summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2012-04-20 13:14:30 -0400
committerSimo Sorce <idra@samba.org>2012-04-23 16:40:05 -0400
commit110dad8c9eb95e6729e589b52ef204d369803bdb (patch)
tree89703746eb0c7f86efbd70c92d18acd6b7b3b5d9 /source4
parent090f9072da6974b506901547c0091e3e1b8a11cc (diff)
downloadsamba-110dad8c9eb95e6729e589b52ef204d369803bdb.tar.gz
Make krb5 context initialization not heimdal specific
Turn the logging data to an opaque pointer. Ifdef code and use MIT logging function when built against system MIT.
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/kerberos/krb5_init_context.c72
-rw-r--r--source4/auth/kerberos/krb5_init_context.h4
-rw-r--r--source4/kdc/kdc.c2
3 files changed, 55 insertions, 23 deletions
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index fbcaad29d96..e3c0876f1a6 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -30,7 +30,7 @@
#include "param/param.h"
#include "libcli/resolve/resolve.h"
#include "../lib/tsocket/tsocket.h"
-
+#include "krb5_init_context.h"
/*
context structure for operations on cldap packets
*/
@@ -52,9 +52,17 @@ struct smb_krb5_socket {
static krb5_error_code smb_krb5_context_destroy(struct smb_krb5_context *ctx)
{
- /* Otherwise krb5_free_context will try and close what we have already free()ed */
- krb5_set_warn_dest(ctx->krb5_context, NULL);
- krb5_closelog(ctx->krb5_context, ctx->logf);
+#ifdef SAMBA4_USES_HEIMDAL
+ if (ctx->pvt_log_data) {
+ /* Otherwise krb5_free_context will try and close what we
+ * have already free()ed */
+ krb5_set_warn_dest(ctx->krb5_context, NULL);
+ krb5_closelog(ctx->krb5_context,
+ (krb5_log_facility *)ctx->pvt_log_data);
+ }
+#else
+ krb5_set_trace_callback(ctx->krb5_context, NULL, NULL);
+#endif
krb5_free_context(ctx->krb5_context);
return 0;
}
@@ -64,10 +72,19 @@ static void smb_krb5_debug_close(void *private_data) {
return;
}
+#ifdef SAMBA4_USES_HEIMDAL
static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private_data)
{
DEBUG(3, ("Kerberos: %s\n", msg));
}
+#else
+static void smb_krb5_debug_wrapper(krb5_context context,
+ const struct krb5_trace_info *info,
+ void *cb_data)
+{
+ DEBUG(3, ("Kerberos: %s\n", info->message));
+}
+#endif
/*
handle recv events on a smb_krb5 socket
@@ -461,6 +478,10 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
{
krb5_error_code ret;
TALLOC_CTX *tmp_ctx;
+ krb5_context kctx;
+#ifdef SAMBA4_USES_HEIMDAL
+ krb5_log_facility *logf;
+#endif
initialize_krb5_error_table();
@@ -472,37 +493,39 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
return ENOMEM;
}
- ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx,
- &(*smb_krb5_context)->krb5_context);
+ ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx, &kctx);
if (ret) {
DEBUG(1,("smb_krb5_context_init_basic failed (%s)\n",
error_message(ret)));
talloc_free(tmp_ctx);
return ret;
}
+ (*smb_krb5_context)->krb5_context = kctx;
+ talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy);
+
+#ifdef SAMBA4_USES_HEIMDAL
/* TODO: Should we have a different name here? */
- ret = krb5_initlog((*smb_krb5_context)->krb5_context, "Samba", &(*smb_krb5_context)->logf);
+ ret = krb5_initlog(kctx, "Samba", &logf);
if (ret) {
DEBUG(1,("krb5_initlog failed (%s)\n",
- smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
- krb5_free_context((*smb_krb5_context)->krb5_context);
+ smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
talloc_free(tmp_ctx);
return ret;
}
+ (*smb_krb5_context)->pvt_log_data = logf;
- talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy);
-
- ret = krb5_addlog_func((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf, 0 /* min */, -1 /* max */,
- smb_krb5_debug_wrapper, smb_krb5_debug_close, NULL);
+ ret = krb5_addlog_func(kctx, logf, 0 /* min */, -1 /* max */,
+ smb_krb5_debug_wrapper,
+ smb_krb5_debug_close, NULL);
if (ret) {
DEBUG(1,("krb5_addlog_func failed (%s)\n",
- smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
+ smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
talloc_free(tmp_ctx);
return ret;
}
- krb5_set_warn_dest((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf);
+ krb5_set_warn_dest(kctx, logf);
/* Set use of our socket lib */
if (ev) {
@@ -515,13 +538,22 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
}
}
- talloc_steal(parent_ctx, *smb_krb5_context);
- talloc_free(tmp_ctx);
-
/* Set options in kerberos */
- krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context,
- lpcfg_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
+ krb5_set_dns_canonicalize_hostname(kctx,
+ lpcfg_parm_bool(lp_ctx, NULL, "krb5",
+ "set_dns_canonicalize", false));
+#else
+ ret = krb5_set_trace_callback(kctx, smb_krb5_debug_wrapper, NULL);
+ if (ret && ret != KRB5_TRACE_NOSUPP) {
+ DEBUG(1, ("krb5_set_trace_callback failed (%s)\n"
+ smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+#endif
+ talloc_steal(parent_ctx, *smb_krb5_context);
+ talloc_free(tmp_ctx);
return 0;
}
diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h
index 835438cc5b1..24ae374cd71 100644
--- a/source4/auth/kerberos/krb5_init_context.h
+++ b/source4/auth/kerberos/krb5_init_context.h
@@ -22,10 +22,10 @@
struct smb_krb5_context {
krb5_context krb5_context;
- krb5_log_facility *logf;
+ void *pvt_log_data;
struct tevent_context *current_ev;
};
-
+
struct tevent_context;
struct loadparm_context;
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index d1ce527b24a..5424d213e89 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -932,7 +932,7 @@ static void kdc_task_init(struct task_server *task)
return;
}
- kdc->config->logf = kdc->smb_krb5_context->logf;
+ kdc->config->logf = (krb5_log_facility *)kdc->smb_krb5_context->pvt_log_data;
kdc->config->db = talloc(kdc, struct HDB *);
if (!kdc->config->db) {
task_server_terminate(task, "kdc: out of memory", true);