svn commit: samba r24089 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec
Date: 2007-07-31 08:06:56 + (Tue, 31 Jul 2007)
New Revision: 24089
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24089
Log:
Add reply_prep/post_legacy
Routines to ease the transition to the new API
Modified:
branches/SAMBA_3_2/source/smbd/process.c
Changeset:
Modified: branches/SAMBA_3_2/source/smbd/process.c
===
--- branches/SAMBA_3_2/source/smbd/process.c2007-07-31 07:57:33 UTC (rev
24088)
+++ branches/SAMBA_3_2/source/smbd/process.c2007-07-31 08:06:56 UTC (rev
24089)
@@ -67,6 +67,60 @@
req-outbuf = NULL;
}
+/*
+ * From within a converted call you might have to call non-converted
+ * subroutines that still take the old inbuf/outbuf/lenght/bufsize
+ * parameters. This takes a struct smb_request and prepares the legacy
+ * parameters.
+ */
+
+BOOL reply_prep_legacy(struct smb_request *req,
+ char **pinbuf, char **poutbuf,
+ int *psize, int *pbufsize)
+{
+ const int bufsize = (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE
++ SAFETY_MARGIN);
+ char *inbuf, *outbuf;
+
+ if (!(inbuf = TALLOC_ARRAY(req, char, bufsize))) {
+ DEBUG(0, (Could not allocate legacy inbuf\n));
+ return False;
+ }
+ memcpy(inbuf, req-inbuf, MIN(smb_len(req-inbuf)+4, bufsize));
+ req-inbuf = (uint8 *)inbuf;
+
+ if (!(outbuf = TALLOC_ARRAY(req, char, bufsize))) {
+ DEBUG(0, (Could not allocate legacy outbuf\n));
+ return False;
+ }
+ req-outbuf = (uint8 *)outbuf;
+
+ construct_reply_common(inbuf, outbuf);
+
+ *pinbuf = inbuf;
+ *poutbuf = outbuf;
+ *psize= smb_len(inbuf)+4;
+ *pbufsize = bufsize;
+
+ return True;
+}
+
+/*
+ * Post-process the output of the legacy routine so that the result fits into
+ * the new reply_xxx API
+ */
+
+void reply_post_legacy(struct smb_request *req, int outsize)
+{
+ if (outsize 0) {
+ smb_setlen((char *)req-inbuf, (char *)req-outbuf,
+ outsize);
+ }
+ else {
+ TALLOC_FREE(req-outbuf);
+ }
+}
+
/
structure to hold a linked list of queued messages.
for processing.
svn commit: samba r24090 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec
Date: 2007-07-31 08:37:54 + (Tue, 31 Jul 2007)
New Revision: 24090
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24090
Log:
Separate parsing in reply_ntcreate_and_X
In particular, check if we have enough parameters
Modified:
branches/SAMBA_3_2/source/smbd/nttrans.c
Changeset:
Modified: branches/SAMBA_3_2/source/smbd/nttrans.c
===
--- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:06:56 UTC (rev
24089)
+++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:37:54 UTC (rev
24090)
@@ -484,13 +484,14 @@
{
int result;
pstring fname;
- uint32 flags = IVAL(inbuf,smb_ntcreate_Flags);
- uint32 access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess);
- uint32 file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
- uint32 share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
- uint32 create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
- uint32 create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
- uint16 root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
+ uint32 flags;
+ uint32 access_mask;
+ uint32 file_attributes;
+ uint32 share_access;
+ uint32 create_disposition;
+ uint32 create_options;
+ uint16 root_dir_fid;
+ SMB_BIG_UINT allocation_size;
/* Breakout the oplock request bits so we can set the
reply bits separately. */
int oplock_request = 0;
@@ -510,6 +511,25 @@
START_PROFILE(SMBntcreateX);
+ init_smb_request(req, (uint8 *)inbuf);
+
+ if (req.wct 24) {
+ return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+
+ flags = IVAL(inbuf,smb_ntcreate_Flags);
+ access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess);
+ file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
+ share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
+ create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
+ create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
+ root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
+
+ allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize);
+#ifdef LARGE_SMB_OFF_T
+ allocation_size |=
(((SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize + 4)) 32);
+#endif
+
DEBUG(10,(reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x
file_attributes = 0x%x, share_access = 0x%x,
create_disposition = 0x%x create_options = 0x%x
@@ -522,8 +542,6 @@
(unsigned int)create_options,
(unsigned int)root_dir_fid ));
- init_smb_request(req, (uint8 *)inbuf);
-
/*
* If it's an IPC, use the pipe handler.
*/
@@ -562,7 +580,7 @@
if(!dir_fsp-is_directory) {
- srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname,
+ srvstr_get_path(inbuf, req.flags2, fname,
smb_buf(inbuf), sizeof(fname), 0,
STR_TERMINATE, status);
if (!NT_STATUS_IS_OK(status)) {
@@ -606,7 +624,7 @@
dir_name_len++;
}
- srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), rel_fname,
+ srvstr_get_path(inbuf, req.flags2, rel_fname,
smb_buf(inbuf), sizeof(rel_fname), 0,
STR_TERMINATE, status);
if (!NT_STATUS_IS_OK(status)) {
@@ -615,7 +633,7 @@
}
pstrcat(fname, rel_fname);
} else {
- srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname,
+ srvstr_get_path(inbuf, req.flags2, fname,
smb_buf(inbuf), sizeof(fname), 0,
STR_TERMINATE, status);
if (!NT_STATUS_IS_OK(status)) {
@@ -654,7 +672,7 @@
* Now contruct the smb_open_mode value from the filename,
* desired access and the share access.
*/
- status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2)
FLAGS2_DFS_PATHNAMES, fname);
+ status = resolve_dfspath(conn, req.flags2 FLAGS2_DFS_PATHNAMES,
fname);
if (!NT_STATUS_IS_OK(status)) {
END_PROFILE(SMBntcreateX);
if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
@@ -842,7 +860,7 @@
} else {
TALLOC_FREE(case_state);
END_PROFILE(SMBntcreateX);
- if (open_was_deferred(SVAL(inbuf,smb_mid))) {
+ if (open_was_deferred(req.mid)) {
/* We have re-scheduled this call. */
svn commit: samba r24091 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec
Date: 2007-07-31 08:56:08 + (Tue, 31 Jul 2007)
New Revision: 24091
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24091
Log:
Convert reply_ntcreate_and_X to the new API
The routines called will follow
Modified:
branches/SAMBA_3_2/source/smbd/nttrans.c
branches/SAMBA_3_2/source/smbd/process.c
Changeset:
Modified: branches/SAMBA_3_2/source/smbd/nttrans.c
===
--- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:37:54 UTC (rev
24090)
+++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:56:08 UTC (rev
24091)
@@ -479,10 +479,9 @@
Reply to an NT create and X call.
/
-int reply_ntcreate_and_X(connection_struct *conn,
-char *inbuf,char *outbuf,int length,int bufsize)
+void reply_ntcreate_and_X(connection_struct *conn,
+ struct smb_request *req)
{
- int result;
pstring fname;
uint32 flags;
uint32 access_mask;
@@ -506,28 +505,26 @@
struct timespec m_timespec;
BOOL extended_oplock_granted = False;
NTSTATUS status;
- struct smb_request req;
struct case_semantics_state *case_state = NULL;
START_PROFILE(SMBntcreateX);
- init_smb_request(req, (uint8 *)inbuf);
-
- if (req.wct 24) {
- return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ if (req-wct 24) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
}
- flags = IVAL(inbuf,smb_ntcreate_Flags);
- access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess);
- file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
- share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
- create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
- create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
- root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
+ flags = IVAL(req-inbuf,smb_ntcreate_Flags);
+ access_mask = IVAL(req-inbuf,smb_ntcreate_DesiredAccess);
+ file_attributes = IVAL(req-inbuf,smb_ntcreate_FileAttributes);
+ share_access = IVAL(req-inbuf,smb_ntcreate_ShareAccess);
+ create_disposition = IVAL(req-inbuf,smb_ntcreate_CreateDisposition);
+ create_options = IVAL(req-inbuf,smb_ntcreate_CreateOptions);
+ root_dir_fid = (uint16)IVAL(req-inbuf,smb_ntcreate_RootDirectoryFid);
- allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize);
+ allocation_size =
(SMB_BIG_UINT)IVAL(req-inbuf,smb_ntcreate_AllocationSize);
#ifdef LARGE_SMB_OFF_T
- allocation_size |=
(((SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize + 4)) 32);
+ allocation_size |=
(((SMB_BIG_UINT)IVAL(req-inbuf,smb_ntcreate_AllocationSize + 4)) 32);
#endif
DEBUG(10,(reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x
@@ -548,17 +545,30 @@
if (IS_IPC(conn)) {
if (lp_nt_pipe_support()) {
+ char *inbuf, *outbuf;
+ int length, bufsize;
+
+ if (!reply_prep_legacy(req, inbuf, outbuf,
+ length, bufsize)) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+ reply_post_legacy(req, do_ntcreate_pipe_open(
+ conn, inbuf, outbuf,
+ length, bufsize));
END_PROFILE(SMBntcreateX);
- return
do_ntcreate_pipe_open(conn,inbuf,outbuf,length,bufsize);
+ return;
} else {
+ reply_doserror(req, ERRDOS, ERRnoaccess);
END_PROFILE(SMBntcreateX);
- return(ERROR_DOS(ERRDOS,ERRnoaccess));
+ return;
}
}
if (create_options FILE_OPEN_BY_FILE_ID) {
+ reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
END_PROFILE(SMBntcreateX);
- return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
+ return;
}
/*
@@ -570,22 +580,25 @@
* This filename is relative to a directory fid.
*/
pstring rel_fname;
- files_struct *dir_fsp =
file_fsp(inbuf,smb_ntcreate_RootDirectoryFid);
+ files_struct *dir_fsp = file_fsp(
+ (char *)req-inbuf, smb_ntcreate_RootDirectoryFid);
size_t dir_name_len;
if(!dir_fsp) {
+ reply_doserror(req, ERRDOS, ERRbadfid);
END_PROFILE(SMBntcreateX);
- return
svn commit: samba r24092 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec
Date: 2007-07-31 09:22:16 + (Tue, 31 Jul 2007)
New Revision: 24092
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24092
Log:
Convert do_ntcreate_pipe_open to the new API
nt_open_pipe_new() is a copy of nt_open_pipe(). It will stick for a bit
until do_nt_transact_create_pipe is converted as well.
Modified:
branches/SAMBA_3_2/source/smbd/nttrans.c
Changeset:
Modified: branches/SAMBA_3_2/source/smbd/nttrans.c
===
--- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 08:56:08 UTC (rev
24091)
+++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 09:22:16 UTC (rev
24092)
@@ -321,7 +321,8 @@
}
/
- Reply to an NT create and X call on a pipe.
+ Reply to an NT create and X call on a pipe -- this will die when all
+ callers are converted to nt_open_pipe_new
/
static int nt_open_pipe(char *fname, connection_struct *conn,
@@ -369,24 +370,75 @@
return 0;
}
+static void nt_open_pipe_new(char *fname, connection_struct *conn,
+struct smb_request *req, int *ppnum)
+{
+ smb_np_struct *p = NULL;
+ int i;
+
+ DEBUG(4,(nt_open_pipe: Opening pipe %s.\n, fname));
+
+ /* See if it is one we want to handle. */
+
+ if (lp_disable_spoolss() strequal(fname, \\spoolss)) {
+ reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ERRDOS, ERRbadpipe);
+ return;
+ }
+
+ for( i = 0; known_nt_pipes[i]; i++ ) {
+ if( strequal(fname,known_nt_pipes[i])) {
+ break;
+ }
+ }
+
+ if ( known_nt_pipes[i] == NULL ) {
+ reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ERRDOS, ERRbadpipe);
+ return;
+ }
+
+ /* Strip \\ off the name. */
+ fname++;
+
+ DEBUG(3,(nt_open_pipe: Known pipe %s opening.\n, fname));
+
+ p = open_rpc_pipe_p(fname, conn, req-vuid);
+ if (!p) {
+ reply_doserror(req, ERRSRV, ERRnofids);
+ return;
+ }
+
+ /* TODO: Add pipe to db */
+
+ if ( !store_pipe_opendb( p ) ) {
+ DEBUG(3,(nt_open_pipe: failed to store %s pipe open.\n,
fname));
+ }
+
+ *ppnum = p-pnum;
+ return;
+}
+
/
Reply to an NT create and X call for pipes.
/
-static int do_ntcreate_pipe_open(connection_struct *conn,
-char *inbuf,char *outbuf,int length,int bufsize)
+static void do_ntcreate_pipe_open(connection_struct *conn,
+ struct smb_request *req)
{
pstring fname;
- int ret;
int pnum = -1;
char *p = NULL;
- uint32 flags = IVAL(inbuf,smb_ntcreate_Flags);
+ uint32 flags = IVAL(req-inbuf,smb_ntcreate_Flags);
- srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), fname, smb_buf(inbuf),
- sizeof(fname), STR_TERMINATE);
+ srvstr_pull_buf((char *)req-inbuf, req-flags2, fname,
+ smb_buf(req-inbuf), sizeof(fname), STR_TERMINATE);
- if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, pnum)) != 0) {
- return ret;
+ nt_open_pipe_new(fname, conn, req, pnum);
+
+ if (req-outbuf) {
+ /* error reply */
+ return;
}
/*
@@ -399,13 +451,13 @@
* the wcnt to 42 ? It's definately
* what happens on the wire
*/
- set_message(inbuf,outbuf,50,0,True);
- SCVAL(outbuf,smb_wct,42);
+ reply_outbuf(req, 50, 0);
+ SCVAL(req-outbuf,smb_wct,42);
} else {
- set_message(inbuf,outbuf,34,0,True);
+ reply_outbuf(req, 34, 0);
}
- p = outbuf + smb_vwv2;
+ p = (char *)req-outbuf + smb_vwv2;
p++;
SSVAL(p,0,pnum);
p += 2;
@@ -433,7 +485,7 @@
DEBUG(5,(do_ntcreate_pipe_open: open pipe = %s\n, fname));
- return chain_reply(inbuf,outbuf,length,bufsize);
+ chain_reply_new(req);
}
/
@@ -545,17 +597,7 @@
if (IS_IPC(conn)) {
if (lp_nt_pipe_support()) {
- char *inbuf, *outbuf;
- int length, bufsize;
-
- if (!reply_prep_legacy(req, inbuf, outbuf,
- length, bufsize)) {
- reply_nterror(req, NT_STATUS_NO_MEMORY);
-
svn commit: samba r24093 - in branches/SAMBA_3_2/source/libads: .
Author: metze
Date: 2007-07-31 09:31:47 + (Tue, 31 Jul 2007)
New Revision: 24093
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24093
Log:
move gssapi/krb5 principal handling into a function
metze
Modified:
branches/SAMBA_3_2/source/libads/sasl.c
Changeset:
Modified: branches/SAMBA_3_2/source/libads/sasl.c
===
--- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:22:16 UTC (rev
24092)
+++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:31:47 UTC (rev
24093)
@@ -360,7 +360,7 @@
/*
perform a LDAP/SASL/SPNEGO/GSSKRB5 bind
*/
-static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const char
*sname)
+static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const
gss_name_t serv_name)
{
ADS_STATUS status;
BOOL ok;
@@ -371,7 +371,6 @@
gss_OID mech_type = krb5_mech_type;
gss_OID actual_mech_type = GSS_C_NULL_OID;
const char *spnego_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5,
OID_NTLMSSP, NULL};
- gss_name_t serv_name;
gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT;
gss_buffer_desc input_token, output_token;
uint32 req_flags, ret_flags;
@@ -379,51 +378,7 @@
DATA_BLOB unwrapped;
DATA_BLOB wrapped;
struct berval cred, *scred = NULL;
- krb5_principal principal = NULL;
- gss_buffer_desc input_name;
- krb5_context ctx = NULL;
- krb5_enctype enc_types[] = {
-#ifdef ENCTYPE_ARCFOUR_HMAC
- ENCTYPE_ARCFOUR_HMAC,
-#endif
- ENCTYPE_DES_CBC_MD5,
- ENCTYPE_NULL};
- gss_OID_desc nt_principal =
- {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)};
- initialize_krb5_error_table();
- status = ADS_ERROR_KRB5(krb5_init_context(ctx));
- if (!ADS_ERR_OK(status)) {
- return status;
- }
- status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types));
- if (!ADS_ERR_OK(status)) {
- krb5_free_context(ctx);
- return status;
- }
- status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, principal));
- if (!ADS_ERR_OK(status)) {
- krb5_free_context(ctx);
- return status;
- }
-
- /*
-* The MIT libraries have a *HORRIBLE* bug - input_value.value needs
-* to point to the *address* of the krb5_principal, and the gss
libraries
-* to a shallow copy of the krb5_principal pointer - so we need to keep
-* the krb5_principal around until we do the gss_release_name. MIT
*SUCKS* !
-* Just one more way in which MIT engineers screwed me over JRA.
-*/
- input_name.value = principal;
- input_name.length = sizeof(principal);
-
- gss_rc = gss_import_name(minor_status, input_name, nt_principal,
serv_name);
- if (gss_rc) {
- krb5_free_principal(ctx, principal);
- krb5_free_context(ctx);
- return ADS_ERROR_GSS(gss_rc, minor_status);
- }
-
input_token.value = NULL;
input_token.length = 0;
@@ -633,17 +588,136 @@
}
failed:
- gss_release_name(minor_status, serv_name);
if (context_handle != GSS_C_NO_CONTEXT)
gss_delete_sec_context(minor_status, context_handle,
GSS_C_NO_BUFFER);
- krb5_free_principal(ctx, principal);
- krb5_free_context(ctx);
return status;
}
#endif
#ifdef HAVE_KRB5
+struct ads_service_principal {
+krb5_context ctx;
+char *string;
+krb5_principal principal;
+#ifdef HAVE_GSSAPI
+gss_name_t name;
+#endif
+};
+
+static void ads_free_service_principal(struct ads_service_principal *p)
+{
+ SAFE_FREE(p-string);
+
+#ifdef HAVE_GSSAPI
+ if (p-name) {
+ uint32 minor_status;
+ gss_release_name(minor_status, p-name);
+ }
+#endif
+ if (p-principal) {
+ krb5_free_principal(p-ctx, p-principal);
+ }
+
+ if (p-ctx) {
+ krb5_free_context(p-ctx);
+ }
+
+ ZERO_STRUCTP(p);
+}
+
+static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
+const char *given_principal,
+struct ads_service_principal
*p)
+{
+ ADS_STATUS status;
+ krb5_enctype enc_types[] = {
+#ifdef ENCTYPE_ARCFOUR_HMAC
+ ENCTYPE_ARCFOUR_HMAC,
+#endif
+ ENCTYPE_DES_CBC_MD5,
+ ENCTYPE_NULL};
+#ifdef HAVE_GSSAPI
+ gss_buffer_desc input_name;
+ gss_OID_desc nt_principal =
+ {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)};
+ uint32 minor_status;
+ int gss_rc;
+#endif
+
+ ZERO_STRUCTP(p);
+
+ /* I've seen a child Windows
svn commit: samba r24094 - in branches/SAMBA_3_2_0/source/libads: .
Author: metze
Date: 2007-07-31 09:33:27 + (Tue, 31 Jul 2007)
New Revision: 24094
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24094
Log:
merge from SAMBA_3_2:
move gssapi/krb5 principal handling into a function
metze
Modified:
branches/SAMBA_3_2_0/source/libads/sasl.c
Changeset:
Modified: branches/SAMBA_3_2_0/source/libads/sasl.c
===
--- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:31:47 UTC (rev
24093)
+++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:33:27 UTC (rev
24094)
@@ -360,7 +360,7 @@
/*
perform a LDAP/SASL/SPNEGO/GSSKRB5 bind
*/
-static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const char
*sname)
+static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const
gss_name_t serv_name)
{
ADS_STATUS status;
BOOL ok;
@@ -371,7 +371,6 @@
gss_OID mech_type = krb5_mech_type;
gss_OID actual_mech_type = GSS_C_NULL_OID;
const char *spnego_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5,
OID_NTLMSSP, NULL};
- gss_name_t serv_name;
gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT;
gss_buffer_desc input_token, output_token;
uint32 req_flags, ret_flags;
@@ -379,51 +378,7 @@
DATA_BLOB unwrapped;
DATA_BLOB wrapped;
struct berval cred, *scred = NULL;
- krb5_principal principal = NULL;
- gss_buffer_desc input_name;
- krb5_context ctx = NULL;
- krb5_enctype enc_types[] = {
-#ifdef ENCTYPE_ARCFOUR_HMAC
- ENCTYPE_ARCFOUR_HMAC,
-#endif
- ENCTYPE_DES_CBC_MD5,
- ENCTYPE_NULL};
- gss_OID_desc nt_principal =
- {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)};
- initialize_krb5_error_table();
- status = ADS_ERROR_KRB5(krb5_init_context(ctx));
- if (!ADS_ERR_OK(status)) {
- return status;
- }
- status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types));
- if (!ADS_ERR_OK(status)) {
- krb5_free_context(ctx);
- return status;
- }
- status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, principal));
- if (!ADS_ERR_OK(status)) {
- krb5_free_context(ctx);
- return status;
- }
-
- /*
-* The MIT libraries have a *HORRIBLE* bug - input_value.value needs
-* to point to the *address* of the krb5_principal, and the gss
libraries
-* to a shallow copy of the krb5_principal pointer - so we need to keep
-* the krb5_principal around until we do the gss_release_name. MIT
*SUCKS* !
-* Just one more way in which MIT engineers screwed me over JRA.
-*/
- input_name.value = principal;
- input_name.length = sizeof(principal);
-
- gss_rc = gss_import_name(minor_status, input_name, nt_principal,
serv_name);
- if (gss_rc) {
- krb5_free_principal(ctx, principal);
- krb5_free_context(ctx);
- return ADS_ERROR_GSS(gss_rc, minor_status);
- }
-
input_token.value = NULL;
input_token.length = 0;
@@ -633,17 +588,136 @@
}
failed:
- gss_release_name(minor_status, serv_name);
if (context_handle != GSS_C_NO_CONTEXT)
gss_delete_sec_context(minor_status, context_handle,
GSS_C_NO_BUFFER);
- krb5_free_principal(ctx, principal);
- krb5_free_context(ctx);
return status;
}
#endif
#ifdef HAVE_KRB5
+struct ads_service_principal {
+krb5_context ctx;
+char *string;
+krb5_principal principal;
+#ifdef HAVE_GSSAPI
+gss_name_t name;
+#endif
+};
+
+static void ads_free_service_principal(struct ads_service_principal *p)
+{
+ SAFE_FREE(p-string);
+
+#ifdef HAVE_GSSAPI
+ if (p-name) {
+ uint32 minor_status;
+ gss_release_name(minor_status, p-name);
+ }
+#endif
+ if (p-principal) {
+ krb5_free_principal(p-ctx, p-principal);
+ }
+
+ if (p-ctx) {
+ krb5_free_context(p-ctx);
+ }
+
+ ZERO_STRUCTP(p);
+}
+
+static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
+const char *given_principal,
+struct ads_service_principal
*p)
+{
+ ADS_STATUS status;
+ krb5_enctype enc_types[] = {
+#ifdef ENCTYPE_ARCFOUR_HMAC
+ ENCTYPE_ARCFOUR_HMAC,
+#endif
+ ENCTYPE_DES_CBC_MD5,
+ ENCTYPE_NULL};
+#ifdef HAVE_GSSAPI
+ gss_buffer_desc input_name;
+ gss_OID_desc nt_principal =
+ {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)};
+ uint32 minor_status;
+ int gss_rc;
+#endif
+
+ ZERO_STRUCTP(p);
+
+ /*
svn commit: samba r24095 - in branches/SAMBA_3_2/source/libads: .
Author: metze
Date: 2007-07-31 09:37:25 + (Tue, 31 Jul 2007)
New Revision: 24095
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24095
Log:
add one more fallback alternative to
construct the principal
metze
Modified:
branches/SAMBA_3_2/source/libads/sasl.c
Changeset:
Modified: branches/SAMBA_3_2/source/libads/sasl.c
===
--- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:33:27 UTC (rev
24094)
+++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:37:25 UTC (rev
24095)
@@ -676,6 +676,26 @@
if (!p-string) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
+ } else if (ads-config.realm ads-config.ldap_server_name) {
+ char *server, *server_realm;
+
+ server = SMB_STRDUP(ads-config.ldap_server_name);
+ server_realm = SMB_STRDUP(ads-config.realm);
+
+ if (!server || !server_realm) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ strlower_m(server);
+ strupper_m(server_realm);
+ asprintf(p-string, ldap/[EMAIL PROTECTED], server,
server_realm);
+
+ SAFE_FREE(server);
+ SAFE_FREE(server_realm);
+
+ if (!p-string) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
}
initialize_krb5_error_table();
svn commit: samba r24096 - in branches/SAMBA_3_2_0/source/libads: .
Author: metze
Date: 2007-07-31 09:38:15 + (Tue, 31 Jul 2007)
New Revision: 24096
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24096
Log:
merge from SAMBA_3_2:
add one more fallback alternative to
construct the principal
metze
Modified:
branches/SAMBA_3_2_0/source/libads/sasl.c
Changeset:
Modified: branches/SAMBA_3_2_0/source/libads/sasl.c
===
--- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:37:25 UTC (rev
24095)
+++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:38:15 UTC (rev
24096)
@@ -676,6 +676,26 @@
if (!p-string) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
+ } else if (ads-config.realm ads-config.ldap_server_name) {
+ char *server, *server_realm;
+
+ server = SMB_STRDUP(ads-config.ldap_server_name);
+ server_realm = SMB_STRDUP(ads-config.realm);
+
+ if (!server || !server_realm) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ strlower_m(server);
+ strupper_m(server_realm);
+ asprintf(p-string, ldap/[EMAIL PROTECTED], server,
server_realm);
+
+ SAFE_FREE(server);
+ SAFE_FREE(server_realm);
+
+ if (!p-string) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
}
initialize_krb5_error_table();
svn commit: samba r24097 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec
Date: 2007-07-31 09:41:21 + (Tue, 31 Jul 2007)
New Revision: 24097
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24097
Log:
Convert reply_ntcreate_and_X_quota to the new API
Modified:
branches/SAMBA_3_2/source/smbd/nttrans.c
Changeset:
Modified: branches/SAMBA_3_2/source/smbd/nttrans.c
===
--- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 09:38:15 UTC (rev
24096)
+++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 09:41:21 UTC (rev
24097)
@@ -492,17 +492,13 @@
Reply to an NT create and X call for a quota file.
/
-int reply_ntcreate_and_X_quota(connection_struct *conn,
- char *inbuf,
- char *outbuf,
- int length,
- int bufsize,
- enum FAKE_FILE_TYPE fake_file_type,
- const char *fname)
+static void reply_ntcreate_and_X_quota(connection_struct *conn,
+ struct smb_request *req,
+ enum FAKE_FILE_TYPE fake_file_type,
+ const char *fname)
{
- int result;
char *p;
- uint32 desired_access = IVAL(inbuf,smb_ntcreate_DesiredAccess);
+ uint32 desired_access = IVAL(req-inbuf,smb_ntcreate_DesiredAccess);
files_struct *fsp;
NTSTATUS status;
@@ -510,12 +506,13 @@
fsp);
if (!NT_STATUS_IS_OK(status)) {
- return ERROR_NT(status);
+ reply_nterror(req, status);
+ return;
}
- set_message(inbuf,outbuf,34,0,True);
+ reply_outbuf(req, 34, 0);
- p = outbuf + smb_vwv2;
+ p = (char *)req-outbuf + smb_vwv2;
/* SCVAL(p,0,NO_OPLOCK_RETURN); */
p++;
@@ -523,8 +520,7 @@
DEBUG(5,(reply_ntcreate_and_X_quota: fnum = %d, open name = %s\n,
fsp-fnum, fsp-fsp_name));
- result = chain_reply(inbuf,outbuf,length,bufsize);
- return result;
+ chain_reply_new(req);
}
/
@@ -708,10 +704,6 @@
if( is_ntfs_stream_name(fname)) {
enum FAKE_FILE_TYPE fake_file_type =
is_fake_file(fname);
if (fake_file_type!=FAKE_FILE_TYPE_NONE) {
-
- char *inbuf, *outbuf;
- int length, bufsize;
-
/*
* Here we go! support for changing the disk
quotas --metze
*
@@ -721,22 +713,13 @@
* w2k close this file directly after openening
* xp also tries a QUERY_FILE_INFO on the file
and then close it
*/
- if (!reply_prep_legacy(req, inbuf, outbuf,
- length, bufsize)) {
- reply_nterror(req, NT_STATUS_NO_MEMORY);
- return;
- }
- reply_post_legacy(req,
reply_ntcreate_and_X_quota(
- conn, inbuf, outbuf,
- length, bufsize,
- fake_file_type,
fname));
- END_PROFILE(SMBntcreateX);
- return;
+ reply_ntcreate_and_X_quota(conn, req,
+ fake_file_type,
fname);
} else {
reply_nterror(req,
NT_STATUS_OBJECT_PATH_NOT_FOUND);
- END_PROFILE(SMBntcreateX);
- return;
}
+ END_PROFILE(SMBntcreateX);
+ return;
}
}
svn commit: samba r24098 - in branches/SAMBA_3_2/source/libads: .
Author: metze
Date: 2007-07-31 09:49:14 + (Tue, 31 Jul 2007)
New Revision: 24098
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24098
Log:
- make use of the ads_service_principal abstraction
also for the GSSAPI sasl mech.
- also use the ads_kinit_password() fallback logic
from the GSS-SPNEGO sasl mech.
metze
Modified:
branches/SAMBA_3_2/source/libads/sasl.c
Changeset:
Modified: branches/SAMBA_3_2/source/libads/sasl.c
===
--- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:41:21 UTC (rev
24097)
+++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 09:49:14 UTC (rev
24098)
@@ -905,11 +905,9 @@
this routine is much less fragile
see RFC2078 and RFC for details
*/
-static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
+static ADS_STATUS ads_sasl_gssapi_do_bind(ADS_STRUCT *ads, const gss_name_t
serv_name)
{
uint32 minor_status;
- gss_name_t serv_name;
- gss_buffer_desc input_name;
gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT;
gss_OID mech_type = GSS_C_NULL_OID;
gss_buffer_desc output_token, input_token;
@@ -921,63 +919,8 @@
int gss_rc, rc;
uint8 *p;
uint32 max_msg_size = 0;
- char *sname = NULL;
ADS_STATUS status;
- krb5_principal principal = NULL;
- krb5_context ctx = NULL;
- krb5_enctype enc_types[] = {
-#ifdef ENCTYPE_ARCFOUR_HMAC
- ENCTYPE_ARCFOUR_HMAC,
-#endif
- ENCTYPE_DES_CBC_MD5,
- ENCTYPE_NULL};
- gss_OID_desc nt_principal =
- {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)};
- /* we need to fetch a service ticket as the ldap user in the
- servers realm, regardless of our realm */
- asprintf(sname, ldap/[EMAIL PROTECTED],
ads-config.ldap_server_name, ads-config.realm);
-
- initialize_krb5_error_table();
- status = ADS_ERROR_KRB5(krb5_init_context(ctx));
- if (!ADS_ERR_OK(status)) {
- SAFE_FREE(sname);
- return status;
- }
- status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types));
- if (!ADS_ERR_OK(status)) {
- SAFE_FREE(sname);
- krb5_free_context(ctx);
- return status;
- }
- status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, principal));
- if (!ADS_ERR_OK(status)) {
- SAFE_FREE(sname);
- krb5_free_context(ctx);
- return status;
- }
-
- input_name.value = principal;
- input_name.length = sizeof(principal);
-
- gss_rc = gss_import_name(minor_status, input_name, nt_principal,
serv_name);
-
- /*
-* The MIT libraries have a *HORRIBLE* bug - input_value.value needs
-* to point to the *address* of the krb5_principal, and the gss
libraries
-* to a shallow copy of the krb5_principal pointer - so we need to keep
-* the krb5_principal around until we do the gss_release_name. MIT
*SUCKS* !
-* Just one more way in which MIT engineers screwed me over JRA.
-*/
-
- SAFE_FREE(sname);
-
- if (gss_rc) {
- krb5_free_principal(ctx, principal);
- krb5_free_context(ctx);
- return ADS_ERROR_GSS(gss_rc, minor_status);
- }
-
input_token.value = NULL;
input_token.length = 0;
@@ -1122,16 +1065,44 @@
}
failed:
- gss_release_name(minor_status, serv_name);
if (context_handle != GSS_C_NO_CONTEXT)
gss_delete_sec_context(minor_status, context_handle,
GSS_C_NO_BUFFER);
- krb5_free_principal(ctx, principal);
- krb5_free_context(ctx);
if(scred)
ber_bvfree(scred);
return status;
}
+
+static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
+{
+ ADS_STATUS status;
+ struct ads_service_principal p;
+
+ status = ads_generate_service_principal(ads, NULL, p);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ status = ads_sasl_gssapi_do_bind(ads, p.name);
+ if (ADS_ERR_OK(status)) {
+ ads_free_service_principal(p);
+ return status;
+ }
+
+ DEBUG(10,(ads_sasl_gssapi_do_bind failed with: %s,
+ calling kinit\n, ads_errstr(status)));
+
+ status = ADS_ERROR_KRB5(ads_kinit_password(ads));
+
+ if (ADS_ERR_OK(status)) {
+ status = ads_sasl_gssapi_do_bind(ads, p.name);
+ }
+
+ ads_free_service_principal(p);
+
+ return status;
+}
+
#endif /* HAVE_GGSAPI */
/* mapping between SASL mechanisms and functions */
svn commit: samba r24100 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec
Date: 2007-07-31 10:04:54 + (Tue, 31 Jul 2007)
New Revision: 24100
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24100
Log:
Convert reply_ntcancel to the new API
Modified:
branches/SAMBA_3_2/source/smbd/nttrans.c
branches/SAMBA_3_2/source/smbd/process.c
Changeset:
Modified: branches/SAMBA_3_2/source/smbd/nttrans.c
===
--- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 09:50:05 UTC (rev
24099)
+++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 10:04:54 UTC (rev
24100)
@@ -1786,23 +1786,21 @@
conn POINTER CAN BE NULL HERE !
/
-int reply_ntcancel(connection_struct *conn,
- char *inbuf,char *outbuf,int length,int bufsize)
+void reply_ntcancel(connection_struct *conn, struct smb_request *req)
{
/*
* Go through and cancel any pending change notifies.
*/
- int mid = SVAL(inbuf,smb_mid);
START_PROFILE(SMBntcancel);
- remove_pending_change_notify_requests_by_mid(mid);
- remove_pending_lock_requests_by_mid(mid);
- srv_cancel_sign_response(mid);
+ remove_pending_change_notify_requests_by_mid(req-mid);
+ remove_pending_lock_requests_by_mid(req-mid);
+ srv_cancel_sign_response(req-mid);
- DEBUG(3,(reply_ntcancel: cancel called on mid = %d.\n, mid));
+ DEBUG(3,(reply_ntcancel: cancel called on mid = %d.\n, req-mid));
END_PROFILE(SMBntcancel);
- return(-1);
+ return;
}
/
Modified: branches/SAMBA_3_2/source/smbd/process.c
===
--- branches/SAMBA_3_2/source/smbd/process.c2007-07-31 09:50:05 UTC (rev
24099)
+++ branches/SAMBA_3_2/source/smbd/process.c2007-07-31 10:04:54 UTC (rev
24100)
@@ -852,7 +852,7 @@
/* 0xa1 */ { SMBnttranss, reply_nttranss,NULL, AS_USER | CAN_IPC },
/* 0xa2 */ { SMBntcreateX, NULL,reply_ntcreate_and_X, AS_USER | CAN_IPC },
/* 0xa3 */ { NULL, NULL, NULL, 0 },
-/* 0xa4 */ { SMBntcancel, reply_ntcancel,NULL, 0 },
+/* 0xa4 */ { SMBntcancel, NULL,reply_ntcancel, 0 },
/* 0xa5 */ { SMBntrename, reply_ntrename,NULL, AS_USER | NEED_WRITE },
/* 0xa6 */ { NULL, NULL, NULL, 0 },
/* 0xa7 */ { NULL, NULL, NULL, 0 },
svn commit: samba r24099 - in branches/SAMBA_3_2_0/source/libads: .
Author: metze
Date: 2007-07-31 09:50:05 + (Tue, 31 Jul 2007)
New Revision: 24099
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24099
Log:
merge from SAMBA_3_2:
- make use of the ads_service_principal abstraction
also for the GSSAPI sasl mech.
- also use the ads_kinit_password() fallback logic
from the GSS-SPNEGO sasl mech.
metze
Modified:
branches/SAMBA_3_2_0/source/libads/sasl.c
Changeset:
Modified: branches/SAMBA_3_2_0/source/libads/sasl.c
===
--- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:49:14 UTC (rev
24098)
+++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 09:50:05 UTC (rev
24099)
@@ -905,11 +905,9 @@
this routine is much less fragile
see RFC2078 and RFC for details
*/
-static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
+static ADS_STATUS ads_sasl_gssapi_do_bind(ADS_STRUCT *ads, const gss_name_t
serv_name)
{
uint32 minor_status;
- gss_name_t serv_name;
- gss_buffer_desc input_name;
gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT;
gss_OID mech_type = GSS_C_NULL_OID;
gss_buffer_desc output_token, input_token;
@@ -921,63 +919,8 @@
int gss_rc, rc;
uint8 *p;
uint32 max_msg_size = 0;
- char *sname = NULL;
ADS_STATUS status;
- krb5_principal principal = NULL;
- krb5_context ctx = NULL;
- krb5_enctype enc_types[] = {
-#ifdef ENCTYPE_ARCFOUR_HMAC
- ENCTYPE_ARCFOUR_HMAC,
-#endif
- ENCTYPE_DES_CBC_MD5,
- ENCTYPE_NULL};
- gss_OID_desc nt_principal =
- {10, CONST_DISCARD(char *, \052\206\110\206\367\022\001\002\002\002)};
- /* we need to fetch a service ticket as the ldap user in the
- servers realm, regardless of our realm */
- asprintf(sname, ldap/[EMAIL PROTECTED],
ads-config.ldap_server_name, ads-config.realm);
-
- initialize_krb5_error_table();
- status = ADS_ERROR_KRB5(krb5_init_context(ctx));
- if (!ADS_ERR_OK(status)) {
- SAFE_FREE(sname);
- return status;
- }
- status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types));
- if (!ADS_ERR_OK(status)) {
- SAFE_FREE(sname);
- krb5_free_context(ctx);
- return status;
- }
- status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, principal));
- if (!ADS_ERR_OK(status)) {
- SAFE_FREE(sname);
- krb5_free_context(ctx);
- return status;
- }
-
- input_name.value = principal;
- input_name.length = sizeof(principal);
-
- gss_rc = gss_import_name(minor_status, input_name, nt_principal,
serv_name);
-
- /*
-* The MIT libraries have a *HORRIBLE* bug - input_value.value needs
-* to point to the *address* of the krb5_principal, and the gss
libraries
-* to a shallow copy of the krb5_principal pointer - so we need to keep
-* the krb5_principal around until we do the gss_release_name. MIT
*SUCKS* !
-* Just one more way in which MIT engineers screwed me over JRA.
-*/
-
- SAFE_FREE(sname);
-
- if (gss_rc) {
- krb5_free_principal(ctx, principal);
- krb5_free_context(ctx);
- return ADS_ERROR_GSS(gss_rc, minor_status);
- }
-
input_token.value = NULL;
input_token.length = 0;
@@ -1122,16 +1065,44 @@
}
failed:
- gss_release_name(minor_status, serv_name);
if (context_handle != GSS_C_NO_CONTEXT)
gss_delete_sec_context(minor_status, context_handle,
GSS_C_NO_BUFFER);
- krb5_free_principal(ctx, principal);
- krb5_free_context(ctx);
if(scred)
ber_bvfree(scred);
return status;
}
+
+static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
+{
+ ADS_STATUS status;
+ struct ads_service_principal p;
+
+ status = ads_generate_service_principal(ads, NULL, p);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ status = ads_sasl_gssapi_do_bind(ads, p.name);
+ if (ADS_ERR_OK(status)) {
+ ads_free_service_principal(p);
+ return status;
+ }
+
+ DEBUG(10,(ads_sasl_gssapi_do_bind failed with: %s,
+ calling kinit\n, ads_errstr(status)));
+
+ status = ADS_ERROR_KRB5(ads_kinit_password(ads));
+
+ if (ADS_ERR_OK(status)) {
+ status = ads_sasl_gssapi_do_bind(ads, p.name);
+ }
+
+ ads_free_service_principal(p);
+
+ return status;
+}
+
#endif /* HAVE_GGSAPI */
/* mapping between SASL mechanisms and functions */
svn commit: samba r24101 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec
Date: 2007-07-31 11:26:24 + (Tue, 31 Jul 2007)
New Revision: 24101
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24101
Log:
Move prohibited_ea_names[] into samba_private_attr_name()
Minor cleanup
Modified:
branches/SAMBA_3_2/source/smbd/trans2.c
Changeset:
Modified: branches/SAMBA_3_2/source/smbd/trans2.c
===
--- branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-31 10:04:54 UTC (rev
24100)
+++ branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-31 11:26:24 UTC (rev
24101)
@@ -90,18 +90,18 @@
Utility functions for dealing with extended attributes.
/
-static const char *prohibited_ea_names[] = {
- SAMBA_POSIX_INHERITANCE_EA_NAME,
- SAMBA_XATTR_DOS_ATTRIB,
- NULL
-};
-
/
Refuse to allow clients to overwrite our private xattrs.
/
static BOOL samba_private_attr_name(const char *unix_ea_name)
{
+ static const char *prohibited_ea_names[] = {
+ SAMBA_POSIX_INHERITANCE_EA_NAME,
+ SAMBA_XATTR_DOS_ATTRIB,
+ NULL
+ };
+
int i;
for (i = 0; prohibited_ea_names[i]; i++) {
svn commit: samba r24102 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec
Date: 2007-07-31 12:05:40 + (Tue, 31 Jul 2007)
New Revision: 24102
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24102
Log:
Pass the fid instead of inbuf and an offset to file_fsp.
This removes the buf==NULL condition in file_fsp(), but wherever it is called
we do have a buffer anyway.
Volker
Modified:
branches/SAMBA_3_2/source/smbd/files.c
branches/SAMBA_3_2/source/smbd/nttrans.c
branches/SAMBA_3_2/source/smbd/reply.c
branches/SAMBA_3_2/source/smbd/trans2.c
Changeset:
Modified: branches/SAMBA_3_2/source/smbd/files.c
===
--- branches/SAMBA_3_2/source/smbd/files.c 2007-07-31 11:26:24 UTC (rev
24101)
+++ branches/SAMBA_3_2/source/smbd/files.c 2007-07-31 12:05:40 UTC (rev
24102)
@@ -487,7 +487,7 @@
Get an fsp from a packet given the offset of a 16 bit fnum.
/
-files_struct *file_fsp(const char *buf, int where)
+files_struct *file_fsp(uint16 fid)
{
files_struct *fsp;
@@ -495,11 +495,7 @@
return chain_fsp;
}
- if (!buf) {
- return NULL;
- }
-
- fsp = file_fnum(SVAL(buf, where));
+ fsp = file_fnum(fid);
if (fsp) {
chain_fsp = fsp;
}
Modified: branches/SAMBA_3_2/source/smbd/nttrans.c
===
--- branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 11:26:24 UTC (rev
24101)
+++ branches/SAMBA_3_2/source/smbd/nttrans.c2007-07-31 12:05:40 UTC (rev
24102)
@@ -619,7 +619,7 @@
*/
pstring rel_fname;
files_struct *dir_fsp = file_fsp(
- (char *)req-inbuf, smb_ntcreate_RootDirectoryFid);
+ SVAL(req-inbuf, smb_ntcreate_RootDirectoryFid));
size_t dir_name_len;
if(!dir_fsp) {
@@ -1377,7 +1377,7 @@
/*
* This filename is relative to a directory fid.
*/
- files_struct *dir_fsp = file_fsp(params,4);
+ files_struct *dir_fsp = file_fsp(SVAL(params,4));
size_t dir_name_len;
if(!dir_fsp) {
@@ -2078,7 +2078,7 @@
return ERROR_DOS(ERRDOS,ERRbadfunc);
}
- fsp = file_fsp((char *)setup,4);
+ fsp = file_fsp(SVAL(setup,4));
filter = IVAL(setup, 0);
recursive = (SVAL(setup, 6) != 0) ? True : False;
@@ -2173,7 +2173,7 @@
return ERROR_DOS(ERRDOS,ERRbadfunc);
}
- fsp = file_fsp(params, 0);
+ fsp = file_fsp(SVAL(params, 0));
replace_if_exists = (SVAL(params,2) RENAME_REPLACE_IF_EXISTS) ? True
: False;
CHECK_FSP(fsp, conn);
srvstr_get_path_wcard(inbuf, SVAL(inbuf,smb_flg2), new_name, params+4,
@@ -2244,7 +2244,7 @@
return ERROR_DOS(ERRDOS,ERRbadfunc);
}
- fsp = file_fsp(params,0);
+ fsp = file_fsp(SVAL(params,0));
if(!fsp) {
return ERROR_DOS(ERRDOS,ERRbadfid);
}
@@ -2358,7 +2358,7 @@
return ERROR_DOS(ERRDOS,ERRbadfunc);
}
- if((fsp = file_fsp(params,0)) == NULL) {
+ if((fsp = file_fsp(SVAL(params,0))) == NULL) {
return ERROR_DOS(ERRDOS,ERRbadfid);
}
@@ -2415,7 +2415,7 @@
DEBUG(10,(call_nt_transact_ioctl: function[0x%08X] FID[0x%04X]
isFSctl[0x%02X] compfilter[0x%02X]\n,
function, fidnum, isFSctl, compfilter));
- fsp=file_fsp((char *)*ppsetup, 4);
+ fsp=file_fsp(SVAL(ppsetup, 4));
/* this check is done in each implemented function case for now
because I don't want to break anything... --metze
FSP_BELONGS_CONN(fsp,conn);*/
@@ -2693,7 +2693,7 @@
}
/* maybe we can check the quota_fnum */
- fsp = file_fsp(params,0);
+ fsp = file_fsp(SVAL(params,0));
if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) {
DEBUG(3,(TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n));
return ERROR_NT(NT_STATUS_INVALID_HANDLE);
@@ -2941,7 +2941,7 @@
}
/* maybe we can check the quota_fnum */
- fsp = file_fsp(params,0);
+ fsp = file_fsp(SVAL(params,0));
if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) {
DEBUG(3,(TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n));
return ERROR_NT(NT_STATUS_INVALID_HANDLE);
Modified: branches/SAMBA_3_2/source/smbd/reply.c
===
--- branches/SAMBA_3_2/source/smbd/reply.c 2007-07-31 11:26:24 UTC (rev
24101)
+++ branches/SAMBA_3_2/source/smbd/reply.c 2007-07-31 12:05:40 UTC (rev
24102)
@@ -709,7 +709,7 @@
switch (ioctl_code) {
case IOCTL_QUERY_JOB_INFO:
svn commit: samba r24103 - in branches/SAMBA_3_2/source/libads: .
Author: metze
Date: 2007-07-31 12:27:25 + (Tue, 31 Jul 2007)
New Revision: 24103
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24103
Log:
add some useful debug messages, as not all LDAP
libraries support wrapping hooks...
metze
Modified:
branches/SAMBA_3_2/source/libads/sasl.c
Changeset:
Modified: branches/SAMBA_3_2/source/libads/sasl.c
===
--- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 12:05:40 UTC (rev
24102)
+++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 12:27:25 UTC (rev
24103)
@@ -251,7 +251,13 @@
ads-ldap.out.sig_size = NTLMSSP_SIG_SIZE;
ads-ldap.in.min = 4;
ads-ldap.in.max = 0x0FFF;
- ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops,
ntlmssp_state);
+ status = ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops,
ntlmssp_state);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n,
+ ads_errstr(status)));
+ ntlmssp_end(ntlmssp_state);
+ return status;
+ }
} else {
ntlmssp_end(ntlmssp_state);
}
@@ -582,7 +588,12 @@
ads-ldap.out.sig_size = max_msg_size - ads-ldap.out.max;
ads-ldap.in.min = 4;
ads-ldap.in.max = max_msg_size;
- ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops,
context_handle);
+ status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops,
context_handle);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n,
+ ads_errstr(status)));
+ goto failed;
+ }
/* make sure we don't free context_handle */
context_handle = GSS_C_NO_CONTEXT;
}
@@ -1059,7 +1070,12 @@
ads-ldap.out.sig_size = max_msg_size - ads-ldap.out.max;
ads-ldap.in.min = 4;
ads-ldap.in.max = max_msg_size;
- ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops,
context_handle);
+ status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops,
context_handle);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n,
+ ads_errstr(status)));
+ goto failed;
+ }
/* make sure we don't free context_handle */
context_handle = GSS_C_NO_CONTEXT;
}
svn commit: samba r24104 - in branches/SAMBA_3_2/source/libads: .
Author: metze
Date: 2007-07-31 12:30:37 + (Tue, 31 Jul 2007)
New Revision: 24104
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24104
Log:
fix the build, sorry...
metze
Modified:
branches/SAMBA_3_2/source/libads/sasl.c
Changeset:
Modified: branches/SAMBA_3_2/source/libads/sasl.c
===
--- branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 12:27:25 UTC (rev
24103)
+++ branches/SAMBA_3_2/source/libads/sasl.c 2007-07-31 12:30:37 UTC (rev
24104)
@@ -126,6 +126,7 @@
struct berval cred, *scred = NULL;
int rc;
NTSTATUS nt_status;
+ ADS_STATUS status;
int turn = 1;
uint32 features = 0;
@@ -253,7 +254,7 @@
ads-ldap.in.max = 0x0FFF;
status = ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops,
ntlmssp_state);
if (!ADS_ERR_OK(status)) {
- DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n,
+ DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n,
ads_errstr(status)));
ntlmssp_end(ntlmssp_state);
return status;
@@ -590,7 +591,7 @@
ads-ldap.in.max = max_msg_size;
status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops,
context_handle);
if (!ADS_ERR_OK(status)) {
- DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n,
+ DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n,
ads_errstr(status)));
goto failed;
}
@@ -1072,7 +1073,7 @@
ads-ldap.in.max = max_msg_size;
status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops,
context_handle);
if (!ADS_ERR_OK(status)) {
- DEBUG(0, ads_setup_sasl_wrapping() failed: %s\n,
+ DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n,
ads_errstr(status)));
goto failed;
}
svn commit: samba r24105 - in branches/SAMBA_3_2_0/source/libads: .
Author: metze
Date: 2007-07-31 12:32:01 + (Tue, 31 Jul 2007)
New Revision: 24105
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24105
Log:
merge from SAMBA_3_2:
add some useful debug messages, as not all LDAP
libraries support wrapping hooks...
metze
Modified:
branches/SAMBA_3_2_0/source/libads/sasl.c
Changeset:
Modified: branches/SAMBA_3_2_0/source/libads/sasl.c
===
--- branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 12:30:37 UTC (rev
24104)
+++ branches/SAMBA_3_2_0/source/libads/sasl.c 2007-07-31 12:32:01 UTC (rev
24105)
@@ -126,6 +126,7 @@
struct berval cred, *scred = NULL;
int rc;
NTSTATUS nt_status;
+ ADS_STATUS status;
int turn = 1;
uint32 features = 0;
@@ -251,7 +252,13 @@
ads-ldap.out.sig_size = NTLMSSP_SIG_SIZE;
ads-ldap.in.min = 4;
ads-ldap.in.max = 0x0FFF;
- ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops,
ntlmssp_state);
+ status = ads_setup_sasl_wrapping(ads, ads_sasl_ntlmssp_ops,
ntlmssp_state);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n,
+ ads_errstr(status)));
+ ntlmssp_end(ntlmssp_state);
+ return status;
+ }
} else {
ntlmssp_end(ntlmssp_state);
}
@@ -582,7 +589,12 @@
ads-ldap.out.sig_size = max_msg_size - ads-ldap.out.max;
ads-ldap.in.min = 4;
ads-ldap.in.max = max_msg_size;
- ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops,
context_handle);
+ status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops,
context_handle);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n,
+ ads_errstr(status)));
+ goto failed;
+ }
/* make sure we don't free context_handle */
context_handle = GSS_C_NO_CONTEXT;
}
@@ -1059,7 +1071,12 @@
ads-ldap.out.sig_size = max_msg_size - ads-ldap.out.max;
ads-ldap.in.min = 4;
ads-ldap.in.max = max_msg_size;
- ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops,
context_handle);
+ status = ads_setup_sasl_wrapping(ads, ads_sasl_gssapi_ops,
context_handle);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0, (ads_setup_sasl_wrapping() failed: %s\n,
+ ads_errstr(status)));
+ goto failed;
+ }
/* make sure we don't free context_handle */
context_handle = GSS_C_NO_CONTEXT;
}
svn commit: samba r24106 - in branches/SAMBA_3_2/source: rpc_server smbd
Author: vlendec
Date: 2007-07-31 13:14:07 + (Tue, 31 Jul 2007)
New Revision: 24106
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24106
Log:
Pass fnum instead of buf/offset into get_rpc_pipe_p
Modified:
branches/SAMBA_3_2/source/rpc_server/srv_pipe_hnd.c
branches/SAMBA_3_2/source/smbd/pipes.c
branches/SAMBA_3_2/source/smbd/trans2.c
Changeset:
Modified: branches/SAMBA_3_2/source/rpc_server/srv_pipe_hnd.c
===
--- branches/SAMBA_3_2/source/rpc_server/srv_pipe_hnd.c 2007-07-31 12:32:01 UTC
(rev 24105)
+++ branches/SAMBA_3_2/source/rpc_server/srv_pipe_hnd.c 2007-07-31 13:14:07 UTC
(rev 24106)
@@ -1246,10 +1246,8 @@
Find an rpc pipe given a pipe handle in a buffer and an offset.
/
-smb_np_struct *get_rpc_pipe_p(const char *buf, int where)
+smb_np_struct *get_rpc_pipe_p(uint16 pnum)
{
- int pnum = SVAL(buf,where);
-
if (chain_p) {
return chain_p;
}
Modified: branches/SAMBA_3_2/source/smbd/pipes.c
===
--- branches/SAMBA_3_2/source/smbd/pipes.c 2007-07-31 12:32:01 UTC (rev
24105)
+++ branches/SAMBA_3_2/source/smbd/pipes.c 2007-07-31 13:14:07 UTC (rev
24106)
@@ -140,7 +140,7 @@
int reply_pipe_write(char *inbuf,char *outbuf,int length,int dum_bufsize)
{
- smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv0);
+ smb_np_struct *p = get_rpc_pipe_p(SVAL(inbuf,smb_vwv0));
uint16 vuid = SVAL(inbuf,smb_uid);
size_t numtowrite = SVAL(inbuf,smb_vwv1);
int nwritten;
@@ -185,7 +185,7 @@
int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize)
{
- smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2);
+ smb_np_struct *p = get_rpc_pipe_p(SVAL(inbuf,smb_vwv2));
uint16 vuid = SVAL(inbuf,smb_uid);
size_t numtowrite = SVAL(inbuf,smb_vwv10);
int nwritten = -1;
@@ -247,7 +247,7 @@
int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize)
{
- smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2);
+ smb_np_struct *p = get_rpc_pipe_p(SVAL(inbuf,smb_vwv2));
int smb_maxcnt = SVAL(inbuf,smb_vwv5);
int smb_mincnt = SVAL(inbuf,smb_vwv6);
int nread = -1;
@@ -292,7 +292,7 @@
void reply_pipe_close(connection_struct *conn, struct smb_request *req)
{
- smb_np_struct *p = get_rpc_pipe_p((char *)req-inbuf,smb_vwv0);
+ smb_np_struct *p = get_rpc_pipe_p(SVAL(req-inbuf,smb_vwv0));
if (!p) {
reply_doserror(req, ERRDOS, ERRbadfid);
Modified: branches/SAMBA_3_2/source/smbd/trans2.c
===
--- branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-31 12:32:01 UTC (rev
24105)
+++ branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-31 13:14:07 UTC (rev
24106)
@@ -3244,7 +3244,7 @@
return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
- p_pipe = get_rpc_pipe_p(params,0);
+ p_pipe = get_rpc_pipe_p(SVAL(params,0));
if (p_pipe == NULL) {
return ERROR_NT(NT_STATUS_INVALID_HANDLE);
}
svn commit: samba r24107 - in branches: SAMBA_3_0_25/source/utils SAMBA_3_2/source/utils SAMBA_3_2_0/source/utils
Author: vlendec
Date: 2007-07-31 19:15:27 + (Tue, 31 Jul 2007)
New Revision: 24107
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24107
Log:
Fix bug 4849. Thanks to Matthijs Kooijman [EMAIL PROTECTED]
Modified:
branches/SAMBA_3_0_25/source/utils/net_ads.c
branches/SAMBA_3_2/source/utils/net_ads.c
branches/SAMBA_3_2_0/source/utils/net_ads.c
Changeset:
Modified: branches/SAMBA_3_0_25/source/utils/net_ads.c
===
--- branches/SAMBA_3_0_25/source/utils/net_ads.c2007-07-31 13:14:07 UTC
(rev 24106)
+++ branches/SAMBA_3_0_25/source/utils/net_ads.c2007-07-31 19:15:27 UTC
(rev 24107)
@@ -1720,7 +1720,7 @@
#endif
if (argc 0) {
- d_fprintf(stderr, net ads dns register name ip\n);
+ d_fprintf(stderr, net ads dns register\n);
return -1;
}
Modified: branches/SAMBA_3_2/source/utils/net_ads.c
===
--- branches/SAMBA_3_2/source/utils/net_ads.c 2007-07-31 13:14:07 UTC (rev
24106)
+++ branches/SAMBA_3_2/source/utils/net_ads.c 2007-07-31 19:15:27 UTC (rev
24107)
@@ -1743,7 +1743,7 @@
#endif
if (argc 0) {
- d_fprintf(stderr, net ads dns register name ip\n);
+ d_fprintf(stderr, net ads dns register\n);
return -1;
}
Modified: branches/SAMBA_3_2_0/source/utils/net_ads.c
===
--- branches/SAMBA_3_2_0/source/utils/net_ads.c 2007-07-31 13:14:07 UTC (rev
24106)
+++ branches/SAMBA_3_2_0/source/utils/net_ads.c 2007-07-31 19:15:27 UTC (rev
24107)
@@ -1743,7 +1743,7 @@
#endif
if (argc 0) {
- d_fprintf(stderr, net ads dns register name ip\n);
+ d_fprintf(stderr, net ads dns register\n);
return -1;
}
svn commit: samba r24109 - in branches/SAMBA_4_0/source/winbind: .
Author: kai
Date: 2007-07-31 23:49:04 + (Tue, 31 Jul 2007)
New Revision: 24109
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24109
Log:
Add a wb_name2domain call
Added:
branches/SAMBA_4_0/source/winbind/wb_name2domain.c
Modified:
branches/SAMBA_4_0/source/winbind/config.mk
Changeset:
Modified: branches/SAMBA_4_0/source/winbind/config.mk
===
--- branches/SAMBA_4_0/source/winbind/config.mk 2007-07-31 23:43:59 UTC (rev
24108)
+++ branches/SAMBA_4_0/source/winbind/config.mk 2007-07-31 23:49:04 UTC (rev
24109)
@@ -15,6 +15,7 @@
wb_dom_info.o \
wb_dom_info_trusted.o \
wb_sid2domain.o \
+ wb_name2domain.o \
wb_connect_lsa.o \
wb_connect_sam.o \
wb_cmd_lookupname.o \
Added: branches/SAMBA_4_0/source/winbind/wb_name2domain.c
===
--- branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-07-31 23:43:59 UTC
(rev 24108)
+++ branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-07-31 23:49:04 UTC
(rev 24109)
@@ -0,0 +1,131 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Find and init a domain struct for a name
+
+ Copyright (C) Kai Blin 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see http://www.gnu.org/licenses/.
+*/
+
+#include includes.h
+#include libcli/composite/composite.h
+#include winbind/wb_server.h
+#include smbd/service_task.h
+#include winbind/wb_helper.h
+
+struct name2domain_state {
+ struct composite_context *ctx;
+ struct wbsrv_service *service;
+
+ struct wbsrv_domain *domain;
+};
+
+static void name2domain_recv_sid(struct composite_context *ctx);
+static void name2domain_recv_domain(struct composite_context *ctx);
+
+struct composite_context *wb_name2domain_send(TALLOC_CTX *mem_ctx,
+ struct wbsrv_service *service, const char* name)
+{
+ struct composite_context *result, *ctx;
+ struct name2domain_state *state;
+ char *user_dom, *user_name;
+
+ DEBUG(5, (wb_name2domain_send called\n));
+
+ result = composite_create(mem_ctx, service-task-event_ctx);
+ if (result == NULL) goto failed;
+
+ state = talloc(result, struct name2domain_state);
+ if (state == NULL) goto failed;
+ state-ctx = result;
+ result-private_data = state;
+ state-service = service;
+
+ if(!wb_samba3_split_username(state, name, user_dom, user_name))
+ goto failed;
+
+ ctx = wb_cmd_lookupname_send(state, service, user_dom, user_name);
+ if (ctx == NULL) goto failed;
+
+ ctx-async.fn = name2domain_recv_sid;
+ ctx-async.private_data = state;
+ return result;
+
+failed:
+ talloc_free(result);
+ return NULL;
+}
+
+static void name2domain_recv_sid(struct composite_context *ctx)
+{
+ struct name2domain_state *state =
+ talloc_get_type(ctx-async.private_data,
+ struct name2domain_state);
+ struct wb_sid_object *sid;
+
+ DEBUG(1, (name2domain_recv_sid called\n));
+
+ state-ctx-status = wb_cmd_lookupname_recv(ctx, state, sid);
+ if(!composite_is_ok(state-ctx)) return;
+
+ ctx = wb_sid2domain_send(state, state-service, sid-sid);
+
+ composite_continue(state-ctx, ctx, name2domain_recv_domain, state);
+}
+
+static void name2domain_recv_domain(struct composite_context *ctx)
+{
+ struct name2domain_state *state =
+ talloc_get_type(ctx-async.private_data,
+ struct name2domain_state);
+ struct wbsrv_domain *domain;
+
+ DEBUG(1, (name2domain_recv_domain called\n));
+
+ state-ctx-status = wb_sid2domain_recv(ctx, domain);
+ if(!composite_is_ok(state-ctx)) return;
+
+ state-domain = domain;
+
+ composite_done(state-ctx);
+}
+
+NTSTATUS wb_name2domain_recv(struct composite_context *ctx,
+ struct wbsrv_domain **result)
+{
+ NTSTATUS status = composite_wait(ctx);
+
+ DEBUG(1, (wb_name2domain_recv called\n));
+
+ if (NT_STATUS_IS_OK(status)) {
+ struct name2domain_state *state =
+ talloc_get_type(ctx-private_data,
+ struct name2domain_state);
+ *result =
svn commit: samba r24108 - in branches/SAMBA_4_0/source/winbind: .
Author: kai
Date: 2007-07-31 23:43:59 + (Tue, 31 Jul 2007)
New Revision: 24108
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24108
Log:
Split out samba3_parse_domuser to a seperate file and rename, so it can be
used for a name2domain call.
Added:
branches/SAMBA_4_0/source/winbind/wb_utils.c
Modified:
branches/SAMBA_4_0/source/winbind/config.mk
branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c
Changeset:
Modified: branches/SAMBA_4_0/source/winbind/config.mk
===
--- branches/SAMBA_4_0/source/winbind/config.mk 2007-07-31 19:15:27 UTC (rev
24107)
+++ branches/SAMBA_4_0/source/winbind/config.mk 2007-07-31 23:43:59 UTC (rev
24108)
@@ -41,7 +41,8 @@
[SUBSYSTEM::WB_HELPER]
PRIVATE_PROTO_HEADER = wb_helper.h
OBJ_FILES = \
- wb_async_helpers.o
+ wb_async_helpers.o \
+ wb_utils.o
PUBLIC_DEPENDENCIES = RPC_NDR_LSA dcerpc_samr
# End SUBSYSTEM WB_HELPER
Modified: branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c
===
--- branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c 2007-07-31 19:15:27 UTC
(rev 24107)
+++ branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c 2007-07-31 23:43:59 UTC
(rev 24108)
@@ -25,6 +25,7 @@
#include nsswitch/winbindd_nss.h
#include winbind/wb_server.h
#include winbind/wb_async_helpers.h
+#include winbind/wb_helper.h
#include libcli/composite/composite.h
#include version.h
#include librpc/gen_ndr/netlogon.h
@@ -529,27 +530,6 @@
wbsrv_samba3_async_auth_epilogue(status, s3call);
}
-/* Helper function: Split a domain\\user string into it's parts,
- * because the client supplies it as one string */
-
-static BOOL samba3_parse_domuser(TALLOC_CTX *mem_ctx, const char *domuser,
-char **domain, char **user)
-{
- char *p = strchr(domuser, *lp_winbind_separator());
-
- if (p == NULL) {
- *domain = talloc_strdup(mem_ctx, lp_workgroup());
- } else {
- *domain = talloc_strndup(mem_ctx, domuser,
-PTR_DIFF(p, domuser));
- domuser = p+1;
- }
-
- *user = talloc_strdup(mem_ctx, domuser);
-
- return ((*domain != NULL) (*user != NULL));
-}
-
/* Plaintext authentication
This interface is used by ntlm_auth in it's 'basic' authentication
@@ -566,7 +546,7 @@
s3call-wbconn-listen_socket-service;
char *user, *domain;
- if (!samba3_parse_domuser(s3call,
+ if (!wb_samba3_split_username(s3call,
s3call-request.data.auth.user,
domain, user)) {
return NT_STATUS_NO_SUCH_USER;
Added: branches/SAMBA_4_0/source/winbind/wb_utils.c
===
--- branches/SAMBA_4_0/source/winbind/wb_utils.c2007-07-31 19:15:27 UTC
(rev 24107)
+++ branches/SAMBA_4_0/source/winbind/wb_utils.c2007-07-31 23:43:59 UTC
(rev 24108)
@@ -0,0 +1,47 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Utility functions that are not related with async operations.
+
+ Copyright (C) Andrew Bartlett [EMAIL PROTECTED] 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see http://www.gnu.org/licenses/.
+*/
+
+#include includes.h
+
+
+/* Split a domain\\user string into it's parts, because the client supplies it
+ * as one string.
+ * TODO: We probably will need to handle other formats later. */
+
+BOOL wb_samba3_split_username(TALLOC_CTX *mem_ctx, const char *domuser,
+char **domain, char **user)
+{
+ char *p = strchr(domuser, *lp_winbind_separator());
+
+ if (p == NULL) {
+ *domain = talloc_strdup(mem_ctx, lp_workgroup());
+ } else {
+ *domain = talloc_strndup(mem_ctx, domuser,
+PTR_DIFF(p, domuser));
+ domuser = p+1;
+ }
+
+ *user = talloc_strdup(mem_ctx, domuser);
+
+ return ((*domain != NULL) (*user != NULL));
+}
+
+
Build status as of Wed Aug 1 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-07-31 00:01:34.0 + +++ /home/build/master/cache/broken_results.txt 2007-08-01 00:03:28.0 + @@ -1,4 +1,4 @@ -Build status as of Tue Jul 31 00:00:03 2007 +Build status as of Wed Aug 1 00:00:02 2007 Build counts: Tree Total Broken Panic @@ -7,7 +7,7 @@ ccache 32 8 0 ctdb 0 0 0 distcc 2 0 0 -ldb 30 4 0 +ldb 32 4 0 libreplace 31 10 0 lorikeet-heimdal 28 12 0 pidl 19 4 0 @@ -17,7 +17,7 @@ samba-docs 0 0 0 samba-gtk3 3 0 samba4 30 27 6 -samba_3_234 21 0 +samba_3_234 20 0 smb-build30 30 0 talloc 33 1 0 tdb 32 3 0
svn commit: samba r24110 - in branches/SAMBA_4_0/source/winbind: .
Author: abartlet Date: 2007-08-01 00:38:53 + (Wed, 01 Aug 2007) New Revision: 24110 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24110 Log: I hate seeing callers manually filling in the composite context. Use the helper functions instead (and in kai's new code, which just copied the previous bad practice). Andrew Bartlett Modified: branches/SAMBA_4_0/source/winbind/wb_name2domain.c branches/SAMBA_4_0/source/winbind/wb_sid2domain.c Changeset: Modified: branches/SAMBA_4_0/source/winbind/wb_name2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-07-31 23:49:04 UTC (rev 24109) +++ branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-08-01 00:38:53 UTC (rev 24110) @@ -59,8 +59,7 @@ ctx = wb_cmd_lookupname_send(state, service, user_dom, user_name); if (ctx == NULL) goto failed; - ctx-async.fn = name2domain_recv_sid; - ctx-async.private_data = state; + composite_continue(result, ctx, name2domain_recv_sid, ctx-async.private_data); return result; failed: Modified: branches/SAMBA_4_0/source/winbind/wb_sid2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_sid2domain.c 2007-07-31 23:49:04 UTC (rev 24109) +++ branches/SAMBA_4_0/source/winbind/wb_sid2domain.c 2007-08-01 00:38:53 UTC (rev 24110) @@ -94,8 +94,8 @@ ctx = wb_cmd_lookupsid_send(state, service, state-sid); if (ctx == NULL) goto failed; - ctx-async.fn = sid2domain_recv_name; - ctx-async.private_data = state; + composite_continue(result, ctx, sid2domain_recv_name, ctx-async.private_data); + return result; failed:
svn commit: samba r24111 - in branches/SAMBA_4_0/source/winbind: .
Author: abartlet Date: 2007-08-01 01:22:53 + (Wed, 01 Aug 2007) New Revision: 24111 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24111 Log: Untested code is broken code, untested code is broken code... Apologies for my previous commit, which should never have been commited untested. Andrew Bartlett Modified: branches/SAMBA_4_0/source/winbind/wb_name2domain.c branches/SAMBA_4_0/source/winbind/wb_sid2domain.c Changeset: Modified: branches/SAMBA_4_0/source/winbind/wb_name2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-08-01 00:38:53 UTC (rev 24110) +++ branches/SAMBA_4_0/source/winbind/wb_name2domain.c 2007-08-01 01:22:53 UTC (rev 24111) @@ -59,7 +59,7 @@ ctx = wb_cmd_lookupname_send(state, service, user_dom, user_name); if (ctx == NULL) goto failed; - composite_continue(result, ctx, name2domain_recv_sid, ctx-async.private_data); + composite_continue(result, ctx, name2domain_recv_sid, state); return result; failed: Modified: branches/SAMBA_4_0/source/winbind/wb_sid2domain.c === --- branches/SAMBA_4_0/source/winbind/wb_sid2domain.c 2007-08-01 00:38:53 UTC (rev 24110) +++ branches/SAMBA_4_0/source/winbind/wb_sid2domain.c 2007-08-01 01:22:53 UTC (rev 24111) @@ -94,7 +94,7 @@ ctx = wb_cmd_lookupsid_send(state, service, state-sid); if (ctx == NULL) goto failed; - composite_continue(result, ctx, sid2domain_recv_name, ctx-async.private_data); + composite_continue(result, ctx, sid2domain_recv_name, state); return result;
svn commit: samba r24112 - in branches/SAMBA_4_0/source/winbind: .
Author: abartlet Date: 2007-08-01 04:05:06 + (Wed, 01 Aug 2007) New Revision: 24112 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24112 Log: Complete initialistion of the libnet_ctx when setting up the domain. We need to set the access_mask and the domain name, or else libnet will try to do this itself. This seems to fix the issues Kai was having. Andrew Bartlett Modified: branches/SAMBA_4_0/source/winbind/wb_init_domain.c Changeset: Modified: branches/SAMBA_4_0/source/winbind/wb_init_domain.c === --- branches/SAMBA_4_0/source/winbind/wb_init_domain.c 2007-08-01 01:22:53 UTC (rev 24111) +++ branches/SAMBA_4_0/source/winbind/wb_init_domain.c 2007-08-01 04:05:06 UTC (rev 24112) @@ -284,6 +284,8 @@ talloc_steal(state-domain-libnet_ctx, state-domain-libnet_ctx-lsa.pipe); talloc_steal(state-domain-libnet_ctx-lsa.pipe, state-domain-lsa_binding); + state-domain-libnet_ctx-lsa.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + state-domain-libnet_ctx-lsa.name = state-domain-info-name; ZERO_STRUCT(state-domain-libnet_ctx-lsa.handle); state-lsa_openpolicy.in.system_name = @@ -392,6 +394,8 @@ if (!composite_is_ok(state-ctx)) return; talloc_steal(state-domain-libnet_ctx-samr.pipe, state-domain-samr_binding); + state-domain-libnet_ctx-samr.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + state-domain-libnet_ctx-samr.name = state-domain-info-name; state-domain-ldap_conn = ldap4_new_connection(state-domain, state-ctx-event_ctx);
