summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-11-11 14:22:40 +1100
committerAndrew Tridgell <tridge@samba.org>2010-11-12 18:18:55 +1100
commit2fbaa099192f7f3ee6ba2b996ddf2ca17baaacf5 (patch)
treef0f2cca2bc96e0cd9733d102efd5600c73408414
parent4f352a5b6a91d8990506ac33b757fd9afcc0282d (diff)
downloadsamba-2fbaa099192f7f3ee6ba2b996ddf2ca17baaacf5.tar.gz
samba-2fbaa099192f7f3ee6ba2b996ddf2ca17baaacf5.tar.bz2
samba-2fbaa099192f7f3ee6ba2b996ddf2ca17baaacf5.zip
s4-kdc: split the kdc process return into a tri-state
this is in preparation for doing forwarding of packets for RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/kdc/kdc-glue.h20
-rw-r--r--source4/kdc/kdc.c48
-rw-r--r--source4/kdc/kpasswdd.c44
3 files changed, 59 insertions, 53 deletions
diff --git a/source4/kdc/kdc-glue.h b/source4/kdc/kdc-glue.h
index 6a2df1bc2c..09ae030934 100644
--- a/source4/kdc/kdc-glue.h
+++ b/source4/kdc/kdc-glue.h
@@ -42,13 +42,19 @@ struct kdc_server {
struct samba_kdc_base_context *base_ctx;
};
-bool kpasswdd_process(struct kdc_server *kdc,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *input,
- DATA_BLOB *reply,
- struct tsocket_address *peer_addr,
- struct tsocket_address *my_addr,
- int datagram_reply);
+enum kdc_process_ret {
+ KDC_PROCESS_OK=0,
+ KDC_PROCESS_FAILED,
+ KDC_PROCESS_PROXY};
+
+
+enum kdc_process_ret kpasswdd_process(struct kdc_server *kdc,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *input,
+ DATA_BLOB *reply,
+ struct tsocket_address *peer_addr,
+ struct tsocket_address *my_addr,
+ int datagram_reply);
/* from hdb-samba4.c */
NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index efcdc59db5..43ac8f458b 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -46,13 +46,13 @@
extern struct krb5plugin_windc_ftable windc_plugin_table;
extern struct hdb_method hdb_samba4;
-typedef bool (*kdc_process_fn_t)(struct kdc_server *kdc,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *input,
- DATA_BLOB *reply,
- struct tsocket_address *peer_addr,
- struct tsocket_address *my_addr,
- int datagram);
+typedef enum kdc_process_ret (*kdc_process_fn_t)(struct kdc_server *kdc,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *input,
+ DATA_BLOB *reply,
+ struct tsocket_address *peer_addr,
+ struct tsocket_address *my_addr,
+ int datagram);
/* hold information about one kdc socket */
struct kdc_socket {
@@ -102,13 +102,13 @@ static void kdc_tcp_send(struct stream_connection *conn, uint16_t flags)
calling conventions
*/
-static bool kdc_process(struct kdc_server *kdc,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *input,
- DATA_BLOB *reply,
- struct tsocket_address *peer_addr,
- struct tsocket_address *my_addr,
- int datagram_reply)
+static enum kdc_process_ret kdc_process(struct kdc_server *kdc,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *input,
+ DATA_BLOB *reply,
+ struct tsocket_address *peer_addr,
+ struct tsocket_address *my_addr,
+ int datagram_reply)
{
int ret;
char *pa;
@@ -121,11 +121,11 @@ static bool kdc_process(struct kdc_server *kdc,
ret = tsocket_address_bsd_sockaddr(peer_addr, (struct sockaddr *) &ss,
sizeof(struct sockaddr_storage));
if (ret < 0) {
- return false;
+ return KDC_PROCESS_FAILED;
}
pa = tsocket_address_string(peer_addr, mem_ctx);
if (pa == NULL) {
- return false;
+ return KDC_PROCESS_FAILED;
}
DEBUG(10,("Received KDC packet of length %lu from %s\n",
@@ -140,7 +140,7 @@ static bool kdc_process(struct kdc_server *kdc,
datagram_reply);
if (ret == -1) {
*reply = data_blob(NULL, 0);
- return false;
+ return KDC_PROCESS_FAILED;
}
if (k5_reply.length) {
*reply = data_blob_talloc(mem_ctx, k5_reply.data, k5_reply.length);
@@ -148,7 +148,7 @@ static bool kdc_process(struct kdc_server *kdc,
} else {
*reply = data_blob(NULL, 0);
}
- return true;
+ return KDC_PROCESS_OK;
}
struct kdc_tcp_call {
@@ -167,7 +167,7 @@ static void kdc_tcp_call_loop(struct tevent_req *subreq)
struct kdc_tcp_connection);
struct kdc_tcp_call *call;
NTSTATUS status;
- bool ok;
+ enum kdc_process_ret ret;
call = talloc(kdc_conn, struct kdc_tcp_call);
if (call == NULL) {
@@ -204,14 +204,14 @@ static void kdc_tcp_call_loop(struct tevent_req *subreq)
call->in.length -= 4;
/* Call krb5 */
- ok = kdc_conn->kdc_socket->process(kdc_conn->kdc_socket->kdc,
+ ret = kdc_conn->kdc_socket->process(kdc_conn->kdc_socket->kdc,
call,
&call->in,
&call->out,
kdc_conn->conn->remote_address,
kdc_conn->conn->local_address,
0 /* Stream */);
- if (!ok) {
+ if (ret == KDC_PROCESS_FAILED) {
kdc_tcp_terminate_connection(kdc_conn,
"kdc_tcp_call_loop: process function failed");
return;
@@ -372,7 +372,7 @@ static void kdc_udp_call_loop(struct tevent_req *subreq)
uint8_t *buf;
ssize_t len;
int sys_errno;
- bool ok;
+ enum kdc_process_ret ret;
call = talloc(sock, struct kdc_udp_call);
if (call == NULL) {
@@ -396,14 +396,14 @@ static void kdc_udp_call_loop(struct tevent_req *subreq)
tsocket_address_string(call->src, call)));
/* Call krb5 */
- ok = sock->kdc_socket->process(sock->kdc_socket->kdc,
+ ret = sock->kdc_socket->process(sock->kdc_socket->kdc,
call,
&call->in,
&call->out,
call->src,
sock->kdc_socket->local_address,
1 /* Datagram */);
- if (!ok) {
+ if (ret == KDC_PROCESS_FAILED) {
talloc_free(call);
goto done;
}
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index df94522660..ace8a89371 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -449,13 +449,13 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
}
}
-bool kpasswdd_process(struct kdc_server *kdc,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *input,
- DATA_BLOB *reply,
- struct tsocket_address *peer_addr,
- struct tsocket_address *my_addr,
- int datagram_reply)
+enum kdc_process_ret kpasswdd_process(struct kdc_server *kdc,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *input,
+ DATA_BLOB *reply,
+ struct tsocket_address *peer_addr,
+ struct tsocket_address *my_addr,
+ int datagram_reply)
{
bool ret;
const uint16_t header_len = 6;
@@ -475,20 +475,20 @@ bool kpasswdd_process(struct kdc_server *kdc,
char *keytab_name;
if (!tmp_ctx) {
- return false;
+ return KDC_PROCESS_FAILED;
}
/* Be parinoid. We need to ensure we don't just let the
* caller lead us into a buffer overflow */
if (input->length <= header_len) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
len = RSVAL(input->data, 0);
if (input->length != len) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
/* There are two different versions of this protocol so far,
@@ -498,7 +498,7 @@ bool kpasswdd_process(struct kdc_server *kdc,
ap_req_len = RSVAL(input->data, 4);
if ((ap_req_len >= len) || (ap_req_len + header_len) >= len) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
krb_priv_len = len - ap_req_len;
@@ -508,7 +508,7 @@ bool kpasswdd_process(struct kdc_server *kdc,
server_credentials = cli_credentials_init(tmp_ctx);
if (!server_credentials) {
DEBUG(1, ("Failed to init server credentials\n"));
- return false;
+ return KDC_PROCESS_FAILED;
}
/* We want the credentials subsystem to use the krb5 context
@@ -547,7 +547,7 @@ bool kpasswdd_process(struct kdc_server *kdc,
&gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
/* The kerberos PRIV packets include these addresses. MIT
@@ -561,14 +561,14 @@ bool kpasswdd_process(struct kdc_server *kdc,
nt_status = gensec_set_local_address(gensec_security, peer_addr);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
#endif
nt_status = gensec_set_local_address(gensec_security, my_addr);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
/* We want the GENSEC wrap calls to generate PRIV tokens */
@@ -577,7 +577,7 @@ bool kpasswdd_process(struct kdc_server *kdc,
nt_status = gensec_start_mech_by_name(gensec_security, "krb5");
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
/* Accept the AP-REQ and generate teh AP-REP we need for the reply */
@@ -595,7 +595,7 @@ bool kpasswdd_process(struct kdc_server *kdc,
goto reply;
}
talloc_free(tmp_ctx);
- return ret;
+ return KDC_PROCESS_FAILED;
}
/* Extract the data from the KRB-PRIV half of the message */
@@ -612,7 +612,7 @@ bool kpasswdd_process(struct kdc_server *kdc,
goto reply;
}
talloc_free(tmp_ctx);
- return ret;
+ return KDC_PROCESS_FAILED;
}
/* Figure out something to do with it (probably changing a password...) */
@@ -622,7 +622,7 @@ bool kpasswdd_process(struct kdc_server *kdc,
&kpasswd_req, &kpasswd_rep);
if (!ret) {
/* Argh! */
- return false;
+ return KDC_PROCESS_FAILED;
}
/* And wrap up the reply: This ensures that the error message
@@ -641,13 +641,13 @@ bool kpasswdd_process(struct kdc_server *kdc,
goto reply;
}
talloc_free(tmp_ctx);
- return ret;
+ return KDC_PROCESS_FAILED;
}
reply:
*reply = data_blob_talloc(mem_ctx, NULL, krb_priv_rep.length + ap_rep.length + header_len);
if (!reply->data) {
- return false;
+ return KDC_PROCESS_FAILED;
}
RSSVAL(reply->data, 0, reply->length);
@@ -661,6 +661,6 @@ reply:
krb_priv_rep.length);
talloc_free(tmp_ctx);
- return ret;
+ return KDC_PROCESS_OK;
}