summaryrefslogtreecommitdiff
path: root/source4/kdc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/kdc')
-rw-r--r--source4/kdc/config.mk3
-rw-r--r--source4/kdc/hdb-ldb.c10
-rw-r--r--source4/kdc/kdc.c4
-rw-r--r--source4/kdc/kdc.h4
-rw-r--r--source4/kdc/pac-glue.c79
5 files changed, 93 insertions, 7 deletions
diff --git a/source4/kdc/config.mk b/source4/kdc/config.mk
index b1de650faa..ce655dea82 100644
--- a/source4/kdc/config.mk
+++ b/source4/kdc/config.mk
@@ -5,8 +5,9 @@
[SUBSYSTEM::KDC]
INIT_OBJ_FILES = \
kdc/kdc.o \
+ kdc/pac-glue.o \
kdc/hdb-ldb.o
REQUIRED_SUBSYSTEMS = \
- LIBLDB KERBEROS_LIB
+ LIBLDB KERBEROS_LIB HEIMDAL_KDC HEIMDAL_HDB
# End SUBSYSTEM KDC
#######################
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 231d7db436..0875803be0 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -40,7 +40,8 @@
#include "system/iconv.h"
enum hdb_ldb_ent_type
-{ HDB_LDB_ENT_TYPE_CLIENT, HDB_LDB_ENT_TYPE_SERVER, HDB_LDB_ENT_TYPE_KRBTGT, HDB_LDB_ENT_TYPE_ANY };
+{ HDB_LDB_ENT_TYPE_CLIENT, HDB_LDB_ENT_TYPE_SERVER,
+ HDB_LDB_ENT_TYPE_KRBTGT, HDB_LDB_ENT_TYPE_ANY };
static const char * const krb5_attrs[] = {
"objectClass",
@@ -980,9 +981,10 @@ static krb5_error_code LDB_destroy(krb5_context context, HDB *db)
return 0;
}
-krb5_error_code hdb_ldb_create(krb5_context context, struct HDB **db, const char *arg)
+krb5_error_code hdb_ldb_create(TALLOC_CTX *mem_ctx,
+ krb5_context context, struct HDB **db, const char *arg)
{
- *db = talloc(NULL, HDB);
+ *db = talloc(mem_ctx, HDB);
if (!*db) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
@@ -990,8 +992,8 @@ krb5_error_code hdb_ldb_create(krb5_context context, struct HDB **db, const char
(*db)->hdb_master_key_set = 0;
(*db)->hdb_db = NULL;
- /* in future, we could cache the connect here, but for now KISS */
+ /* Setup the link to LDB */
(*db)->hdb_db = samdb_connect(db);
if ((*db)->hdb_db == NULL) {
krb5_warnx(context, "hdb_ldb_create: samdb_connect failed!");
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 8a7e497913..a1958b54fa 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -29,6 +29,8 @@
#include "system/network.h"
#include "dlinklist.h"
+
+
/*
handle fd send events on a KDC socket
*/
@@ -276,7 +278,7 @@ static void kdc_task_init(struct task_server *task)
}
kdc->config->num_db = 1;
- ret = hdb_ldb_create(kdc->smb_krb5_context->krb5_context,
+ ret = hdb_ldb_create(kdc, kdc->smb_krb5_context->krb5_context,
&kdc->config->db[0], lp_sam_url());
if (ret != 0) {
DEBUG(1, ("kdc_task_init: hdb_ldb_create fails: %s\n",
diff --git a/source4/kdc/kdc.h b/source4/kdc/kdc.h
index 25f643eadd..d59fa3e2e7 100644
--- a/source4/kdc/kdc.h
+++ b/source4/kdc/kdc.h
@@ -24,8 +24,10 @@
#include "system/kerberos.h"
#include "auth/kerberos/kerberos.h"
#include "heimdal/kdc/kdc.h"
+#include "kdc/pac-glue.h"
-krb5_error_code hdb_ldb_create(krb5_context context, struct HDB **db, const char *arg);
+krb5_error_code hdb_ldb_create(TALLOC_CTX *mem_ctx,
+ krb5_context context, struct HDB **db, const char *arg);
/* hold all the info needed to send a reply */
struct kdc_reply {
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
new file mode 100644
index 0000000000..40d11d31e9
--- /dev/null
+++ b/source4/kdc/pac-glue.c
@@ -0,0 +1,79 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ PAC Glue between Samba and the KDC
+
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "kdc/kdc.h"
+
+ krb5_error_code samba_get_pac(krb5_context context,
+ struct krb5_kdc_configuration *config,
+ krb5_principal client,
+ krb5_keyblock *keyblock,
+ krb5_data *pac)
+{
+ krb5_error_code ret;
+ NTSTATUS nt_status;
+ struct auth_serversupplied_info *server_info;
+ char *username, *p;
+ const char *realm;
+ TALLOC_CTX *mem_ctx = talloc_named(config, 0, "samba_get_pac context");
+ if (!mem_ctx) {
+ return ENOMEM;
+ }
+
+ ret = krb5_unparse_name(context, client, &username);
+
+ if (ret != 0) {
+ krb5_set_error_string(context, "get pac: could not parse principal");
+ krb5_warnx(context, "get pac: could not parse principal");
+ talloc_free(mem_ctx);
+ return ret;
+ }
+
+ /* parse the principal name */
+ realm = krb5_principal_get_realm(context, client);
+ username = talloc_strdup(mem_ctx, username);
+ p = strchr(username, '@');
+ if (p) {
+ p[0] = '\0';
+ }
+
+
+ nt_status = sam_get_server_info(mem_ctx, username, realm,
+ data_blob(NULL, 0), data_blob(NULL, 0),
+ &server_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(0, ("Getting user info for PAC failed: %s\n",
+ nt_errstr(nt_status)));
+ talloc_free(mem_ctx);
+ return EINVAL;
+ }
+
+ ret = kerberos_encode_pac(mem_ctx, server_info,
+ context,
+ keyblock,
+ pac);
+
+ talloc_free(mem_ctx);
+
+ return ret;
+}
generated by cgit (git 2.34.1) at 2024-07-13 09:29:56 +0000