summaryrefslogtreecommitdiff
path: root/source4/kdc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-07-27 13:48:45 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-07-27 22:41:41 +1000
commitafb6ac247be9fa2e5e34dcf69e6b5ba557e19892 (patch)
tree7f83eb9b821e9d852c6c0ce948827089c25014ed /source4/kdc
parent34c535c9a8d08a480e156aaa9e4b843ffaab0636 (diff)
downloadsamba-afb6ac247be9fa2e5e34dcf69e6b5ba557e19892.tar.gz
samba-afb6ac247be9fa2e5e34dcf69e6b5ba557e19892.tar.bz2
samba-afb6ac247be9fa2e5e34dcf69e6b5ba557e19892.zip
s4:kdc Tidy up hdb_samba4 some more
This removes the last use of the prefix hdb_ldb and makes it clear that we pass in 3 global variables to get state information into hdb_samba4 when used as a keytab. (And that they belong to hdb_samba4, not to the KDC) Andrew Bartlett
Diffstat (limited to 'source4/kdc')
-rw-r--r--source4/kdc/hdb-samba4.c66
-rw-r--r--source4/kdc/hdb-samba4.h35
-rw-r--r--source4/kdc/kdc.c30
-rw-r--r--source4/kdc/kdc.h12
-rw-r--r--source4/kdc/pac-glue.c10
5 files changed, 90 insertions, 63 deletions
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index cadbe33af6..f5e2f59b56 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -53,7 +53,7 @@
#include "kdc/kdc.h"
#include "../lib/crypto/md4.h"
-enum hdb_ldb_ent_type
+enum hdb_samba4_ent_type
{ HDB_SAMBA4_ENT_TYPE_CLIENT, HDB_SAMBA4_ENT_TYPE_SERVER,
HDB_SAMBA4_ENT_TYPE_KRBTGT, HDB_SAMBA4_ENT_TYPE_TRUST, HDB_SAMBA4_ENT_TYPE_ANY };
@@ -93,7 +93,7 @@ static KerberosTime ldb_msg_find_krb5time_ldap_time(struct ldb_message *msg, con
return timegm(&tm);
}
-static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum hdb_ldb_ent_type ent_type)
+static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum hdb_samba4_ent_type ent_type)
{
HDBFlags flags = int2HDBFlags(0);
@@ -181,14 +181,14 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h
return flags;
}
-static int hdb_ldb_destructor(struct hdb_ldb_private *p)
+static int hdb_samba4_destructor(struct hdb_samba4_private *p)
{
hdb_entry_ex *entry_ex = p->entry_ex;
free_hdb_entry(&entry_ex->entry);
return 0;
}
-static void hdb_ldb_free_entry(krb5_context context, hdb_entry_ex *entry_ex)
+static void hdb_samba4_free_entry(krb5_context context, hdb_entry_ex *entry_ex)
{
talloc_free(entry_ex->ctx);
}
@@ -487,7 +487,7 @@ out:
static krb5_error_code hdb_samba4_message2entry(krb5_context context, HDB *db,
struct loadparm_context *lp_ctx,
TALLOC_CTX *mem_ctx, krb5_const_principal principal,
- enum hdb_ldb_ent_type ent_type,
+ enum hdb_samba4_ent_type ent_type,
struct ldb_dn *realm_dn,
struct ldb_message *msg,
hdb_entry_ex *entry_ex)
@@ -498,7 +498,7 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context, HDB *db,
krb5_boolean is_computer = FALSE;
char *realm = strupper_talloc(mem_ctx, lp_realm(lp_ctx));
- struct hdb_ldb_private *p;
+ struct hdb_samba4_private *p;
NTTIME acct_expiry;
NTSTATUS status;
@@ -529,7 +529,7 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context, HDB *db,
goto out;
}
- p = talloc(mem_ctx, struct hdb_ldb_private);
+ p = talloc(mem_ctx, struct hdb_samba4_private);
if (!p) {
ret = ENOMEM;
goto out;
@@ -544,10 +544,10 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context, HDB *db,
goto out;
}
- talloc_set_destructor(p, hdb_ldb_destructor);
+ talloc_set_destructor(p, hdb_samba4_destructor);
entry_ex->ctx = p;
- entry_ex->free_entry = hdb_ldb_free_entry;
+ entry_ex->free_entry = hdb_samba4_free_entry;
userAccountControl = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0);
@@ -746,12 +746,12 @@ static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context, HDB
struct samr_Password password_hash;
const struct ldb_val *password_val;
struct trustAuthInOutBlob password_blob;
- struct hdb_ldb_private *p;
+ struct hdb_samba4_private *p;
enum ndr_err_code ndr_err;
int i, ret, trust_direction_flags;
- p = talloc(mem_ctx, struct hdb_ldb_private);
+ p = talloc(mem_ctx, struct hdb_samba4_private);
if (!p) {
ret = ENOMEM;
goto out;
@@ -762,10 +762,10 @@ static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context, HDB
p->lp_ctx = lp_ctx;
p->realm_dn = realm_dn;
- talloc_set_destructor(p, hdb_ldb_destructor);
+ talloc_set_destructor(p, hdb_samba4_destructor);
entry_ex->ctx = p;
- entry_ex->free_entry = hdb_ldb_free_entry;
+ entry_ex->free_entry = hdb_samba4_free_entry;
/* use 'whenCreated' */
entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0);
@@ -1290,7 +1290,7 @@ static krb5_error_code hdb_samba4_remove(krb5_context context, HDB *db, krb5_con
return HDB_ERR_DB_INUSE;
}
-struct hdb_ldb_seq {
+struct hdb_samba4_seq {
struct ldb_context *ctx;
struct loadparm_context *lp_ctx;
int index;
@@ -1302,7 +1302,7 @@ struct hdb_ldb_seq {
static krb5_error_code hdb_samba4_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
krb5_error_code ret;
- struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc;
+ struct hdb_samba4_seq *priv = (struct hdb_samba4_seq *)db->hdb_dbc;
TALLOC_CTX *mem_ctx;
hdb_entry_ex entry_ex;
memset(&entry_ex, '\0', sizeof(entry_ex));
@@ -1344,7 +1344,7 @@ static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsign
struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db;
struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb_ctx, "loadparm"),
struct loadparm_context);
- struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc;
+ struct hdb_samba4_seq *priv = (struct hdb_samba4_seq *)db->hdb_dbc;
char *realm;
struct ldb_result *res = NULL;
krb5_error_code ret;
@@ -1356,7 +1356,7 @@ static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsign
db->hdb_dbc = NULL;
}
- priv = (struct hdb_ldb_seq *) talloc(db, struct hdb_ldb_seq);
+ priv = (struct hdb_samba4_seq *) talloc(db, struct hdb_samba4_seq);
if (!priv) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "talloc: out of memory");
@@ -1435,7 +1435,7 @@ krb5_error_code hdb_samba4_check_constrained_delegation(krb5_context context, HD
struct ldb_message *msg;
struct dom_sid *orig_sid;
struct dom_sid *target_sid;
- struct hdb_ldb_private *p = talloc_get_type(entry->ctx, struct hdb_ldb_private);
+ struct hdb_samba4_private *p = talloc_get_type(entry->ctx, struct hdb_samba4_private);
const char *delegation_check_attrs[] = {
"objectSid", NULL
};
@@ -1491,15 +1491,15 @@ krb5_error_code hdb_samba4_check_constrained_delegation(krb5_context context, HD
return ret;
}
-/* This interface is to be called by the KDC, which is expecting Samba
+/* This interface is to be called by the KDC and libnet_keytab_dump, which is expecting Samba
* calling conventions. It is also called by a wrapper
- * (hdb_ldb_create) from the kpasswdd -> krb5 -> keytab_hdb -> hdb
+ * (hdb_samba4_create) from the kpasswdd -> krb5 -> keytab_hdb -> hdb
* code */
-NTSTATUS kdc_hdb_samba4_create(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev_ctx,
- struct loadparm_context *lp_ctx,
- krb5_context context, struct HDB **db, const char *arg)
+NTSTATUS hdb_samba4_create_kdc(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev_ctx,
+ struct loadparm_context *lp_ctx,
+ krb5_context context, struct HDB **db)
{
NTSTATUS nt_status;
struct auth_session_info *session_info;
@@ -1532,7 +1532,7 @@ NTSTATUS kdc_hdb_samba4_create(TALLOC_CTX *mem_ctx,
/* Setup the link to LDB */
(*db)->hdb_db = samdb_connect(*db, ev_ctx, lp_ctx, session_info);
if ((*db)->hdb_db == NULL) {
- DEBUG(1, ("hdb_ldb_create: Cannot open samdb for KDC backend!"));
+ DEBUG(1, ("hdb_samba4_create: Cannot open samdb for KDC backend!"));
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
@@ -1560,15 +1560,25 @@ NTSTATUS kdc_hdb_samba4_create(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg)
+static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg)
{
NTSTATUS nt_status;
/* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */
- nt_status = kdc_hdb_samba4_create(kdc_mem_ctx, kdc_ev_ctx, kdc_lp_ctx,
- context, db, arg);
+ nt_status = hdb_samba4_create_kdc(hdb_samba4_mem_ctx, hdb_samba4_ev_ctx, hdb_samba4_lp_ctx,
+ context, db);
if (NT_STATUS_IS_OK(nt_status)) {
return 0;
}
return EINVAL;
}
+
+/* Only used in the hdb-backed keytab code
+ * for a keytab of 'samba4:', to find
+ * kpasswd's key in the main DB, and to
+ * copy all the keys into a file (libnet_keytab_export) */
+struct hdb_method hdb_samba4 = {
+ .interface_version = HDB_INTERFACE_VERSION,
+ .prefix = "samba4",
+ .create = hdb_samba4_create
+};
diff --git a/source4/kdc/hdb-samba4.h b/source4/kdc/hdb-samba4.h
new file mode 100644
index 0000000000..3a377ddf0b
--- /dev/null
+++ b/source4/kdc/hdb-samba4.h
@@ -0,0 +1,35 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ KDC structures
+
+ Copyright (C) Andrew Tridgell 2005
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+extern TALLOC_CTX *hdb_samba4_mem_ctx;
+extern struct tevent_context *hdb_samba4_ev_ctx;
+extern struct loadparm_context *hdb_samba4_lp_ctx;
+extern struct hdb_method hdb_samba4;
+
+struct hdb_samba4_private {
+ struct ldb_context *samdb;
+ struct smb_iconv_convenience *iconv_convenience;
+ struct loadparm_context *lp_ctx;
+ struct ldb_message *msg;
+ struct ldb_dn *realm_dn;
+ hdb_entry_ex *entry_ex;
+};
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index ad74e10227..28d8da9d9f 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -43,9 +43,9 @@
/* Disgusting hack to get a mem_ctx and lp_ctx into the hdb plugin, when
* used as a keytab */
-TALLOC_CTX *kdc_mem_ctx;
-struct tevent_context *kdc_ev_ctx;
-struct loadparm_context *kdc_lp_ctx;
+TALLOC_CTX *hdb_samba4_mem_ctx;
+struct tevent_context *hdb_samba4_ev_ctx;
+struct loadparm_context *hdb_samba4_lp_ctx;
/* hold all the info needed to send a reply */
struct kdc_reply {
@@ -659,14 +659,6 @@ static NTSTATUS kdc_check_generic_kerberos(struct irpc_message *msg,
}
-static struct hdb_method hdb_samba4 = {
- .interface_version = HDB_INTERFACE_VERSION,
- .prefix = "samba4", /* Only used in the hdb-backed keytab code
- * for a keytab of 'samba4:', to find
- * kpasswd's key in the main DB */
- .create = hdb_samba4_create
-};
-
/*
startup the kdc task
*/
@@ -733,16 +725,20 @@ static void kdc_task_init(struct task_server *task)
}
kdc->config->num_db = 1;
- status = kdc_hdb_samba4_create(kdc, task->event_ctx, task->lp_ctx,
- kdc->smb_krb5_context->krb5_context,
- &kdc->config->db[0], NULL);
+ status = hdb_samba4_create_kdc(kdc, task->event_ctx, task->lp_ctx,
+ kdc->smb_krb5_context->krb5_context,
+ &kdc->config->db[0]);
if (!NT_STATUS_IS_OK(status)) {
task_server_terminate(task, "kdc: hdb_ldb_create (setup KDC database) failed");
return;
}
-
/* Register hdb-samba4 hooks */
+
+ hdb_samba4_mem_ctx = kdc->smb_krb5_context;
+ hdb_samba4_ev_ctx = task->event_ctx;
+ hdb_samba4_lp_ctx = task->lp_ctx;
+
ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context,
PLUGIN_TYPE_DATA, "hdb",
&hdb_samba4);
@@ -768,10 +764,6 @@ static void kdc_task_init(struct task_server *task)
krb5_kdc_windc_init(kdc->smb_krb5_context->krb5_context);
- kdc_mem_ctx = kdc->smb_krb5_context;
- kdc_ev_ctx = task->event_ctx;
- kdc_lp_ctx = task->lp_ctx;
-
/* start listening on the configured network interfaces */
status = kdc_startup_interfaces(kdc, task->lp_ctx, ifaces);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/kdc/kdc.h b/source4/kdc/kdc.h
index d37a32ebbf..a2bf412f2a 100644
--- a/source4/kdc/kdc.h
+++ b/source4/kdc/kdc.h
@@ -26,13 +26,11 @@
#include <kdc.h>
#include <krb5/windc_plugin.h>
#include "kdc/pac_glue.h"
+#include "kdc/hdb-samba4.h"
struct kdc_server;
struct socket_address;
-extern TALLOC_CTX *kdc_mem_ctx;
-extern struct tevent_context *kdc_ev_ctx;
-extern struct loadparm_context *kdc_lp_ctx;
bool kpasswdd_process(struct kdc_server *kdc,
TALLOC_CTX *mem_ctx,
@@ -52,11 +50,3 @@ struct kdc_server {
};
-struct hdb_ldb_private {
- struct ldb_context *samdb;
- struct smb_iconv_convenience *iconv_convenience;
- struct loadparm_context *lp_ctx;
- struct ldb_message *msg;
- struct ldb_dn *realm_dn;
- hdb_entry_ex *entry_ex;
-};
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 21ae7091a6..3dcdd4d439 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -103,7 +103,7 @@ static krb5_error_code make_pac(krb5_context context,
return ret;
}
-/* Given the right private pointer from hdb_ldb, get a PAC from the attached ldb messages */
+/* Given the right private pointer from hdb_samba4, get a PAC from the attached ldb messages */
krb5_error_code samba_kdc_get_pac(void *priv,
krb5_context context,
struct hdb_entry_ex *client,
@@ -112,7 +112,7 @@ krb5_error_code samba_kdc_get_pac(void *priv,
krb5_error_code ret;
NTSTATUS nt_status;
struct auth_serversupplied_info *server_info;
- struct hdb_ldb_private *p = talloc_get_type(client->ctx, struct hdb_ldb_private);
+ struct hdb_samba4_private *p = talloc_get_type(client->ctx, struct hdb_samba4_private);
TALLOC_CTX *mem_ctx = talloc_named(p, 0, "samba_get_pac context");
unsigned int userAccountControl;
@@ -158,7 +158,7 @@ krb5_error_code samba_kdc_reget_pac(void *priv, krb5_context context,
unsigned int userAccountControl;
- struct hdb_ldb_private *p = talloc_get_type(server->ctx, struct hdb_ldb_private);
+ struct hdb_samba4_private *p = talloc_get_type(server->ctx, struct hdb_samba4_private);
struct auth_serversupplied_info *server_info_out;
@@ -241,14 +241,14 @@ krb5_error_code samba_kdc_check_client_access(void *priv,
krb5_error_code ret;
NTSTATUS nt_status;
TALLOC_CTX *tmp_ctx;
- struct hdb_ldb_private *p;
+ struct hdb_samba4_private *p;
char *workstation = NULL;
HostAddresses *addresses = req->req_body.addresses;
int i;
bool password_change;
tmp_ctx = talloc_new(client_ex->ctx);
- p = talloc_get_type(client_ex->ctx, struct hdb_ldb_private);
+ p = talloc_get_type(client_ex->ctx, struct hdb_samba4_private);
if (!tmp_ctx) {
return ENOMEM;