diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-01-24 05:31:08 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:51:26 -0500 |
commit | 28d78c40ade22c4b5d445dbe23f18ca210e41f8c (patch) | |
tree | d3cd9bdaca50e4cd7af031f1b2550836b9190417 /source4/kdc/hdb-ldb.c | |
parent | fc29c3250af5fbcd81725e38fb48ca1ec5ae23bf (diff) | |
download | samba-28d78c40ade22c4b5d445dbe23f18ca210e41f8c.tar.gz samba-28d78c40ade22c4b5d445dbe23f18ca210e41f8c.tar.bz2 samba-28d78c40ade22c4b5d445dbe23f18ca210e41f8c.zip |
r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in our
case) as the keytab.
This avoids issues in replicated setups, as we will replicate the
kpasswd key correctly (including from windows, which is why I care at
the moment).
Andrew Bartlett
(This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
Diffstat (limited to 'source4/kdc/hdb-ldb.c')
-rw-r--r-- | source4/kdc/hdb-ldb.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index 43009c1c1b..a155e24e7e 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -948,8 +948,13 @@ static krb5_error_code LDB_destroy(krb5_context context, HDB *db) return 0; } -NTSTATUS hdb_ldb_create(TALLOC_CTX *mem_ctx, - krb5_context context, struct HDB **db, const char *arg) +/* This interface is to be called by the KDC, which is expecting Samba + * calling conventions. It is also called by a wrapper + * (hdb_ldb_create) from the kpasswdd -> krb5 -> keytab_hdb -> hdb + * code */ + +NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx, + krb5_context context, struct HDB **db, const char *arg) { NTSTATUS nt_status; struct auth_session_info *session_info; @@ -1008,3 +1013,15 @@ NTSTATUS hdb_ldb_create(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } + +krb5_error_code hdb_ldb_create(krb5_context context, struct HDB **db, const char *arg) +{ + NTSTATUS nt_status; + /* Disgusting, ugly hack, but it means one less private hook */ + nt_status = kdc_hdb_ldb_create(context->mem_ctx, context, db, arg); + + if (NT_STATUS_IS_OK(nt_status)) { + return 0; + } + return EINVAL; +} |