summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-06-03 11:23:15 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:17:27 -0500
commit51fc6842277edf25486a48a5318e3570c256ea4e (patch)
tree53290a88af3526e28d29368a7a39f648b957fda3
parent513d07a8d602053922036fd8137e4a36e44156ff (diff)
downloadsamba-51fc6842277edf25486a48a5318e3570c256ea4e.tar.gz
samba-51fc6842277edf25486a48a5318e3570c256ea4e.tar.bz2
samba-51fc6842277edf25486a48a5318e3570c256ea4e.zip
r7221: Add the start of a KDC service (to be built on a 'libkdc' from a to be
included Heimdal) to Samba4. Andrew Bartlett (This used to be commit 51ba3ea60c265b837821b6c3e031dfe229c10d6a)
-rw-r--r--source4/build/smb_build/main.pm1
-rw-r--r--source4/configure.in1
-rw-r--r--source4/include/structs.h2
-rw-r--r--source4/kdc/config.mk11
-rw-r--r--source4/kdc/kdc.c187
-rw-r--r--source4/kdc/kdc.h48
-rw-r--r--source4/param/loadparm.c4
-rw-r--r--source4/smbd/config.mk10
8 files changed, 264 insertions, 0 deletions
diff --git a/source4/build/smb_build/main.pm b/source4/build/smb_build/main.pm
index 98cf9bed6d..607ec08644 100644
--- a/source4/build/smb_build/main.pm
+++ b/source4/build/smb_build/main.pm
@@ -64,6 +64,7 @@ sub smb_build_main($)
"libcli/security/config.mk",
"lib/com/config.mk",
"scripting/config.mk",
+ "kdc/config.mk"
);
$| = 1;
diff --git a/source4/configure.in b/source4/configure.in
index 370d1281c6..a2d9b26059 100644
--- a/source4/configure.in
+++ b/source4/configure.in
@@ -29,6 +29,7 @@ SMB_INCLUDE_M4(gtk/config.m4)
SMB_INCLUDE_M4(ntvfs/posix/config.m4)
SMB_INCLUDE_M4(lib/socket_wrapper/config.m4)
SMB_INCLUDE_M4(web_server/config.m4)
+SMB_INCLUDE_M4(smbd/config.m4)
ALLLIBS_LIBS="$LIBS"
ALLLIBS_CFLAGS="$CFLAGS"
diff --git a/source4/include/structs.h b/source4/include/structs.h
index 99d6b1660b..c2986682b5 100644
--- a/source4/include/structs.h
+++ b/source4/include/structs.h
@@ -220,3 +220,5 @@ struct arcfour_state;
union libnet_SamDump;
struct websrv_context;
struct EspRequest;
+
+struct kdc_server;
diff --git a/source4/kdc/config.mk b/source4/kdc/config.mk
new file mode 100644
index 0000000000..b9313b2544
--- /dev/null
+++ b/source4/kdc/config.mk
@@ -0,0 +1,11 @@
+# CLDAP server subsystem
+
+#######################
+# Start SUBSYSTEM CLDAPD
+[SUBSYSTEM::KDC]
+INIT_OBJ_FILES = \
+ kdc/kdc.o
+REQUIRED_SUBSYSTEMS = \
+ SOCKET
+# End SUBSYSTEM CLDAPD
+#######################
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
new file mode 100644
index 0000000000..ae8605467a
--- /dev/null
+++ b/source4/kdc/kdc.c
@@ -0,0 +1,187 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ KDC Server startup
+
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+ Copyright (C) Andrew Tridgell 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "smbd/service_task.h"
+#include "lib/events/events.h"
+#include "lib/socket/socket.h"
+#include "kdc/kdc.h"
+
+
+/*
+ handle fd events on a cldap_socket
+*/
+static void kdc_socket_handler(struct event_context *ev, struct fd_event *fde,
+ uint16_t flags, void *private)
+{
+ NTSTATUS status;
+ struct kdc_socket *kdc_socket = talloc_get_type(private, struct kdc_socket);
+ if (flags & EVENT_FD_WRITE) {
+ /* this should not happen */
+ } else if (flags & EVENT_FD_READ) {
+ TALLOC_CTX *tmp_ctx = talloc_new(kdc_socket);
+ DATA_BLOB blob = data_blob_talloc(tmp_ctx, NULL, 64 * 1024);
+ size_t nread;
+ const char *src_addr;
+ int src_port;
+
+ DEBUG(0, ("incoming!\n"));
+
+ status = socket_recvfrom(kdc_socket->sock, blob.data, blob.length, &nread, 0,
+ &src_addr, &src_port);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(tmp_ctx);
+ return;
+ }
+ talloc_steal(tmp_ctx, src_addr);
+ blob.length = nread;
+
+ DEBUG(2,("Received krb5 packet of length %d from %s:%d\n",
+ blob.length, src_addr, src_port));
+
+
+ }
+}
+
+/*
+ start listening on the given address
+*/
+static NTSTATUS kdc_add_socket(struct kdc_server *kdc, const char *address)
+{
+ struct kdc_socket *kdc_socket;
+ NTSTATUS status;
+
+ kdc_socket = talloc(kdc, struct kdc_socket);
+ NT_STATUS_HAVE_NO_MEMORY(kdc_socket);
+
+ status = socket_create("ip", SOCKET_TYPE_DGRAM, &kdc_socket->sock, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(kdc_socket);
+ return status;
+ }
+
+ kdc_socket->kdc = kdc;
+
+ talloc_steal(kdc_socket, kdc_socket->sock);
+
+ kdc_socket->fde = event_add_fd(kdc->task->event_ctx, kdc,
+ socket_get_fd(kdc_socket->sock), 0,
+ kdc_socket_handler, kdc_socket);
+
+ status = socket_listen(kdc_socket->sock, address, lp_krb5_port(), 0, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("Failed to bind to %s:%d - %s\n",
+ address, lp_krb5_port(), nt_errstr(status)));
+ talloc_free(kdc_socket);
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+
+/*
+ setup our listening sockets on the configured network interfaces
+*/
+NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc)
+{
+ int num_interfaces = iface_count();
+ TALLOC_CTX *tmp_ctx = talloc_new(kdc);
+ NTSTATUS status;
+
+ /* if we are allowing incoming packets from any address, then
+ we need to bind to the wildcard address */
+ if (!lp_bind_interfaces_only()) {
+ status = kdc_add_socket(kdc, "0.0.0.0");
+ NT_STATUS_NOT_OK_RETURN(status);
+ } else {
+ int i;
+
+ for (i=0; i<num_interfaces; i++) {
+ const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i));
+ status = kdc_add_socket(kdc, address);
+ NT_STATUS_NOT_OK_RETURN(status);
+ }
+ }
+
+ talloc_free(tmp_ctx);
+
+ return NT_STATUS_OK;
+}
+
+/*
+ startup the kdc task
+*/
+static void kdc_task_init(struct task_server *task)
+{
+ struct kdc_server *kdc;
+ NTSTATUS status;
+
+ if (iface_count() == 0) {
+ task_terminate(task, "kdc: no network interfaces configured");
+ return;
+ }
+
+ kdc = talloc(task, struct kdc_server);
+ if (kdc == NULL) {
+ task_terminate(task, "kdc: out of memory");
+ return;
+ }
+
+ kdc->task = task;
+
+ /* Setup the KDC configuration */
+ kdc->config = talloc(kdc, struct krb5_kdc_configuration);
+ if (!kdc->config) {
+ task_terminate(task, "kdc: out of memory");
+ return;
+ }
+ krb5_kdc_default_config(kdc->config);
+
+ /* TODO: Fill in the hdb and logging details */
+
+ /* start listening on the configured network interfaces */
+ status = kdc_startup_interfaces(kdc);
+ if (!NT_STATUS_IS_OK(status)) {
+ task_terminate(task, "kdc failed to setup interfaces");
+ return;
+ }
+
+ DEBUG(0, ("When I grow up, I want to be a KDC!\n"));
+}
+
+
+/*
+ called on startup of the KDC service
+*/
+static NTSTATUS kdc_init(struct event_context *event_ctx,
+ const struct model_ops *model_ops)
+{
+ return task_server_startup(event_ctx, model_ops, kdc_task_init);
+}
+
+/* called at smbd startup - register ourselves as a server service */
+NTSTATUS server_service_kdc_init(void)
+{
+ return register_server_service("kdc", kdc_init);
+}
diff --git a/source4/kdc/kdc.h b/source4/kdc/kdc.h
new file mode 100644
index 0000000000..25b8745bce
--- /dev/null
+++ b/source4/kdc/kdc.h
@@ -0,0 +1,48 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ KDC structures
+
+ Copyright (C) Andrew Tridgell 2005
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "system/kerberos.h"
+#include <kdc.h>
+
+
+/*
+ top level context structure for the cldap server
+*/
+struct kdc_server {
+ struct task_server *task;
+ struct krb5_kdc_configuration *config;
+};
+
+struct kdc_socket {
+ struct socket_context *sock;
+ struct event_context *event_ctx;
+
+ struct kdc_server *kdc;
+
+ /* the fd event */
+ struct fd_event *fde;
+
+ /* a queue of outgoing replies */
+ struct kdc_reply *send_queue;
+
+};
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 10660ffde7..15a054863f 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -211,6 +211,7 @@ typedef struct
int nbt_port;
int dgram_port;
int cldap_port;
+ int krb5_port;
int web_port;
char *socket_options;
BOOL bDNSproxy;
@@ -595,6 +596,7 @@ static struct parm_struct parm_table[] = {
{"nbt port", P_INTEGER, P_GLOBAL, &Globals.nbt_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"dgram port", P_INTEGER, P_GLOBAL, &Globals.dgram_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"cldap port", P_INTEGER, P_GLOBAL, &Globals.cldap_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"krb5 port", P_INTEGER, P_GLOBAL, &Globals.krb5_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"web port", P_INTEGER, P_GLOBAL, &Globals.web_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"web tls", P_BOOL, P_GLOBAL, &Globals.web_tls, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"web tls keyfile", P_STRING, P_GLOBAL, &Globals.web_keyfile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
@@ -1038,6 +1040,7 @@ static void init_globals(void)
do_parameter("nbt port", "137");
do_parameter("dgram port", "138");
do_parameter("cldap port", "389");
+ do_parameter("krb5 port", "88");
do_parameter("web port", "901");
do_parameter("swat directory", dyn_SWATDIR);
@@ -1148,6 +1151,7 @@ FN_GLOBAL_LIST(lp_smb_ports, &Globals.smb_ports)
FN_GLOBAL_INTEGER(lp_nbt_port, &Globals.nbt_port)
FN_GLOBAL_INTEGER(lp_dgram_port, &Globals.dgram_port)
FN_GLOBAL_INTEGER(lp_cldap_port, &Globals.cldap_port)
+FN_GLOBAL_INTEGER(lp_krb5_port, &Globals.krb5_port)
FN_GLOBAL_INTEGER(lp_web_port, &Globals.web_port)
FN_GLOBAL_STRING(lp_dos_charset, &Globals.dos_charset)
FN_GLOBAL_STRING(lp_swat_directory, &Globals.swat_directory)
diff --git a/source4/smbd/config.mk b/source4/smbd/config.mk
index 3da36077e1..8fbbd2198a 100644
--- a/source4/smbd/config.mk
+++ b/source4/smbd/config.mk
@@ -70,6 +70,16 @@ REQUIRED_SUBSYSTEMS = \
# End MODULE server_service_web
################################################
+################################################
+# Start MODULE server_service_web
+[MODULE::server_service_kdc]
+INIT_FUNCTION = server_service_kdc_init
+SUBSYSTEM = SERVER_SERVICE
+REQUIRED_SUBSYSTEMS = \
+ KDC
+# End MODULE server_service_web
+################################################
+
#######################
# Start SUBSYSTEM SERVICE
[SUBSYSTEM::SERVER_SERVICE]