From 40ba91ecc110dc8ae863a8786d0369c5a321e6b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 20 Sep 2011 14:13:36 +0200 Subject: [PATCH 1/3] s3-docs: document -k switch in net manpage. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Autobuild-User: Günther Deschner Autobuild-Date: Tue Sep 20 15:47:00 CEST 2011 on sn-devel-104 (cherry picked from commit 8dda773bd7eea1d163282b1f3c5e90cbff8a1003) --- docs-xml/manpages-3/net.8.xml | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index fac9ba6..5c16408 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -61,6 +61,7 @@ &stdarg.help; + &stdarg.kerberos; -w target-workgroup -- 1.7.6.2 From dfefd3da32f5727d75cbe430205ff8d27b86a54c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 21 Sep 2011 17:28:58 +0200 Subject: [PATCH 2/3] s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin. We force using a MEMORY ccache though in the wkssvc server. Guenther --- source3/libnet/libnet_join.c | 30 ----------------------------- source3/rpc_server/wkssvc/srv_wkssvc_nt.c | 4 +++ 2 files changed, 4 insertions(+), 30 deletions(-) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6750120..25f1adc 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1764,17 +1764,10 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) { - const char *krb5_cc_env = NULL; - if (r->in.ads) { ads_destroy(&r->in.ads); } - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (krb5_cc_env && StrCaseCmp(krb5_cc_env, "MEMORY:libnetjoin")) { - unsetenv(KRB5_ENV_CCNAME); - } - return 0; } @@ -1783,17 +1776,10 @@ static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r) { - const char *krb5_cc_env = NULL; - if (r->in.ads) { ads_destroy(&r->in.ads); } - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (krb5_cc_env && StrCaseCmp(krb5_cc_env, "MEMORY:libnetjoin")) { - unsetenv(KRB5_ENV_CCNAME); - } - return 0; } @@ -1804,7 +1790,6 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx **r) { struct libnet_JoinCtx *ctx; - const char *krb5_cc_env = NULL; ctx = talloc_zero(mem_ctx, struct libnet_JoinCtx); if (!ctx) { @@ -1816,13 +1801,6 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { - krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin"); - W_ERROR_HAVE_NO_MEMORY(krb5_cc_env); - setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1); - } - ctx->in.secure_channel_type = SEC_CHAN_WKSTA; *r = ctx; @@ -1837,7 +1815,6 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx **r) { struct libnet_UnjoinCtx *ctx; - const char *krb5_cc_env = NULL; ctx = talloc_zero(mem_ctx, struct libnet_UnjoinCtx); if (!ctx) { @@ -1849,13 +1826,6 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { - krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin"); - W_ERROR_HAVE_NO_MEMORY(krb5_cc_env); - setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1); - } - *r = ctx; return WERR_OK; diff --git a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c index 0dd89ae..247f9ff 100644 --- a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c +++ b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c @@ -867,7 +867,9 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p, j->in.msg_ctx = p->msg_ctx; become_root(); + setenv(KRB5_ENV_CCNAME, "MEMORY:_wkssvc_NetrJoinDomain2", 1); werr = libnet_Join(p->mem_ctx, j); + unsetenv(KRB5_ENV_CCNAME); unbecome_root(); if (!W_ERROR_IS_OK(werr)) { @@ -933,7 +935,9 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p, u->in.msg_ctx = p->msg_ctx; become_root(); + setenv(KRB5_ENV_CCNAME, "MEMORY:_wkssvc_NetrUnjoinDomain2", 1); werr = libnet_Unjoin(p->mem_ctx, u); + unsetenv(KRB5_ENV_CCNAME); unbecome_root(); if (!W_ERROR_IS_OK(werr)) { -- 1.7.6.2 From 86773b743993605ef3d5f4530f9cc53437481294 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Mon, 26 Sep 2011 16:25:12 +0200 Subject: [PATCH 3/3] s3-netapi: allow to use default krb5 credential cache for libnetapi users. Guenther --- source3/lib/netapi/netapi.c | 24 +++++++++++++++++------- source3/lib/netapi/netapi.h | 6 ++++++ 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c index c04ca70..dc42049 100644 --- a/source3/lib/netapi/netapi.c +++ b/source3/lib/netapi/netapi.c @@ -103,7 +103,6 @@ NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context) { NET_API_STATUS status; struct libnetapi_ctx *ctx = NULL; - char *krb5_cc_env = NULL; frame = talloc_stackframe(); @@ -115,12 +114,6 @@ NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context) BlockSignals(True, SIGPIPE); - krb5_cc_env = getenv(KRB5_ENV_CCNAME); - if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { - ctx->krb5_cc_env = talloc_strdup(frame, "MEMORY:libnetapi"); - setenv(KRB5_ENV_CCNAME, ctx->krb5_cc_env, 1); - } - if (getenv("USER")) { ctx->username = talloc_strdup(frame, getenv("USER")); } else { @@ -266,6 +259,23 @@ NET_API_STATUS libnetapi_set_use_kerberos(struct libnetapi_ctx *ctx) return NET_API_STATUS_SUCCESS; } +/**************************************************************** +****************************************************************/ + +NET_API_STATUS libnetapi_set_use_memory_krb5_ccache(struct libnetapi_ctx *ctx) +{ + ctx->krb5_cc_env = talloc_strdup(ctx, "MEMORY:libnetapi"); + if (!ctx->krb5_cc_env) { + return W_ERROR_V(WERR_NOMEM); + } + setenv(KRB5_ENV_CCNAME, ctx->krb5_cc_env, 1); + ctx->use_memory_krb5_ccache = 1; + return NET_API_STATUS_SUCCESS; +} + +/**************************************************************** +****************************************************************/ + NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx) { ctx->use_ccache = true; diff --git a/source3/lib/netapi/netapi.h b/source3/lib/netapi/netapi.h index 9e1549d..a55dc5e 100644 --- a/source3/lib/netapi/netapi.h +++ b/source3/lib/netapi/netapi.h @@ -1356,6 +1356,7 @@ struct libnetapi_ctx { char *krb5_cc_env; int use_kerberos; int use_ccache; + int use_memory_krb5_ccache; int disable_policy_handle_cache; void *private_data; @@ -1408,6 +1409,11 @@ NET_API_STATUS libnetapi_set_use_kerberos(struct libnetapi_ctx *ctx); /**************************************************************** ****************************************************************/ +NET_API_STATUS libnetapi_set_use_memory_krb5_ccache(struct libnetapi_ctx *ctx); + +/**************************************************************** +****************************************************************/ + NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx); /**************************************************************** -- 1.7.6.2