diff options
| author | Andrew Tridgell <tridge@samba.org> | 2010-11-12 17:23:34 +1100 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2010-11-12 08:03:20 +0000 |
| commit | 1ec8d55e275128f2419fb481f88c7d3d87894506 (patch) | |
| tree | 4e433026fcbba5b87d48f1113aa65852582a81f4 /source4/kdc/kdc-glue.h | |
| parent | e7fb5a6c9142d4dcffd4a331d3aa78ac543db34a (diff) | |
| download | samba-1ec8d55e275128f2419fb481f88c7d3d87894506.tar.gz samba-1ec8d55e275128f2419fb481f88c7d3d87894506.tar.bz2 samba-1ec8d55e275128f2419fb481f88c7d3d87894506.zip | |
s4-kdc: added proxying of kdc requests for RODCs
when we are an RODC and we get a request for a principal that we don't
have the right secrets for, we need to proxy the request to a
writeable DC. This happens for both TCP and UDP requests, for both
krb5 and kpasswd
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Nov 12 08:03:20 UTC 2010 on sn-devel-104
Diffstat (limited to 'source4/kdc/kdc-glue.h')
| -rw-r--r-- | source4/kdc/kdc-glue.h | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/source4/kdc/kdc-glue.h b/source4/kdc/kdc-glue.h index 09ae030934..75b6b988fe 100644 --- a/source4/kdc/kdc-glue.h +++ b/source4/kdc/kdc-glue.h @@ -40,6 +40,9 @@ struct kdc_server { krb5_kdc_configuration *config; struct smb_krb5_context *smb_krb5_context; struct samba_kdc_base_context *base_ctx; + struct ldb_context *samdb; + bool am_rodc; + uint32_t proxy_timeout; }; enum kdc_process_ret { @@ -47,6 +50,58 @@ enum kdc_process_ret { KDC_PROCESS_FAILED, KDC_PROCESS_PROXY}; +struct kdc_udp_call { + struct tsocket_address *src; + DATA_BLOB in; + DATA_BLOB out; +}; + +/* hold information about one kdc/kpasswd udp socket */ +struct kdc_udp_socket { + struct kdc_socket *kdc_socket; + struct tdgram_context *dgram; + struct tevent_queue *send_queue; +}; + +struct kdc_tcp_call { + struct kdc_tcp_connection *kdc_conn; + DATA_BLOB in; + DATA_BLOB out; + uint8_t out_hdr[4]; + struct iovec out_iov[2]; +}; + +typedef enum kdc_process_ret (*kdc_process_fn_t)(struct kdc_server *kdc, + TALLOC_CTX *mem_ctx, + DATA_BLOB *input, + DATA_BLOB *reply, + struct tsocket_address *peer_addr, + struct tsocket_address *my_addr, + int datagram); + + +/* hold information about one kdc socket */ +struct kdc_socket { + struct kdc_server *kdc; + struct tsocket_address *local_address; + kdc_process_fn_t process; +}; + +/* + state of an open tcp connection +*/ +struct kdc_tcp_connection { + /* stream connection we belong to */ + struct stream_connection *conn; + + /* the kdc_server the connection belongs to */ + struct kdc_socket *kdc_socket; + + struct tstream_context *tstream; + + struct tevent_queue *send_queue; +}; + enum kdc_process_ret kpasswdd_process(struct kdc_server *kdc, TALLOC_CTX *mem_ctx, @@ -60,4 +115,11 @@ enum kdc_process_ret kpasswdd_process(struct kdc_server *kdc, NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx, krb5_context context, struct HDB **db); +/* from proxy.c */ +void kdc_udp_proxy(struct kdc_server *kdc, struct kdc_udp_socket *sock, + struct kdc_udp_call *call, uint16_t port); + +void kdc_tcp_proxy(struct kdc_server *kdc, struct kdc_tcp_connection *kdc_conn, + struct kdc_tcp_call *call, uint16_t port); + #endif |