return ret;
}
-
-static int smb_krb5_context_destory_1(void *ptr)
-{
- struct smb_krb5_context *ctx = ptr;
- krb5_free_context(ctx->krb5_context);
- return 0;
-}
-
-#ifdef HAVE_KRB5_LOG_CONTROL
-static int smb_krb5_context_destory_2(void *ptr)
-{
- struct smb_krb5_context *ctx = ptr;
-
- /* Otherwise krb5_free_context will try and close what we have already free()ed */
- krb5_set_warn_dest(ctx->krb5_context, NULL);
- krb5_closelog(ctx->krb5_context, ctx->logf);
- smb_krb5_context_destory_1(ptr);
- return 0;
-}
-
-/* We never close down the DEBUG system, and no need to unreference the use */
-static void smb_krb5_debug_close(void *private) {
- return;
-}
-
-static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private)
-{
- DEBUG(3, ("Kerberos: %s\n", msg));
-}
-
-#endif
-
- krb5_error_code smb_krb5_init_context(TALLOC_CTX *parent_ctx,
- struct smb_krb5_context **smb_krb5_context)
-{
- krb5_error_code ret;
- TALLOC_CTX *tmp_ctx;
-
- initialize_krb5_error_table();
-
- tmp_ctx = talloc_new(parent_ctx);
- *smb_krb5_context = talloc(tmp_ctx, struct smb_krb5_context);
-
- if (!*smb_krb5_context || !tmp_ctx) {
- talloc_free(*smb_krb5_context);
- talloc_free(tmp_ctx);
- return ENOMEM;
- }
-
- ret = krb5_init_context(&(*smb_krb5_context)->krb5_context);
- if (ret) {
- DEBUG(1,("krb5_init_context failed (%s)\n",
- error_message(ret)));
- return ret;
- }
-
- talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destory_1);
-
- if (lp_realm() && *lp_realm()) {
- char *upper_realm = strupper_talloc(tmp_ctx, lp_realm());
- if (!upper_realm) {
- DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm()));
- talloc_free(tmp_ctx);
- return ENOMEM;
- }
- ret = krb5_set_default_realm((*smb_krb5_context)->krb5_context, lp_realm());
- if (ret) {
- DEBUG(1,("krb5_set_default_realm failed (%s)\n",
- smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
- talloc_free(tmp_ctx);
- return ret;
- }
- }
-
-#ifdef HAVE_KRB5_LOG_CONTROL
- /* TODO: Should we have a different name here? */
- ret = krb5_initlog((*smb_krb5_context)->krb5_context, "Samba", &(*smb_krb5_context)->logf);
-
- if (ret) {
- DEBUG(1,("krb5_initlog failed (%s)\n",
- smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
- talloc_free(tmp_ctx);
- return ret;
- }
-
- talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destory_2);
-
- ret = krb5_addlog_func((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf, 0 /* min */, -1 /* max */,
- smb_krb5_debug_wrapper, smb_krb5_debug_close, NULL);
- if (ret) {
- DEBUG(1,("krb5_addlog_func failed (%s)\n",
- smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
- talloc_free(tmp_ctx);
- return ret;
- }
- krb5_set_warn_dest((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf);
-
-#endif
- talloc_steal(parent_ctx, *smb_krb5_context);
- talloc_free(tmp_ctx);
- return 0;
-}
-
#endif
auth/kerberos/kerberos_verify.o \
auth/kerberos/kerberos_util.o \
auth/kerberos/kerberos_pac.o \
- auth/kerberos/gssapi_parse.o
+ auth/kerberos/gssapi_parse.o \
+ auth/kerberos/krb5_init_context.o
REQUIRED_SUBSYSTEMS = KERBEROS_LIB NDR_KRB5PAC
# End SUBSYSTEM KERBEROS
#################################
#if defined(HAVE_KRB5)
-#if defined(HAVE_KRB5_INITLOG) && defined(HAVE_KRB5_ADDLOG_FUNC) && defined (HAVE_KRB5_SET_WARN_DEST) && defined(HAVE_KRB5_LOG_FACILITY)
-#define HAVE_KRB5_LOG_CONTROL
-#else
-#undef HAVE_KRB5_LOG_CONTROL
-#endif
+#include "auth/kerberos/krb5_init_context.h"
-struct smb_krb5_context {
- krb5_context krb5_context;
-#ifdef HAVE_KRB5_LOG_CONTROL
- krb5_log_facility *logf;
-#endif
-};
-
struct ccache_container {
struct smb_krb5_context *smb_krb5_context;
krb5_ccache ccache;
struct cli_credentials *credentials,
struct smb_krb5_context *smb_krb5_context,
krb5_ccache ccache);
-krb5_error_code smb_krb5_init_context(TALLOC_CTX *parent_ctx,
- struct smb_krb5_context **smb_krb5_context);
krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx,
struct cli_credentials *machine_account,
struct smb_krb5_context *smb_krb5_context,
--- /dev/null
+/*
+ Unix SMB/CIFS implementation.
+ Wrapper for krb5_init_context
+
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+
+static int smb_krb5_context_destroy_1(void *ptr)
+{
+ struct smb_krb5_context *ctx = ptr;
+ krb5_free_context(ctx->krb5_context);
+ return 0;
+}
+
+static int smb_krb5_context_destroy_2(void *ptr)
+{
+ struct smb_krb5_context *ctx = ptr;
+
+ /* Otherwise krb5_free_context will try and close what we have already free()ed */
+ krb5_set_warn_dest(ctx->krb5_context, NULL);
+ krb5_closelog(ctx->krb5_context, ctx->logf);
+ smb_krb5_context_destroy_1(ptr);
+ return 0;
+}
+
+/* We never close down the DEBUG system, and no need to unreference the use */
+static void smb_krb5_debug_close(void *private) {
+ return;
+}
+
+static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private)
+{
+ DEBUG(3, ("Kerberos: %s\n", msg));
+}
+
+ krb5_error_code smb_krb5_init_context(void *parent_ctx,
+ struct smb_krb5_context **smb_krb5_context)
+{
+ krb5_error_code ret;
+ TALLOC_CTX *tmp_ctx;
+
+ initialize_krb5_error_table();
+
+ tmp_ctx = talloc_new(parent_ctx);
+ *smb_krb5_context = talloc(tmp_ctx, struct smb_krb5_context);
+
+ if (!*smb_krb5_context || !tmp_ctx) {
+ talloc_free(*smb_krb5_context);
+ talloc_free(tmp_ctx);
+ return ENOMEM;
+ }
+
+ ret = krb5_init_context(&(*smb_krb5_context)->krb5_context);
+ if (ret) {
+ DEBUG(1,("krb5_init_context failed (%s)\n",
+ error_message(ret)));
+ return ret;
+ }
+
+ talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy_1);
+
+ if (lp_realm() && *lp_realm()) {
+ char *upper_realm = strupper_talloc(tmp_ctx, lp_realm());
+ if (!upper_realm) {
+ DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm()));
+ talloc_free(tmp_ctx);
+ return ENOMEM;
+ }
+ ret = krb5_set_default_realm((*smb_krb5_context)->krb5_context, lp_realm());
+ if (ret) {
+ DEBUG(1,("krb5_set_default_realm failed (%s)\n",
+ smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+ }
+
+ /* TODO: Should we have a different name here? */
+ ret = krb5_initlog((*smb_krb5_context)->krb5_context, "Samba", &(*smb_krb5_context)->logf);
+
+ if (ret) {
+ DEBUG(1,("krb5_initlog failed (%s)\n",
+ smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy_2);
+
+ ret = krb5_addlog_func((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf, 0 /* min */, -1 /* max */,
+ smb_krb5_debug_wrapper, smb_krb5_debug_close, NULL);
+ if (ret) {
+ DEBUG(1,("krb5_addlog_func failed (%s)\n",
+ smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+ krb5_set_warn_dest((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf);
+
+ talloc_steal(parent_ctx, *smb_krb5_context);
+ talloc_free(tmp_ctx);
+ return 0;
+}
+
+ void smb_krb5_free_context(struct smb_krb5_context *smb_krb5_context)
+{
+ talloc_free(smb_krb5_context);
+}
--- /dev/null
+/*
+ Unix SMB/CIFS implementation.
+ simple kerberos5 routines for active directory
+ Copyright (C) Andrew Bartlett 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+struct smb_krb5_context {
+ krb5_context krb5_context;
+ krb5_log_facility *logf;
+};
+
+krb5_error_code smb_krb5_init_context(void *parent_ctx,
+ struct smb_krb5_context **smb_krb5_context);
+void smb_krb5_free_context(struct smb_krb5_context *smb_krb5_context);
+
RCSID("$Id: init.c,v 1.7 2003/07/22 19:50:11 lha Exp $");
+#ifdef _SAMBA_BUILD_
+#include "auth/kerberos/krb5_init_context.h"
+#endif
+
static HEIMDAL_MUTEX gssapi_krb5_context_mutex = HEIMDAL_MUTEX_INITIALIZER;
static int created_key;
static HEIMDAL_thread_key gssapi_context_key;
gssapi_krb5_init (void)
{
krb5_error_code ret = 0;
+#ifdef _SAMBA_BUILD_
+ static struct smb_krb5_context *smb_krb5_context;
HEIMDAL_MUTEX_lock(&gssapi_krb5_context_mutex);
- if(gssapi_krb5_context == NULL)
+ if(smb_krb5_context == NULL) {
+ ret = smb_krb5_init_context(NULL, &smb_krb5_context);
+ }
+ if (ret == 0 && !created_key) {
+ HEIMDAL_key_create(&gssapi_context_key,
+ gssapi_destroy_thread_context,
+ ret);
+ if (ret) {
+ smb_krb5_free_context(smb_krb5_context);
+ smb_krb5_context = NULL;
+ } else
+ created_key = 1;
+ }
+ if (ret == 0) {
+ gssapi_krb5_context = smb_krb5_context->krb5_context;
+ }
+
+ HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex);
+#else
+ HEIMDAL_MUTEX_lock(&gssapi_krb5_context_mutex);
+
+ if(gssapi_krb5_context == NULL) {
ret = krb5_init_context (&gssapi_krb5_context);
+ }
if (ret == 0 && !created_key) {
HEIMDAL_key_create(&gssapi_context_key,
gssapi_destroy_thread_context,
}
HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex);
-
+#endif
return ret;
}
drsuapi_DsGetDomainControllerInfo
*/
static WERROR drsuapi_DsGetDomainControllerInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct drsuapi_DsGetDomainControllerInfo *r)
+ struct drsuapi_DsGetDomainControllerInfo *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}