diff options
| -rw-r--r-- | source4/kdc/hdb-samba4-plugin.c | 84 | ||||
| -rw-r--r-- | source4/kdc/hdb-samba4.c | 32 | ||||
| -rw-r--r-- | source4/kdc/kdc.c | 3 | ||||
| -rw-r--r-- | source4/kdc/samba_kdc.h | 2 | ||||
| -rw-r--r-- | source4/kdc/wscript_build | 22 | ||||
| -rw-r--r-- | source4/libnet/libnet_export_keytab.c | 4 |
6 files changed, 104 insertions, 43 deletions
diff --git a/source4/kdc/hdb-samba4-plugin.c b/source4/kdc/hdb-samba4-plugin.c new file mode 100644 index 0000000000..568386d29a --- /dev/null +++ b/source4/kdc/hdb-samba4-plugin.c @@ -0,0 +1,84 @@ +/* + Unix SMB/CIFS implementation. + + KDC Server startup + + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-20011 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "kdc/kdc-glue.h" +#include "kdc/db-glue.h" +#include "lib/util/samba_util.h" +#include "lib/param/param.h" +#include "source4/lib/events/events.h" + +static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg) +{ + NTSTATUS nt_status; + void *ptr; + struct samba_kdc_base_context *base_ctx; + + if (sscanf(arg, "&%p", &ptr) == 1) { + base_ctx = talloc_get_type_abort(ptr, struct samba_kdc_base_context); + } else if (arg[0] == '\0' || file_exist(arg)) { + /* This mode for use in kadmin, rather than in Samba */ + + setup_logging("hdb_samba4", DEBUG_DEFAULT_STDERR); + + base_ctx = talloc_zero(NULL, struct samba_kdc_base_context); + if (!base_ctx) { + return ENOMEM; + } + + base_ctx->ev_ctx = s4_event_context_init(base_ctx); + base_ctx->lp_ctx = loadparm_init_global(false); + if (arg[0]) { + lpcfg_load(base_ctx->lp_ctx, arg); + } else { + lpcfg_load_default(base_ctx->lp_ctx); + } + } else { + return EINVAL; + } + + /* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */ + nt_status = hdb_samba4_create_kdc(base_ctx, context, db); + + if (NT_STATUS_IS_OK(nt_status)) { + return 0; + } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) { + + krb5_set_error_message(context, EINVAL, "Failed to open Samba4 LDB at %s", lpcfg_private_path(base_ctx, base_ctx->lp_ctx, "sam.ldb")); + } else { + krb5_set_error_message(context, EINVAL, "Failed to connect to Samba4 DB: %s (%s)", get_friendly_nt_error_msg(nt_status), nt_errstr(nt_status)); + } + + return EINVAL; +} + +/* Only used in the hdb-backed keytab code + * for a keytab of 'samba4&<address>' or samba4, to find + * kpasswd's key in the main DB, and to + * copy all the keys into a file (libnet_keytab_export) + * + * The <address> is the string form of a pointer to a talloced struct hdb_samba_context + */ +struct hdb_method hdb_samba4_interface = { + .interface_version = HDB_INTERFACE_VERSION, + .prefix = "samba4", + .create = hdb_samba4_create +}; diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index f82712e2b2..6a9e5587bf 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -218,35 +218,3 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx, return NT_STATUS_OK; } - -static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg) -{ - NTSTATUS nt_status; - void *ptr; - struct samba_kdc_base_context *base_ctx; - - if (sscanf(arg, "&%p", &ptr) != 1) { - return EINVAL; - } - base_ctx = talloc_get_type_abort(ptr, struct samba_kdc_base_context); - /* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */ - nt_status = hdb_samba4_create_kdc(base_ctx, context, db); - - if (NT_STATUS_IS_OK(nt_status)) { - return 0; - } - return EINVAL; -} - -/* Only used in the hdb-backed keytab code - * for a keytab of 'samba4&<address>', to find - * kpasswd's key in the main DB, and to - * copy all the keys into a file (libnet_keytab_export) - * - * The <address> is the string form of a pointer to a talloced struct hdb_samba_context - */ -struct hdb_method hdb_samba4 = { - .interface_version = HDB_INTERFACE_VERSION, - .prefix = "samba4", - .create = hdb_samba4_create -}; diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 4e1e27c42b..9679144237 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -38,7 +38,6 @@ NTSTATUS server_service_kdc_init(void); extern struct krb5plugin_windc_ftable windc_plugin_table; -extern struct hdb_method hdb_samba4; static NTSTATUS kdc_proxy_unavailable_error(struct kdc_server *kdc, TALLOC_CTX *mem_ctx, @@ -1006,7 +1005,7 @@ static void kdc_task_init(struct task_server *task) ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context, PLUGIN_TYPE_DATA, "hdb", - &hdb_samba4); + &hdb_samba4_interface); if(ret) { task_server_terminate(task, "kdc: failed to register hdb plugin", true); return; diff --git a/source4/kdc/samba_kdc.h b/source4/kdc/samba_kdc.h index 3852955e45..1c3bb1687b 100644 --- a/source4/kdc/samba_kdc.h +++ b/source4/kdc/samba_kdc.h @@ -49,4 +49,6 @@ struct samba_kdc_entry { hdb_entry_ex *entry_ex; }; +extern struct hdb_method hdb_samba4_interface; + #endif /* _SAMBA_KDC_H_ */ diff --git a/source4/kdc/wscript_build b/source4/kdc/wscript_build index aec1cb28d9..6a6e4f2114 100644 --- a/source4/kdc/wscript_build +++ b/source4/kdc/wscript_build @@ -9,12 +9,22 @@ bld.SAMBA_MODULE('service_kdc', ) -bld.SAMBA_SUBSYSTEM('HDB_SAMBA4', - source='hdb-samba4.c', - deps='ldb auth4_sam auth_sam_reply samba-credentials hdb db-glue samba-hostconfig com_err', - includes='../heimdal/kdc', - ) - +bld.SAMBA_LIBRARY('HDB_SAMBA4', + source='hdb-samba4.c hdb-samba4-plugin.c', + deps='ldb auth4_sam auth_sam_reply samba-credentials hdb db-glue samba-hostconfig com_err', + includes='../heimdal/kdc', + private_library=True + ) + +# A plugin for Heimdal's kadmin for users who need to operate that tool +bld.SAMBA_LIBRARY('HDB_SAMBA4_PLUGIN', + source='hdb-samba4-plugin.c', + deps='hdb HDB_SAMBA4 samba-util samba-hostconfig ', + includes='../heimdal/kdc', + link_name='modules/hdb/hdb_samba4.so', + realname='hdb_samba4.so', + install_path='${MODULESDIR}/hdb', + ) bld.SAMBA_SUBSYSTEM('WDC_SAMBA4', source='wdc-samba4.c', diff --git a/source4/libnet/libnet_export_keytab.c b/source4/libnet/libnet_export_keytab.c index 2dae370b1a..593f5fd5d9 100644 --- a/source4/libnet/libnet_export_keytab.c +++ b/source4/libnet/libnet_export_keytab.c @@ -5,8 +5,6 @@ #include "kdc/samba_kdc.h" #include "libnet/libnet.h" -extern struct hdb_method hdb_samba4; - NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_export_keytab *r) { krb5_error_code ret; @@ -35,7 +33,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s ret = krb5_plugin_register(smb_krb5_context->krb5_context, PLUGIN_TYPE_DATA, "hdb", - &hdb_samba4); + &hdb_samba4_interface); if(ret) { return NT_STATUS_NO_MEMORY; } |