}
}
-bool kpasswdd_process(struct kdc_server *kdc,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *input,
- DATA_BLOB *reply,
- struct tsocket_address *peer_addr,
- struct tsocket_address *my_addr,
- int datagram_reply)
+enum kdc_process_ret kpasswdd_process(struct kdc_server *kdc,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *input,
+ DATA_BLOB *reply,
+ struct tsocket_address *peer_addr,
+ struct tsocket_address *my_addr,
+ int datagram_reply)
{
bool ret;
const uint16_t header_len = 6;
char *keytab_name;
if (!tmp_ctx) {
- return false;
+ return KDC_PROCESS_FAILED;
}
/* Be parinoid. We need to ensure we don't just let the
* caller lead us into a buffer overflow */
if (input->length <= header_len) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
len = RSVAL(input->data, 0);
if (input->length != len) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
/* There are two different versions of this protocol so far,
ap_req_len = RSVAL(input->data, 4);
if ((ap_req_len >= len) || (ap_req_len + header_len) >= len) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
krb_priv_len = len - ap_req_len;
server_credentials = cli_credentials_init(tmp_ctx);
if (!server_credentials) {
DEBUG(1, ("Failed to init server credentials\n"));
- return false;
+ return KDC_PROCESS_FAILED;
}
/* We want the credentials subsystem to use the krb5 context
&gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
/* The kerberos PRIV packets include these addresses. MIT
nt_status = gensec_set_local_address(gensec_security, peer_addr);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
#endif
nt_status = gensec_set_local_address(gensec_security, my_addr);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
/* We want the GENSEC wrap calls to generate PRIV tokens */
nt_status = gensec_start_mech_by_name(gensec_security, "krb5");
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
- return false;
+ return KDC_PROCESS_FAILED;
}
/* Accept the AP-REQ and generate teh AP-REP we need for the reply */
goto reply;
}
talloc_free(tmp_ctx);
- return ret;
+ return KDC_PROCESS_FAILED;
}
/* Extract the data from the KRB-PRIV half of the message */
goto reply;
}
talloc_free(tmp_ctx);
- return ret;
+ return KDC_PROCESS_FAILED;
}
/* Figure out something to do with it (probably changing a password...) */
&kpasswd_req, &kpasswd_rep);
if (!ret) {
/* Argh! */
- return false;
+ return KDC_PROCESS_FAILED;
}
/* And wrap up the reply: This ensures that the error message
goto reply;
}
talloc_free(tmp_ctx);
- return ret;
+ return KDC_PROCESS_FAILED;
}
reply:
*reply = data_blob_talloc(mem_ctx, NULL, krb_priv_rep.length + ap_rep.length + header_len);
if (!reply->data) {
- return false;
+ return KDC_PROCESS_FAILED;
}
RSSVAL(reply->data, 0, reply->length);
krb_priv_rep.length);
talloc_free(tmp_ctx);
- return ret;
+ return KDC_PROCESS_OK;
}