diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-02-03 23:19:00 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:51:44 -0500 |
commit | c838f4965b8b7b2b134fd4855301227f19e4c95d (patch) | |
tree | 8102354d8e7e6ed23de5c730631e90dfba1ba541 | |
parent | 1d9ffbbe67b280542bb70de34753e55fc9128718 (diff) | |
download | samba-c838f4965b8b7b2b134fd4855301227f19e4c95d.tar.gz samba-c838f4965b8b7b2b134fd4855301227f19e4c95d.tar.bz2 samba-c838f4965b8b7b2b134fd4855301227f19e4c95d.zip |
r13321: Bind to each interface and to the 0.0.0.0 interface on the KDC. This
was pointed out by Maurice Massar. It ensures we get the addresses
for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over
localhost).
Also never run the KDC unless we are a DC.
Andrew Bartlett
(This used to be commit c17007918459678004a009ccaa50fb85e8b6a739)
-rw-r--r-- | source4/kdc/kdc.c | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 4b958fdce8..fc3dd516a5 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -33,6 +33,8 @@ #include "lib/messaging/irpc.h" #include "lib/stream/packet.h" +#include "librpc/gen_ndr/samr.h" + /* hold all the info needed to send a reply */ struct kdc_reply { struct kdc_reply *next, *prev; @@ -499,22 +501,22 @@ static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc) int num_interfaces = iface_count(); TALLOC_CTX *tmp_ctx = talloc_new(kdc); NTSTATUS status; + + int i; + + for (i=0; i<num_interfaces; i++) { + const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i)); + status = kdc_add_socket(kdc, address); + NT_STATUS_NOT_OK_RETURN(status); + } /* if we are allowing incoming packets from any address, then we need to bind to the wildcard address */ if (!lp_bind_interfaces_only()) { status = kdc_add_socket(kdc, "0.0.0.0"); NT_STATUS_NOT_OK_RETURN(status); - } else { - int i; - - for (i=0; i<num_interfaces; i++) { - const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i)); - status = kdc_add_socket(kdc, address); - NT_STATUS_NOT_OK_RETURN(status); - } } - + talloc_free(tmp_ctx); return NT_STATUS_OK; @@ -529,6 +531,19 @@ static void kdc_task_init(struct task_server *task) NTSTATUS status; krb5_error_code ret; + switch (lp_server_role()) { + case ROLE_STANDALONE: + task_server_terminate(task, "kdc: no KDC required in standalone configuration"); + return; + case ROLE_DOMAIN_MEMBER: + task_server_terminate(task, "kdc: no KDC required in member server configuration"); + return; + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + /* Yes, we want a KDC */ + break; + } + if (iface_count() == 0) { task_server_terminate(task, "kdc: no network interfaces configured"); return; |