The Samba-Bugzilla – Attachment 6938 Details for
Bug 7465
net ads join -k didn't work if KRB5CCNAME is not set
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
v3-6-test.patch
samba-3.5.11-joinkrb5.patch-36 (text/plain), 7.59 KB, created by
Guenther Deschner
on 2011-09-26 14:26:42 UTC
(
hide
)
Description:
v3-6-test.patch
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2011-09-26 14:26:42 UTC
Size:
7.59 KB
patch
obsolete
>From 40ba91ecc110dc8ae863a8786d0369c5a321e6b3 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Tue, 20 Sep 2011 14:13:36 +0200 >Subject: [PATCH 1/3] s3-docs: document -k switch in net manpage. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Autobuild-User: Günther Deschner <gd@samba.org> >Autobuild-Date: Tue Sep 20 15:47:00 CEST 2011 on sn-devel-104 >(cherry picked from commit 8dda773bd7eea1d163282b1f3c5e90cbff8a1003) >--- > docs-xml/manpages-3/net.8.xml | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > >diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml >index fac9ba6..5c16408 100644 >--- a/docs-xml/manpages-3/net.8.xml >+++ b/docs-xml/manpages-3/net.8.xml >@@ -61,6 +61,7 @@ > > <variablelist> > &stdarg.help; >+ &stdarg.kerberos; > > <varlistentry> > <term>-w target-workgroup</term> >-- >1.7.6.2 > > >From dfefd3da32f5727d75cbe430205ff8d27b86a54c Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 21 Sep 2011 17:28:58 +0200 >Subject: [PATCH 2/3] s3-libnet: allow to use default krb5 ccache in > libnet_Join/libnet_Unjoin. > >We force using a MEMORY ccache though in the wkssvc server. > >Guenther >--- > source3/libnet/libnet_join.c | 30 ----------------------------- > source3/rpc_server/wkssvc/srv_wkssvc_nt.c | 4 +++ > 2 files changed, 4 insertions(+), 30 deletions(-) > >diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c >index 6750120..25f1adc 100644 >--- a/source3/libnet/libnet_join.c >+++ b/source3/libnet/libnet_join.c >@@ -1764,17 +1764,10 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, > > static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) > { >- const char *krb5_cc_env = NULL; >- > if (r->in.ads) { > ads_destroy(&r->in.ads); > } > >- krb5_cc_env = getenv(KRB5_ENV_CCNAME); >- if (krb5_cc_env && StrCaseCmp(krb5_cc_env, "MEMORY:libnetjoin")) { >- unsetenv(KRB5_ENV_CCNAME); >- } >- > return 0; > } > >@@ -1783,17 +1776,10 @@ static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) > > static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r) > { >- const char *krb5_cc_env = NULL; >- > if (r->in.ads) { > ads_destroy(&r->in.ads); > } > >- krb5_cc_env = getenv(KRB5_ENV_CCNAME); >- if (krb5_cc_env && StrCaseCmp(krb5_cc_env, "MEMORY:libnetjoin")) { >- unsetenv(KRB5_ENV_CCNAME); >- } >- > return 0; > } > >@@ -1804,7 +1790,6 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, > struct libnet_JoinCtx **r) > { > struct libnet_JoinCtx *ctx; >- const char *krb5_cc_env = NULL; > > ctx = talloc_zero(mem_ctx, struct libnet_JoinCtx); > if (!ctx) { >@@ -1816,13 +1801,6 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, > ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); > W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); > >- krb5_cc_env = getenv(KRB5_ENV_CCNAME); >- if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { >- krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin"); >- W_ERROR_HAVE_NO_MEMORY(krb5_cc_env); >- setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1); >- } >- > ctx->in.secure_channel_type = SEC_CHAN_WKSTA; > > *r = ctx; >@@ -1837,7 +1815,6 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, > struct libnet_UnjoinCtx **r) > { > struct libnet_UnjoinCtx *ctx; >- const char *krb5_cc_env = NULL; > > ctx = talloc_zero(mem_ctx, struct libnet_UnjoinCtx); > if (!ctx) { >@@ -1849,13 +1826,6 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, > ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); > W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); > >- krb5_cc_env = getenv(KRB5_ENV_CCNAME); >- if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { >- krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin"); >- W_ERROR_HAVE_NO_MEMORY(krb5_cc_env); >- setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1); >- } >- > *r = ctx; > > return WERR_OK; >diff --git a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c >index 0dd89ae..247f9ff 100644 >--- a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c >+++ b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c >@@ -867,7 +867,9 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p, > j->in.msg_ctx = p->msg_ctx; > > become_root(); >+ setenv(KRB5_ENV_CCNAME, "MEMORY:_wkssvc_NetrJoinDomain2", 1); > werr = libnet_Join(p->mem_ctx, j); >+ unsetenv(KRB5_ENV_CCNAME); > unbecome_root(); > > if (!W_ERROR_IS_OK(werr)) { >@@ -933,7 +935,9 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p, > u->in.msg_ctx = p->msg_ctx; > > become_root(); >+ setenv(KRB5_ENV_CCNAME, "MEMORY:_wkssvc_NetrUnjoinDomain2", 1); > werr = libnet_Unjoin(p->mem_ctx, u); >+ unsetenv(KRB5_ENV_CCNAME); > unbecome_root(); > > if (!W_ERROR_IS_OK(werr)) { >-- >1.7.6.2 > > >From 86773b743993605ef3d5f4530f9cc53437481294 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Mon, 26 Sep 2011 16:25:12 +0200 >Subject: [PATCH 3/3] s3-netapi: allow to use default krb5 credential cache > for libnetapi users. > >Guenther >--- > source3/lib/netapi/netapi.c | 24 +++++++++++++++++------- > source3/lib/netapi/netapi.h | 6 ++++++ > 2 files changed, 23 insertions(+), 7 deletions(-) > >diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c >index c04ca70..dc42049 100644 >--- a/source3/lib/netapi/netapi.c >+++ b/source3/lib/netapi/netapi.c >@@ -103,7 +103,6 @@ NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context) > { > NET_API_STATUS status; > struct libnetapi_ctx *ctx = NULL; >- char *krb5_cc_env = NULL; > > frame = talloc_stackframe(); > >@@ -115,12 +114,6 @@ NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context) > > BlockSignals(True, SIGPIPE); > >- krb5_cc_env = getenv(KRB5_ENV_CCNAME); >- if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { >- ctx->krb5_cc_env = talloc_strdup(frame, "MEMORY:libnetapi"); >- setenv(KRB5_ENV_CCNAME, ctx->krb5_cc_env, 1); >- } >- > if (getenv("USER")) { > ctx->username = talloc_strdup(frame, getenv("USER")); > } else { >@@ -266,6 +259,23 @@ NET_API_STATUS libnetapi_set_use_kerberos(struct libnetapi_ctx *ctx) > return NET_API_STATUS_SUCCESS; > } > >+/**************************************************************** >+****************************************************************/ >+ >+NET_API_STATUS libnetapi_set_use_memory_krb5_ccache(struct libnetapi_ctx *ctx) >+{ >+ ctx->krb5_cc_env = talloc_strdup(ctx, "MEMORY:libnetapi"); >+ if (!ctx->krb5_cc_env) { >+ return W_ERROR_V(WERR_NOMEM); >+ } >+ setenv(KRB5_ENV_CCNAME, ctx->krb5_cc_env, 1); >+ ctx->use_memory_krb5_ccache = 1; >+ return NET_API_STATUS_SUCCESS; >+} >+ >+/**************************************************************** >+****************************************************************/ >+ > NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx) > { > ctx->use_ccache = true; >diff --git a/source3/lib/netapi/netapi.h b/source3/lib/netapi/netapi.h >index 9e1549d..a55dc5e 100644 >--- a/source3/lib/netapi/netapi.h >+++ b/source3/lib/netapi/netapi.h >@@ -1356,6 +1356,7 @@ struct libnetapi_ctx { > char *krb5_cc_env; > int use_kerberos; > int use_ccache; >+ int use_memory_krb5_ccache; > int disable_policy_handle_cache; > > void *private_data; >@@ -1408,6 +1409,11 @@ NET_API_STATUS libnetapi_set_use_kerberos(struct libnetapi_ctx *ctx); > /**************************************************************** > ****************************************************************/ > >+NET_API_STATUS libnetapi_set_use_memory_krb5_ccache(struct libnetapi_ctx *ctx); >+ >+/**************************************************************** >+****************************************************************/ >+ > NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx); > > /**************************************************************** >-- >1.7.6.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 7465
:
6937
| 6938 |
6948
|
7034
|
7035