From a2de8a12d3a218f172cf41fbf896ccf2b3bddfc8 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 26 Apr 2012 12:27:05 -0400 Subject: s4-auth-krb: smb_rd_req_return_stuff is used only in gensec_krb5 Make it clearly a gensec_krb5 accessory file. This function should never be used anywhere else. This function was copied out from the Heimdal tree and is kept in a separate file for clarity and to keep the original license boilerplate. --- source4/auth/gensec/gensec_krb5.c | 1 + source4/auth/gensec/gensec_krb5_util.c | 102 +++++++++++++++++++++++++++++++ source4/auth/gensec/gensec_krb5_util.h | 10 +++ source4/auth/gensec/wscript_build | 2 +- source4/auth/kerberos/kerberos_heimdal.c | 102 ------------------------------- source4/auth/kerberos/wscript_build | 2 +- 6 files changed, 115 insertions(+), 104 deletions(-) create mode 100644 source4/auth/gensec/gensec_krb5_util.c create mode 100644 source4/auth/gensec/gensec_krb5_util.h mode change 100644 => 100755 source4/auth/gensec/wscript_build delete mode 100644 source4/auth/kerberos/kerberos_heimdal.c diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 8dde8373a8..6209c2ec4e 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -41,6 +41,7 @@ #include "lib/util/util_net.h" #include "../lib/util/asn1.h" #include "auth/kerberos/pac_utils.h" +#include "gensec_krb5_util.h" _PUBLIC_ NTSTATUS gensec_krb5_init(void); diff --git a/source4/auth/gensec/gensec_krb5_util.c b/source4/auth/gensec/gensec_krb5_util.c new file mode 100644 index 0000000000..44cb39c518 --- /dev/null +++ b/source4/auth/gensec/gensec_krb5_util.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* This file for code taken from the Heimdal code, to preserve licence */ +/* Modified by Andrew Bartlett */ + +#include "includes.h" +#include "system/kerberos.h" +#include "auth/kerberos/kerberos.h" + +/* Taken from accept_sec_context.c,v 1.65 */ +krb5_error_code smb_rd_req_return_stuff(krb5_context context, + krb5_auth_context *auth_context, + const krb5_data *inbuf, + krb5_keytab keytab, + krb5_principal acceptor_principal, + krb5_data *outbuf, + krb5_ticket **ticket, + krb5_keyblock **keyblock) +{ + krb5_rd_req_in_ctx in = NULL; + krb5_rd_req_out_ctx out = NULL; + krb5_error_code kret; + + *keyblock = NULL; + *ticket = NULL; + outbuf->length = 0; + outbuf->data = NULL; + + kret = krb5_rd_req_in_ctx_alloc(context, &in); + if (kret == 0) + kret = krb5_rd_req_in_set_keytab(context, in, keytab); + if (kret) { + if (in) + krb5_rd_req_in_ctx_free(context, in); + return kret; + } + + kret = krb5_rd_req_ctx(context, + auth_context, + inbuf, + acceptor_principal, + in, &out); + krb5_rd_req_in_ctx_free(context, in); + if (kret) { + return kret; + } + + /* + * We need to remember some data on the context_handle. + */ + kret = krb5_rd_req_out_get_ticket(context, out, + ticket); + if (kret == 0) { + kret = krb5_rd_req_out_get_keyblock(context, out, + keyblock); + } + krb5_rd_req_out_ctx_free(context, out); + + if (kret == 0) { + kret = krb5_mk_rep(context, *auth_context, outbuf); + } + + if (kret) { + krb5_free_ticket(context, *ticket); + krb5_free_keyblock(context, *keyblock); + krb5_data_free(outbuf); + } + + return kret; +} + diff --git a/source4/auth/gensec/gensec_krb5_util.h b/source4/auth/gensec/gensec_krb5_util.h new file mode 100644 index 0000000000..09be3ff6a7 --- /dev/null +++ b/source4/auth/gensec/gensec_krb5_util.h @@ -0,0 +1,10 @@ +/* See gensec_krb5_util.c for the license */ + +krb5_error_code smb_rd_req_return_stuff(krb5_context context, + krb5_auth_context *auth_context, + const krb5_data *inbuf, + krb5_keytab keytab, + krb5_principal acceptor_principal, + krb5_data *outbuf, + krb5_ticket **ticket, + krb5_keyblock **keyblock); diff --git a/source4/auth/gensec/wscript_build b/source4/auth/gensec/wscript_build old mode 100644 new mode 100755 index dd25b23fdb..e7bc021963 --- a/source4/auth/gensec/wscript_build +++ b/source4/auth/gensec/wscript_build @@ -6,7 +6,7 @@ bld.SAMBA_SUBSYSTEM('gensec_util', autoproto='gensec_proto.h') bld.SAMBA_MODULE('gensec_krb5', - source='gensec_krb5.c', + source='gensec_krb5.c gensec_krb5_util.c', subsystem='gensec', init_function='gensec_krb5_init', deps='samba-credentials authkrb5 com_err gensec_util', diff --git a/source4/auth/kerberos/kerberos_heimdal.c b/source4/auth/kerberos/kerberos_heimdal.c deleted file mode 100644 index 44cb39c518..0000000000 --- a/source4/auth/kerberos/kerberos_heimdal.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* This file for code taken from the Heimdal code, to preserve licence */ -/* Modified by Andrew Bartlett */ - -#include "includes.h" -#include "system/kerberos.h" -#include "auth/kerberos/kerberos.h" - -/* Taken from accept_sec_context.c,v 1.65 */ -krb5_error_code smb_rd_req_return_stuff(krb5_context context, - krb5_auth_context *auth_context, - const krb5_data *inbuf, - krb5_keytab keytab, - krb5_principal acceptor_principal, - krb5_data *outbuf, - krb5_ticket **ticket, - krb5_keyblock **keyblock) -{ - krb5_rd_req_in_ctx in = NULL; - krb5_rd_req_out_ctx out = NULL; - krb5_error_code kret; - - *keyblock = NULL; - *ticket = NULL; - outbuf->length = 0; - outbuf->data = NULL; - - kret = krb5_rd_req_in_ctx_alloc(context, &in); - if (kret == 0) - kret = krb5_rd_req_in_set_keytab(context, in, keytab); - if (kret) { - if (in) - krb5_rd_req_in_ctx_free(context, in); - return kret; - } - - kret = krb5_rd_req_ctx(context, - auth_context, - inbuf, - acceptor_principal, - in, &out); - krb5_rd_req_in_ctx_free(context, in); - if (kret) { - return kret; - } - - /* - * We need to remember some data on the context_handle. - */ - kret = krb5_rd_req_out_get_ticket(context, out, - ticket); - if (kret == 0) { - kret = krb5_rd_req_out_get_keyblock(context, out, - keyblock); - } - krb5_rd_req_out_ctx_free(context, out); - - if (kret == 0) { - kret = krb5_mk_rep(context, *auth_context, outbuf); - } - - if (kret) { - krb5_free_ticket(context, *ticket); - krb5_free_keyblock(context, *keyblock); - krb5_data_free(outbuf); - } - - return kret; -} - diff --git a/source4/auth/kerberos/wscript_build b/source4/auth/kerberos/wscript_build index 8f2900be5c..aef7fc6605 100755 --- a/source4/auth/kerberos/wscript_build +++ b/source4/auth/kerberos/wscript_build @@ -6,7 +6,7 @@ bld.SAMBA_SUBSYSTEM('KRB_INIT_CTX', ) bld.SAMBA_LIBRARY('authkrb5', - source='kerberos_heimdal.c kerberos_pac.c keytab_copy.c', + source='kerberos_pac.c keytab_copy.c', autoproto='proto.h', public_deps='ndr-krb5pac krb5samba samba_socket LIBCLI_RESOLVE asn1', deps='auth_sam_reply tevent LIBPACKET ndr ldb krb5samba KRB_INIT_CTX KRB5_PAC errors', -- cgit