s3-build: Rework object lists to allow gse gensec module

This also allows the spnego_parse_krb5_wrap() function to be shared.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 318067ff026b414eeabd4dce0163600fd3333a62..69f4786695a2bebf67a624d0a06cdc731af852a0 100644 (file)
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -555,9 +555,12 @@ LIBSMB_OBJ0 = \
               ../lib/util/asn1.o \
               ../libcli/auth/spnego_parse.o \
               ../libcli/auth/ntlm_check.o \
+              ../libcli/auth/krb5_wrap.o \
               libsmb/ntlmssp.o \
               libsmb/ntlmssp_wrap.o \
               libsmb/auth_generic.o \
+              libsmb/clikrb5.o \
+              libsmb/clispnego.o \
               ../auth/gensec/gensec.o \
               ../auth/gensec/gensec_start.o \
               ../auth/gensec/gensec_util.o \
@@ -594,7 +597,6 @@ SCHANNEL_OBJ = ../libcli/auth/credentials.o \
               $(LIBNDR_SCHANNEL_OBJ)
 
 LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
-            libsmb/clikrb5.o ../libcli/auth/krb5_wrap.o libsmb/clispnego.o \
             libsmb/reparse_symlink.o \
             libsmb/clisymlink.o \
             libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \
@@ -1015,7 +1017,7 @@ NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
 
 NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
            $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
-          $(LIBNDR_GEN_OBJ0)
+          $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ)
 
 SWAT_OBJ1 = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \
            web/swat.o web/neg_lang.o
@@ -1067,10 +1069,10 @@ SMBPASSWD_OBJ = utils/smbpasswd.o $(PASSWD_UTIL_OBJ) $(PASSCHANGE_OBJ) \
                rpc_client/init_lsa.o
 
 PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) \
-               $(LIBSAMBA_OBJ) \
+               $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
+               $(AFS_SETTOKEN_OBJ) \
+               $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \
                $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \
-               $(LIBCLI_LDAP_NDR_OBJ) \
-               $(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
                $(POPT_LIB_OBJ) $(SMBLDAP_OBJ)
 
 SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ1)
@@ -1246,8 +1248,8 @@ NET_OBJ = $(NET_OBJ1) \
          $(LIB_EVENTLOG_OBJ)
 
 CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \
-         $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \
-         $(LIBNDR_GEN_OBJ0)
+               $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \
+               $(AFS_SETTOKEN_OBJ) $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ)
 
 NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) \
                $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ)
@@ -1277,23 +1279,23 @@ SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) $(TLDAP_OBJ) \
        $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ)
 
 MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
-                 $(LIB_NONSMBD_OBJ) \
-                $(LIBNDR_GEN_OBJ0)
+               $(LIB_NONSMBD_OBJ) \
+               $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ)
 
 MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_ERR_OBJ) \
                  $(LIB_NONSMBD_OBJ) \
                 $(LIBNDR_GEN_OBJ0)
 
 LOCKTEST_OBJ = torture/locktest.o $(PARAM_OBJ) $(LOCKING_OBJ) $(KRBCLIENT_OBJ) \
-               $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) \
-               $(LIBNDR_GEN_OBJ0) $(FNAME_UTIL_OBJ)
+               $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) \
+               $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(FNAME_UTIL_OBJ)
 
 NSSTEST_OBJ = ../nsswitch/nsstest.o $(LIBSAMBAUTIL_OBJ)
 
 PDBTEST_OBJ = torture/pdbtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
                $(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
                $(SMBLDAP_OBJ) $(POPT_LIB_OBJ) \
-               $(LIBNDR_GEN_OBJ0)
+               $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ)
 
 VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ)
 
@@ -1301,7 +1303,7 @@ LOG2PCAP_OBJ = utils/log2pcaphex.o
 
 LOCKTEST2_OBJ = torture/locktest2.o $(PARAM_OBJ) $(LOCKING_OBJ) $(LIBSMB_OBJ) \
                $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \
-               $(LIBNDR_GEN_OBJ0) $(FNAME_UTIL_OBJ)
+               $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(FNAME_UTIL_OBJ)
 
 SMBCACLS_OBJ = utils/smbcacls.o $(PARAM_OBJ) $(LIBSMB_OBJ) \
                $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \
@@ -1341,8 +1343,8 @@ REPLACETORT_OBJ = @libreplacedir@/test/testsuite.o \
 DEBUG2HTML_OBJ = utils/debug2html.o utils/debugparse.o
 
 SMBFILTER_OBJ = utils/smbfilter.o $(PARAM_OBJ) $(LIBSMB_OBJ) \
-                 $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \
-                $(LIBNDR_GEN_OBJ0)
+               $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \
+               $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ)
 
 WINBIND_WINS_NSS_OBJ = ../nsswitch/wins.o $(PARAM_OBJ) \
        $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNMB_OBJ)
@@ -1350,8 +1352,10 @@ WINBIND_WINS_NSS_OBJ = ../nsswitch/wins.o $(PARAM_OBJ) \
 PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
                pam_smbpass/pam_smb_acct.o pam_smbpass/support.o
 PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
-               $(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) \
-               $(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
+               $(SMBLDAP_OBJ) \
+               $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
+               $(AFS_SETTOKEN_OBJ) \
+               $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \
                $(PAM_ERRORS_OBJ)
 
 IDMAP_RW_OBJ = winbindd/idmap_rw.o
@@ -1494,9 +1498,10 @@ WINBINDD_OBJ = \
                rpc_client/init_samr.o \
                $(PAM_ERRORS_OBJ)
 
-WBINFO_OBJ = ../nsswitch/wbinfo.o $(LIBSAMBA_OBJ) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
+WBINFO_OBJ = ../nsswitch/wbinfo.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
+               $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
                $(POPT_LIB_OBJ) $(AFS_SETTOKEN_OBJ) \
-               lib/winbind_util.o $(WBCOMMON_OBJ)
+               lib/winbind_util.o $(WBCOMMON_OBJ) $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ)
 
 WINBIND_NSS_OBJ = $(WBCOMMON_OBJ) $(LIBREPLACE_OBJ) @WINBIND_NSS_EXTRA_OBJS@
 
@@ -1527,17 +1532,15 @@ TDBTORTURE_OBJ = @tdbdir@/tools/tdbtorture.o $(LIBREPLACE_OBJ) \
 
 NTLM_AUTH_OBJ1 = utils/ntlm_auth.o utils/ntlm_auth_diagnostics.o
 
-NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) $(POPT_LIB_OBJ) \
-               libsmb/clikrb5.o ../libcli/auth/krb5_wrap.o libads/kerberos.o \
+NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} \
                libsmb/samlogon_cache.o \
                $(LIBADS_SERVER_OBJ) \
                $(PASSDB_OBJ) $(GROUPDB_OBJ) \
-               $(SMBLDAP_OBJ) $(LIBNMB_OBJ) \
                $(WBCOMMON_OBJ) \
-               $(LIBNBT_OBJ) \
-               $(CLDAP_OBJ) \
-               $(DRSUAPI_OBJ) \
-               $(LIBNDR_GEN_OBJ0) $(LIBNDR_NETLOGON_OBJ) @BUILD_INIPARSER@
+               $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
+               $(AFS_SETTOKEN_OBJ) \
+               $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \
+               $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) @BUILD_INIPARSER@
 
 
 VLP_OBJ = printing/tests/vlp.o \
@@ -3144,10 +3147,10 @@ bin/ntlm_auth@EXEEXT@: $(BINARY_PREREQS) $(NTLM_AUTH_OBJ) $(PARAM_OBJ) \
                $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
                $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) @INIPARSERLIBS@
 
-bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) $(LIBCLI_LDAP_NDR_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) $(LIBTDB)
+bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) $(LIBTDB)
        @echo "Linking shared library $@"
-       @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) $(LIBCLI_LDAP_NDR_OBJ) -lpam $(DYNEXP) \
-               $(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) \
+       @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) -lpam $(DYNEXP) \
+               $(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(KRB5LIBS) $(ZLIB_LIBS) \
                $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS)
 
 bin/tdbbackup@EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) $(LIBTALLOC) $(LIBTDB)

diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 00c7d4dbba06f4adebe746f887ad7609bc2f006f..ff9b60ed0f6a7bb7359696a4810191fc6c1047c9 100644 (file)
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1232,45 +1232,6 @@ static void offer_gss_spnego_mechs(void) {
        return;
 }
 
-bool spnego_parse_krb5_wrap(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2])
-{
-       bool ret;
-       ASN1_DATA *data;
-       int data_remaining;
-
-       data = asn1_init(talloc_tos());
-       if (data == NULL) {
-               return false;
-       }
-
-       asn1_load(data, blob);
-       asn1_start_tag(data, ASN1_APPLICATION(0));
-       asn1_check_OID(data, OID_KERBEROS5);
-
-       data_remaining = asn1_tag_remaining(data);
-
-       if (data_remaining < 3) {
-               data->has_error = True;
-       } else {
-               asn1_read(data, tok_id, 2);
-               data_remaining -= 2;
-               *ticket = data_blob_talloc(ctx, NULL, data_remaining);
-               asn1_read(data, ticket->data, ticket->length);
-       }
-
-       asn1_end_tag(data);
-
-       ret = !data->has_error;
-
-       if (data->has_error) {
-               data_blob_free(ticket);
-       }
-
-       asn1_free(data);
-
-       return ret;
-}
-
 static void manage_gss_spnego_request(struct ntlm_auth_state *state,
                                        char *buf, int length)
 {

diff --git a/source3/wscript_build b/source3/wscript_build
index 5a13ccf562952eeae0995c3ec28a147cc87b15d2..89e312e4004aa17b4c740d19973be85949d569d1 100755 (executable)
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -147,8 +147,6 @@ LIBSMB_SRC = '''libsmb/clientgen.c libsmb/cliconnect.c libsmb/clifile.c
 
 LIBMSRPC_SRC = '''
                rpc_client/cli_pipe.c
-               librpc/crypto/gse_krb5.c
-               librpc/crypto/gse.c
                librpc/crypto/cli_spnego.c
                librpc/rpc/rpc_common.c
                rpc_client/rpc_transport_np.c
@@ -688,11 +686,16 @@ bld.SAMBA3_LIBRARY('nss_wins',
                   realname='libnss_wins.so.2',
                   vnum='2')
 
+bld.SAMBA3_LIBRARY('gse',
+                   source='librpc/crypto/gse_krb5.c librpc/crypto/gse.c',
+                   deps='KRB5_WRAP gensec param KRBCLIENT SECRETS3',
+                   private_library=True)
+
 bld.SAMBA3_LIBRARY('msrpc3',
                    source='${LIBMSRPC_SRC}',
                    deps='''ndr ndr-standard
                     RPC_NDR_EPMAPPER NTLMSSP_COMMON COMMON_SCHANNEL LIBCLI_AUTH
-                    LIBTSOCKET KRB5_WRAP dcerpc-binding
+                    LIBTSOCKET gse dcerpc-binding
                     libsmb''',
                    vars=locals(),
                    private_library=True)
@@ -801,7 +804,7 @@ bld.SAMBA3_LIBRARY('util_cmdline',
 
 bld.SAMBA3_SUBSYSTEM('KRBCLIENT',
                     source=KRBCLIENT_SRC,
-                    public_deps='KRB5_WRAP k5crypto LIBTSOCKET CLDAP',
+                    public_deps='KRB5_WRAP k5crypto LIBTSOCKET CLDAP LIBNMB',
                     vars=locals())
 
 bld.SAMBA3_SUBSYSTEM('samba3util',
@@ -1379,7 +1382,7 @@ bld.SAMBA3_BINARY('ntlm_auth' + bld.env.suffix3,
                  deps='''tdb_compat talloc cap KRB5_WRAP k5crypto wbclient param smbd_shim
                  samba3core LIBNTLMSSP popt_samba3 asn1util LIBTSOCKET
                  pdb winbind-client LIBINIPARSER LIBADS_SERVER
-                 NDR_SAMR NDR_LSA NDR_NETLOGON cli-ldap-common LIBNMB SLCACHE SPNEGO_PARSE KRBCLIENT''',
+                 NDR_SAMR NDR_LSA NDR_NETLOGON cli-ldap-common LIBNMB SLCACHE SPNEGO_PARSE KRBCLIENT libsmb''',
                  vars=locals())
 
 bld.SAMBA3_BINARY('timelimit',