diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-06-08 19:06:16 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-06-12 07:45:48 +1000 |
commit | 9b261c008a395a323e0516f4cd3f3134aa050577 (patch) | |
tree | 91cf543ba7ccd560313bea52fa8678f0456e8485 /source4/kdc | |
parent | 5cef57ff7d899773a084d23838b7f18a83f6e79d (diff) | |
download | samba-9b261c008a395a323e0516f4cd3f3134aa050577.tar.gz samba-9b261c008a395a323e0516f4cd3f3134aa050577.tar.bz2 samba-9b261c008a395a323e0516f4cd3f3134aa050577.zip |
s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba)
Also including the supporting changes required to pass make test
A number of heimdal functions and constants have changed since we last
imported a tree (for the better, but inconvenient for us).
Andrew Bartlett
Diffstat (limited to 'source4/kdc')
-rw-r--r-- | source4/kdc/hdb-samba4.c | 111 | ||||
-rw-r--r-- | source4/kdc/kdc.c | 6 |
2 files changed, 56 insertions, 61 deletions
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 28a82bcf61..c0fa5132d1 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -282,23 +282,23 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context, ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, iconv_convenience, &_pkb, (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - krb5_set_error_string(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); - krb5_warnx(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); ret = EINVAL; + krb5_set_error_message(context, ret, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); + krb5_warnx(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); goto out; } if (newer_keys && _pkb.version != 4) { - krb5_set_error_string(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4"); - krb5_warnx(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4"); ret = EINVAL; + krb5_set_error_message(context, ret, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4"); + krb5_warnx(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4"); goto out; } if (!newer_keys && _pkb.version != 3) { - krb5_set_error_string(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3"); - krb5_warnx(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3"); ret = EINVAL; + krb5_set_error_message(context, ret, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3"); + krb5_warnx(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3"); goto out; } @@ -510,8 +510,8 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, computer_val.length = strlen((const char *)computer_val.data); if (!samAccountName) { - krb5_set_error_string(context, "LDB_message2entry: no samAccountName present"); ret = ENOENT; + krb5_set_error_message(context, ret, "LDB_message2entry: no samAccountName present"); goto out; } @@ -524,8 +524,8 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, memset(entry_ex, 0, sizeof(*entry_ex)); if (!realm) { - krb5_set_error_string(context, "talloc_strdup: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "talloc_strdup: out of memory"); goto out; } @@ -556,10 +556,9 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, if (ent_type == HDB_SAMBA4_ENT_TYPE_ANY && principal == NULL) { krb5_make_principal(context, &entry_ex->entry.principal, realm, samAccountName, NULL); } else { - char *strdup_realm; ret = copy_Principal(principal, entry_ex->entry.principal); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } @@ -570,14 +569,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, * we determine from our records */ /* this has to be with malloc() */ - strdup_realm = strdup(realm); - if (!strdup_realm) { - ret = ENOMEM; - krb5_clear_error_string(context); - goto out; - } - free(*krb5_princ_realm(context, entry_ex->entry.principal)); - krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm); + krb5_principal_set_realm(context, entry_ex->entry.principal, realm); } /* First try and figure out the flags based on the userAccountControl */ @@ -608,8 +600,8 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, entry_ex->entry.modified_by = (Event *) malloc(sizeof(Event)); if (entry_ex->entry.modified_by == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -695,14 +687,14 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); if (entry_ex->entry.etypes == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } entry_ex->entry.etypes->len = entry_ex->entry.keys.len; entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int)); if (entry_ex->entry.etypes->val == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } @@ -739,7 +731,6 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, const char *dnsdomain; char *realm; - char *strdup_realm; DATA_BLOB password_utf16; struct samr_Password password_hash; const struct ldb_val *password_val; @@ -849,7 +840,7 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, ret = copy_Principal(principal, entry_ex->entry.principal); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } @@ -859,16 +850,7 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, * replace the client principal's realm with the one * we determine from our records */ - /* this has to be with malloc() */ - strdup_realm = strdup(realm); - if (!strdup_realm) { - ret = ENOMEM; - krb5_clear_error_string(context); - goto out; - } - free(*krb5_princ_realm(context, entry_ex->entry.principal)); - krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm); - + krb5_principal_set_realm(context, entry_ex->entry.principal, realm); entry_ex->entry.flags = int2HDBFlags(0); entry_ex->entry.flags.immutable = 1; entry_ex->entry.flags.invalid = 0; @@ -885,14 +867,14 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); if (entry_ex->entry.etypes == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } entry_ex->entry.etypes->len = entry_ex->entry.keys.len; entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int)); if (entry_ex->entry.etypes->val == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } @@ -933,7 +915,7 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con ret = krb5_unparse_name_flags(context, principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &short_princ); if (ret != 0) { - krb5_set_error_string(context, "LDB_lookup_principal: could not parse principal"); + krb5_set_error_message(context, ret, "LDB_lookup_principal: could not parse principal"); krb5_warnx(context, "LDB_lookup_principal: could not parse principal"); return ret; } @@ -941,8 +923,9 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con short_princ_talloc = talloc_strdup(mem_ctx, short_princ); free(short_princ); if (!short_princ_talloc) { - krb5_set_error_string(context, "LDB_lookup_principal: talloc_strdup() failed!"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, "LDB_lookup_principal: talloc_strdup() failed!"); + return ret; } switch (ent_type) { @@ -962,8 +945,9 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con } if (!filter) { - krb5_set_error_string(context, "talloc_asprintf: out of memory"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, "talloc_asprintf: out of memory"); + return ret; } lret = gendb_search_single_extended_dn(ldb_ctx, mem_ctx, @@ -988,6 +972,7 @@ static krb5_error_code LDB_lookup_trust(krb5_context context, struct ldb_context struct ldb_message **pmsg) { int lret; + krb5_error_code ret; char *filter = NULL; const char * const *attrs = trust_attrs; @@ -995,8 +980,9 @@ static krb5_error_code LDB_lookup_trust(krb5_context context, struct ldb_context filter = talloc_asprintf(mem_ctx, "(&(objectClass=trustedDomain)(|(flatname=%s)(trustPartner=%s)))", realm, realm); if (!filter) { - krb5_set_error_string(context, "talloc_asprintf: out of memory"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, "talloc_asprintf: out of memory"); + return ret; } lret = ldb_search(ldb_ctx, mem_ctx, &res, @@ -1019,9 +1005,10 @@ static krb5_error_code LDB_lookup_trust(krb5_context context, struct ldb_context static krb5_error_code LDB_open(krb5_context context, HDB *db, int flags, mode_t mode) { if (db->hdb_master_key_set) { + krb5_error_code ret = HDB_ERR_NOENTRY; krb5_warnx(context, "LDB_open: use of a master key incompatible with LDB\n"); - krb5_set_error_string(context, "LDB_open: use of a master key incompatible with LDB\n"); - return HDB_ERR_NOENTRY; + krb5_set_error_message(context, ret, "LDB_open: use of a master key incompatible with LDB\n"); + return ret; } return 0; @@ -1112,8 +1099,9 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db, char *realm_fixed = strupper_talloc(mem_ctx, lp_realm(lp_ctx)); if (!realm_fixed) { - krb5_set_error_string(context, "strupper_talloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, "strupper_talloc: out of memory"); + return ret; } ret = krb5_copy_principal(context, principal, &alloc_principal); @@ -1125,8 +1113,9 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db, alloc_principal->name.name_string.val[1] = strdup(realm_fixed); talloc_free(realm_fixed); if (!alloc_principal->name.name_string.val[1]) { - krb5_set_error_string(context, "LDB_fetch: strdup() failed!"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, "LDB_fetch: strdup() failed!"); + return ret; } principal = alloc_principal; @@ -1136,7 +1125,7 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db, if (ret != 0) { krb5_warnx(context, "LDB_fetch: could not find principal in DB"); - krb5_set_error_string(context, "LDB_fetch: could not find principal in DB"); + krb5_set_error_message(context, ret, "LDB_fetch: could not find principal in DB"); return ret; } @@ -1173,7 +1162,7 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db, if (ret != 0) { krb5_warnx(context, "LDB_fetch: could not find principal in DB"); - krb5_set_error_string(context, "LDB_fetch: could not find principal in DB"); + krb5_set_error_message(context, ret, "LDB_fetch: could not find principal in DB"); return ret; } @@ -1273,8 +1262,9 @@ static krb5_error_code LDB_fetch(krb5_context context, HDB *db, TALLOC_CTX *mem_ctx = talloc_named(db, 0, "LDB_fetch context"); if (!mem_ctx) { - krb5_set_error_string(context, "LDB_fetch: talloc_named() failed!"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, "LDB_fetch: talloc_named() failed!"); + return ret; } if (flags & HDB_F_GET_CLIENT) { @@ -1333,8 +1323,9 @@ static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hd mem_ctx = talloc_named(priv, 0, "LDB_seq context"); if (!mem_ctx) { - krb5_set_error_string(context, "LDB_seq: talloc_named() failed!"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, "LDB_seq: talloc_named() failed!"); + return ret; } if (priv->index < priv->count) { @@ -1373,8 +1364,9 @@ static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flag priv = (struct hdb_ldb_seq *) talloc(db, struct hdb_ldb_seq); if (!priv) { - krb5_set_error_string(context, "talloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, "talloc: out of memory"); + return ret; } priv->ctx = ldb_ctx; @@ -1386,8 +1378,9 @@ static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flag mem_ctx = talloc_named(priv, 0, "LDB_firstkey context"); if (!mem_ctx) { - krb5_set_error_string(context, "LDB_firstkey: talloc_named() failed!"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, "LDB_firstkey: talloc_named() failed!"); + return ret; } ret = krb5_get_default_realm(context, &realm); @@ -1448,7 +1441,7 @@ NTSTATUS kdc_hdb_samba4_create(TALLOC_CTX *mem_ctx, struct auth_session_info *session_info; *db = talloc(mem_ctx, HDB); if (!*db) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return NT_STATUS_NO_MEMORY; } diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 3d11441062..ad74e10227 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -661,7 +661,9 @@ static NTSTATUS kdc_check_generic_kerberos(struct irpc_message *msg, static struct hdb_method hdb_samba4 = { .interface_version = HDB_INTERFACE_VERSION, - .prefix = "samba4:", + .prefix = "samba4", /* Only used in the hdb-backed keytab code + * for a keytab of 'samba4:', to find + * kpasswd's key in the main DB */ .create = hdb_samba4_create }; @@ -722,7 +724,7 @@ static void kdc_task_init(struct task_server *task) task_server_terminate(task, "kdc: failed to get KDC configuration"); return; } - + kdc->config->logf = kdc->smb_krb5_context->logf; kdc->config->db = talloc(kdc, struct HDB *); if (!kdc->config->db) { |