diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-01-10 01:51:35 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:37:20 -0500 |
| commit | 08976cb3d2adfe5ea90ed53e6aa6fa8161649f7a (patch) | |
| tree | 08b6c5edcd6df8b332e2b5e9e82139dc7e840424 /source4/kdc/kdc.c | |
| parent | 348b7bc380e4ce95cf053134e62c3f5ab6520e34 (diff) | |
| download | samba-08976cb3d2adfe5ea90ed53e6aa6fa8161649f7a.tar.gz samba-08976cb3d2adfe5ea90ed53e6aa6fa8161649f7a.tar.bz2 samba-08976cb3d2adfe5ea90ed53e6aa6fa8161649f7a.zip | |
r20639: Commit part 1 of 2.
This patch updates our build system and glue to support a new snapshot
of lorikeet-heimdal.
We now procude a [SUBSYTEM] in the ans1_deps.pl script, and can depend
on that in the heimdal_build/config.mk. This is much easier than
listing every generated .o file individually.
This required some small changes to the build system, due to the way
the parent directory was handled for the output of scripts. I've also
cleaned up et_deps.pl to handle cleaning up it's generated files on
clean.
The PAC glue in Heimdal has changed significantly: we no longer have a
custom hack in the KDC, instead we have the windc plugin interface.
As such, pac-glue.c is much smaller. In the future, when I'm
confident of the new code, we will also be able to 'downsize'
auth/kerberos/kerberos_pac.c.
(I'll include the updated copy of heimdal in the next chekin, to make
it clearer what's changed in Samba4 itself).
Andrew Bartlett
(This used to be commit 75fddbbc0811010a28ca5bb597b573b3f10ef6d6)
Diffstat (limited to 'source4/kdc/kdc.c')
| -rw-r--r-- | source4/kdc/kdc.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index ce7c1f57cb..64911a0988 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -36,6 +36,13 @@ #include "lib/stream/packet.h" #include "librpc/gen_ndr/samr.h" #include "lib/socket/netif.h" +#include "heimdal/kdc/windc_plugin.h" +#include "heimdal/lib/krb5/krb5_locl.h" +#include "heimdal/kdc/kdc_locl.h" + + +/* Disgusting hack to get a mem_ctx into the hdb plugin, when used as a keytab */ +TALLOC_CTX *kdc_mem_ctx; /* hold all the info needed to send a reply */ struct kdc_reply { @@ -527,6 +534,16 @@ static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc) return NT_STATUS_OK; } +static struct krb5plugin_windc_ftable windc_plugin_table = { + .minor_version = KRB5_WINDC_PLUGING_MINOR, + .init = samba_kdc_plugin_init, + .fini = samba_kdc_plugin_fini, + .pac_generate = samba_kdc_get_pac, + .pac_verify = samba_kdc_reget_pac, + .client_access = samba_kdc_check_client_access, +}; + + /* startup the kdc task */ @@ -571,6 +588,9 @@ static void kdc_task_init(struct task_server *task) } krb5_kdc_default_config(kdc->config); + kdc->config->enable_pkinit = lp_parm_bool(-1, "kdc", "pkinit", True); + kdc->config->enable_pkinit_princ_in_cert = lp_parm_bool(-1, "kdc", "pkinit_princ_in_cert", True); + initialize_krb5_error_table(); ret = smb_krb5_init_context(kdc, &kdc->smb_krb5_context); @@ -603,6 +623,20 @@ static void kdc_task_init(struct task_server *task) task_server_terminate(task, "kdc: failed to register hdb keytab"); return; } + + kdc_mem_ctx = kdc->smb_krb5_context; + + /* Registar WinDC hooks */ + ret = _krb5_plugin_register(kdc->smb_krb5_context->krb5_context, + PLUGIN_TYPE_DATA, "windc", + &windc_plugin_table); + if(ret) { + task_server_terminate(task, "kdc: failed to register hdb keytab"); + return; + } + + _kdc_windc_init(kdc->smb_krb5_context->krb5_context); + /* start listening on the configured network interfaces */ status = kdc_startup_interfaces(kdc); if (!NT_STATUS_IS_OK(status)) { |