From 60e1aa701c18a0871d94f74f565b9abaa41c0de9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 3 Jan 2012 00:52:06 +0100 Subject: [PATCH] s3-build: Rework object lists to allow gse gensec module This also allows the spnego_parse_krb5_wrap() function to be shared. Andrew Bartlett Signed-off-by: Stefan Metzmacher --- source3/Makefile.in | 61 ++++++++++++++++++++------------------- source3/utils/ntlm_auth.c | 39 ------------------------- source3/wscript_build | 13 +++++---- 3 files changed, 40 insertions(+), 73 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index 318067ff026b..69f4786695a2 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -555,9 +555,12 @@ LIBSMB_OBJ0 = \ ../lib/util/asn1.o \ ../libcli/auth/spnego_parse.o \ ../libcli/auth/ntlm_check.o \ + ../libcli/auth/krb5_wrap.o \ libsmb/ntlmssp.o \ libsmb/ntlmssp_wrap.o \ libsmb/auth_generic.o \ + libsmb/clikrb5.o \ + libsmb/clispnego.o \ ../auth/gensec/gensec.o \ ../auth/gensec/gensec_start.o \ ../auth/gensec/gensec_util.o \ @@ -594,7 +597,6 @@ SCHANNEL_OBJ = ../libcli/auth/credentials.o \ $(LIBNDR_SCHANNEL_OBJ) LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ - libsmb/clikrb5.o ../libcli/auth/krb5_wrap.o libsmb/clispnego.o \ libsmb/reparse_symlink.o \ libsmb/clisymlink.o \ libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \ @@ -1015,7 +1017,7 @@ NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ - $(LIBNDR_GEN_OBJ0) + $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) SWAT_OBJ1 = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ web/swat.o web/neg_lang.o @@ -1067,10 +1069,10 @@ SMBPASSWD_OBJ = utils/smbpasswd.o $(PASSWD_UTIL_OBJ) $(PASSCHANGE_OBJ) \ rpc_client/init_lsa.o PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) \ - $(LIBSAMBA_OBJ) \ + $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ + $(AFS_SETTOKEN_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \ $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \ - $(LIBCLI_LDAP_NDR_OBJ) \ - $(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \ $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ1) @@ -1246,8 +1248,8 @@ NET_OBJ = $(NET_OBJ1) \ $(LIB_EVENTLOG_OBJ) CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ - $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \ - $(LIBNDR_GEN_OBJ0) + $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \ + $(AFS_SETTOKEN_OBJ) $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) \ $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ) @@ -1277,23 +1279,23 @@ SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) $(TLDAP_OBJ) \ $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ) MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ - $(LIB_NONSMBD_OBJ) \ - $(LIBNDR_GEN_OBJ0) + $(LIB_NONSMBD_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_ERR_OBJ) \ $(LIB_NONSMBD_OBJ) \ $(LIBNDR_GEN_OBJ0) LOCKTEST_OBJ = torture/locktest.o $(PARAM_OBJ) $(LOCKING_OBJ) $(KRBCLIENT_OBJ) \ - $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) \ - $(LIBNDR_GEN_OBJ0) $(FNAME_UTIL_OBJ) + $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(FNAME_UTIL_OBJ) NSSTEST_OBJ = ../nsswitch/nsstest.o $(LIBSAMBAUTIL_OBJ) PDBTEST_OBJ = torture/pdbtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ $(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ $(SMBLDAP_OBJ) $(POPT_LIB_OBJ) \ - $(LIBNDR_GEN_OBJ0) + $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ) @@ -1301,7 +1303,7 @@ LOG2PCAP_OBJ = utils/log2pcaphex.o LOCKTEST2_OBJ = torture/locktest2.o $(PARAM_OBJ) $(LOCKING_OBJ) $(LIBSMB_OBJ) \ $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \ - $(LIBNDR_GEN_OBJ0) $(FNAME_UTIL_OBJ) + $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(FNAME_UTIL_OBJ) SMBCACLS_OBJ = utils/smbcacls.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \ @@ -1341,8 +1343,8 @@ REPLACETORT_OBJ = @libreplacedir@/test/testsuite.o \ DEBUG2HTML_OBJ = utils/debug2html.o utils/debugparse.o SMBFILTER_OBJ = utils/smbfilter.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ - $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ - $(LIBNDR_GEN_OBJ0) + $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) WINBIND_WINS_NSS_OBJ = ../nsswitch/wins.o $(PARAM_OBJ) \ $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNMB_OBJ) @@ -1350,8 +1352,10 @@ WINBIND_WINS_NSS_OBJ = ../nsswitch/wins.o $(PARAM_OBJ) \ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \ pam_smbpass/pam_smb_acct.o pam_smbpass/support.o PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) \ - $(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \ + $(SMBLDAP_OBJ) \ + $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ + $(AFS_SETTOKEN_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \ $(PAM_ERRORS_OBJ) IDMAP_RW_OBJ = winbindd/idmap_rw.o @@ -1494,9 +1498,10 @@ WINBINDD_OBJ = \ rpc_client/init_samr.o \ $(PAM_ERRORS_OBJ) -WBINFO_OBJ = ../nsswitch/wbinfo.o $(LIBSAMBA_OBJ) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ +WBINFO_OBJ = ../nsswitch/wbinfo.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ + $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ $(POPT_LIB_OBJ) $(AFS_SETTOKEN_OBJ) \ - lib/winbind_util.o $(WBCOMMON_OBJ) + lib/winbind_util.o $(WBCOMMON_OBJ) $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) WINBIND_NSS_OBJ = $(WBCOMMON_OBJ) $(LIBREPLACE_OBJ) @WINBIND_NSS_EXTRA_OBJS@ @@ -1527,17 +1532,15 @@ TDBTORTURE_OBJ = @tdbdir@/tools/tdbtorture.o $(LIBREPLACE_OBJ) \ NTLM_AUTH_OBJ1 = utils/ntlm_auth.o utils/ntlm_auth_diagnostics.o -NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) $(POPT_LIB_OBJ) \ - libsmb/clikrb5.o ../libcli/auth/krb5_wrap.o libads/kerberos.o \ +NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} \ libsmb/samlogon_cache.o \ $(LIBADS_SERVER_OBJ) \ $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(SMBLDAP_OBJ) $(LIBNMB_OBJ) \ $(WBCOMMON_OBJ) \ - $(LIBNBT_OBJ) \ - $(CLDAP_OBJ) \ - $(DRSUAPI_OBJ) \ - $(LIBNDR_GEN_OBJ0) $(LIBNDR_NETLOGON_OBJ) @BUILD_INIPARSER@ + $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ + $(AFS_SETTOKEN_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \ + $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) @BUILD_INIPARSER@ VLP_OBJ = printing/tests/vlp.o \ @@ -3144,10 +3147,10 @@ bin/ntlm_auth@EXEEXT@: $(BINARY_PREREQS) $(NTLM_AUTH_OBJ) $(PARAM_OBJ) \ $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) @INIPARSERLIBS@ -bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) $(LIBCLI_LDAP_NDR_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) $(LIBTDB) +bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) $(LIBTDB) @echo "Linking shared library $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) $(LIBCLI_LDAP_NDR_OBJ) -lpam $(DYNEXP) \ - $(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) \ + @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) -lpam $(DYNEXP) \ + $(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(KRB5LIBS) $(ZLIB_LIBS) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) bin/tdbbackup@EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) $(LIBTALLOC) $(LIBTDB) diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 00c7d4dbba06..ff9b60ed0f6a 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1232,45 +1232,6 @@ static void offer_gss_spnego_mechs(void) { return; } -bool spnego_parse_krb5_wrap(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]) -{ - bool ret; - ASN1_DATA *data; - int data_remaining; - - data = asn1_init(talloc_tos()); - if (data == NULL) { - return false; - } - - asn1_load(data, blob); - asn1_start_tag(data, ASN1_APPLICATION(0)); - asn1_check_OID(data, OID_KERBEROS5); - - data_remaining = asn1_tag_remaining(data); - - if (data_remaining < 3) { - data->has_error = True; - } else { - asn1_read(data, tok_id, 2); - data_remaining -= 2; - *ticket = data_blob_talloc(ctx, NULL, data_remaining); - asn1_read(data, ticket->data, ticket->length); - } - - asn1_end_tag(data); - - ret = !data->has_error; - - if (data->has_error) { - data_blob_free(ticket); - } - - asn1_free(data); - - return ret; -} - static void manage_gss_spnego_request(struct ntlm_auth_state *state, char *buf, int length) { diff --git a/source3/wscript_build b/source3/wscript_build index 5a13ccf56295..89e312e4004a 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -147,8 +147,6 @@ LIBSMB_SRC = '''libsmb/clientgen.c libsmb/cliconnect.c libsmb/clifile.c LIBMSRPC_SRC = ''' rpc_client/cli_pipe.c - librpc/crypto/gse_krb5.c - librpc/crypto/gse.c librpc/crypto/cli_spnego.c librpc/rpc/rpc_common.c rpc_client/rpc_transport_np.c @@ -688,11 +686,16 @@ bld.SAMBA3_LIBRARY('nss_wins', realname='libnss_wins.so.2', vnum='2') +bld.SAMBA3_LIBRARY('gse', + source='librpc/crypto/gse_krb5.c librpc/crypto/gse.c', + deps='KRB5_WRAP gensec param KRBCLIENT SECRETS3', + private_library=True) + bld.SAMBA3_LIBRARY('msrpc3', source='${LIBMSRPC_SRC}', deps='''ndr ndr-standard RPC_NDR_EPMAPPER NTLMSSP_COMMON COMMON_SCHANNEL LIBCLI_AUTH - LIBTSOCKET KRB5_WRAP dcerpc-binding + LIBTSOCKET gse dcerpc-binding libsmb''', vars=locals(), private_library=True) @@ -801,7 +804,7 @@ bld.SAMBA3_LIBRARY('util_cmdline', bld.SAMBA3_SUBSYSTEM('KRBCLIENT', source=KRBCLIENT_SRC, - public_deps='KRB5_WRAP k5crypto LIBTSOCKET CLDAP', + public_deps='KRB5_WRAP k5crypto LIBTSOCKET CLDAP LIBNMB', vars=locals()) bld.SAMBA3_SUBSYSTEM('samba3util', @@ -1379,7 +1382,7 @@ bld.SAMBA3_BINARY('ntlm_auth' + bld.env.suffix3, deps='''tdb_compat talloc cap KRB5_WRAP k5crypto wbclient param smbd_shim samba3core LIBNTLMSSP popt_samba3 asn1util LIBTSOCKET pdb winbind-client LIBINIPARSER LIBADS_SERVER - NDR_SAMR NDR_LSA NDR_NETLOGON cli-ldap-common LIBNMB SLCACHE SPNEGO_PARSE KRBCLIENT''', + NDR_SAMR NDR_LSA NDR_NETLOGON cli-ldap-common LIBNMB SLCACHE SPNEGO_PARSE KRBCLIENT libsmb''', vars=locals()) bld.SAMBA3_BINARY('timelimit', -- 2.34.1