diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-11-11 14:22:40 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-11-12 18:18:55 +1100 |
commit | 2fbaa099192f7f3ee6ba2b996ddf2ca17baaacf5 (patch) | |
tree | f0f2cca2bc96e0cd9733d102efd5600c73408414 | |
parent | 4f352a5b6a91d8990506ac33b757fd9afcc0282d (diff) | |
download | samba-2fbaa099192f7f3ee6ba2b996ddf2ca17baaacf5.tar.gz samba-2fbaa099192f7f3ee6ba2b996ddf2ca17baaacf5.tar.bz2 samba-2fbaa099192f7f3ee6ba2b996ddf2ca17baaacf5.zip |
s4-kdc: split the kdc process return into a tri-state
this is in preparation for doing forwarding of packets for RODCs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/kdc/kdc-glue.h | 20 | ||||
-rw-r--r-- | source4/kdc/kdc.c | 48 | ||||
-rw-r--r-- | source4/kdc/kpasswdd.c | 44 |
3 files changed, 59 insertions, 53 deletions
diff --git a/source4/kdc/kdc-glue.h b/source4/kdc/kdc-glue.h index 6a2df1bc2c..09ae030934 100644 --- a/source4/kdc/kdc-glue.h +++ b/source4/kdc/kdc-glue.h @@ -42,13 +42,19 @@ struct kdc_server { struct samba_kdc_base_context *base_ctx; }; -bool kpasswdd_process(struct kdc_server *kdc, - TALLOC_CTX *mem_ctx, - DATA_BLOB *input, - DATA_BLOB *reply, - struct tsocket_address *peer_addr, - struct tsocket_address *my_addr, - int datagram_reply); +enum kdc_process_ret { + KDC_PROCESS_OK=0, + KDC_PROCESS_FAILED, + KDC_PROCESS_PROXY}; + + +enum kdc_process_ret kpasswdd_process(struct kdc_server *kdc, + TALLOC_CTX *mem_ctx, + DATA_BLOB *input, + DATA_BLOB *reply, + struct tsocket_address *peer_addr, + struct tsocket_address *my_addr, + int datagram_reply); /* from hdb-samba4.c */ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx, diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index efcdc59db5..43ac8f458b 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -46,13 +46,13 @@ extern struct krb5plugin_windc_ftable windc_plugin_table; extern struct hdb_method hdb_samba4; -typedef bool (*kdc_process_fn_t)(struct kdc_server *kdc, - TALLOC_CTX *mem_ctx, - DATA_BLOB *input, - DATA_BLOB *reply, - struct tsocket_address *peer_addr, - struct tsocket_address *my_addr, - int datagram); +typedef enum kdc_process_ret (*kdc_process_fn_t)(struct kdc_server *kdc, + TALLOC_CTX *mem_ctx, + DATA_BLOB *input, + DATA_BLOB *reply, + struct tsocket_address *peer_addr, + struct tsocket_address *my_addr, + int datagram); /* hold information about one kdc socket */ struct kdc_socket { @@ -102,13 +102,13 @@ static void kdc_tcp_send(struct stream_connection *conn, uint16_t flags) calling conventions */ -static bool kdc_process(struct kdc_server *kdc, - TALLOC_CTX *mem_ctx, - DATA_BLOB *input, - DATA_BLOB *reply, - struct tsocket_address *peer_addr, - struct tsocket_address *my_addr, - int datagram_reply) +static enum kdc_process_ret kdc_process(struct kdc_server *kdc, + TALLOC_CTX *mem_ctx, + DATA_BLOB *input, + DATA_BLOB *reply, + struct tsocket_address *peer_addr, + struct tsocket_address *my_addr, + int datagram_reply) { int ret; char *pa; @@ -121,11 +121,11 @@ static bool kdc_process(struct kdc_server *kdc, ret = tsocket_address_bsd_sockaddr(peer_addr, (struct sockaddr *) &ss, sizeof(struct sockaddr_storage)); if (ret < 0) { - return false; + return KDC_PROCESS_FAILED; } pa = tsocket_address_string(peer_addr, mem_ctx); if (pa == NULL) { - return false; + return KDC_PROCESS_FAILED; } DEBUG(10,("Received KDC packet of length %lu from %s\n", @@ -140,7 +140,7 @@ static bool kdc_process(struct kdc_server *kdc, datagram_reply); if (ret == -1) { *reply = data_blob(NULL, 0); - return false; + return KDC_PROCESS_FAILED; } if (k5_reply.length) { *reply = data_blob_talloc(mem_ctx, k5_reply.data, k5_reply.length); @@ -148,7 +148,7 @@ static bool kdc_process(struct kdc_server *kdc, } else { *reply = data_blob(NULL, 0); } - return true; + return KDC_PROCESS_OK; } struct kdc_tcp_call { @@ -167,7 +167,7 @@ static void kdc_tcp_call_loop(struct tevent_req *subreq) struct kdc_tcp_connection); struct kdc_tcp_call *call; NTSTATUS status; - bool ok; + enum kdc_process_ret ret; call = talloc(kdc_conn, struct kdc_tcp_call); if (call == NULL) { @@ -204,14 +204,14 @@ static void kdc_tcp_call_loop(struct tevent_req *subreq) call->in.length -= 4; /* Call krb5 */ - ok = kdc_conn->kdc_socket->process(kdc_conn->kdc_socket->kdc, + ret = kdc_conn->kdc_socket->process(kdc_conn->kdc_socket->kdc, call, &call->in, &call->out, kdc_conn->conn->remote_address, kdc_conn->conn->local_address, 0 /* Stream */); - if (!ok) { + if (ret == KDC_PROCESS_FAILED) { kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_call_loop: process function failed"); return; @@ -372,7 +372,7 @@ static void kdc_udp_call_loop(struct tevent_req *subreq) uint8_t *buf; ssize_t len; int sys_errno; - bool ok; + enum kdc_process_ret ret; call = talloc(sock, struct kdc_udp_call); if (call == NULL) { @@ -396,14 +396,14 @@ static void kdc_udp_call_loop(struct tevent_req *subreq) tsocket_address_string(call->src, call))); /* Call krb5 */ - ok = sock->kdc_socket->process(sock->kdc_socket->kdc, + ret = sock->kdc_socket->process(sock->kdc_socket->kdc, call, &call->in, &call->out, call->src, sock->kdc_socket->local_address, 1 /* Datagram */); - if (!ok) { + if (ret == KDC_PROCESS_FAILED) { talloc_free(call); goto done; } diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index df94522660..ace8a89371 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -449,13 +449,13 @@ static bool kpasswd_process_request(struct kdc_server *kdc, } } -bool kpasswdd_process(struct kdc_server *kdc, - TALLOC_CTX *mem_ctx, - DATA_BLOB *input, - DATA_BLOB *reply, - struct tsocket_address *peer_addr, - struct tsocket_address *my_addr, - int datagram_reply) +enum kdc_process_ret kpasswdd_process(struct kdc_server *kdc, + TALLOC_CTX *mem_ctx, + DATA_BLOB *input, + DATA_BLOB *reply, + struct tsocket_address *peer_addr, + struct tsocket_address *my_addr, + int datagram_reply) { bool ret; const uint16_t header_len = 6; @@ -475,20 +475,20 @@ bool kpasswdd_process(struct kdc_server *kdc, char *keytab_name; if (!tmp_ctx) { - return false; + return KDC_PROCESS_FAILED; } /* Be parinoid. We need to ensure we don't just let the * caller lead us into a buffer overflow */ if (input->length <= header_len) { talloc_free(tmp_ctx); - return false; + return KDC_PROCESS_FAILED; } len = RSVAL(input->data, 0); if (input->length != len) { talloc_free(tmp_ctx); - return false; + return KDC_PROCESS_FAILED; } /* There are two different versions of this protocol so far, @@ -498,7 +498,7 @@ bool kpasswdd_process(struct kdc_server *kdc, ap_req_len = RSVAL(input->data, 4); if ((ap_req_len >= len) || (ap_req_len + header_len) >= len) { talloc_free(tmp_ctx); - return false; + return KDC_PROCESS_FAILED; } krb_priv_len = len - ap_req_len; @@ -508,7 +508,7 @@ bool kpasswdd_process(struct kdc_server *kdc, server_credentials = cli_credentials_init(tmp_ctx); if (!server_credentials) { DEBUG(1, ("Failed to init server credentials\n")); - return false; + return KDC_PROCESS_FAILED; } /* We want the credentials subsystem to use the krb5 context @@ -547,7 +547,7 @@ bool kpasswdd_process(struct kdc_server *kdc, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); - return false; + return KDC_PROCESS_FAILED; } /* The kerberos PRIV packets include these addresses. MIT @@ -561,14 +561,14 @@ bool kpasswdd_process(struct kdc_server *kdc, nt_status = gensec_set_local_address(gensec_security, peer_addr); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); - return false; + return KDC_PROCESS_FAILED; } #endif nt_status = gensec_set_local_address(gensec_security, my_addr); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); - return false; + return KDC_PROCESS_FAILED; } /* We want the GENSEC wrap calls to generate PRIV tokens */ @@ -577,7 +577,7 @@ bool kpasswdd_process(struct kdc_server *kdc, nt_status = gensec_start_mech_by_name(gensec_security, "krb5"); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); - return false; + return KDC_PROCESS_FAILED; } /* Accept the AP-REQ and generate teh AP-REP we need for the reply */ @@ -595,7 +595,7 @@ bool kpasswdd_process(struct kdc_server *kdc, goto reply; } talloc_free(tmp_ctx); - return ret; + return KDC_PROCESS_FAILED; } /* Extract the data from the KRB-PRIV half of the message */ @@ -612,7 +612,7 @@ bool kpasswdd_process(struct kdc_server *kdc, goto reply; } talloc_free(tmp_ctx); - return ret; + return KDC_PROCESS_FAILED; } /* Figure out something to do with it (probably changing a password...) */ @@ -622,7 +622,7 @@ bool kpasswdd_process(struct kdc_server *kdc, &kpasswd_req, &kpasswd_rep); if (!ret) { /* Argh! */ - return false; + return KDC_PROCESS_FAILED; } /* And wrap up the reply: This ensures that the error message @@ -641,13 +641,13 @@ bool kpasswdd_process(struct kdc_server *kdc, goto reply; } talloc_free(tmp_ctx); - return ret; + return KDC_PROCESS_FAILED; } reply: *reply = data_blob_talloc(mem_ctx, NULL, krb_priv_rep.length + ap_rep.length + header_len); if (!reply->data) { - return false; + return KDC_PROCESS_FAILED; } RSSVAL(reply->data, 0, reply->length); @@ -661,6 +661,6 @@ reply: krb_priv_rep.length); talloc_free(tmp_ctx); - return ret; + return KDC_PROCESS_OK; } |