From 56f4516399431cc508ca0c3e0dd7f179cc7ab62c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 27 Jul 2009 16:09:25 +1000 Subject: s4:kdc Push context to hdb_samba4 by way of the 'name' of the DB This overloads the 'name' part of the keytab name to supply a context pointer, and so avoids 3 global variables! To do this, we had to stop putting the entry for kpasswd into the secrets.ldb. (I don't consider this a big loss, and any entry left there by an upgrade will be harmless). Andrew Bartlett --- source4/kdc/kpasswdd.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'source4/kdc/kpasswdd.c') diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 8f2cb68129..3a39348578 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -447,7 +447,9 @@ bool kpasswdd_process(struct kdc_server *kdc, struct cli_credentials *server_credentials; struct gensec_security *gensec_security; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - + + char *keytab_name; + if (!tmp_ctx) { return false; } @@ -489,8 +491,12 @@ bool kpasswdd_process(struct kdc_server *kdc, * we already have, rather than a new context */ cli_credentials_set_krb5_context(server_credentials, kdc->smb_krb5_context); cli_credentials_set_conf(server_credentials, kdc->task->lp_ctx); - nt_status = cli_credentials_set_stored_principal(server_credentials, kdc->task->event_ctx, kdc->task->lp_ctx, "kadmin/changepw"); - if (!NT_STATUS_IS_OK(nt_status)) { + + keytab_name = talloc_asprintf(server_credentials, "HDB:samba4&%p", kdc->hdb_samba4_context); + + cli_credentials_set_username(server_credentials, "kadmin/changepw", CRED_SPECIFIED); + ret = cli_credentials_set_keytab_name(server_credentials, kdc->task->event_ctx, kdc->task->lp_ctx, keytab_name, CRED_SPECIFIED); + if (ret != 0) { ret = kpasswdd_make_unauth_error_reply(kdc, mem_ctx, KRB5_KPASSWD_HARDERROR, talloc_asprintf(mem_ctx, -- cgit