#ifdef HAVE_KRB5
-#if defined(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES) && !defined(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES)
- krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc)
-{
- return krb5_set_default_in_tkt_etypes(ctx, enc);
-}
-#endif
-
-#if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS)
-/* HEIMDAL */
- void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr)
-{
- pkaddr->addr_type = KRB5_ADDRESS_INET;
- pkaddr->address.length = sizeof(((struct sockaddr_in *)paddr)->sin_addr);
- pkaddr->address.data = (char *)&(((struct sockaddr_in *)paddr)->sin_addr);
-}
-#elif defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS)
-/* MIT */
- void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr)
-{
- pkaddr->addrtype = ADDRTYPE_INET;
- pkaddr->length = sizeof(((struct sockaddr_in *)paddr)->sin_addr);
- pkaddr->contents = (krb5_octet *)&(((struct sockaddr_in *)paddr)->sin_addr);
-}
-#else
-#error UNKNOWN_ADDRTYPE
-#endif
-
#if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_USE_ENCTYPE) && defined(HAVE_KRB5_STRING_TO_KEY) && defined(HAVE_KRB5_ENCRYPT_BLOCK)
int create_kerberos_key_from_string(krb5_context context,
krb5_principal host_princ,
}
#else
#error UNKNOWN_CREATE_KEY_FUNCTIONS
-#endif
-
-#if defined(HAVE_KRB5_GET_PERMITTED_ENCTYPES)
- krb5_error_code get_kerberos_allowed_etypes(krb5_context context,
- krb5_enctype **enctypes)
-{
- return krb5_get_permitted_enctypes(context, enctypes);
-}
-#elif defined(HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES)
- krb5_error_code get_kerberos_allowed_etypes(krb5_context context,
- krb5_enctype **enctypes)
-{
- return krb5_get_default_in_tkt_etypes(context, enctypes);
-}
-#else
-#error UNKNOWN_GET_ENCTYPES_FUNCTIONS
-#endif
-
- void free_kerberos_etypes(krb5_context context,
- krb5_enctype *enctypes)
-{
-#if defined(HAVE_KRB5_FREE_KTYPES)
- krb5_free_ktypes(context, enctypes);
- return;
-#else
- SAFE_FREE(enctypes);
- return;
-#endif
-}
-
-#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
- krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context,
- krb5_auth_context auth_context,
- krb5_keyblock *keyblock)
-{
- return krb5_auth_con_setkey(context, auth_context, keyblock);
-}
-#endif
-
-#if !defined(HAVE_KRB5_FREE_UNPARSED_NAME)
- void krb5_free_unparsed_name(krb5_context context, char *val)
-{
- SAFE_FREE(val);
-}
#endif
void kerberos_free_data_contents(krb5_context context, krb5_data *pdata)
#else
SAFE_FREE(pdata->data);
#endif
-}
-
- void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype)
-{
-#if defined(HAVE_KRB5_KEYBLOCK_IN_CREDS)
- KRB5_KEY_TYPE((&pcreds->keyblock)) = enctype;
-#elif defined(HAVE_KRB5_SESSION_IN_CREDS)
- KRB5_KEY_TYPE((&pcreds->session)) = enctype;
-#else
-#error UNKNOWN_KEYBLOCK_MEMBER_IN_KRB5_CREDS_STRUCT
-#endif
-}
-
- BOOL kerberos_compatible_enctypes(krb5_context context,
- krb5_enctype enctype1,
- krb5_enctype enctype2)
-{
-#if defined(HAVE_KRB5_C_ENCTYPE_COMPARE)
- krb5_boolean similar = 0;
-
- krb5_c_enctype_compare(context, enctype1, enctype2, &similar);
- return similar ? True : False;
-#elif defined(HAVE_KRB5_ENCTYPES_COMPATIBLE_KEYS)
- return krb5_enctypes_compatible_keys(context, enctype1, enctype2) ? True : False;
-#endif
}
krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry)
#include "libcli/ldap/ldap.h"
#include "libcli/ldap/ldap_client.h"
-/*
- delete a record
- */
-NTSTATUS ildap_delete(struct ldap_connection *conn, const char *dn)
-{
- struct ldap_message *msg;
- NTSTATUS status;
-
- msg = new_ldap_message(conn);
- NT_STATUS_HAVE_NO_MEMORY(msg);
-
- msg->type = LDAP_TAG_DelRequest;
- msg->r.DelRequest.dn = dn;
-
- status = ldap_transaction(conn, msg);
-
- talloc_free(msg);
-
- return status;
-}
-
-/*
- add a record
- */
-NTSTATUS ildap_add(struct ldap_connection *conn, const char *dn, struct ldap_mod **mods)
-{
- struct ldap_message *msg;
- int n, i;
- NTSTATUS status;
-
- msg = new_ldap_message(conn);
- NT_STATUS_HAVE_NO_MEMORY(msg);
-
- for (n=0;mods[n];n++) /* noop */ ;
-
- msg->type = LDAP_TAG_AddRequest;
- msg->r.AddRequest.dn = dn;
- msg->r.AddRequest.num_attributes = n;
- msg->r.AddRequest.attributes = talloc_array(msg, struct ldb_message_element, n);
- if (msg->r.AddRequest.attributes == NULL) {
- talloc_free(msg);
- return NT_STATUS_NO_MEMORY;
- }
- for (i=0;i<n;i++) {
- msg->r.AddRequest.attributes[i] = mods[i]->attrib;
- }
-
- status = ldap_transaction(conn, msg);
-
- talloc_free(msg);
-
- return status;
-}
-
-
-/*
- modify a record
- */
-NTSTATUS ildap_modify(struct ldap_connection *conn, const char *dn, struct ldap_mod **mods)
-{
- struct ldap_message *msg;
- int n, i;
- NTSTATUS status;
-
- msg = new_ldap_message(conn);
- NT_STATUS_HAVE_NO_MEMORY(msg);
-
- for (n=0;mods[n];n++) /* noop */ ;
-
- msg->type = LDAP_TAG_ModifyRequest;
- msg->r.ModifyRequest.dn = dn;
- msg->r.ModifyRequest.num_mods = n;
- msg->r.ModifyRequest.mods = talloc_array(msg, struct ldap_mod, n);
- if (msg->r.ModifyRequest.mods == NULL) {
- talloc_free(msg);
- return NT_STATUS_NO_MEMORY;
- }
- for (i=0;i<n;i++) {
- msg->r.ModifyRequest.mods[i] = *mods[i];
- }
-
- status = ldap_transaction(conn, msg);
-
- talloc_free(msg);
-
- return status;
-}
-
-
-/*
- rename a record
- */
-NTSTATUS ildap_rename(struct ldap_connection *conn, const char *dn, const char *newrdn,
- const char *parentdn, BOOL deleteolddn)
-{
- struct ldap_message *msg;
- NTSTATUS status;
-
- msg = new_ldap_message(conn);
- NT_STATUS_HAVE_NO_MEMORY(msg);
-
- msg->type = LDAP_TAG_ModifyDNRequest;
- msg->r.ModifyDNRequest.dn = dn;
- msg->r.ModifyDNRequest.newrdn = newrdn;
- msg->r.ModifyDNRequest.deleteolddn = deleteolddn;
- msg->r.ModifyDNRequest.newsuperior = parentdn;
-
- status = ldap_transaction(conn, msg);
-
- talloc_free(msg);
-
- return status;
-}
-
/*
count the returned search entries
must not use posix semantics)
2) support for lock timeouts
*/
-bool torture_locktest1(struct torture_context *tctx,
- struct smbcli_state *cli1,
- struct smbcli_state *cli2)
+static bool torture_locktest1(struct torture_context *tctx,
+ struct smbcli_state *cli1,
+ struct smbcli_state *cli2)
{
const char *fname = BASEDIR "\\lockt1.lck";
int fnum1, fnum2, fnum3;
3) the server denies unlock requests by an incorrect client PID
*/
-bool torture_locktest2(struct torture_context *tctx,
- struct smbcli_state *cli)
+static bool torture_locktest2(struct torture_context *tctx,
+ struct smbcli_state *cli)
{
const char *fname = BASEDIR "\\lockt2.lck";
int fnum1, fnum2, fnum3;
1) the server supports the full offset range in lock requests
*/
-bool torture_locktest3(struct torture_context *tctx,
- struct smbcli_state *cli1,
- struct smbcli_state *cli2)
+static bool torture_locktest3(struct torture_context *tctx,
+ struct smbcli_state *cli1,
+ struct smbcli_state *cli2)
{
const char *fname = BASEDIR "\\lockt3.lck";
int fnum1, fnum2, i;
/*
looks at overlapping locks
*/
-BOOL torture_locktest4(struct torture_context *tctx,
- struct smbcli_state *cli1,
- struct smbcli_state *cli2)
+static bool torture_locktest4(struct torture_context *tctx,
+ struct smbcli_state *cli1,
+ struct smbcli_state *cli2)
{
const char *fname = BASEDIR "\\lockt4.lck";
int fnum1, fnum2, f;
/*
looks at lock upgrade/downgrade.
*/
-BOOL torture_locktest5(struct torture_context *tctx, struct smbcli_state *cli1,
- struct smbcli_state *cli2)
+static bool torture_locktest5(struct torture_context *tctx, struct smbcli_state *cli1,
+ struct smbcli_state *cli2)
{
const char *fname = BASEDIR "\\lockt5.lck";
int fnum1, fnum2, fnum3;
/*
tries the unusual lockingX locktype bits
*/
-BOOL torture_locktest6(struct torture_context *tctx,
- struct smbcli_state *cli)
+static bool torture_locktest6(struct torture_context *tctx,
+ struct smbcli_state *cli)
{
const char *fname[1] = { "\\lock6.txt" };
int i;
return True;
}
-BOOL torture_locktest7(struct torture_context *tctx,
- struct smbcli_state *cli1)
+static bool torture_locktest7(struct torture_context *tctx,
+ struct smbcli_state *cli1)
{
const char *fname = BASEDIR "\\lockt7.lck";
int fnum1;
#include "winbind/wb_helper.h"
-struct get_schannel_creds_state {
- struct cli_credentials *wks_creds;
- struct dcerpc_pipe *p;
- struct netr_ServerReqChallenge r;
-
- struct creds_CredentialState *creds_state;
- struct netr_Credential netr_cred;
- uint32_t negotiate_flags;
- struct netr_ServerAuthenticate2 a;
-};
-
-static void get_schannel_creds_recv_anonbind(struct composite_context *creq);
-static void get_schannel_creds_recv_auth(struct rpc_request *req);
-static void get_schannel_creds_recv_chal(struct rpc_request *req);
-static void get_schannel_creds_recv_pipe(struct composite_context *ctx);
-
-struct composite_context *wb_get_schannel_creds_send(TALLOC_CTX *mem_ctx,
- struct cli_credentials *wks_creds,
- struct smbcli_tree *tree,
- struct event_context *ev)
-{
- struct composite_context *c, *creq;
- struct get_schannel_creds_state *state;
-
- c = composite_create(mem_ctx, ev);
- if (c == NULL) goto failed;
-
- state = talloc(c, struct get_schannel_creds_state);
- if (state == NULL) {
- c->status = NT_STATUS_NO_MEMORY;
- goto failed;
- }
-
- c->private_data = state;
-
- state->wks_creds = wks_creds;
-
- state->p = dcerpc_pipe_init(state, ev);
- if (state->p == NULL) {
- c->status = NT_STATUS_NO_MEMORY;
- goto failed;
- }
-
- creq = dcerpc_pipe_open_smb_send(state->p, tree, "\\netlogon");
- if (creq == NULL) {
- c->status = NT_STATUS_NO_MEMORY;
- goto failed;
- }
-
- creq->async.fn = get_schannel_creds_recv_pipe;
- creq->async.private_data = c;
-
- return c;
-
- failed:
- composite_error(c, c->status);
- return c;
-}
-
-static void get_schannel_creds_recv_pipe(struct composite_context *creq)
-{
- struct composite_context *c =
- talloc_get_type(creq->async.private_data,
- struct composite_context);
- struct get_schannel_creds_state *state =
- talloc_get_type(c->private_data,
- struct get_schannel_creds_state);
-
- c->status = dcerpc_pipe_open_smb_recv(creq);
- if (!composite_is_ok(c)) return;
-
- creq = dcerpc_bind_auth_none_send(state, state->p,
- &dcerpc_table_netlogon);
- composite_continue(c, creq, get_schannel_creds_recv_anonbind, c);
-}
-
-static void get_schannel_creds_recv_anonbind(struct composite_context *creq)
-{
- struct composite_context *c =
- talloc_get_type(creq->async.private_data,
- struct composite_context);
- struct get_schannel_creds_state *state =
- talloc_get_type(c->private_data,
- struct get_schannel_creds_state);
- struct rpc_request *req;
-
- c->status = dcerpc_bind_auth_none_recv(creq);
- if (!composite_is_ok(c)) return;
-
- state->r.in.computer_name =
- cli_credentials_get_workstation(state->wks_creds);
- state->r.in.server_name =
- talloc_asprintf(state, "\\\\%s",
- dcerpc_server_name(state->p));
- if (composite_nomem(state->r.in.server_name, c)) return;
-
- state->r.in.credentials = talloc(state, struct netr_Credential);
- if (composite_nomem(state->r.in.credentials, c)) return;
-
- state->r.out.credentials = talloc(state, struct netr_Credential);
- if (composite_nomem(state->r.out.credentials, c)) return;
-
- generate_random_buffer(state->r.in.credentials->data,
- sizeof(state->r.in.credentials->data));
-
- req = dcerpc_netr_ServerReqChallenge_send(state->p, state, &state->r);
- composite_continue_rpc(c, req, get_schannel_creds_recv_chal, c);
-}
-
-static void get_schannel_creds_recv_chal(struct rpc_request *req)
-{
- struct composite_context *c =
- talloc_get_type(req->async.private_data,
- struct composite_context);
- struct get_schannel_creds_state *state =
- talloc_get_type(c->private_data,
- struct get_schannel_creds_state);
- const struct samr_Password *mach_pwd;
-
- c->status = dcerpc_ndr_request_recv(req);
- if (!composite_is_ok(c)) return;
- c->status = state->r.out.result;
- if (!composite_is_ok(c)) return;
-
- state->creds_state = talloc(state, struct creds_CredentialState);
- if (composite_nomem(state->creds_state, c)) return;
-
- mach_pwd = cli_credentials_get_nt_hash(state->wks_creds, state);
- if (composite_nomem(mach_pwd, c)) return;
-
- state->negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
-
- creds_client_init(state->creds_state, state->r.in.credentials,
- state->r.out.credentials, mach_pwd,
- &state->netr_cred, state->negotiate_flags);
-
- state->a.in.server_name =
- talloc_reference(state, state->r.in.server_name);
- state->a.in.account_name =
- cli_credentials_get_username(state->wks_creds);
- state->a.in.secure_channel_type =
- cli_credentials_get_secure_channel_type(state->wks_creds);
- state->a.in.computer_name =
- cli_credentials_get_workstation(state->wks_creds);
- state->a.in.negotiate_flags = &state->negotiate_flags;
- state->a.out.negotiate_flags = &state->negotiate_flags;
- state->a.in.credentials = &state->netr_cred;
- state->a.out.credentials = &state->netr_cred;
-
- req = dcerpc_netr_ServerAuthenticate2_send(state->p, state, &state->a);
- composite_continue_rpc(c, req, get_schannel_creds_recv_auth, c);
-}
-
-static void get_schannel_creds_recv_auth(struct rpc_request *req)
-{
- struct composite_context *c =
- talloc_get_type(req->async.private_data,
- struct composite_context);
- struct get_schannel_creds_state *state =
- talloc_get_type(c->private_data,
- struct get_schannel_creds_state);
-
- c->status = dcerpc_ndr_request_recv(req);
- if (!composite_is_ok(c)) return;
- c->status = state->a.out.result;
- if (!composite_is_ok(c)) return;
-
- if (!creds_client_check(state->creds_state,
- state->a.out.credentials)) {
- DEBUG(5, ("Server got us invalid creds\n"));
- composite_error(c, NT_STATUS_UNSUCCESSFUL);
- return;
- }
-
- cli_credentials_set_netlogon_creds(state->wks_creds,
- state->creds_state);
-
- composite_done(c);
-}
-
-NTSTATUS wb_get_schannel_creds_recv(struct composite_context *c,
- TALLOC_CTX *mem_ctx,
- struct dcerpc_pipe **netlogon_pipe)
-{
- NTSTATUS status = composite_wait(c);
- if (NT_STATUS_IS_OK(status)) {
- struct get_schannel_creds_state *state =
- talloc_get_type(c->private_data,
- struct get_schannel_creds_state);
- *netlogon_pipe = talloc_steal(mem_ctx, state->p);
- }
- talloc_free(c);
- return status;
-}
-
-NTSTATUS wb_get_schannel_creds(TALLOC_CTX *mem_ctx,
- struct cli_credentials *wks_creds,
- struct smbcli_tree *tree,
- struct event_context *event_ctx,
- struct dcerpc_pipe **netlogon_pipe)
-{
- struct composite_context *c =
- wb_get_schannel_creds_send(mem_ctx, wks_creds, tree,
- event_ctx);
- return wb_get_schannel_creds_recv(c, mem_ctx, netlogon_pipe);
-}
-
struct lsa_lookupsids_state {
struct composite_context *ctx;
int num_sids;
return status;
}
-NTSTATUS wb_lsa_lookupsids(TALLOC_CTX *mem_ctx,
- struct dcerpc_pipe *lsa_pipe,
- struct policy_handle *handle,
- int num_sids, const struct dom_sid **sids,
- struct wb_sid_object ***names)
-{
- struct composite_context *c =
- wb_lsa_lookupsids_send(mem_ctx, lsa_pipe, handle,
- num_sids, sids);
- return wb_lsa_lookupnames_recv(c, mem_ctx, names);
-}
-
-
struct lsa_lookupnames_state {
struct composite_context *ctx;
return status;
}
-NTSTATUS wb_lsa_lookupnames(TALLOC_CTX *mem_ctx,
- struct dcerpc_pipe *lsa_pipe,
- struct policy_handle *handle,
- int num_names, const char **names,
- struct wb_sid_object ***sids)
-{
- struct composite_context *c =
- wb_lsa_lookupnames_send(mem_ctx, lsa_pipe, handle,
- num_names, names);
- return wb_lsa_lookupnames_recv(c, mem_ctx, sids);
-}
#if 0
git.samba.org / kai / samba.git / commitdiff