#include "kdc/kdc.h"
#include "../lib/crypto/md4.h"
-enum hdb_ldb_ent_type
+enum hdb_samba4_ent_type
{ HDB_SAMBA4_ENT_TYPE_CLIENT, HDB_SAMBA4_ENT_TYPE_SERVER,
HDB_SAMBA4_ENT_TYPE_KRBTGT, HDB_SAMBA4_ENT_TYPE_TRUST, HDB_SAMBA4_ENT_TYPE_ANY };
return timegm(&tm);
}
-static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum hdb_ldb_ent_type ent_type)
+static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum hdb_samba4_ent_type ent_type)
{
HDBFlags flags = int2HDBFlags(0);
return flags;
}
-static int hdb_ldb_destructor(struct hdb_ldb_private *p)
+static int hdb_samba4_destructor(struct hdb_samba4_private *p)
{
hdb_entry_ex *entry_ex = p->entry_ex;
free_hdb_entry(&entry_ex->entry);
return 0;
}
-static void hdb_ldb_free_entry(krb5_context context, hdb_entry_ex *entry_ex)
+static void hdb_samba4_free_entry(krb5_context context, hdb_entry_ex *entry_ex)
{
talloc_free(entry_ex->ctx);
}
static krb5_error_code hdb_samba4_message2entry(krb5_context context, HDB *db,
struct loadparm_context *lp_ctx,
TALLOC_CTX *mem_ctx, krb5_const_principal principal,
- enum hdb_ldb_ent_type ent_type,
+ enum hdb_samba4_ent_type ent_type,
struct ldb_dn *realm_dn,
struct ldb_message *msg,
hdb_entry_ex *entry_ex)
krb5_boolean is_computer = FALSE;
char *realm = strupper_talloc(mem_ctx, lp_realm(lp_ctx));
- struct hdb_ldb_private *p;
+ struct hdb_samba4_private *p;
NTTIME acct_expiry;
NTSTATUS status;
goto out;
}
- p = talloc(mem_ctx, struct hdb_ldb_private);
+ p = talloc(mem_ctx, struct hdb_samba4_private);
if (!p) {
ret = ENOMEM;
goto out;
goto out;
}
- talloc_set_destructor(p, hdb_ldb_destructor);
+ talloc_set_destructor(p, hdb_samba4_destructor);
entry_ex->ctx = p;
- entry_ex->free_entry = hdb_ldb_free_entry;
+ entry_ex->free_entry = hdb_samba4_free_entry;
userAccountControl = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0);
struct samr_Password password_hash;
const struct ldb_val *password_val;
struct trustAuthInOutBlob password_blob;
- struct hdb_ldb_private *p;
+ struct hdb_samba4_private *p;
enum ndr_err_code ndr_err;
int i, ret, trust_direction_flags;
- p = talloc(mem_ctx, struct hdb_ldb_private);
+ p = talloc(mem_ctx, struct hdb_samba4_private);
if (!p) {
ret = ENOMEM;
goto out;
p->lp_ctx = lp_ctx;
p->realm_dn = realm_dn;
- talloc_set_destructor(p, hdb_ldb_destructor);
+ talloc_set_destructor(p, hdb_samba4_destructor);
entry_ex->ctx = p;
- entry_ex->free_entry = hdb_ldb_free_entry;
+ entry_ex->free_entry = hdb_samba4_free_entry;
/* use 'whenCreated' */
entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0);
return HDB_ERR_DB_INUSE;
}
-struct hdb_ldb_seq {
+struct hdb_samba4_seq {
struct ldb_context *ctx;
struct loadparm_context *lp_ctx;
int index;
static krb5_error_code hdb_samba4_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
krb5_error_code ret;
- struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc;
+ struct hdb_samba4_seq *priv = (struct hdb_samba4_seq *)db->hdb_dbc;
TALLOC_CTX *mem_ctx;
hdb_entry_ex entry_ex;
memset(&entry_ex, '\0', sizeof(entry_ex));
struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db;
struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb_ctx, "loadparm"),
struct loadparm_context);
- struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc;
+ struct hdb_samba4_seq *priv = (struct hdb_samba4_seq *)db->hdb_dbc;
char *realm;
struct ldb_result *res = NULL;
krb5_error_code ret;
db->hdb_dbc = NULL;
}
- priv = (struct hdb_ldb_seq *) talloc(db, struct hdb_ldb_seq);
+ priv = (struct hdb_samba4_seq *) talloc(db, struct hdb_samba4_seq);
if (!priv) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "talloc: out of memory");
struct ldb_message *msg;
struct dom_sid *orig_sid;
struct dom_sid *target_sid;
- struct hdb_ldb_private *p = talloc_get_type(entry->ctx, struct hdb_ldb_private);
+ struct hdb_samba4_private *p = talloc_get_type(entry->ctx, struct hdb_samba4_private);
const char *delegation_check_attrs[] = {
"objectSid", NULL
};
return ret;
}
-/* This interface is to be called by the KDC, which is expecting Samba
+/* This interface is to be called by the KDC and libnet_keytab_dump, which is expecting Samba
* calling conventions. It is also called by a wrapper
- * (hdb_ldb_create) from the kpasswdd -> krb5 -> keytab_hdb -> hdb
+ * (hdb_samba4_create) from the kpasswdd -> krb5 -> keytab_hdb -> hdb
* code */
-NTSTATUS kdc_hdb_samba4_create(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev_ctx,
- struct loadparm_context *lp_ctx,
- krb5_context context, struct HDB **db, const char *arg)
+NTSTATUS hdb_samba4_create_kdc(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev_ctx,
+ struct loadparm_context *lp_ctx,
+ krb5_context context, struct HDB **db)
{
NTSTATUS nt_status;
struct auth_session_info *session_info;
/* Setup the link to LDB */
(*db)->hdb_db = samdb_connect(*db, ev_ctx, lp_ctx, session_info);
if ((*db)->hdb_db == NULL) {
- DEBUG(1, ("hdb_ldb_create: Cannot open samdb for KDC backend!"));
+ DEBUG(1, ("hdb_samba4_create: Cannot open samdb for KDC backend!"));
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
return NT_STATUS_OK;
}
-krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg)
+static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg)
{
NTSTATUS nt_status;
/* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */
- nt_status = kdc_hdb_samba4_create(kdc_mem_ctx, kdc_ev_ctx, kdc_lp_ctx,
- context, db, arg);
+ nt_status = hdb_samba4_create_kdc(hdb_samba4_mem_ctx, hdb_samba4_ev_ctx, hdb_samba4_lp_ctx,
+ context, db);
if (NT_STATUS_IS_OK(nt_status)) {
return 0;
}
return EINVAL;
}
+
+/* Only used in the hdb-backed keytab code
+ * for a keytab of 'samba4:', to find
+ * kpasswd's key in the main DB, and to
+ * copy all the keys into a file (libnet_keytab_export) */
+struct hdb_method hdb_samba4 = {
+ .interface_version = HDB_INTERFACE_VERSION,
+ .prefix = "samba4",
+ .create = hdb_samba4_create
+};
--- /dev/null
+/*
+ Unix SMB/CIFS implementation.
+
+ KDC structures
+
+ Copyright (C) Andrew Tridgell 2005
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+extern TALLOC_CTX *hdb_samba4_mem_ctx;
+extern struct tevent_context *hdb_samba4_ev_ctx;
+extern struct loadparm_context *hdb_samba4_lp_ctx;
+extern struct hdb_method hdb_samba4;
+
+struct hdb_samba4_private {
+ struct ldb_context *samdb;
+ struct smb_iconv_convenience *iconv_convenience;
+ struct loadparm_context *lp_ctx;
+ struct ldb_message *msg;
+ struct ldb_dn *realm_dn;
+ hdb_entry_ex *entry_ex;
+};
/* Disgusting hack to get a mem_ctx and lp_ctx into the hdb plugin, when
* used as a keytab */
-TALLOC_CTX *kdc_mem_ctx;
-struct tevent_context *kdc_ev_ctx;
-struct loadparm_context *kdc_lp_ctx;
+TALLOC_CTX *hdb_samba4_mem_ctx;
+struct tevent_context *hdb_samba4_ev_ctx;
+struct loadparm_context *hdb_samba4_lp_ctx;
/* hold all the info needed to send a reply */
struct kdc_reply {
}
-static struct hdb_method hdb_samba4 = {
- .interface_version = HDB_INTERFACE_VERSION,
- .prefix = "samba4", /* Only used in the hdb-backed keytab code
- * for a keytab of 'samba4:', to find
- * kpasswd's key in the main DB */
- .create = hdb_samba4_create
-};
-
/*
startup the kdc task
*/
}
kdc->config->num_db = 1;
- status = kdc_hdb_samba4_create(kdc, task->event_ctx, task->lp_ctx,
- kdc->smb_krb5_context->krb5_context,
- &kdc->config->db[0], NULL);
+ status = hdb_samba4_create_kdc(kdc, task->event_ctx, task->lp_ctx,
+ kdc->smb_krb5_context->krb5_context,
+ &kdc->config->db[0]);
if (!NT_STATUS_IS_OK(status)) {
task_server_terminate(task, "kdc: hdb_ldb_create (setup KDC database) failed");
return;
}
-
/* Register hdb-samba4 hooks */
+
+ hdb_samba4_mem_ctx = kdc->smb_krb5_context;
+ hdb_samba4_ev_ctx = task->event_ctx;
+ hdb_samba4_lp_ctx = task->lp_ctx;
+
ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context,
PLUGIN_TYPE_DATA, "hdb",
&hdb_samba4);
krb5_kdc_windc_init(kdc->smb_krb5_context->krb5_context);
- kdc_mem_ctx = kdc->smb_krb5_context;
- kdc_ev_ctx = task->event_ctx;
- kdc_lp_ctx = task->lp_ctx;
-
/* start listening on the configured network interfaces */
status = kdc_startup_interfaces(kdc, task->lp_ctx, ifaces);
if (!NT_STATUS_IS_OK(status)) {
return ret;
}
-/* Given the right private pointer from hdb_ldb, get a PAC from the attached ldb messages */
+/* Given the right private pointer from hdb_samba4, get a PAC from the attached ldb messages */
krb5_error_code samba_kdc_get_pac(void *priv,
krb5_context context,
struct hdb_entry_ex *client,
krb5_error_code ret;
NTSTATUS nt_status;
struct auth_serversupplied_info *server_info;
- struct hdb_ldb_private *p = talloc_get_type(client->ctx, struct hdb_ldb_private);
+ struct hdb_samba4_private *p = talloc_get_type(client->ctx, struct hdb_samba4_private);
TALLOC_CTX *mem_ctx = talloc_named(p, 0, "samba_get_pac context");
unsigned int userAccountControl;
unsigned int userAccountControl;
- struct hdb_ldb_private *p = talloc_get_type(server->ctx, struct hdb_ldb_private);
+ struct hdb_samba4_private *p = talloc_get_type(server->ctx, struct hdb_samba4_private);
struct auth_serversupplied_info *server_info_out;
krb5_error_code ret;
NTSTATUS nt_status;
TALLOC_CTX *tmp_ctx;
- struct hdb_ldb_private *p;
+ struct hdb_samba4_private *p;
char *workstation = NULL;
HostAddresses *addresses = req->req_body.addresses;
int i;
bool password_change;
tmp_ctx = talloc_new(client_ex->ctx);
- p = talloc_get_type(client_ex->ctx, struct hdb_ldb_private);
+ p = talloc_get_type(client_ex->ctx, struct hdb_samba4_private);
if (!tmp_ctx) {
return ENOMEM;
git.samba.org / ira / wip.git / commitdiff