summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2012-04-20 13:14:30 -0400
committerSimo Sorce <idra@samba.org>2012-04-23 16:40:05 -0400
commit110dad8c9eb95e6729e589b52ef204d369803bdb (patch)
tree89703746eb0c7f86efbd70c92d18acd6b7b3b5d9
parent090f9072da6974b506901547c0091e3e1b8a11cc (diff)
downloadsamba-110dad8c9eb95e6729e589b52ef204d369803bdb.tar.gz
samba-110dad8c9eb95e6729e589b52ef204d369803bdb.tar.xz
samba-110dad8c9eb95e6729e589b52ef204d369803bdb.zip
Make krb5 context initialization not heimdal specific
Turn the logging data to an opaque pointer. Ifdef code and use MIT logging function when built against system MIT.
-rw-r--r--source4/auth/kerberos/krb5_init_context.c72
-rw-r--r--source4/auth/kerberos/krb5_init_context.h4
-rw-r--r--source4/kdc/kdc.c2
3 files changed, 55 insertions, 23 deletions
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index fbcaad29d9..e3c0876f1a 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -30,7 +30,7 @@
#include "param/param.h"
#include "libcli/resolve/resolve.h"
#include "../lib/tsocket/tsocket.h"
-
+#include "krb5_init_context.h"
/*
context structure for operations on cldap packets
*/
@@ -52,9 +52,17 @@ struct smb_krb5_socket {
static krb5_error_code smb_krb5_context_destroy(struct smb_krb5_context *ctx)
{
- /* Otherwise krb5_free_context will try and close what we have already free()ed */
- krb5_set_warn_dest(ctx->krb5_context, NULL);
- krb5_closelog(ctx->krb5_context, ctx->logf);
+#ifdef SAMBA4_USES_HEIMDAL
+ if (ctx->pvt_log_data) {
+ /* Otherwise krb5_free_context will try and close what we
+ * have already free()ed */
+ krb5_set_warn_dest(ctx->krb5_context, NULL);
+ krb5_closelog(ctx->krb5_context,
+ (krb5_log_facility *)ctx->pvt_log_data);
+ }
+#else
+ krb5_set_trace_callback(ctx->krb5_context, NULL, NULL);
+#endif
krb5_free_context(ctx->krb5_context);
return 0;
}
@@ -64,10 +72,19 @@ static void smb_krb5_debug_close(void *private_data) {
return;
}
+#ifdef SAMBA4_USES_HEIMDAL
static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private_data)
{
DEBUG(3, ("Kerberos: %s\n", msg));
}
+#else
+static void smb_krb5_debug_wrapper(krb5_context context,
+ const struct krb5_trace_info *info,
+ void *cb_data)
+{
+ DEBUG(3, ("Kerberos: %s\n", info->message));
+}
+#endif
/*
handle recv events on a smb_krb5 socket
@@ -461,6 +478,10 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
{
krb5_error_code ret;
TALLOC_CTX *tmp_ctx;
+ krb5_context kctx;
+#ifdef SAMBA4_USES_HEIMDAL
+ krb5_log_facility *logf;
+#endif
initialize_krb5_error_table();
@@ -472,37 +493,39 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
return ENOMEM;
}
- ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx,
- &(*smb_krb5_context)->krb5_context);
+ ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx, &kctx);
if (ret) {
DEBUG(1,("smb_krb5_context_init_basic failed (%s)\n",
error_message(ret)));
talloc_free(tmp_ctx);
return ret;
}
+ (*smb_krb5_context)->krb5_context = kctx;
+ talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy);
+
+#ifdef SAMBA4_USES_HEIMDAL
/* TODO: Should we have a different name here? */
- ret = krb5_initlog((*smb_krb5_context)->krb5_context, "Samba", &(*smb_krb5_context)->logf);
+ ret = krb5_initlog(kctx, "Samba", &logf);
if (ret) {
DEBUG(1,("krb5_initlog failed (%s)\n",
- smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
- krb5_free_context((*smb_krb5_context)->krb5_context);
+ smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
talloc_free(tmp_ctx);
return ret;
}
+ (*smb_krb5_context)->pvt_log_data = logf;
- talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy);
-
- ret = krb5_addlog_func((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf, 0 /* min */, -1 /* max */,
- smb_krb5_debug_wrapper, smb_krb5_debug_close, NULL);
+ ret = krb5_addlog_func(kctx, logf, 0 /* min */, -1 /* max */,
+ smb_krb5_debug_wrapper,
+ smb_krb5_debug_close, NULL);
if (ret) {
DEBUG(1,("krb5_addlog_func failed (%s)\n",
- smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
+ smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
talloc_free(tmp_ctx);
return ret;
}
- krb5_set_warn_dest((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf);
+ krb5_set_warn_dest(kctx, logf);
/* Set use of our socket lib */
if (ev) {
@@ -515,13 +538,22 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
}
}
- talloc_steal(parent_ctx, *smb_krb5_context);
- talloc_free(tmp_ctx);
-
/* Set options in kerberos */
- krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context,
- lpcfg_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
+ krb5_set_dns_canonicalize_hostname(kctx,
+ lpcfg_parm_bool(lp_ctx, NULL, "krb5",
+ "set_dns_canonicalize", false));
+#else
+ ret = krb5_set_trace_callback(kctx, smb_krb5_debug_wrapper, NULL);
+ if (ret && ret != KRB5_TRACE_NOSUPP) {
+ DEBUG(1, ("krb5_set_trace_callback failed (%s)\n"
+ smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+#endif
+ talloc_steal(parent_ctx, *smb_krb5_context);
+ talloc_free(tmp_ctx);
return 0;
}
diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h
index 835438cc5b..24ae374cd7 100644
--- a/source4/auth/kerberos/krb5_init_context.h
+++ b/source4/auth/kerberos/krb5_init_context.h
@@ -22,10 +22,10 @@
struct smb_krb5_context {
krb5_context krb5_context;
- krb5_log_facility *logf;
+ void *pvt_log_data;
struct tevent_context *current_ev;
};
-
+
struct tevent_context;
struct loadparm_context;
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index d1ce527b24..5424d213e8 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -932,7 +932,7 @@ static void kdc_task_init(struct task_server *task)
return;
}
- kdc->config->logf = kdc->smb_krb5_context->logf;
+ kdc->config->logf = (krb5_log_facility *)kdc->smb_krb5_context->pvt_log_data;
kdc->config->db = talloc(kdc, struct HDB *);
if (!kdc->config->db) {
task_server_terminate(task, "kdc: out of memory", true);