *server, struct in_addr *server_ip,
struct user_auth_info *user_info)
{
- struct nmb_name calling, called;
- struct in_addr server_ip;
struct cli_state *cli;
pstring myname;
-
- zero_ip(&server_ip);
+ NTSTATUS nt_status;
get_myname(myname);
-
- make_nmb_name(&called, myname, 0x0);
- make_nmb_name(&calling, server, 0x20);
-
- if (is_ipaddress(server))
- if (!resolve_name(server, &server_ip, 0x20))
- return False;
-
- again:
- if (!(cli = cli_initialise(NULL))) {
- DEBUG(4, ("Unable to initialise cli structure\n"));
- goto error;
- }
-
- if (!cli_connect(cli, server, &server_ip)) {
- DEBUG(4, ("Unable to connect to %s\n", server));
- goto error;
- }
-
- if (!cli_session_request(cli, &calling, &called)) {
- cli_shutdown(cli);
- if (!strequal(called.name, "*SMBSERVER")) {
- make_nmb_name(&called , "*SMBSERVER", 0x20);
- goto again;
- }
- DEBUG(4, ("Session request failed to %s\n", called.name));
- goto error;
- }
-
- if (!cli_negprot(cli)) {
- DEBUG(4, ("Negprot failed\n"));
- goto error;
+
+ nt_status = cli_full_connection(&cli, myname, server, server_ip, 0, "IPC$", "IPC",
+ user_info->username, lp_workgroup(), user_info->password,
+ CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK);
+
+ if (NT_STATUS_IS_OK(nt_status)) {
+ return cli;
+ } else {
+ return NULL;
}
-
- if (!cli_session_setup(cli, user_info->username, user_info->password,
- strlen(user_info->password),
- user_info->password,
- strlen(user_info->password), server) &&
- /* try an anonymous login if it failed */
- !cli_session_setup(cli, "", "", 1,"", 0, server)) {
- DEBUG(4, ("Session setup failed\n"));
- goto error;
- }
-
- DEBUG(4,(" session setup ok\n"));
-
- if (!cli_send_tconX(cli, "IPC$", "?????",
- user_info->password,
- strlen(user_info->password)+1)) {
- DEBUG(4, ("Tconx failed\n"));
- goto error;
- }
-
- return cli;
-
- /* Clean up after error */
-
- error:
- if (cli && cli->initialised)
- cli_shutdown(cli);
-
- return NULL;
}
/* Return the IP address and workgroup of a master browser on the
@@ -223,7 +168,7 @@
}
}
- if (!(cli = get_ipc_connect(inet_ntoa(server_ip), user_info)))
+ if (!(cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info)))
return False;
if (!cli_NetServerEnum(cli, master_workgroup,
@@ -248,7 +193,7 @@
return False;
}
- if (!(cli = get_ipc_connect(inet_ntoa(server_ip), user_info)))
+ if (!(cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info)))
return False;
if (!cli_NetServerEnum(cli, workgroup, SV_TYPE_ALL, add_name,
@@ -262,7 +207,7 @@
{
struct cli_state *cli;
- if (!(cli = get_ipc_connect(server_name, user_info)))
+ if (!(cli = get_ipc_connect(server_name, NULL, user_info)))
return False;
if (!cli_RNetShareEnum(cli, add_name, &shares))
Index: web/.cvsignore
===================================================================
RCS file: /data/cvs/samba/source/web/.cvsignore,v
retrieving revision 1.3
diff -u -r1.3 .cvsignore
--- web/.cvsignore 1998/09/29 04:52:17 1.3
+++ web/.cvsignore 2002/06/24 02:27:31
@@ -0,0 +1 @@
+swat_proto.h
\ No newline at end of file
Index: web/cgi.c
===================================================================
RCS file: /data/cvs/samba/source/web/cgi.c,v
retrieving revision 1.58
diff -u -r1.58 cgi.c
--- web/cgi.c 2002/01/21 00:47:02 1.58
+++ web/cgi.c 2002/06/24 02:27:32
@@ -19,7 +19,7 @@
#include "includes.h"
-#include "smb.h"
+#include "../web/swat_proto.h"
#define MAX_VARIABLES 10000
Index: web/diagnose.c
===================================================================
RCS file: /data/cvs/samba/source/web/diagnose.c,v
retrieving revision 1.6
diff -u -r1.6 diagnose.c
--- web/diagnose.c 2002/05/17 03:37:37 1.6
+++ web/diagnose.c 2002/06/24 02:27:32
@@ -19,7 +19,7 @@
*/
#include "includes.h"
-#include "smb.h"
+#include "../web/swat_proto.h"
/* check to see if nmbd is running on localhost by looking for a __SAMBA__
Index: web/neg_lang.c
===================================================================
RCS file: /data/cvs/samba/source/web/neg_lang.c,v
retrieving revision 1.4
diff -u -r1.4 neg_lang.c
--- web/neg_lang.c 2002/01/30 06:08:45 1.4
+++ web/neg_lang.c 2002/06/24 02:27:32
@@ -20,6 +20,7 @@
*/
#include "includes.h"
+#include "../web/swat_proto.h"
/*
during a file download we first check to see if there is a language
Index: web/startstop.c
===================================================================
RCS file: /data/cvs/samba/source/web/startstop.c,v
retrieving revision 1.11
diff -u -r1.11 startstop.c
--- web/startstop.c 2002/03/20 06:57:03 1.11
+++ web/startstop.c 2002/06/24 02:27:32
@@ -19,7 +19,7 @@
*/
#include "includes.h"
-#include "smb.h"
+#include "../web/swat_proto.h"
#include "dynconfig.h"
/** Need to wait for daemons to startup */
Index: web/statuspage.c
===================================================================
RCS file: /data/cvs/samba/source/web/statuspage.c,v
retrieving revision 1.29
diff -u -r1.29 statuspage.c
--- web/statuspage.c 2002/01/30 06:08:45 1.29
+++ web/statuspage.c 2002/06/24 02:27:32
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "../web/swat_proto.h"
#define PIDMAP struct PidMap
Index: web/swat.c
===================================================================
RCS file: /data/cvs/samba/source/web/swat.c,v
retrieving revision 1.80
diff -u -r1.80 swat.c
--- web/swat.c 2002/06/14 16:02:58 1.80
+++ web/swat.c 2002/06/24 02:27:32
@@ -27,6 +27,7 @@
**/
#include "includes.h"
+#include "../web/swat_proto.h"
#define GLOBALS_SNUM -1
--- /dev/null Fri Apr 12 00:25:15 2002
+++ libads/kerberos_verify.c Mon Jun 24 11:08:59 2002
@@ -0,0 +1,152 @@
+/*
+ Unix SMB/CIFS implementation.
+ kerberos utility library
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001
+
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "ads.h"
+
+#ifdef HAVE_KRB5
+
+/*
+ verify an incoming ticket and parse out the principal name and
+ authorization_data if available
+*/
+NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
+ char **principal, DATA_BLOB *auth_data)
+{
+ krb5_context context;
+ krb5_auth_context auth_context = NULL;
+ krb5_keytab keytab = NULL;
+ krb5_data packet;
+ krb5_ticket *tkt = NULL;
+ krb5_data salt;
+ krb5_encrypt_block eblock;
+ int ret;
+ krb5_keyblock * key;
+ krb5_principal host_princ;
+ char *host_princ_s;
+ extern pstring global_myname;
+ fstring myname;
+ char *password_s;
+ krb5_data password;
+
+ if (!secrets_init()) {
+ DEBUG(1,("secrets_init failed\n"));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ password_s = secrets_fetch_machine_password();
+ if (!password_s) {
+ DEBUG(1,("failed to fetch machine password\n"));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ password.data = password_s;
+ password.length = strlen(password_s);
+
+ ret = krb5_init_context(&context);
+ if (ret) {
+ DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ ret = krb5_set_default_realm(context, ads->realm);
+ if (ret) {
+ DEBUG(1,("krb5_set_default_realm failed (%s)\n", error_message(ret)));
+ ads_destroy(&ads);
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ /* this whole process is far more complex than I would
+ like. We have to go through all this to allow us to store
+ the secret internally, instead of using /etc/krb5.keytab */
+ ret = krb5_auth_con_init(context, &auth_context);
+ if (ret) {
+ DEBUG(1,("krb5_auth_con_init failed (%s)\n", error_message(ret)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ fstrcpy(myname, global_myname);
+ strlower(myname);
+ asprintf(&host_princ_s, "HOST/%s@%s", myname, lp_realm());
+ ret = krb5_parse_name(context, host_princ_s, &host_princ);
+ if (ret) {
+ DEBUG(1,("krb5_parse_name(%s) failed (%s)\n", host_princ_s, error_message(ret)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ ret = krb5_principal2salt(context, host_princ, &salt);
+ if (ret) {
+ DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_MD5);
+
+ ret = krb5_string_to_key(context, &eblock, key, &password, &salt);
+ if (ret) {
+ DEBUG(1,("krb5_string_to_key failed (%s)\n", error_message(ret)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ krb5_auth_con_setuseruserkey(context, auth_context, key);
+
+ packet.length = ticket->length;
+ packet.data = (krb5_pointer)ticket->data;
+
+#if 0
+ file_save("/tmp/ticket.dat", ticket->data, ticket->length);
+#endif
+
+ if ((ret = krb5_rd_req(context, &auth_context, &packet,
+ NULL, keytab, NULL, &tkt))) {
+ DEBUG(3,("krb5_rd_req with auth failed (%s)\n",
+ error_message(ret)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ if (tkt->enc_part2) {
+ *auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents,
+ tkt->enc_part2->authorization_data[0]->length);
+ }
+
+#if 0
+ if (tkt->enc_part2) {
+ file_save("/tmp/authdata.dat",
+ tkt->enc_part2->authorization_data[0]->contents,
+ tkt->enc_part2->authorization_data[0]->length);
+ }
+#endif
+
+ if ((ret = krb5_unparse_name(context, tkt->enc_part2->client, principal))) {
+ DEBUG(3,("krb5_unparse_name failed (%s)\n",
+ error_message(ret)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ return NT_STATUS_OK;
+}
+
+#endif
More information about the samba-technical
mailing list