The branch, v3-5-test has been updated via 52e5c80 s3-netapi: allow to use default krb5 credential cache for libnetapi users. via 01f30f5 s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin. from da08c8a s3: Fix bug 7844: Race in winbind
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log ----------------------------------------------------------------- commit 52e5c8002f1ccd417eaf56f0c1c9abb9d13bb7d6 Author: Günther Deschner <g...@samba.org> Date: Wed Sep 21 17:47:27 2011 +0200 s3-netapi: allow to use default krb5 credential cache for libnetapi users. Guenther commit 01f30f5c3e690956f1bd85006c88b6d79e63a1c7 Author: Günther Deschner <g...@samba.org> Date: Wed Sep 21 17:28:58 2011 +0200 s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin. We force using a MEMORY ccache though in the wkssvc server. Guenther ----------------------------------------------------------------------- Summary of changes: source3/lib/netapi/netapi.c | 24 +++++++++++++++++------- source3/lib/netapi/netapi.h | 6 ++++++ source3/libnet/libnet_join.c | 30 ------------------------------ source3/rpc_server/srv_wkssvc_nt.c | 4 ++++ 4 files changed, 27 insertions(+), 37 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c index bde6fd8..34a88a9 100644 --- a/source3/lib/netapi/netapi.c +++ b/source3/lib/netapi/netapi.c @@ -55,7 +55,6 @@ NET_API_STATUS libnetapi_init(struct libnetapi_ctx **context) { NET_API_STATUS status; struct libnetapi_ctx *ctx = NULL; - char *krb5_cc_env = NULL; if (stat_ctx && libnetapi_initialized) { *context = stat_ctx; @@ -101,12 +100,6 @@ NET_API_STATUS libnetapi_init(struct libnetapi_ctx **context) BlockSignals(True, SIGPIPE); - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { - ctx->krb5_cc_env = talloc_strdup(frame, "MEMORY:libnetapi"); - setenv(KRB5_ENV_CCNAME, ctx->krb5_cc_env, 1); - } - if (getenv("USER")) { ctx->username = talloc_strdup(frame, getenv("USER")); } else { @@ -250,6 +243,23 @@ NET_API_STATUS libnetapi_set_use_kerberos(struct libnetapi_ctx *ctx) return NET_API_STATUS_SUCCESS; } +/**************************************************************** +****************************************************************/ + +NET_API_STATUS libnetapi_set_use_memory_krb5_ccache(struct libnetapi_ctx *ctx) +{ + ctx->krb5_cc_env = talloc_strdup(ctx, "MEMORY:libnetapi"); + if (!ctx->krb5_cc_env) { + return W_ERROR_V(WERR_NOMEM); + } + setenv(KRB5_ENV_CCNAME, ctx->krb5_cc_env, 1); + ctx->use_memory_krb5_ccache = 1; + return NET_API_STATUS_SUCCESS; +} + +/**************************************************************** +****************************************************************/ + NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx) { ctx->use_ccache = true; diff --git a/source3/lib/netapi/netapi.h b/source3/lib/netapi/netapi.h index 8976ebd..069d526 100644 --- a/source3/lib/netapi/netapi.h +++ b/source3/lib/netapi/netapi.h @@ -1319,6 +1319,7 @@ struct libnetapi_ctx { char *krb5_cc_env; int use_kerberos; int use_ccache; + int use_memory_krb5_ccache; int disable_policy_handle_cache; void *private_data; @@ -1376,6 +1377,11 @@ NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx); /**************************************************************** ****************************************************************/ +NET_API_STATUS libnetapi_set_use_memory_krb5_ccache(struct libnetapi_ctx *ctx); + +/**************************************************************** +****************************************************************/ + const char *libnetapi_errstr(NET_API_STATUS status); /**************************************************************** diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index f14bffd..8522c17 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1620,17 +1620,10 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) { - const char *krb5_cc_env = NULL; - if (r->in.ads) { ads_destroy(&r->in.ads); } - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (krb5_cc_env && StrCaseCmp(krb5_cc_env, "MEMORY:libnetjoin")) { - unsetenv(KRB5_ENV_CCNAME); - } - return 0; } @@ -1639,17 +1632,10 @@ static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r) { - const char *krb5_cc_env = NULL; - if (r->in.ads) { ads_destroy(&r->in.ads); } - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (krb5_cc_env && StrCaseCmp(krb5_cc_env, "MEMORY:libnetjoin")) { - unsetenv(KRB5_ENV_CCNAME); - } - return 0; } @@ -1660,7 +1646,6 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx **r) { struct libnet_JoinCtx *ctx; - const char *krb5_cc_env = NULL; ctx = talloc_zero(mem_ctx, struct libnet_JoinCtx); if (!ctx) { @@ -1672,13 +1657,6 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { - krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin"); - W_ERROR_HAVE_NO_MEMORY(krb5_cc_env); - setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1); - } - ctx->in.secure_channel_type = SEC_CHAN_WKSTA; *r = ctx; @@ -1693,7 +1671,6 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx **r) { struct libnet_UnjoinCtx *ctx; - const char *krb5_cc_env = NULL; ctx = talloc_zero(mem_ctx, struct libnet_UnjoinCtx); if (!ctx) { @@ -1705,13 +1682,6 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { - krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin"); - W_ERROR_HAVE_NO_MEMORY(krb5_cc_env); - setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1); - } - *r = ctx; return WERR_OK; diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index d7f3f82..2367f55 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -845,7 +845,9 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, j->in.msg_ctx = smbd_messaging_context(); become_root(); + setenv(KRB5_ENV_CCNAME, "MEMORY:_wkssvc_NetrJoinDomain2", 1); werr = libnet_Join(p->mem_ctx, j); + unsetenv(KRB5_ENV_CCNAME); unbecome_root(); if (!W_ERROR_IS_OK(werr)) { @@ -911,7 +913,9 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, u->in.msg_ctx = smbd_messaging_context(); become_root(); + setenv(KRB5_ENV_CCNAME, "MEMORY:_wkssvc_NetrUnjoinDomain2", 1); werr = libnet_Unjoin(p->mem_ctx, u); + unsetenv(KRB5_ENV_CCNAME); unbecome_root(); if (!W_ERROR_IS_OK(werr)) { -- Samba Shared Repository