#include "smbd/service_task.h"
#include "lib/events/events.h"
#include "lib/socket/socket.h"
-#include "kdc/kdc.h"
#include "system/network.h"
-#include "lib/util/dlinklist.h"
+#include "../lib/util/dlinklist.h"
#include "lib/ldb/include/ldb.h"
-#include "heimdal/lib/krb5/krb5_locl.h"
-#include "heimdal/lib/krb5/krb5-private.h"
#include "auth/gensec/gensec.h"
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
#include "rpc_server/samr/proto.h"
#include "libcli/security/security.h"
#include "param/param.h"
+#include "kdc/kdc.h"
+
+/* TODO: remove all SAMBA4_INTERNAL_HEIMDAL stuff from this file */
+#ifdef SAMBA4_INTERNAL_HEIMDAL
+#include "heimdal_build/kpasswdd-glue.h"
+#endif
/* hold information about one kdc socket */
struct kpasswd_socket {
DEBUG(result_code ? 3 : 10, ("kpasswdd: %s\n", error_string));
- len = push_utf8_talloc(mem_ctx, &error_string_utf8, error_string);
+ len = push_utf8_talloc(mem_ctx, lp_iconv_convenience(kdc->task->lp_ctx), &error_string_utf8, error_string);
if (len == -1) {
return false;
}
struct samr_DomInfo1 *dominfo;
struct ldb_context *samdb;
- samdb = samdb_connect(mem_ctx, global_loadparm, system_session(mem_ctx));
+ samdb = samdb_connect(mem_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, system_session(mem_ctx, kdc->task->lp_ctx));
if (!samdb) {
return kpasswdd_make_error_reply(kdc, mem_ctx,
KRB5_KPASSWD_HARDERROR,
reply);
}
if (chpw.targname && chpw.targrealm) {
+#ifdef SAMBA4_INTERNAL_HEIMDAL
if (_krb5_principalname2krb5_principal(kdc->smb_krb5_context->krb5_context,
&principal, *chpw.targname,
*chpw.targrealm) != 0) {
reply);
}
+#else /* SAMBA4_INTERNAL_HEIMDAL */
+ return kpasswdd_make_error_reply(kdc, mem_ctx,
+ KRB5_KPASSWD_BAD_VERSION,
+ "Operation Not Implemented",
+ reply);
+#endif /* SAMBA4_INTERNAL_HEIMDAL */
} else {
free_ChangePasswdDataMS(&chpw);
return kpasswdd_change_password(kdc, mem_ctx, session_info,
krb5_free_principal(context, principal);
- samdb = samdb_connect(mem_ctx, global_loadparm, session_info);
+ samdb = samdb_connect(mem_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, session_info);
if (!samdb) {
return kpasswdd_make_error_reply(kdc, mem_ctx,
KRB5_KPASSWD_HARDERROR,
ap_req = data_blob_const(&input->data[header_len], ap_req_len);
krb_priv_req = data_blob_const(&input->data[header_len + ap_req_len], krb_priv_len);
- nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->msg_ctx, &gensec_security);
+ nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, kdc->task->msg_ctx, &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return false;
/* We want the credentials subsystem to use the krb5 context
* we already have, rather than a new context */
cli_credentials_set_krb5_context(server_credentials, kdc->smb_krb5_context);
- cli_credentials_set_conf(server_credentials, global_loadparm);
- nt_status = cli_credentials_set_stored_principal(server_credentials, "kadmin/changepw");
+ cli_credentials_set_conf(server_credentials, kdc->task->lp_ctx);
+ nt_status = cli_credentials_set_stored_principal(server_credentials, kdc->task->event_ctx, kdc->task->lp_ctx, "kadmin/changepw");
if (!NT_STATUS_IS_OK(nt_status)) {
ret = kpasswdd_make_unauth_error_reply(kdc, mem_ctx,
KRB5_KPASSWD_HARDERROR,