summaryrefslogtreecommitdiff
path: root/source4/kdc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/kdc')
-rw-r--r--source4/kdc/hdb-samba4.c32
-rw-r--r--source4/kdc/hdb-samba4.h8
-rw-r--r--source4/kdc/pac-glue.c12
-rw-r--r--source4/kdc/wdc-samba4.c10
4 files changed, 30 insertions, 32 deletions
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 33575bd8ea..856c330d80 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -181,7 +181,7 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h
return flags;
}
-static int hdb_samba4_destructor(struct hdb_samba4_private *p)
+static int samba_kdc_entry_destructor(struct samba_kdc_entry *p)
{
hdb_entry_ex *entry_ex = p->entry_ex;
free_hdb_entry(&entry_ex->entry);
@@ -505,7 +505,7 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context,
krb5_boolean is_computer = FALSE;
char *realm = strupper_talloc(mem_ctx, lp_realm(lp_ctx));
- struct hdb_samba4_private *p;
+ struct samba_kdc_entry *p;
NTTIME acct_expiry;
NTSTATUS status;
@@ -536,22 +536,21 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context,
goto out;
}
- p = talloc(mem_ctx, struct hdb_samba4_private);
+ p = talloc(mem_ctx, struct samba_kdc_entry);
if (!p) {
ret = ENOMEM;
goto out;
}
+ p->kdc_db_ctx = kdc_db_ctx;
p->entry_ex = entry_ex;
- p->iconv_convenience = lp_iconv_convenience(lp_ctx);
- p->lp_ctx = lp_ctx;
p->realm_dn = talloc_reference(p, realm_dn);
if (!p->realm_dn) {
ret = ENOMEM;
goto out;
}
- talloc_set_destructor(p, hdb_samba4_destructor);
+ talloc_set_destructor(p, samba_kdc_entry_destructor);
entry_ex->ctx = p;
entry_ex->free_entry = hdb_samba4_free_entry;
@@ -697,7 +696,8 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context,
entry_ex->entry.generation = NULL;
/* Get keys from the db */
- ret = hdb_samba4_message2entry_keys(context, p->iconv_convenience, p, msg, userAccountControl, entry_ex);
+ ret = hdb_samba4_message2entry_keys(context, p->kdc_db_ctx->ic_ctx, p,
+ msg, userAccountControl, entry_ex);
if (ret) {
/* Could be bougus data in the entry, or out of memory */
goto out;
@@ -722,7 +722,6 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context,
p->msg = talloc_steal(p, msg);
- p->samdb = kdc_db_ctx->samdb;
out:
if (ret != 0) {
@@ -754,23 +753,22 @@ static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context,
struct samr_Password password_hash;
const struct ldb_val *password_val;
struct trustAuthInOutBlob password_blob;
- struct hdb_samba4_private *p;
+ struct samba_kdc_entry *p;
enum ndr_err_code ndr_err;
int i, ret, trust_direction_flags;
- p = talloc(mem_ctx, struct hdb_samba4_private);
+ p = talloc(mem_ctx, struct samba_kdc_entry);
if (!p) {
ret = ENOMEM;
goto out;
}
+ p->kdc_db_ctx = kdc_db_ctx;
p->entry_ex = entry_ex;
- p->iconv_convenience = lp_iconv_convenience(lp_ctx);
- p->lp_ctx = lp_ctx;
p->realm_dn = realm_dn;
- talloc_set_destructor(p, hdb_samba4_destructor);
+ talloc_set_destructor(p, samba_kdc_entry_destructor);
entry_ex->ctx = p;
entry_ex->free_entry = hdb_samba4_free_entry;
@@ -799,7 +797,7 @@ static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context,
goto out;
}
- ndr_err = ndr_pull_struct_blob(password_val, mem_ctx, p->iconv_convenience, &password_blob,
+ ndr_err = ndr_pull_struct_blob(password_val, mem_ctx, p->kdc_db_ctx->ic_ctx, &password_blob,
(ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
ret = EINVAL;
@@ -903,7 +901,6 @@ static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context,
p->msg = talloc_steal(p, msg);
- p->samdb = kdc_db_ctx->samdb;
out:
if (ret != 0) {
@@ -1474,7 +1471,7 @@ hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db,
struct ldb_message *msg;
struct dom_sid *orig_sid;
struct dom_sid *target_sid;
- struct hdb_samba4_private *p = talloc_get_type(entry->ctx, struct hdb_samba4_private);
+ struct samba_kdc_entry *p = talloc_get_type(entry->ctx, struct samba_kdc_entry);
const char *delegation_check_attrs[] = {
"objectSid", NULL
};
@@ -1547,7 +1544,7 @@ hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db,
struct ldb_message *msg;
struct dom_sid *orig_sid;
struct dom_sid *target_sid;
- struct hdb_samba4_private *p = talloc_get_type(entry->ctx, struct hdb_samba4_private);
+ struct samba_kdc_entry *p = talloc_get_type(entry->ctx, struct samba_kdc_entry);
const char *ms_upn_check_attrs[] = {
"objectSid", NULL
};
@@ -1641,6 +1638,7 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
}
kdc_db_ctx->ev_ctx = base_ctx->ev_ctx;
kdc_db_ctx->lp_ctx = base_ctx->lp_ctx;
+ kdc_db_ctx->ic_ctx = lp_iconv_convenience(base_ctx->lp_ctx);
/* Setup the link to LDB */
kdc_db_ctx->samdb = samdb_connect(kdc_db_ctx, base_ctx->ev_ctx,
diff --git a/source4/kdc/hdb-samba4.h b/source4/kdc/hdb-samba4.h
index 3fa63ee542..1b94f62292 100644
--- a/source4/kdc/hdb-samba4.h
+++ b/source4/kdc/hdb-samba4.h
@@ -5,6 +5,7 @@
Copyright (C) Andrew Tridgell 2005
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+ Copyright (C) Simo Sorce <idra@samba.org> 2010
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -30,15 +31,14 @@ struct samba_kdc_seq;
struct samba_kdc_db_context {
struct tevent_context *ev_ctx;
struct loadparm_context *lp_ctx;
+ struct smb_iconv_convenience *ic_ctx;
struct ldb_context *samdb;
};
extern struct hdb_method hdb_samba4;
-struct hdb_samba4_private {
- struct ldb_context *samdb;
- struct smb_iconv_convenience *iconv_convenience;
- struct loadparm_context *lp_ctx;
+struct samba_kdc_entry {
+ struct samba_kdc_db_context *kdc_db_ctx;
struct ldb_message *msg;
struct ldb_dn *realm_dn;
hdb_entry_ex *entry_ex;
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 3c6b10e7af..85121d40ef 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -101,7 +101,7 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
bool samba_princ_needs_pac(struct hdb_entry_ex *princ)
{
- struct hdb_samba4_private *p = talloc_get_type(princ->ctx, struct hdb_samba4_private);
+ struct samba_kdc_entry *p = talloc_get_type(princ->ctx, struct samba_kdc_entry);
unsigned int userAccountControl;
@@ -118,7 +118,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
struct hdb_entry_ex *client,
DATA_BLOB **_pac_blob)
{
- struct hdb_samba4_private *p = talloc_get_type(client->ctx, struct hdb_samba4_private);
+ struct samba_kdc_entry *p = talloc_get_type(client->ctx, struct samba_kdc_entry);
struct auth_serversupplied_info *server_info;
DATA_BLOB *pac_blob;
NTSTATUS nt_status;
@@ -134,9 +134,9 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- nt_status = authsam_make_server_info(mem_ctx, p->samdb,
- lp_netbios_name(p->lp_ctx),
- lp_sam_name(p->lp_ctx),
+ nt_status = authsam_make_server_info(mem_ctx, p->kdc_db_ctx->samdb,
+ lp_netbios_name(p->kdc_db_ctx->lp_ctx),
+ lp_sam_name(p->kdc_db_ctx->lp_ctx),
p->realm_dn,
p->msg,
data_blob(NULL, 0),
@@ -149,7 +149,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
}
nt_status = samba_get_logon_info_pac_blob(mem_ctx,
- p->iconv_convenience,
+ p->kdc_db_ctx->ic_ctx,
server_info, pac_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Building PAC failed: %s\n",
diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
index 2ff266e4f4..a58d0c2d66 100644
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -62,7 +62,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context,
struct hdb_entry_ex *client,
struct hdb_entry_ex *server, krb5_pac *pac)
{
- struct hdb_samba4_private *p = talloc_get_type(server->ctx, struct hdb_samba4_private);
+ struct samba_kdc_entry *p = talloc_get_type(server->ctx, struct samba_kdc_entry);
TALLOC_CTX *mem_ctx = talloc_named(p, 0, "samba_kdc_reget_pac context");
DATA_BLOB *pac_blob;
krb5_error_code ret;
@@ -85,7 +85,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context,
}
nt_status = samba_kdc_update_pac_blob(mem_ctx, context,
- p->iconv_convenience,
+ p->kdc_db_ctx->ic_ctx,
pac, pac_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Building PAC failed: %s\n",
@@ -116,14 +116,14 @@ static krb5_error_code samba_wdc_check_client_access(void *priv,
krb5_error_code ret;
NTSTATUS nt_status;
TALLOC_CTX *tmp_ctx;
- struct hdb_samba4_private *p;
+ struct samba_kdc_entry *p;
char *workstation = NULL;
HostAddresses *addresses = req->req_body.addresses;
int i;
bool password_change;
tmp_ctx = talloc_new(client_ex->ctx);
- p = talloc_get_type(client_ex->ctx, struct hdb_samba4_private);
+ p = talloc_get_type(client_ex->ctx, struct samba_kdc_entry);
if (!tmp_ctx) {
return ENOMEM;
@@ -152,7 +152,7 @@ static krb5_error_code samba_wdc_check_client_access(void *priv,
/* we allow all kinds of trusts here */
nt_status = authsam_account_ok(tmp_ctx,
- p->samdb,
+ p->kdc_db_ctx->samdb,
MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT,
p->realm_dn,
p->msg,