diff options
Diffstat (limited to 'source4/kdc')
-rw-r--r-- | source4/kdc/hdb-samba4.c | 32 | ||||
-rw-r--r-- | source4/kdc/hdb-samba4.h | 8 | ||||
-rw-r--r-- | source4/kdc/pac-glue.c | 12 | ||||
-rw-r--r-- | source4/kdc/wdc-samba4.c | 10 |
4 files changed, 30 insertions, 32 deletions
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 33575bd8ea..856c330d80 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -181,7 +181,7 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h return flags; } -static int hdb_samba4_destructor(struct hdb_samba4_private *p) +static int samba_kdc_entry_destructor(struct samba_kdc_entry *p) { hdb_entry_ex *entry_ex = p->entry_ex; free_hdb_entry(&entry_ex->entry); @@ -505,7 +505,7 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context, krb5_boolean is_computer = FALSE; char *realm = strupper_talloc(mem_ctx, lp_realm(lp_ctx)); - struct hdb_samba4_private *p; + struct samba_kdc_entry *p; NTTIME acct_expiry; NTSTATUS status; @@ -536,22 +536,21 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context, goto out; } - p = talloc(mem_ctx, struct hdb_samba4_private); + p = talloc(mem_ctx, struct samba_kdc_entry); if (!p) { ret = ENOMEM; goto out; } + p->kdc_db_ctx = kdc_db_ctx; p->entry_ex = entry_ex; - p->iconv_convenience = lp_iconv_convenience(lp_ctx); - p->lp_ctx = lp_ctx; p->realm_dn = talloc_reference(p, realm_dn); if (!p->realm_dn) { ret = ENOMEM; goto out; } - talloc_set_destructor(p, hdb_samba4_destructor); + talloc_set_destructor(p, samba_kdc_entry_destructor); entry_ex->ctx = p; entry_ex->free_entry = hdb_samba4_free_entry; @@ -697,7 +696,8 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context, entry_ex->entry.generation = NULL; /* Get keys from the db */ - ret = hdb_samba4_message2entry_keys(context, p->iconv_convenience, p, msg, userAccountControl, entry_ex); + ret = hdb_samba4_message2entry_keys(context, p->kdc_db_ctx->ic_ctx, p, + msg, userAccountControl, entry_ex); if (ret) { /* Could be bougus data in the entry, or out of memory */ goto out; @@ -722,7 +722,6 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context, p->msg = talloc_steal(p, msg); - p->samdb = kdc_db_ctx->samdb; out: if (ret != 0) { @@ -754,23 +753,22 @@ static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context, struct samr_Password password_hash; const struct ldb_val *password_val; struct trustAuthInOutBlob password_blob; - struct hdb_samba4_private *p; + struct samba_kdc_entry *p; enum ndr_err_code ndr_err; int i, ret, trust_direction_flags; - p = talloc(mem_ctx, struct hdb_samba4_private); + p = talloc(mem_ctx, struct samba_kdc_entry); if (!p) { ret = ENOMEM; goto out; } + p->kdc_db_ctx = kdc_db_ctx; p->entry_ex = entry_ex; - p->iconv_convenience = lp_iconv_convenience(lp_ctx); - p->lp_ctx = lp_ctx; p->realm_dn = realm_dn; - talloc_set_destructor(p, hdb_samba4_destructor); + talloc_set_destructor(p, samba_kdc_entry_destructor); entry_ex->ctx = p; entry_ex->free_entry = hdb_samba4_free_entry; @@ -799,7 +797,7 @@ static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context, goto out; } - ndr_err = ndr_pull_struct_blob(password_val, mem_ctx, p->iconv_convenience, &password_blob, + ndr_err = ndr_pull_struct_blob(password_val, mem_ctx, p->kdc_db_ctx->ic_ctx, &password_blob, (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { ret = EINVAL; @@ -903,7 +901,6 @@ static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context, p->msg = talloc_steal(p, msg); - p->samdb = kdc_db_ctx->samdb; out: if (ret != 0) { @@ -1474,7 +1471,7 @@ hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db, struct ldb_message *msg; struct dom_sid *orig_sid; struct dom_sid *target_sid; - struct hdb_samba4_private *p = talloc_get_type(entry->ctx, struct hdb_samba4_private); + struct samba_kdc_entry *p = talloc_get_type(entry->ctx, struct samba_kdc_entry); const char *delegation_check_attrs[] = { "objectSid", NULL }; @@ -1547,7 +1544,7 @@ hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db, struct ldb_message *msg; struct dom_sid *orig_sid; struct dom_sid *target_sid; - struct hdb_samba4_private *p = talloc_get_type(entry->ctx, struct hdb_samba4_private); + struct samba_kdc_entry *p = talloc_get_type(entry->ctx, struct samba_kdc_entry); const char *ms_upn_check_attrs[] = { "objectSid", NULL }; @@ -1641,6 +1638,7 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx, } kdc_db_ctx->ev_ctx = base_ctx->ev_ctx; kdc_db_ctx->lp_ctx = base_ctx->lp_ctx; + kdc_db_ctx->ic_ctx = lp_iconv_convenience(base_ctx->lp_ctx); /* Setup the link to LDB */ kdc_db_ctx->samdb = samdb_connect(kdc_db_ctx, base_ctx->ev_ctx, diff --git a/source4/kdc/hdb-samba4.h b/source4/kdc/hdb-samba4.h index 3fa63ee542..1b94f62292 100644 --- a/source4/kdc/hdb-samba4.h +++ b/source4/kdc/hdb-samba4.h @@ -5,6 +5,7 @@ Copyright (C) Andrew Tridgell 2005 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005 + Copyright (C) Simo Sorce <idra@samba.org> 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -30,15 +31,14 @@ struct samba_kdc_seq; struct samba_kdc_db_context { struct tevent_context *ev_ctx; struct loadparm_context *lp_ctx; + struct smb_iconv_convenience *ic_ctx; struct ldb_context *samdb; }; extern struct hdb_method hdb_samba4; -struct hdb_samba4_private { - struct ldb_context *samdb; - struct smb_iconv_convenience *iconv_convenience; - struct loadparm_context *lp_ctx; +struct samba_kdc_entry { + struct samba_kdc_db_context *kdc_db_ctx; struct ldb_message *msg; struct ldb_dn *realm_dn; hdb_entry_ex *entry_ex; diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 3c6b10e7af..85121d40ef 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -101,7 +101,7 @@ krb5_error_code samba_make_krb5_pac(krb5_context context, bool samba_princ_needs_pac(struct hdb_entry_ex *princ) { - struct hdb_samba4_private *p = talloc_get_type(princ->ctx, struct hdb_samba4_private); + struct samba_kdc_entry *p = talloc_get_type(princ->ctx, struct samba_kdc_entry); unsigned int userAccountControl; @@ -118,7 +118,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx, struct hdb_entry_ex *client, DATA_BLOB **_pac_blob) { - struct hdb_samba4_private *p = talloc_get_type(client->ctx, struct hdb_samba4_private); + struct samba_kdc_entry *p = talloc_get_type(client->ctx, struct samba_kdc_entry); struct auth_serversupplied_info *server_info; DATA_BLOB *pac_blob; NTSTATUS nt_status; @@ -134,9 +134,9 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - nt_status = authsam_make_server_info(mem_ctx, p->samdb, - lp_netbios_name(p->lp_ctx), - lp_sam_name(p->lp_ctx), + nt_status = authsam_make_server_info(mem_ctx, p->kdc_db_ctx->samdb, + lp_netbios_name(p->kdc_db_ctx->lp_ctx), + lp_sam_name(p->kdc_db_ctx->lp_ctx), p->realm_dn, p->msg, data_blob(NULL, 0), @@ -149,7 +149,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx, } nt_status = samba_get_logon_info_pac_blob(mem_ctx, - p->iconv_convenience, + p->kdc_db_ctx->ic_ctx, server_info, pac_blob); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Building PAC failed: %s\n", diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c index 2ff266e4f4..a58d0c2d66 100644 --- a/source4/kdc/wdc-samba4.c +++ b/source4/kdc/wdc-samba4.c @@ -62,7 +62,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context, struct hdb_entry_ex *client, struct hdb_entry_ex *server, krb5_pac *pac) { - struct hdb_samba4_private *p = talloc_get_type(server->ctx, struct hdb_samba4_private); + struct samba_kdc_entry *p = talloc_get_type(server->ctx, struct samba_kdc_entry); TALLOC_CTX *mem_ctx = talloc_named(p, 0, "samba_kdc_reget_pac context"); DATA_BLOB *pac_blob; krb5_error_code ret; @@ -85,7 +85,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context, } nt_status = samba_kdc_update_pac_blob(mem_ctx, context, - p->iconv_convenience, + p->kdc_db_ctx->ic_ctx, pac, pac_blob); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Building PAC failed: %s\n", @@ -116,14 +116,14 @@ static krb5_error_code samba_wdc_check_client_access(void *priv, krb5_error_code ret; NTSTATUS nt_status; TALLOC_CTX *tmp_ctx; - struct hdb_samba4_private *p; + struct samba_kdc_entry *p; char *workstation = NULL; HostAddresses *addresses = req->req_body.addresses; int i; bool password_change; tmp_ctx = talloc_new(client_ex->ctx); - p = talloc_get_type(client_ex->ctx, struct hdb_samba4_private); + p = talloc_get_type(client_ex->ctx, struct samba_kdc_entry); if (!tmp_ctx) { return ENOMEM; @@ -152,7 +152,7 @@ static krb5_error_code samba_wdc_check_client_access(void *priv, /* we allow all kinds of trusts here */ nt_status = authsam_account_ok(tmp_ctx, - p->samdb, + p->kdc_db_ctx->samdb, MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT, p->realm_dn, p->msg, |