diff options
author | Simo Sorce <idra@samba.org> | 2012-04-20 13:14:30 -0400 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2012-04-23 16:40:05 -0400 |
commit | 110dad8c9eb95e6729e589b52ef204d369803bdb (patch) | |
tree | 89703746eb0c7f86efbd70c92d18acd6b7b3b5d9 /source4 | |
parent | 090f9072da6974b506901547c0091e3e1b8a11cc (diff) | |
download | samba-110dad8c9eb95e6729e589b52ef204d369803bdb.tar.gz |
Make krb5 context initialization not heimdal specific
Turn the logging data to an opaque pointer.
Ifdef code and use MIT logging function when built against system MIT.
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/kerberos/krb5_init_context.c | 72 | ||||
-rw-r--r-- | source4/auth/kerberos/krb5_init_context.h | 4 | ||||
-rw-r--r-- | source4/kdc/kdc.c | 2 |
3 files changed, 55 insertions, 23 deletions
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index fbcaad29d96..e3c0876f1a6 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -30,7 +30,7 @@ #include "param/param.h" #include "libcli/resolve/resolve.h" #include "../lib/tsocket/tsocket.h" - +#include "krb5_init_context.h" /* context structure for operations on cldap packets */ @@ -52,9 +52,17 @@ struct smb_krb5_socket { static krb5_error_code smb_krb5_context_destroy(struct smb_krb5_context *ctx) { - /* Otherwise krb5_free_context will try and close what we have already free()ed */ - krb5_set_warn_dest(ctx->krb5_context, NULL); - krb5_closelog(ctx->krb5_context, ctx->logf); +#ifdef SAMBA4_USES_HEIMDAL + if (ctx->pvt_log_data) { + /* Otherwise krb5_free_context will try and close what we + * have already free()ed */ + krb5_set_warn_dest(ctx->krb5_context, NULL); + krb5_closelog(ctx->krb5_context, + (krb5_log_facility *)ctx->pvt_log_data); + } +#else + krb5_set_trace_callback(ctx->krb5_context, NULL, NULL); +#endif krb5_free_context(ctx->krb5_context); return 0; } @@ -64,10 +72,19 @@ static void smb_krb5_debug_close(void *private_data) { return; } +#ifdef SAMBA4_USES_HEIMDAL static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private_data) { DEBUG(3, ("Kerberos: %s\n", msg)); } +#else +static void smb_krb5_debug_wrapper(krb5_context context, + const struct krb5_trace_info *info, + void *cb_data) +{ + DEBUG(3, ("Kerberos: %s\n", info->message)); +} +#endif /* handle recv events on a smb_krb5 socket @@ -461,6 +478,10 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, { krb5_error_code ret; TALLOC_CTX *tmp_ctx; + krb5_context kctx; +#ifdef SAMBA4_USES_HEIMDAL + krb5_log_facility *logf; +#endif initialize_krb5_error_table(); @@ -472,37 +493,39 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, return ENOMEM; } - ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx, - &(*smb_krb5_context)->krb5_context); + ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx, &kctx); if (ret) { DEBUG(1,("smb_krb5_context_init_basic failed (%s)\n", error_message(ret))); talloc_free(tmp_ctx); return ret; } + (*smb_krb5_context)->krb5_context = kctx; + talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy); + +#ifdef SAMBA4_USES_HEIMDAL /* TODO: Should we have a different name here? */ - ret = krb5_initlog((*smb_krb5_context)->krb5_context, "Samba", &(*smb_krb5_context)->logf); + ret = krb5_initlog(kctx, "Samba", &logf); if (ret) { DEBUG(1,("krb5_initlog failed (%s)\n", - smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx))); - krb5_free_context((*smb_krb5_context)->krb5_context); + smb_get_krb5_error_message(kctx, ret, tmp_ctx))); talloc_free(tmp_ctx); return ret; } + (*smb_krb5_context)->pvt_log_data = logf; - talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy); - - ret = krb5_addlog_func((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf, 0 /* min */, -1 /* max */, - smb_krb5_debug_wrapper, smb_krb5_debug_close, NULL); + ret = krb5_addlog_func(kctx, logf, 0 /* min */, -1 /* max */, + smb_krb5_debug_wrapper, + smb_krb5_debug_close, NULL); if (ret) { DEBUG(1,("krb5_addlog_func failed (%s)\n", - smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx))); + smb_get_krb5_error_message(kctx, ret, tmp_ctx))); talloc_free(tmp_ctx); return ret; } - krb5_set_warn_dest((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf); + krb5_set_warn_dest(kctx, logf); /* Set use of our socket lib */ if (ev) { @@ -515,13 +538,22 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, } } - talloc_steal(parent_ctx, *smb_krb5_context); - talloc_free(tmp_ctx); - /* Set options in kerberos */ - krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context, - lpcfg_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false)); + krb5_set_dns_canonicalize_hostname(kctx, + lpcfg_parm_bool(lp_ctx, NULL, "krb5", + "set_dns_canonicalize", false)); +#else + ret = krb5_set_trace_callback(kctx, smb_krb5_debug_wrapper, NULL); + if (ret && ret != KRB5_TRACE_NOSUPP) { + DEBUG(1, ("krb5_set_trace_callback failed (%s)\n" + smb_get_krb5_error_message(kctx, ret, tmp_ctx))); + talloc_free(tmp_ctx); + return ret; + } +#endif + talloc_steal(parent_ctx, *smb_krb5_context); + talloc_free(tmp_ctx); return 0; } diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h index 835438cc5b1..24ae374cd71 100644 --- a/source4/auth/kerberos/krb5_init_context.h +++ b/source4/auth/kerberos/krb5_init_context.h @@ -22,10 +22,10 @@ struct smb_krb5_context { krb5_context krb5_context; - krb5_log_facility *logf; + void *pvt_log_data; struct tevent_context *current_ev; }; - + struct tevent_context; struct loadparm_context; diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index d1ce527b24a..5424d213e89 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -932,7 +932,7 @@ static void kdc_task_init(struct task_server *task) return; } - kdc->config->logf = kdc->smb_krb5_context->logf; + kdc->config->logf = (krb5_log_facility *)kdc->smb_krb5_context->pvt_log_data; kdc->config->db = talloc(kdc, struct HDB *); if (!kdc->config->db) { task_server_terminate(task, "kdc: out of memory", true); |