The branch, master has been updated via 60d91f2 s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin. via a9a8164 s3-netapi: allow to use default krb5 credential cache for libnetapi users. from 39dcf4b s3:smb2-server: session setup replies should always be signed (except for guest sessions)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 60d91f2c561fb3467a2cc73377f9ba9204ddd496 Author: Günther Deschner <g...@samba.org> Date: Wed Sep 21 17:28:58 2011 +0200 s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin. We force using a MEMORY ccache though in the wkssvc server. Guenther Autobuild-User: Günther Deschner <g...@samba.org> Autobuild-Date: Wed Sep 21 19:13:33 CEST 2011 on sn-devel-104 commit a9a81648e974b62e67fe42313ab32024d72d9007 Author: Günther Deschner <g...@samba.org> Date: Wed Sep 21 17:28:02 2011 +0200 s3-netapi: allow to use default krb5 credential cache for libnetapi users. Guenther ----------------------------------------------------------------------- Summary of changes: source3/lib/netapi/netapi.c | 25 +++++++++++++++------- source3/lib/netapi/netapi.h | 6 +++++ source3/libnet/libnet_join.c | 31 ----------------------------- source3/rpc_server/wkssvc/srv_wkssvc_nt.c | 5 ++++ 4 files changed, 28 insertions(+), 39 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c index a4a8e44..9ed13fc 100644 --- a/source3/lib/netapi/netapi.c +++ b/source3/lib/netapi/netapi.c @@ -106,8 +106,6 @@ NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context) { NET_API_STATUS status; struct libnetapi_ctx *ctx = NULL; - char *krb5_cc_env = NULL; - TALLOC_CTX *frame = talloc_stackframe(); ctx = talloc_zero(frame, struct libnetapi_ctx); @@ -118,12 +116,6 @@ NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context) BlockSignals(True, SIGPIPE); - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { - ctx->krb5_cc_env = talloc_strdup(ctx, "MEMORY:libnetapi"); - setenv(KRB5_ENV_CCNAME, ctx->krb5_cc_env, 1); - } - if (getenv("USER")) { ctx->username = talloc_strdup(ctx, getenv("USER")); } else { @@ -276,6 +268,9 @@ NET_API_STATUS libnetapi_set_use_kerberos(struct libnetapi_ctx *ctx) return NET_API_STATUS_SUCCESS; } +/**************************************************************** +****************************************************************/ + NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx) { ctx->use_ccache = true; @@ -283,6 +278,20 @@ NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx) } /**************************************************************** +****************************************************************/ + +NET_API_STATUS libnetapi_set_use_memory_krb5_ccache(struct libnetapi_ctx *ctx) +{ + ctx->krb5_cc_env = talloc_strdup(ctx, "MEMORY:libnetapi"); + if (!ctx->krb5_cc_env) { + return W_ERROR_V(WERR_NOMEM); + } + setenv(KRB5_ENV_CCNAME, ctx->krb5_cc_env, 1); + ctx->use_memory_krb5_ccache = 1; + return NET_API_STATUS_SUCCESS; +} + +/**************************************************************** Return a libnetapi error as a string, caller must free with NetApiBufferFree ****************************************************************/ diff --git a/source3/lib/netapi/netapi.h b/source3/lib/netapi/netapi.h index 620d8cf..2a52321 100644 --- a/source3/lib/netapi/netapi.h +++ b/source3/lib/netapi/netapi.h @@ -1356,6 +1356,7 @@ struct libnetapi_ctx { char *krb5_cc_env; int use_kerberos; int use_ccache; + int use_memory_krb5_ccache; int disable_policy_handle_cache; void *private_data; @@ -1411,6 +1412,11 @@ NET_API_STATUS libnetapi_set_use_kerberos(struct libnetapi_ctx *ctx); NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx); /**************************************************************** +****************************************************************/ + +NET_API_STATUS libnetapi_set_use_memory_krb5_ccache(struct libnetapi_ctx *ctx); + +/**************************************************************** Return a specific libnetapi error as a string, caller must free with NetApiBufferFree ****************************************************************/ diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 20d4f21..757225f 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -35,7 +35,6 @@ #include "secrets.h" #include "rpc_client/init_lsa.h" #include "rpc_client/cli_pipe.h" -#include "krb5_env.h" #include "../libcli/security/security.h" #include "passdb.h" #include "libsmb/libsmb.h" @@ -1766,17 +1765,10 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) { - const char *krb5_cc_env = NULL; - if (r->in.ads) { ads_destroy(&r->in.ads); } - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (krb5_cc_env && strcasecmp_m(krb5_cc_env, "MEMORY:libnetjoin")) { - unsetenv(KRB5_ENV_CCNAME); - } - return 0; } @@ -1785,17 +1777,10 @@ static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r) { - const char *krb5_cc_env = NULL; - if (r->in.ads) { ads_destroy(&r->in.ads); } - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (krb5_cc_env && strcasecmp_m(krb5_cc_env, "MEMORY:libnetjoin")) { - unsetenv(KRB5_ENV_CCNAME); - } - return 0; } @@ -1806,7 +1791,6 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx **r) { struct libnet_JoinCtx *ctx; - const char *krb5_cc_env = NULL; ctx = talloc_zero(mem_ctx, struct libnet_JoinCtx); if (!ctx) { @@ -1818,13 +1802,6 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, ctx->in.machine_name = talloc_strdup(mem_ctx, lp_netbios_name()); W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { - krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin"); - W_ERROR_HAVE_NO_MEMORY(krb5_cc_env); - setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1); - } - ctx->in.secure_channel_type = SEC_CHAN_WKSTA; *r = ctx; @@ -1839,7 +1816,6 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx **r) { struct libnet_UnjoinCtx *ctx; - const char *krb5_cc_env = NULL; ctx = talloc_zero(mem_ctx, struct libnet_UnjoinCtx); if (!ctx) { @@ -1851,13 +1827,6 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, ctx->in.machine_name = talloc_strdup(mem_ctx, lp_netbios_name()); W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { - krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin"); - W_ERROR_HAVE_NO_MEMORY(krb5_cc_env); - setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1); - } - *r = ctx; return WERR_OK; diff --git a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c index 49c71b8..e65aa49 100644 --- a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c +++ b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c @@ -32,6 +32,7 @@ #include "session.h" #include "smbd/smbd.h" #include "auth.h" +#include "krb5_env.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV @@ -867,7 +868,9 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p, j->in.msg_ctx = p->msg_ctx; become_root(); + setenv(KRB5_ENV_CCNAME, "MEMORY:_wkssvc_NetrJoinDomain2", 1); werr = libnet_Join(p->mem_ctx, j); + unsetenv(KRB5_ENV_CCNAME); unbecome_root(); if (!W_ERROR_IS_OK(werr)) { @@ -933,7 +936,9 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p, u->in.msg_ctx = p->msg_ctx; become_root(); + setenv(KRB5_ENV_CCNAME, "MEMORY:_wkssvc_NetrUnjoinDomain2", 1); werr = libnet_Unjoin(p->mem_ctx, u); + unsetenv(KRB5_ENV_CCNAME); unbecome_root(); if (!W_ERROR_IS_OK(werr)) { -- Samba Shared Repository