2010-01-28 02:05:05 -05:00
/*
2005-09-17 01:11:50 +00:00
Unix SMB / CIFS implementation .
Wrapper for krb5_init_context
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2005
2005-09-28 01:09:10 +00:00
Copyright ( C ) Andrew Tridgell 2005
Copyright ( C ) Stefan Metzmacher 2004
2005-09-17 01:11:50 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 02:07:03 +00:00
the Free Software Foundation ; either version 3 of the License , or
2005-09-17 01:11:50 +00:00
( at your option ) any later version .
2010-01-28 02:05:05 -05:00
2005-09-17 01:11:50 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2010-01-28 02:05:05 -05:00
2005-09-17 01:11:50 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 02:07:03 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2005-09-17 01:11:50 +00:00
*/
# include "includes.h"
# include "system/kerberos.h"
2009-01-03 12:48:20 +01:00
# include <tevent.h>
2005-09-17 01:11:50 +00:00
# include "auth/kerberos/kerberos.h"
2005-09-28 01:09:10 +00:00
# include "lib/socket/socket.h"
2007-05-17 05:46:45 +00:00
# include "lib/stream/packet.h"
2006-03-11 08:11:33 +00:00
# include "system/network.h"
2007-09-08 12:42:09 +00:00
# include "param/param.h"
2007-12-10 18:41:19 +01:00
# include "libcli/resolve/resolve.h"
2005-11-09 10:17:05 +00:00
2005-09-28 01:09:10 +00:00
/*
context structure for operations on cldap packets
*/
struct smb_krb5_socket {
struct socket_context * sock ;
/* the fd event */
2008-12-29 20:24:57 +01:00
struct tevent_fd * fde ;
2005-09-28 01:09:10 +00:00
NTSTATUS status ;
2007-05-17 05:46:45 +00:00
DATA_BLOB request , reply ;
2010-01-28 02:05:05 -05:00
2007-05-17 05:46:45 +00:00
struct packet_context * packet ;
2005-09-28 01:09:10 +00:00
size_t partial_read ;
krb5_krbhst_info * hi ;
} ;
2005-09-17 01:11:50 +00:00
2010-01-31 13:28:04 -05:00
static krb5_error_code smb_krb5_context_destroy ( struct smb_krb5_context * ctx )
2005-09-17 01:11:50 +00:00
{
/* Otherwise krb5_free_context will try and close what we have already free()ed */
krb5_set_warn_dest ( ctx - > krb5_context , NULL ) ;
krb5_closelog ( ctx - > krb5_context , ctx - > logf ) ;
2010-01-31 13:28:04 -05:00
krb5_free_context ( ctx - > krb5_context ) ;
2005-09-17 01:11:50 +00:00
return 0 ;
}
/* We never close down the DEBUG system, and no need to unreference the use */
2009-02-02 08:17:20 +01:00
static void smb_krb5_debug_close ( void * private_data ) {
2005-09-17 01:11:50 +00:00
return ;
}
2009-02-02 08:17:20 +01:00
static void smb_krb5_debug_wrapper ( const char * timestr , const char * msg , void * private_data )
2005-09-17 01:11:50 +00:00
{
2010-01-16 17:57:17 +11:00
DEBUG ( 3 , ( " Kerberos: %s \n " , msg ) ) ;
2005-09-17 01:11:50 +00:00
}
2005-09-28 01:09:10 +00:00
/*
handle recv events on a smb_krb5 socket
*/
static void smb_krb5_socket_recv ( struct smb_krb5_socket * smb_krb5 )
{
TALLOC_CTX * tmp_ctx = talloc_new ( smb_krb5 ) ;
DATA_BLOB blob ;
size_t nread , dsize ;
2007-05-17 05:46:45 +00:00
smb_krb5 - > status = socket_pending ( smb_krb5 - > sock , & dsize ) ;
if ( ! NT_STATUS_IS_OK ( smb_krb5 - > status ) ) {
2005-09-28 01:09:10 +00:00
talloc_free ( tmp_ctx ) ;
return ;
}
2010-01-28 02:05:05 -05:00
2007-05-17 05:46:45 +00:00
blob = data_blob_talloc ( tmp_ctx , NULL , dsize ) ;
if ( blob . data = = NULL & & dsize ! = 0 ) {
smb_krb5 - > status = NT_STATUS_NO_MEMORY ;
talloc_free ( tmp_ctx ) ;
return ;
}
2010-01-28 02:05:05 -05:00
2007-05-17 05:46:45 +00:00
smb_krb5 - > status = socket_recv ( smb_krb5 - > sock , blob . data , blob . length , & nread ) ;
if ( ! NT_STATUS_IS_OK ( smb_krb5 - > status ) ) {
talloc_free ( tmp_ctx ) ;
return ;
}
blob . length = nread ;
2010-01-28 02:05:05 -05:00
2007-05-17 05:46:45 +00:00
if ( nread = = 0 ) {
smb_krb5 - > status = NT_STATUS_UNEXPECTED_NETWORK_ERROR ;
talloc_free ( tmp_ctx ) ;
return ;
}
2010-01-28 02:05:05 -05:00
DEBUG ( 2 , ( " Received smb_krb5 packet of length %d \n " ,
2007-05-17 05:46:45 +00:00
( int ) blob . length ) ) ;
2010-01-28 02:05:05 -05:00
2007-05-17 05:46:45 +00:00
talloc_steal ( smb_krb5 , blob . data ) ;
smb_krb5 - > reply = blob ;
talloc_free ( tmp_ctx ) ;
}
2009-02-02 08:17:20 +01:00
static NTSTATUS smb_krb5_full_packet ( void * private_data , DATA_BLOB data )
2007-05-17 05:46:45 +00:00
{
2009-02-02 08:17:20 +01:00
struct smb_krb5_socket * smb_krb5 = talloc_get_type ( private_data , struct smb_krb5_socket ) ;
2007-05-17 05:46:45 +00:00
talloc_steal ( smb_krb5 , data . data ) ;
smb_krb5 - > reply = data ;
smb_krb5 - > reply . length - = 4 ;
smb_krb5 - > reply . data + = 4 ;
return NT_STATUS_OK ;
2005-09-28 01:09:10 +00:00
}
/*
handle request timeouts
*/
2010-01-28 02:05:05 -05:00
static void smb_krb5_request_timeout ( struct tevent_context * event_ctx ,
2008-12-29 20:24:57 +01:00
struct tevent_timer * te , struct timeval t ,
2009-02-02 08:17:20 +01:00
void * private_data )
2005-09-28 01:09:10 +00:00
{
2009-02-02 08:17:20 +01:00
struct smb_krb5_socket * smb_krb5 = talloc_get_type ( private_data , struct smb_krb5_socket ) ;
2005-10-14 06:06:18 +00:00
DEBUG ( 5 , ( " Timed out smb_krb5 packet \n " ) ) ;
2007-05-17 05:46:45 +00:00
smb_krb5 - > status = NT_STATUS_IO_TIMEOUT ;
}
2009-02-02 08:17:20 +01:00
static void smb_krb5_error_handler ( void * private_data , NTSTATUS status )
2007-05-17 05:46:45 +00:00
{
2009-02-02 08:17:20 +01:00
struct smb_krb5_socket * smb_krb5 = talloc_get_type ( private_data , struct smb_krb5_socket ) ;
2007-05-17 05:46:45 +00:00
smb_krb5 - > status = status ;
2005-09-28 01:09:10 +00:00
}
/*
handle send events on a smb_krb5 socket
*/
static void smb_krb5_socket_send ( struct smb_krb5_socket * smb_krb5 )
{
NTSTATUS status ;
size_t len ;
2010-01-28 02:05:05 -05:00
2005-09-28 01:09:10 +00:00
len = smb_krb5 - > request . length ;
2006-04-30 05:58:31 +00:00
status = socket_send ( smb_krb5 - > sock , & smb_krb5 - > request , & len ) ;
2005-09-28 01:09:10 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) return ;
2010-01-28 02:05:05 -05:00
2009-01-03 12:48:20 +01:00
TEVENT_FD_READABLE ( smb_krb5 - > fde ) ;
2005-09-28 01:09:10 +00:00
2009-01-03 12:48:20 +01:00
TEVENT_FD_NOT_WRITEABLE ( smb_krb5 - > fde ) ;
2005-09-28 01:09:10 +00:00
return ;
}
/*
handle fd events on a smb_krb5_socket
*/
2008-12-29 20:24:57 +01:00
static void smb_krb5_socket_handler ( struct tevent_context * ev , struct tevent_fd * fde ,
2009-02-02 08:17:20 +01:00
uint16_t flags , void * private_data )
2005-09-28 01:09:10 +00:00
{
2009-02-02 08:17:20 +01:00
struct smb_krb5_socket * smb_krb5 = talloc_get_type ( private_data , struct smb_krb5_socket ) ;
2007-05-17 05:46:45 +00:00
switch ( smb_krb5 - > hi - > proto ) {
case KRB5_KRBHST_UDP :
2009-01-03 12:48:20 +01:00
if ( flags & TEVENT_FD_READ ) {
2007-05-17 05:46:45 +00:00
smb_krb5_socket_recv ( smb_krb5 ) ;
2007-05-18 05:47:33 +00:00
return ;
2007-05-17 05:46:45 +00:00
}
2009-01-03 12:48:20 +01:00
if ( flags & TEVENT_FD_WRITE ) {
2007-05-18 05:47:33 +00:00
smb_krb5_socket_send ( smb_krb5 ) ;
return ;
}
/* not reached */
return ;
2007-05-17 05:46:45 +00:00
case KRB5_KRBHST_TCP :
2009-01-03 12:48:20 +01:00
if ( flags & TEVENT_FD_READ ) {
2007-05-17 05:46:45 +00:00
packet_recv ( smb_krb5 - > packet ) ;
2007-05-18 05:47:33 +00:00
return ;
2007-05-17 05:46:45 +00:00
}
2009-01-03 12:48:20 +01:00
if ( flags & TEVENT_FD_WRITE ) {
2007-05-17 05:46:45 +00:00
packet_queue_run ( smb_krb5 - > packet ) ;
2007-05-18 05:47:33 +00:00
return ;
2007-05-17 05:46:45 +00:00
}
2007-05-18 05:47:33 +00:00
/* not reached */
return ;
2007-05-17 05:46:45 +00:00
case KRB5_KRBHST_HTTP :
/* can't happen */
break ;
2005-09-28 01:09:10 +00:00
}
}
2006-11-07 06:59:56 +00:00
krb5_error_code smb_krb5_send_and_recv_func ( krb5_context context ,
void * data ,
krb5_krbhst_info * hi ,
2008-08-01 11:17:48 +02:00
time_t timeout ,
2006-11-07 06:59:56 +00:00
const krb5_data * send_buf ,
krb5_data * recv_buf )
2005-09-28 01:09:10 +00:00
{
krb5_error_code ret ;
NTSTATUS status ;
2006-01-09 22:12:53 +00:00
struct socket_address * remote_addr ;
2005-09-28 01:09:10 +00:00
const char * name ;
struct addrinfo * ai , * a ;
struct smb_krb5_socket * smb_krb5 ;
2010-10-11 16:53:08 +11:00
DATA_BLOB send_blob ;
2005-09-28 01:09:10 +00:00
2010-10-11 16:53:08 +11:00
struct tevent_context * ev ;
TALLOC_CTX * tmp_ctx = talloc_new ( NULL ) ;
if ( ! tmp_ctx ) {
return ENOMEM ;
}
if ( ! data ) {
/* If no event context was available, then create one for this loop */
ev = tevent_context_init ( tmp_ctx ) ;
if ( ! ev ) {
talloc_free ( tmp_ctx ) ;
return ENOMEM ;
}
} else {
ev = talloc_get_type_abort ( data , struct tevent_context ) ;
}
send_blob = data_blob_const ( send_buf - > data , send_buf - > length ) ;
2005-09-28 01:09:10 +00:00
ret = krb5_krbhst_get_addrinfo ( context , hi , & ai ) ;
if ( ret ) {
2010-10-11 16:53:08 +11:00
talloc_free ( tmp_ctx ) ;
2005-09-28 01:09:10 +00:00
return ret ;
}
for ( a = ai ; a ; a = ai - > ai_next ) {
2010-10-11 16:53:08 +11:00
smb_krb5 = talloc ( tmp_ctx , struct smb_krb5_socket ) ;
2005-09-28 01:09:10 +00:00
if ( ! smb_krb5 ) {
2010-10-11 16:53:08 +11:00
talloc_free ( tmp_ctx ) ;
2005-09-28 01:09:10 +00:00
return ENOMEM ;
}
smb_krb5 - > hi = hi ;
2010-01-28 02:05:05 -05:00
2005-09-28 01:09:10 +00:00
switch ( a - > ai_family ) {
case PF_INET :
name = " ipv4 " ;
break ;
2007-04-30 11:27:41 +00:00
# ifdef HAVE_IPV6
2005-09-28 01:09:10 +00:00
case PF_INET6 :
name = " ipv6 " ;
break ;
2006-05-24 22:17:01 +00:00
# endif
2005-09-28 01:09:10 +00:00
default :
2010-10-11 16:53:08 +11:00
talloc_free ( tmp_ctx ) ;
2005-09-28 01:09:10 +00:00
return EINVAL ;
}
2010-01-28 02:05:05 -05:00
2005-09-28 01:09:10 +00:00
status = NT_STATUS_INVALID_PARAMETER ;
switch ( hi - > proto ) {
case KRB5_KRBHST_UDP :
2008-11-02 01:03:46 +01:00
status = socket_create ( name , SOCKET_TYPE_DGRAM , & smb_krb5 - > sock , 0 ) ;
2006-03-13 06:56:31 +00:00
break ;
2005-09-28 01:09:10 +00:00
case KRB5_KRBHST_TCP :
2008-11-02 01:03:46 +01:00
status = socket_create ( name , SOCKET_TYPE_STREAM , & smb_krb5 - > sock , 0 ) ;
2006-03-13 06:56:31 +00:00
break ;
2005-09-28 01:09:10 +00:00
case KRB5_KRBHST_HTTP :
2010-10-11 16:53:08 +11:00
talloc_free ( tmp_ctx ) ;
2005-09-28 01:09:10 +00:00
return EINVAL ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
talloc_free ( smb_krb5 ) ;
continue ;
}
talloc_steal ( smb_krb5 , smb_krb5 - > sock ) ;
2010-01-28 02:05:05 -05:00
remote_addr = socket_address_from_sockaddr ( smb_krb5 , a - > ai_addr , a - > ai_addrlen ) ;
2006-01-09 22:12:53 +00:00
if ( ! remote_addr ) {
2005-09-28 01:09:10 +00:00
talloc_free ( smb_krb5 ) ;
2006-01-09 22:12:53 +00:00
continue ;
2005-09-28 01:09:10 +00:00
}
2006-01-09 22:12:53 +00:00
2008-12-17 23:13:44 +01:00
status = socket_connect_ev ( smb_krb5 - > sock , NULL , remote_addr , 0 , ev ) ;
2005-09-28 01:09:10 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
talloc_free ( smb_krb5 ) ;
continue ;
}
talloc_free ( remote_addr ) ;
2007-05-18 05:47:33 +00:00
/* Setup the FDE, start listening for read events
* from the start ( otherwise we may miss a socket
* drop ) and mark as AUTOCLOSE along with the fde */
/* Ths is equivilant to EVENT_FD_READABLE(smb_krb5->fde) */
2009-01-03 12:47:24 +01:00
smb_krb5 - > fde = tevent_add_fd ( ev , smb_krb5 - > sock ,
socket_get_fd ( smb_krb5 - > sock ) ,
TEVENT_FD_READ ,
smb_krb5_socket_handler , smb_krb5 ) ;
2007-05-17 02:21:07 +00:00
/* its now the job of the event layer to close the socket */
2009-01-03 12:47:24 +01:00
tevent_fd_set_close_fn ( smb_krb5 - > fde , socket_tevent_fd_close_fn ) ;
2007-05-17 02:21:07 +00:00
socket_set_flags ( smb_krb5 - > sock , SOCKET_FLAG_NOCLOSE ) ;
2005-09-28 01:09:10 +00:00
2009-01-03 12:48:20 +01:00
tevent_add_timer ( ev , smb_krb5 ,
timeval_current_ofs ( timeout , 0 ) ,
smb_krb5_request_timeout , smb_krb5 ) ;
2005-09-28 01:09:10 +00:00
2007-05-17 05:46:45 +00:00
smb_krb5 - > status = NT_STATUS_OK ;
smb_krb5 - > reply = data_blob ( NULL , 0 ) ;
2005-09-28 01:09:10 +00:00
switch ( hi - > proto ) {
case KRB5_KRBHST_UDP :
2009-01-03 12:48:20 +01:00
TEVENT_FD_WRITEABLE ( smb_krb5 - > fde ) ;
2005-09-28 01:09:10 +00:00
smb_krb5 - > request = send_blob ;
break ;
case KRB5_KRBHST_TCP :
2007-05-17 05:46:45 +00:00
smb_krb5 - > packet = packet_init ( smb_krb5 ) ;
if ( smb_krb5 - > packet = = NULL ) {
talloc_free ( smb_krb5 ) ;
return ENOMEM ;
}
packet_set_private ( smb_krb5 - > packet , smb_krb5 ) ;
packet_set_socket ( smb_krb5 - > packet , smb_krb5 - > sock ) ;
packet_set_callback ( smb_krb5 - > packet , smb_krb5_full_packet ) ;
packet_set_full_request ( smb_krb5 - > packet , packet_full_request_u32 ) ;
packet_set_error_handler ( smb_krb5 - > packet , smb_krb5_error_handler ) ;
packet_set_event_context ( smb_krb5 - > packet , ev ) ;
packet_set_fde ( smb_krb5 - > packet , smb_krb5 - > fde ) ;
2005-09-28 01:09:10 +00:00
smb_krb5 - > request = data_blob_talloc ( smb_krb5 , NULL , send_blob . length + 4 ) ;
RSIVAL ( smb_krb5 - > request . data , 0 , send_blob . length ) ;
memcpy ( smb_krb5 - > request . data + 4 , send_blob . data , send_blob . length ) ;
2007-05-17 05:46:45 +00:00
packet_send ( smb_krb5 - > packet , smb_krb5 - > request ) ;
2005-09-28 01:09:10 +00:00
break ;
case KRB5_KRBHST_HTTP :
2010-10-11 16:53:08 +11:00
talloc_free ( tmp_ctx ) ;
2005-09-28 01:09:10 +00:00
return EINVAL ;
}
2007-05-17 05:46:45 +00:00
while ( ( NT_STATUS_IS_OK ( smb_krb5 - > status ) ) & & ! smb_krb5 - > reply . length ) {
2009-01-03 12:48:20 +01:00
if ( tevent_loop_once ( ev ) ! = 0 ) {
2010-10-11 16:53:08 +11:00
talloc_free ( tmp_ctx ) ;
2005-09-28 01:09:10 +00:00
return EINVAL ;
}
2010-10-11 16:53:08 +11:00
/* After each and every event loop, reset the
* send_to_kdc pointers to what they were when
* we entered this loop . That way , if a
* nested event has invalidated them , we put
* it back before we return to the heimdal
* code */
ret = krb5_set_send_to_kdc_func ( context ,
smb_krb5_send_and_recv_func ,
data ) ;
if ( ret ! = 0 ) {
talloc_free ( tmp_ctx ) ;
return ret ;
}
2005-09-28 01:09:10 +00:00
}
2007-05-17 05:46:45 +00:00
if ( NT_STATUS_EQUAL ( smb_krb5 - > status , NT_STATUS_IO_TIMEOUT ) ) {
2005-09-28 01:09:10 +00:00
talloc_free ( smb_krb5 ) ;
continue ;
}
2007-05-17 05:46:45 +00:00
if ( ! NT_STATUS_IS_OK ( smb_krb5 - > status ) ) {
DEBUG ( 2 , ( " Error reading smb_krb5 reply packet: %s \n " , nt_errstr ( smb_krb5 - > status ) ) ) ;
2005-09-28 01:09:10 +00:00
talloc_free ( smb_krb5 ) ;
continue ;
}
ret = krb5_data_copy ( recv_buf , smb_krb5 - > reply . data , smb_krb5 - > reply . length ) ;
if ( ret ) {
2010-10-11 16:53:08 +11:00
talloc_free ( tmp_ctx ) ;
2005-09-28 01:09:10 +00:00
return ret ;
}
talloc_free ( smb_krb5 ) ;
2010-01-28 02:05:05 -05:00
2005-09-28 01:09:10 +00:00
break ;
}
2010-10-11 16:53:08 +11:00
talloc_free ( tmp_ctx ) ;
2005-09-28 01:09:10 +00:00
if ( a ) {
return 0 ;
}
return KRB5_KDC_UNREACH ;
}
2010-01-31 13:28:04 -05:00
krb5_error_code
smb_krb5_init_context_basic ( TALLOC_CTX * tmp_ctx ,
struct loadparm_context * lp_ctx ,
krb5_context * _krb5_context )
2005-09-17 01:11:50 +00:00
{
krb5_error_code ret ;
2007-01-24 02:48:40 +00:00
char * * config_files ;
2009-10-12 19:09:18 +02:00
const char * config_file , * realm ;
2010-01-31 13:28:04 -05:00
krb5_context krb5_ctx ;
2010-01-28 02:05:05 -05:00
2005-09-17 01:11:50 +00:00
initialize_krb5_error_table ( ) ;
2010-01-28 02:05:05 -05:00
2010-01-31 13:28:04 -05:00
ret = krb5_init_context ( & krb5_ctx ) ;
2005-09-17 01:11:50 +00:00
if ( ret ) {
2010-01-28 02:05:05 -05:00
DEBUG ( 1 , ( " krb5_init_context failed (%s) \n " ,
2005-09-17 01:11:50 +00:00
error_message ( ret ) ) ) ;
return ret ;
}
2007-12-02 20:56:26 +01:00
config_file = config_path ( tmp_ctx , lp_ctx , " krb5.conf " ) ;
2007-01-24 02:48:40 +00:00
if ( ! config_file ) {
2010-01-31 13:28:04 -05:00
krb5_free_context ( krb5_ctx ) ;
2007-01-24 02:48:40 +00:00
return ENOMEM ;
}
2010-01-28 02:05:05 -05:00
2007-01-24 02:48:40 +00:00
/* Use our local krb5.conf file by default */
2007-12-14 01:46:25 +01:00
ret = krb5_prepend_config_files_default ( config_file = = NULL ? " " : config_file , & config_files ) ;
2007-01-24 02:48:40 +00:00
if ( ret ) {
2010-01-28 02:05:05 -05:00
DEBUG ( 1 , ( " krb5_prepend_config_files_default failed (%s) \n " ,
2010-01-31 13:28:04 -05:00
smb_get_krb5_error_message ( krb5_ctx , ret , tmp_ctx ) ) ) ;
krb5_free_context ( krb5_ctx ) ;
2007-01-24 02:48:40 +00:00
return ret ;
}
2010-01-31 13:28:04 -05:00
ret = krb5_set_config_files ( krb5_ctx , config_files ) ;
2007-01-24 02:48:40 +00:00
krb5_free_config_files ( config_files ) ;
if ( ret ) {
2010-01-28 02:05:05 -05:00
DEBUG ( 1 , ( " krb5_set_config_files failed (%s) \n " ,
2010-01-31 13:28:04 -05:00
smb_get_krb5_error_message ( krb5_ctx , ret , tmp_ctx ) ) ) ;
krb5_free_context ( krb5_ctx ) ;
2007-01-24 02:48:40 +00:00
return ret ;
}
2010-01-28 02:05:05 -05:00
2010-07-16 14:32:42 +10:00
realm = lpcfg_realm ( lp_ctx ) ;
2009-10-12 19:09:18 +02:00
if ( realm ! = NULL ) {
2010-01-31 13:28:04 -05:00
ret = krb5_set_default_realm ( krb5_ctx , realm ) ;
2005-09-17 01:11:50 +00:00
if ( ret ) {
2010-01-28 02:05:05 -05:00
DEBUG ( 1 , ( " krb5_set_default_realm failed (%s) \n " ,
2010-01-31 13:28:04 -05:00
smb_get_krb5_error_message ( krb5_ctx , ret , tmp_ctx ) ) ) ;
krb5_free_context ( krb5_ctx ) ;
2005-09-17 01:11:50 +00:00
return ret ;
}
}
2010-01-31 13:28:04 -05:00
* _krb5_context = krb5_ctx ;
return 0 ;
}
krb5_error_code smb_krb5_init_context ( void * parent_ctx ,
struct tevent_context * ev ,
struct loadparm_context * lp_ctx ,
2010-10-11 16:53:08 +11:00
struct smb_krb5_context * * smb_krb5_context )
2010-01-31 13:28:04 -05:00
{
krb5_error_code ret ;
TALLOC_CTX * tmp_ctx ;
initialize_krb5_error_table ( ) ;
tmp_ctx = talloc_new ( parent_ctx ) ;
2010-10-11 16:53:08 +11:00
* smb_krb5_context = talloc_zero ( tmp_ctx , struct smb_krb5_context ) ;
2010-01-31 13:28:04 -05:00
if ( ! * smb_krb5_context | | ! tmp_ctx ) {
talloc_free ( tmp_ctx ) ;
return ENOMEM ;
}
2010-10-11 13:19:32 +11:00
ret = smb_krb5_init_context_basic ( tmp_ctx , lp_ctx ,
2010-01-31 13:28:04 -05:00
& ( * smb_krb5_context ) - > krb5_context ) ;
if ( ret ) {
DEBUG ( 1 , ( " smb_krb5_context_init_basic failed (%s) \n " ,
error_message ( ret ) ) ) ;
talloc_free ( tmp_ctx ) ;
return ret ;
}
2005-09-17 01:11:50 +00:00
/* TODO: Should we have a different name here? */
ret = krb5_initlog ( ( * smb_krb5_context ) - > krb5_context , " Samba " , & ( * smb_krb5_context ) - > logf ) ;
2010-01-28 02:05:05 -05:00
2005-09-17 01:11:50 +00:00
if ( ret ) {
2010-01-28 02:05:05 -05:00
DEBUG ( 1 , ( " krb5_initlog failed (%s) \n " ,
2005-09-17 01:11:50 +00:00
smb_get_krb5_error_message ( ( * smb_krb5_context ) - > krb5_context , ret , tmp_ctx ) ) ) ;
2010-01-31 13:28:04 -05:00
krb5_free_context ( ( * smb_krb5_context ) - > krb5_context ) ;
2005-09-17 01:11:50 +00:00
talloc_free ( tmp_ctx ) ;
return ret ;
}
2010-01-31 13:28:04 -05:00
talloc_set_destructor ( * smb_krb5_context , smb_krb5_context_destroy ) ;
2005-09-17 01:11:50 +00:00
2010-01-28 02:05:05 -05:00
ret = krb5_addlog_func ( ( * smb_krb5_context ) - > krb5_context , ( * smb_krb5_context ) - > logf , 0 /* min */ , - 1 /* max */ ,
2005-09-17 01:11:50 +00:00
smb_krb5_debug_wrapper , smb_krb5_debug_close , NULL ) ;
if ( ret ) {
2010-01-28 02:05:05 -05:00
DEBUG ( 1 , ( " krb5_addlog_func failed (%s) \n " ,
2005-09-17 01:11:50 +00:00
smb_get_krb5_error_message ( ( * smb_krb5_context ) - > krb5_context , ret , tmp_ctx ) ) ) ;
talloc_free ( tmp_ctx ) ;
return ret ;
}
krb5_set_warn_dest ( ( * smb_krb5_context ) - > krb5_context , ( * smb_krb5_context ) - > logf ) ;
2005-09-28 01:09:10 +00:00
/* Set use of our socket lib */
2010-10-11 16:53:08 +11:00
if ( ev ) {
struct tevent_context * previous_ev ;
ret = smb_krb5_context_set_event_ctx ( * smb_krb5_context ,
ev , & previous_ev ) ;
if ( ret ) {
talloc_free ( tmp_ctx ) ;
return ret ;
}
2005-09-28 01:09:10 +00:00
}
2005-09-17 01:11:50 +00:00
talloc_steal ( parent_ctx , * smb_krb5_context ) ;
talloc_free ( tmp_ctx ) ;
2005-09-20 07:03:47 +00:00
/* Set options in kerberos */
2007-05-02 09:54:06 +00:00
krb5_set_dns_canonicalize_hostname ( ( * smb_krb5_context ) - > krb5_context ,
2010-07-16 14:32:42 +10:00
lpcfg_parm_bool ( lp_ctx , NULL , " krb5 " , " set_dns_canonicalize " , false ) ) ;
2005-09-28 01:09:10 +00:00
2005-09-17 01:11:50 +00:00
return 0 ;
}
2010-10-11 16:53:08 +11:00
krb5_error_code smb_krb5_context_set_event_ctx ( struct smb_krb5_context * smb_krb5_context ,
struct tevent_context * ev ,
struct tevent_context * * previous_ev )
{
int ret ;
if ( ! ev ) {
return EINVAL ;
}
if ( smb_krb5_context - > current_ev ) {
* previous_ev = smb_krb5_context - > current_ev ;
}
smb_krb5_context - > current_ev = talloc_reference ( smb_krb5_context , ev ) ;
if ( ! smb_krb5_context - > current_ev ) {
return ENOMEM ;
}
/* Set use of our socket lib */
ret = krb5_set_send_to_kdc_func ( smb_krb5_context - > krb5_context ,
smb_krb5_send_and_recv_func ,
ev ) ;
if ( ret ) {
TALLOC_CTX * tmp_ctx = talloc_new ( NULL ) ;
DEBUG ( 1 , ( " krb5_set_send_recv_func failed (%s) \n " ,
smb_get_krb5_error_message ( smb_krb5_context - > krb5_context , ret , tmp_ctx ) ) ) ;
talloc_free ( tmp_ctx ) ;
talloc_unlink ( smb_krb5_context , smb_krb5_context - > current_ev ) ;
smb_krb5_context - > current_ev = NULL ;
return ret ;
}
return 0 ;
}
krb5_error_code smb_krb5_context_remove_event_ctx ( struct smb_krb5_context * smb_krb5_context ,
struct tevent_context * previous_ev ,
struct tevent_context * ev )
{
int ret ;
talloc_unlink ( smb_krb5_context , ev ) ;
/* If there was a mismatch with things happening on a stack, then don't wipe things */
smb_krb5_context - > current_ev = previous_ev ;
/* Set use of our socket lib */
ret = krb5_set_send_to_kdc_func ( smb_krb5_context - > krb5_context ,
smb_krb5_send_and_recv_func ,
previous_ev ) ;
if ( ret ) {
TALLOC_CTX * tmp_ctx = talloc_new ( NULL ) ;
DEBUG ( 1 , ( " krb5_set_send_recv_func failed (%s) \n " ,
smb_get_krb5_error_message ( smb_krb5_context - > krb5_context , ret , tmp_ctx ) ) ) ;
talloc_free ( tmp_ctx ) ;
return ret ;
}
return 0 ;
}