diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-06-03 11:23:15 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:17:27 -0500 |
commit | 51fc6842277edf25486a48a5318e3570c256ea4e (patch) | |
tree | 53290a88af3526e28d29368a7a39f648b957fda3 | |
parent | 513d07a8d602053922036fd8137e4a36e44156ff (diff) | |
download | samba-51fc6842277edf25486a48a5318e3570c256ea4e.tar.gz samba-51fc6842277edf25486a48a5318e3570c256ea4e.tar.bz2 samba-51fc6842277edf25486a48a5318e3570c256ea4e.zip |
r7221: Add the start of a KDC service (to be built on a 'libkdc' from a to be
included Heimdal) to Samba4.
Andrew Bartlett
(This used to be commit 51ba3ea60c265b837821b6c3e031dfe229c10d6a)
-rw-r--r-- | source4/build/smb_build/main.pm | 1 | ||||
-rw-r--r-- | source4/configure.in | 1 | ||||
-rw-r--r-- | source4/include/structs.h | 2 | ||||
-rw-r--r-- | source4/kdc/config.mk | 11 | ||||
-rw-r--r-- | source4/kdc/kdc.c | 187 | ||||
-rw-r--r-- | source4/kdc/kdc.h | 48 | ||||
-rw-r--r-- | source4/param/loadparm.c | 4 | ||||
-rw-r--r-- | source4/smbd/config.mk | 10 |
8 files changed, 264 insertions, 0 deletions
diff --git a/source4/build/smb_build/main.pm b/source4/build/smb_build/main.pm index 98cf9bed6d..607ec08644 100644 --- a/source4/build/smb_build/main.pm +++ b/source4/build/smb_build/main.pm @@ -64,6 +64,7 @@ sub smb_build_main($) "libcli/security/config.mk", "lib/com/config.mk", "scripting/config.mk", + "kdc/config.mk" ); $| = 1; diff --git a/source4/configure.in b/source4/configure.in index 370d1281c6..a2d9b26059 100644 --- a/source4/configure.in +++ b/source4/configure.in @@ -29,6 +29,7 @@ SMB_INCLUDE_M4(gtk/config.m4) SMB_INCLUDE_M4(ntvfs/posix/config.m4) SMB_INCLUDE_M4(lib/socket_wrapper/config.m4) SMB_INCLUDE_M4(web_server/config.m4) +SMB_INCLUDE_M4(smbd/config.m4) ALLLIBS_LIBS="$LIBS" ALLLIBS_CFLAGS="$CFLAGS" diff --git a/source4/include/structs.h b/source4/include/structs.h index 99d6b1660b..c2986682b5 100644 --- a/source4/include/structs.h +++ b/source4/include/structs.h @@ -220,3 +220,5 @@ struct arcfour_state; union libnet_SamDump; struct websrv_context; struct EspRequest; + +struct kdc_server; diff --git a/source4/kdc/config.mk b/source4/kdc/config.mk new file mode 100644 index 0000000000..b9313b2544 --- /dev/null +++ b/source4/kdc/config.mk @@ -0,0 +1,11 @@ +# CLDAP server subsystem + +####################### +# Start SUBSYSTEM CLDAPD +[SUBSYSTEM::KDC] +INIT_OBJ_FILES = \ + kdc/kdc.o +REQUIRED_SUBSYSTEMS = \ + SOCKET +# End SUBSYSTEM CLDAPD +####################### diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c new file mode 100644 index 0000000000..ae8605467a --- /dev/null +++ b/source4/kdc/kdc.c @@ -0,0 +1,187 @@ +/* + Unix SMB/CIFS implementation. + + KDC Server startup + + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005 + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "smbd/service_task.h" +#include "lib/events/events.h" +#include "lib/socket/socket.h" +#include "kdc/kdc.h" + + +/* + handle fd events on a cldap_socket +*/ +static void kdc_socket_handler(struct event_context *ev, struct fd_event *fde, + uint16_t flags, void *private) +{ + NTSTATUS status; + struct kdc_socket *kdc_socket = talloc_get_type(private, struct kdc_socket); + if (flags & EVENT_FD_WRITE) { + /* this should not happen */ + } else if (flags & EVENT_FD_READ) { + TALLOC_CTX *tmp_ctx = talloc_new(kdc_socket); + DATA_BLOB blob = data_blob_talloc(tmp_ctx, NULL, 64 * 1024); + size_t nread; + const char *src_addr; + int src_port; + + DEBUG(0, ("incoming!\n")); + + status = socket_recvfrom(kdc_socket->sock, blob.data, blob.length, &nread, 0, + &src_addr, &src_port); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(tmp_ctx); + return; + } + talloc_steal(tmp_ctx, src_addr); + blob.length = nread; + + DEBUG(2,("Received krb5 packet of length %d from %s:%d\n", + blob.length, src_addr, src_port)); + + + } +} + +/* + start listening on the given address +*/ +static NTSTATUS kdc_add_socket(struct kdc_server *kdc, const char *address) +{ + struct kdc_socket *kdc_socket; + NTSTATUS status; + + kdc_socket = talloc(kdc, struct kdc_socket); + NT_STATUS_HAVE_NO_MEMORY(kdc_socket); + + status = socket_create("ip", SOCKET_TYPE_DGRAM, &kdc_socket->sock, 0); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(kdc_socket); + return status; + } + + kdc_socket->kdc = kdc; + + talloc_steal(kdc_socket, kdc_socket->sock); + + kdc_socket->fde = event_add_fd(kdc->task->event_ctx, kdc, + socket_get_fd(kdc_socket->sock), 0, + kdc_socket_handler, kdc_socket); + + status = socket_listen(kdc_socket->sock, address, lp_krb5_port(), 0, 0); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("Failed to bind to %s:%d - %s\n", + address, lp_krb5_port(), nt_errstr(status))); + talloc_free(kdc_socket); + return status; + } + + return NT_STATUS_OK; +} + + +/* + setup our listening sockets on the configured network interfaces +*/ +NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc) +{ + int num_interfaces = iface_count(); + TALLOC_CTX *tmp_ctx = talloc_new(kdc); + NTSTATUS status; + + /* if we are allowing incoming packets from any address, then + we need to bind to the wildcard address */ + if (!lp_bind_interfaces_only()) { + status = kdc_add_socket(kdc, "0.0.0.0"); + NT_STATUS_NOT_OK_RETURN(status); + } else { + int i; + + for (i=0; i<num_interfaces; i++) { + const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i)); + status = kdc_add_socket(kdc, address); + NT_STATUS_NOT_OK_RETURN(status); + } + } + + talloc_free(tmp_ctx); + + return NT_STATUS_OK; +} + +/* + startup the kdc task +*/ +static void kdc_task_init(struct task_server *task) +{ + struct kdc_server *kdc; + NTSTATUS status; + + if (iface_count() == 0) { + task_terminate(task, "kdc: no network interfaces configured"); + return; + } + + kdc = talloc(task, struct kdc_server); + if (kdc == NULL) { + task_terminate(task, "kdc: out of memory"); + return; + } + + kdc->task = task; + + /* Setup the KDC configuration */ + kdc->config = talloc(kdc, struct krb5_kdc_configuration); + if (!kdc->config) { + task_terminate(task, "kdc: out of memory"); + return; + } + krb5_kdc_default_config(kdc->config); + + /* TODO: Fill in the hdb and logging details */ + + /* start listening on the configured network interfaces */ + status = kdc_startup_interfaces(kdc); + if (!NT_STATUS_IS_OK(status)) { + task_terminate(task, "kdc failed to setup interfaces"); + return; + } + + DEBUG(0, ("When I grow up, I want to be a KDC!\n")); +} + + +/* + called on startup of the KDC service +*/ +static NTSTATUS kdc_init(struct event_context *event_ctx, + const struct model_ops *model_ops) +{ + return task_server_startup(event_ctx, model_ops, kdc_task_init); +} + +/* called at smbd startup - register ourselves as a server service */ +NTSTATUS server_service_kdc_init(void) +{ + return register_server_service("kdc", kdc_init); +} diff --git a/source4/kdc/kdc.h b/source4/kdc/kdc.h new file mode 100644 index 0000000000..25b8745bce --- /dev/null +++ b/source4/kdc/kdc.h @@ -0,0 +1,48 @@ +/* + Unix SMB/CIFS implementation. + + KDC structures + + Copyright (C) Andrew Tridgell 2005 + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "system/kerberos.h" +#include <kdc.h> + + +/* + top level context structure for the cldap server +*/ +struct kdc_server { + struct task_server *task; + struct krb5_kdc_configuration *config; +}; + +struct kdc_socket { + struct socket_context *sock; + struct event_context *event_ctx; + + struct kdc_server *kdc; + + /* the fd event */ + struct fd_event *fde; + + /* a queue of outgoing replies */ + struct kdc_reply *send_queue; + +}; diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 10660ffde7..15a054863f 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -211,6 +211,7 @@ typedef struct int nbt_port; int dgram_port; int cldap_port; + int krb5_port; int web_port; char *socket_options; BOOL bDNSproxy; @@ -595,6 +596,7 @@ static struct parm_struct parm_table[] = { {"nbt port", P_INTEGER, P_GLOBAL, &Globals.nbt_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"dgram port", P_INTEGER, P_GLOBAL, &Globals.dgram_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"cldap port", P_INTEGER, P_GLOBAL, &Globals.cldap_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, + {"krb5 port", P_INTEGER, P_GLOBAL, &Globals.krb5_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"web port", P_INTEGER, P_GLOBAL, &Globals.web_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"web tls", P_BOOL, P_GLOBAL, &Globals.web_tls, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"web tls keyfile", P_STRING, P_GLOBAL, &Globals.web_keyfile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, @@ -1038,6 +1040,7 @@ static void init_globals(void) do_parameter("nbt port", "137"); do_parameter("dgram port", "138"); do_parameter("cldap port", "389"); + do_parameter("krb5 port", "88"); do_parameter("web port", "901"); do_parameter("swat directory", dyn_SWATDIR); @@ -1148,6 +1151,7 @@ FN_GLOBAL_LIST(lp_smb_ports, &Globals.smb_ports) FN_GLOBAL_INTEGER(lp_nbt_port, &Globals.nbt_port) FN_GLOBAL_INTEGER(lp_dgram_port, &Globals.dgram_port) FN_GLOBAL_INTEGER(lp_cldap_port, &Globals.cldap_port) +FN_GLOBAL_INTEGER(lp_krb5_port, &Globals.krb5_port) FN_GLOBAL_INTEGER(lp_web_port, &Globals.web_port) FN_GLOBAL_STRING(lp_dos_charset, &Globals.dos_charset) FN_GLOBAL_STRING(lp_swat_directory, &Globals.swat_directory) diff --git a/source4/smbd/config.mk b/source4/smbd/config.mk index 3da36077e1..8fbbd2198a 100644 --- a/source4/smbd/config.mk +++ b/source4/smbd/config.mk @@ -70,6 +70,16 @@ REQUIRED_SUBSYSTEMS = \ # End MODULE server_service_web ################################################ +################################################ +# Start MODULE server_service_web +[MODULE::server_service_kdc] +INIT_FUNCTION = server_service_kdc_init +SUBSYSTEM = SERVER_SERVICE +REQUIRED_SUBSYSTEMS = \ + KDC +# End MODULE server_service_web +################################################ + ####################### # Start SUBSYSTEM SERVICE [SUBSYSTEM::SERVER_SERVICE] |