summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-02-03 23:19:00 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:51:44 -0500
commitc838f4965b8b7b2b134fd4855301227f19e4c95d (patch)
tree8102354d8e7e6ed23de5c730631e90dfba1ba541
parent1d9ffbbe67b280542bb70de34753e55fc9128718 (diff)
downloadsamba-c838f4965b8b7b2b134fd4855301227f19e4c95d.tar.gz
samba-c838f4965b8b7b2b134fd4855301227f19e4c95d.tar.bz2
samba-c838f4965b8b7b2b134fd4855301227f19e4c95d.zip
r13321: Bind to each interface and to the 0.0.0.0 interface on the KDC. This
was pointed out by Maurice Massar. It ensures we get the addresses for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over localhost). Also never run the KDC unless we are a DC. Andrew Bartlett (This used to be commit c17007918459678004a009ccaa50fb85e8b6a739)
-rw-r--r--source4/kdc/kdc.c33
1 files changed, 24 insertions, 9 deletions
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 4b958fdce8..fc3dd516a5 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -33,6 +33,8 @@
#include "lib/messaging/irpc.h"
#include "lib/stream/packet.h"
+#include "librpc/gen_ndr/samr.h"
+
/* hold all the info needed to send a reply */
struct kdc_reply {
struct kdc_reply *next, *prev;
@@ -499,22 +501,22 @@ static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc)
int num_interfaces = iface_count();
TALLOC_CTX *tmp_ctx = talloc_new(kdc);
NTSTATUS status;
+
+ int i;
+
+ for (i=0; i<num_interfaces; i++) {
+ const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i));
+ status = kdc_add_socket(kdc, address);
+ NT_STATUS_NOT_OK_RETURN(status);
+ }
/* if we are allowing incoming packets from any address, then
we need to bind to the wildcard address */
if (!lp_bind_interfaces_only()) {
status = kdc_add_socket(kdc, "0.0.0.0");
NT_STATUS_NOT_OK_RETURN(status);
- } else {
- int i;
-
- for (i=0; i<num_interfaces; i++) {
- const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i));
- status = kdc_add_socket(kdc, address);
- NT_STATUS_NOT_OK_RETURN(status);
- }
}
-
+
talloc_free(tmp_ctx);
return NT_STATUS_OK;
@@ -529,6 +531,19 @@ static void kdc_task_init(struct task_server *task)
NTSTATUS status;
krb5_error_code ret;
+ switch (lp_server_role()) {
+ case ROLE_STANDALONE:
+ task_server_terminate(task, "kdc: no KDC required in standalone configuration");
+ return;
+ case ROLE_DOMAIN_MEMBER:
+ task_server_terminate(task, "kdc: no KDC required in member server configuration");
+ return;
+ case ROLE_DOMAIN_PDC:
+ case ROLE_DOMAIN_BDC:
+ /* Yes, we want a KDC */
+ break;
+ }
+
if (iface_count() == 0) {
task_server_terminate(task, "kdc: no network interfaces configured");
return;