From 1d92b2211cc507dd62526f564ec7f75a07110e00 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 22 Sep 2008 18:15:24 +0200 Subject: s4: allways initialize the process model before it's used metze --- source4/kdc/kdc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/kdc/kdc.c') diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index b7009b030f..307c39a43c 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -484,7 +484,7 @@ static NTSTATUS kdc_add_socket(struct kdc_server *kdc, const char *address, /* within the kdc task we want to be a single process, so ask for the single process model ops and pass these to the stream_setup_socket() call. */ - model_ops = process_model_byname("single"); + model_ops = process_model_startup(kdc->task->event_ctx, "single"); if (!model_ops) { DEBUG(0,("Can't find 'single' process model_ops\n")); talloc_free(kdc_socket); -- cgit From cebd9a9013a76073c3035b74175d228116fc7e48 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 22 Sep 2008 14:23:22 -0700 Subject: This torture test and skipping of the server-side check was bogus. The IDL is declared to force the MessageType to 3 on output, so we instead checked the same thing 255 times... Andrew Bartlett --- source4/kdc/kdc.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source4/kdc/kdc.c') diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 307c39a43c..030eb23c10 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -584,13 +584,11 @@ static NTSTATUS kdc_check_generic_kerberos(struct irpc_message *msg, return NT_STATUS_INVALID_PARAMETER; } -#if 0 - /* Windows does not check this */ if (pac_validate.MessageType != 3) { /* We don't implement any other message types - such as certificate validation - yet */ return NT_STATUS_INVALID_PARAMETER; } -#endif + if (pac_validate.ChecksumAndSignature.length != (pac_validate.ChecksumLength + pac_validate.SignatureLength) || pac_validate.ChecksumAndSignature.length < pac_validate.ChecksumLength || pac_validate.ChecksumAndSignature.length < pac_validate.SignatureLength ) { -- cgit From 6ad78f01a5982666c83025a94ce4ff3729d5db6f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Sep 2008 12:53:10 -0700 Subject: Rename hdb_ldb to hdb_samba4 and load as a plugin into the kdc. This avoids one more custom patch to the Heimdal code, and provides a more standard way to produce hdb plugins in future. I've renamed from hdb_ldb to hdb_samba4 as it really is not generic ldb. Andrew Bartlett --- source4/kdc/kdc.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'source4/kdc/kdc.c') diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 030eb23c10..83c6f1c2ee 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -667,6 +667,11 @@ static void kdc_task_init(struct task_server *task) NTSTATUS status; krb5_error_code ret; struct interface *ifaces; + struct hdb_method hdb_samba4 = { + .interface_version = HDB_INTERFACE_VERSION, + .prefix = "samba4:", + .create = hdb_samba4_create + }; switch (lp_server_role(task->lp_ctx)) { case ROLE_STANDALONE: @@ -724,7 +729,7 @@ static void kdc_task_init(struct task_server *task) } kdc->config->num_db = 1; - status = kdc_hdb_ldb_create(kdc, task->event_ctx, task->lp_ctx, + status = kdc_hdb_samba4_create(kdc, task->event_ctx, task->lp_ctx, kdc->smb_krb5_context->krb5_context, &kdc->config->db[0], NULL); if (!NT_STATUS_IS_OK(status)) { @@ -732,6 +737,16 @@ static void kdc_task_init(struct task_server *task) return; } + + /* Register hdb-samba4 hooks */ + ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context, + PLUGIN_TYPE_DATA, "hdb", + &hdb_samba4); + if(ret) { + task_server_terminate(task, "kdc: failed to register hdb keytab"); + return; + } + ret = krb5_kt_register(kdc->smb_krb5_context->krb5_context, &hdb_kt_ops); if(ret) { task_server_terminate(task, "kdc: failed to register hdb keytab"); -- cgit From 956599975573044f5f930ef23ce54c11db156ebe Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 11 Oct 2008 21:31:42 +0200 Subject: Fix include paths to new location of libutil. --- source4/kdc/kdc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/kdc/kdc.c') diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 83c6f1c2ee..cf6dbf0c93 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -29,7 +29,7 @@ #include "lib/events/events.h" #include "lib/socket/socket.h" #include "system/network.h" -#include "lib/util/dlinklist.h" +#include "../lib/util/dlinklist.h" #include "lib/messaging/irpc.h" #include "lib/stream/packet.h" #include "librpc/gen_ndr/samr.h" -- cgit From c41cc6772203862e1015f7fc60ad0a06eca3051c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 20 Oct 2008 14:21:21 +1100 Subject: Ensure the hdb_method structure is not on the stack. We supply this to krb5 as a plugin, so we must keep it around as long as the krb5_context. Andrew Bartlett --- source4/kdc/kdc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/kdc/kdc.c') diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index cf6dbf0c93..45fa803d04 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -657,6 +657,11 @@ static NTSTATUS kdc_check_generic_kerberos(struct irpc_message *msg, } +static struct hdb_method hdb_samba4 = { + .interface_version = HDB_INTERFACE_VERSION, + .prefix = "samba4:", + .create = hdb_samba4_create +}; /* startup the kdc task @@ -667,11 +672,6 @@ static void kdc_task_init(struct task_server *task) NTSTATUS status; krb5_error_code ret; struct interface *ifaces; - struct hdb_method hdb_samba4 = { - .interface_version = HDB_INTERFACE_VERSION, - .prefix = "samba4:", - .create = hdb_samba4_create - }; switch (lp_server_role(task->lp_ctx)) { case ROLE_STANDALONE: -- cgit