/*
* Construct an hdb_entry from a directory entry.
*/
-static krb5_error_code hdb_samba4_message2entry(krb5_context context, HDB *db,
+static krb5_error_code hdb_samba4_message2entry(krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
struct loadparm_context *lp_ctx,
TALLOC_CTX *mem_ctx, krb5_const_principal principal,
enum hdb_samba4_ent_type ent_type,
} else {
NTTIME must_change_time
- = samdb_result_force_password_change((struct ldb_context *)db->hdb_db, mem_ctx,
+ = samdb_result_force_password_change(kdc_db_ctx->samdb, mem_ctx,
realm_dn, msg);
if (must_change_time == 0x7FFFFFFFFFFFFFFFULL) {
entry_ex->entry.pw_end = NULL;
p->msg = talloc_steal(p, msg);
- p->samdb = (struct ldb_context *)db->hdb_db;
+ p->samdb = kdc_db_ctx->samdb;
out:
if (ret != 0) {
/* This doesn't free ent itself, that is for the eventual caller to do */
hdb_free_entry(context, entry_ex);
} else {
- talloc_steal(db, entry_ex->ctx);
+ talloc_steal(kdc_db_ctx, entry_ex->ctx);
}
return ret;
/*
* Construct an hdb_entry from a directory entry.
*/
-static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context, HDB *db,
+static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
struct loadparm_context *lp_ctx,
TALLOC_CTX *mem_ctx, krb5_const_principal principal,
enum trust_direction direction,
p->msg = talloc_steal(p, msg);
- p->samdb = (struct ldb_context *)db->hdb_db;
+ p->samdb = kdc_db_ctx->samdb;
out:
if (ret != 0) {
/* This doesn't free ent itself, that is for the eventual caller to do */
hdb_free_entry(context, entry_ex);
} else {
- talloc_steal(db, entry_ex->ctx);
+ talloc_steal(kdc_db_ctx, entry_ex->ctx);
}
return ret;
return HDB_ERR_DB_INUSE;
}
-static krb5_error_code hdb_samba4_lookup_client(krb5_context context, HDB *db,
+static krb5_error_code hdb_samba4_lookup_client(krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
struct loadparm_context *lp_ctx,
TALLOC_CTX *mem_ctx,
krb5_const_principal principal,
return ret;
}
- nt_status = sam_get_results_principal((struct ldb_context *)db->hdb_db,
+ nt_status = sam_get_results_principal(kdc_db_ctx->samdb,
mem_ctx, principal_string, attrs,
realm_dn, msg);
free(principal_string);
return ret;
}
-static krb5_error_code hdb_samba4_fetch_client(krb5_context context, HDB *db,
+static krb5_error_code hdb_samba4_fetch_client(krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
struct loadparm_context *lp_ctx,
TALLOC_CTX *mem_ctx,
krb5_const_principal principal,
krb5_error_code ret;
struct ldb_message *msg = NULL;
- ret = hdb_samba4_lookup_client(context, db, lp_ctx,
+ ret = hdb_samba4_lookup_client(context, kdc_db_ctx, lp_ctx,
mem_ctx, principal, user_attrs,
&realm_dn, &msg);
if (ret != 0) {
return ret;
}
- ret = hdb_samba4_message2entry(context, db, lp_ctx, mem_ctx,
+ ret = hdb_samba4_message2entry(context, kdc_db_ctx, lp_ctx, mem_ctx,
principal, HDB_SAMBA4_ENT_TYPE_CLIENT,
realm_dn, msg, entry_ex);
return ret;
}
-static krb5_error_code hdb_samba4_fetch_krbtgt(krb5_context context, HDB *db,
+static krb5_error_code hdb_samba4_fetch_krbtgt(krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
struct loadparm_context *lp_ctx,
TALLOC_CTX *mem_ctx,
krb5_const_principal principal,
{
krb5_error_code ret;
struct ldb_message *msg = NULL;
- struct ldb_dn *realm_dn = ldb_get_default_basedn(db->hdb_db);
+ struct ldb_dn *realm_dn = ldb_get_default_basedn(kdc_db_ctx->samdb);
const char *realm;
krb5_principal alloc_principal = NULL;
int lret;
char *realm_fixed;
- lret = gendb_search_single_extended_dn(db->hdb_db, mem_ctx,
+ lret = gendb_search_single_extended_dn(kdc_db_ctx->samdb, mem_ctx,
realm_dn, LDB_SCOPE_SUBTREE,
&msg, krbtgt_attrs,
"(&(objectClass=user)(samAccountName=krbtgt))");
krb5_set_error_message(context, HDB_ERR_NOENTRY, "hdb_samba4_fetch: could not find own KRBTGT in DB!");
return HDB_ERR_NOENTRY;
} else if (lret != LDB_SUCCESS) {
- krb5_warnx(context, "hdb_samba4_fetch: could not find own KRBTGT in DB: %s", ldb_errstring(db->hdb_db));
- krb5_set_error_message(context, HDB_ERR_NOENTRY, "hdb_samba4_fetch: could not find own KRBTGT in DB: %s", ldb_errstring(db->hdb_db));
+ krb5_warnx(context, "hdb_samba4_fetch: could not find own KRBTGT in DB: %s", ldb_errstring(kdc_db_ctx->samdb));
+ krb5_set_error_message(context, HDB_ERR_NOENTRY, "hdb_samba4_fetch: could not find own KRBTGT in DB: %s", ldb_errstring(kdc_db_ctx->samdb));
return HDB_ERR_NOENTRY;
}
}
principal = alloc_principal;
- ret = hdb_samba4_message2entry(context, db, lp_ctx, mem_ctx,
+ ret = hdb_samba4_message2entry(context, kdc_db_ctx, lp_ctx, mem_ctx,
principal, HDB_SAMBA4_ENT_TYPE_KRBTGT,
realm_dn, msg, entry_ex);
if (ret != 0) {
/* Trusted domains are under CN=system */
- ret = hdb_samba4_lookup_trust(context, (struct ldb_context *)db->hdb_db,
+ ret = hdb_samba4_lookup_trust(context, kdc_db_ctx->samdb,
mem_ctx,
realm, realm_dn, &msg);
return ret;
}
- ret = hdb_samba4_trust_message2entry(context, db, lp_ctx, mem_ctx,
+ ret = hdb_samba4_trust_message2entry(context, kdc_db_ctx, lp_ctx, mem_ctx,
principal, direction,
realm_dn, msg, entry_ex);
if (ret != 0) {
}
-static krb5_error_code hdb_samba4_lookup_server(krb5_context context, HDB *db,
+static krb5_error_code hdb_samba4_lookup_server(krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
struct loadparm_context *lp_ctx,
TALLOC_CTX *mem_ctx,
krb5_const_principal principal,
/* At this point we may find the host is known to be
* in a different realm, so we should generate a
* referral instead */
- nt_status = crack_service_principal_name((struct ldb_context *)db->hdb_db,
+ nt_status = crack_service_principal_name(kdc_db_ctx->samdb,
mem_ctx, principal_string,
&user_dn, realm_dn);
free(principal_string);
return HDB_ERR_NOENTRY;
}
- ldb_ret = gendb_search_single_extended_dn((struct ldb_context *)db->hdb_db,
+ ldb_ret = gendb_search_single_extended_dn(kdc_db_ctx->samdb,
mem_ctx,
user_dn, LDB_SCOPE_BASE,
msg, attrs,
char *filter = NULL;
char *short_princ;
/* server as client principal case, but we must not lookup userPrincipalNames */
- *realm_dn = ldb_get_default_basedn(db->hdb_db);
+ *realm_dn = ldb_get_default_basedn(kdc_db_ctx->samdb);
realm = krb5_principal_get_realm(context, principal);
/* TODO: Check if it is our realm, otherwise give referall */
return ret;
}
- lret = gendb_search_single_extended_dn(db->hdb_db, mem_ctx,
+ lret = gendb_search_single_extended_dn(kdc_db_ctx->samdb, mem_ctx,
*realm_dn, LDB_SCOPE_SUBTREE,
msg, attrs, "(&(objectClass=user)(samAccountName=%s))",
ldb_binary_encode_string(mem_ctx, short_princ));
}
if (lret != LDB_SUCCESS) {
DEBUG(3, ("Failed single search for for %s - %s\n",
- filter, ldb_errstring(db->hdb_db)));
+ filter, ldb_errstring(kdc_db_ctx->samdb)));
return HDB_ERR_NOENTRY;
}
}
return 0;
}
-static krb5_error_code hdb_samba4_fetch_server(krb5_context context, HDB *db,
+static krb5_error_code hdb_samba4_fetch_server(krb5_context context,
+ struct samba_kdc_db_context *kdc_db_ctx,
struct loadparm_context *lp_ctx,
TALLOC_CTX *mem_ctx,
krb5_const_principal principal,
struct ldb_dn *realm_dn;
struct ldb_message *msg;
- ret = hdb_samba4_lookup_server(context, db, lp_ctx, mem_ctx, principal,
+ ret = hdb_samba4_lookup_server(context, kdc_db_ctx, lp_ctx, mem_ctx, principal,
server_attrs, &realm_dn, &msg);
if (ret != 0) {
return ret;
}
- ret = hdb_samba4_message2entry(context, db, lp_ctx, mem_ctx,
+ ret = hdb_samba4_message2entry(context, kdc_db_ctx, lp_ctx, mem_ctx,
principal, HDB_SAMBA4_ENT_TYPE_SERVER,
realm_dn, msg, entry_ex);
if (ret != 0) {
unsigned flags,
hdb_entry_ex *entry_ex)
{
+ struct samba_kdc_db_context *kdc_db_ctx = (struct samba_kdc_db_context *)db->hdb_db;
krb5_error_code ret = HDB_ERR_NOENTRY;
- TALLOC_CTX *mem_ctx = talloc_named(db, 0, "hdb_samba4_fetch context");
- struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(db->hdb_db, "loadparm"), struct loadparm_context);
+ TALLOC_CTX *mem_ctx = talloc_named(kdc_db_ctx, 0, "hdb_samba4_fetch context");
+ struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
if (!mem_ctx) {
ret = ENOMEM;
}
if (flags & HDB_F_GET_CLIENT) {
- ret = hdb_samba4_fetch_client(context, db, lp_ctx, mem_ctx, principal, flags, entry_ex);
+ ret = hdb_samba4_fetch_client(context, kdc_db_ctx, lp_ctx, mem_ctx, principal, flags, entry_ex);
if (ret != HDB_ERR_NOENTRY) goto done;
}
if (flags & HDB_F_GET_SERVER) {
/* krbtgt fits into this situation for trusted realms, and for resolving different versions of our own realm name */
- ret = hdb_samba4_fetch_krbtgt(context, db, lp_ctx, mem_ctx, principal, flags, entry_ex);
+ ret = hdb_samba4_fetch_krbtgt(context, kdc_db_ctx, lp_ctx, mem_ctx, principal, flags, entry_ex);
if (ret != HDB_ERR_NOENTRY) goto done;
/* We return 'no entry' if it does not start with krbtgt/, so move to the common case quickly */
- ret = hdb_samba4_fetch_server(context, db, lp_ctx, mem_ctx, principal, flags, entry_ex);
+ ret = hdb_samba4_fetch_server(context, kdc_db_ctx, lp_ctx, mem_ctx, principal, flags, entry_ex);
if (ret != HDB_ERR_NOENTRY) goto done;
}
if (flags & HDB_F_GET_KRBTGT) {
- ret = hdb_samba4_fetch_krbtgt(context, db, lp_ctx, mem_ctx, principal, flags, entry_ex);
+ ret = hdb_samba4_fetch_krbtgt(context, kdc_db_ctx, lp_ctx, mem_ctx, principal, flags, entry_ex);
if (ret != HDB_ERR_NOENTRY) goto done;
}
static krb5_error_code hdb_samba4_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
{
+ struct samba_kdc_db_context *kdc_db_ctx = (struct samba_kdc_db_context *)db->hdb_db;
krb5_error_code ret;
struct hdb_samba4_seq *priv = (struct hdb_samba4_seq *)db->hdb_dbc;
TALLOC_CTX *mem_ctx;
}
if (priv->index < priv->count) {
- ret = hdb_samba4_message2entry(context, db, priv->lp_ctx,
+ ret = hdb_samba4_message2entry(context, kdc_db_ctx, priv->lp_ctx,
mem_ctx,
NULL, HDB_SAMBA4_ENT_TYPE_ANY,
priv->realm_dn, priv->msgs[priv->index++], entry);
static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsigned flags,
hdb_entry_ex *entry)
{
- struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db;
+ struct samba_kdc_db_context *kdc_db_ctx = (struct samba_kdc_db_context *)db->hdb_db;
+ struct ldb_context *ldb_ctx = kdc_db_ctx->samdb;
struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb_ctx, "loadparm"),
struct loadparm_context);
struct hdb_samba4_seq *priv = (struct hdb_samba4_seq *)db->hdb_dbc;
hdb_entry_ex *entry,
krb5_const_principal target_principal)
{
- struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db;
- struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb_ctx, "loadparm"),
- struct loadparm_context);
+ struct samba_kdc_db_context *kdc_db_ctx = (struct samba_kdc_db_context *)db->hdb_db;
+ struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
krb5_error_code ret;
krb5_principal enterprise_prinicpal = NULL;
struct ldb_dn *realm_dn;
"objectSid", NULL
};
- TALLOC_CTX *mem_ctx = talloc_named(db, 0, "hdb_samba4_check_constrained_delegation");
+ TALLOC_CTX *mem_ctx = talloc_named(kdc_db_ctx, 0, "hdb_samba4_check_constrained_delegation");
if (!mem_ctx) {
ret = ENOMEM;
target_principal = enterprise_prinicpal;
}
- ret = hdb_samba4_lookup_server(context, db, lp_ctx, mem_ctx, target_principal,
+ ret = hdb_samba4_lookup_server(context, kdc_db_ctx, lp_ctx, mem_ctx, target_principal,
delegation_check_attrs, &realm_dn, &msg);
krb5_free_principal(context, enterprise_prinicpal);
hdb_entry_ex *entry,
krb5_const_principal certificate_principal)
{
- struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db;
- struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb_ctx, "loadparm"),
- struct loadparm_context);
+ struct samba_kdc_db_context *kdc_db_ctx = (struct samba_kdc_db_context *)db->hdb_db;
+ struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
krb5_error_code ret;
struct ldb_dn *realm_dn;
struct ldb_message *msg;
return ret;
}
- ret = hdb_samba4_lookup_client(context, db, lp_ctx,
+ ret = hdb_samba4_lookup_client(context, kdc_db_ctx, lp_ctx,
mem_ctx, certificate_principal,
ms_upn_check_attrs, &realm_dn, &msg);
* (hdb_samba4_create) from the kpasswdd -> krb5 -> keytab_hdb -> hdb
* code */
-NTSTATUS hdb_samba4_create_kdc(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev_ctx,
- struct loadparm_context *lp_ctx,
- krb5_context context, struct HDB **db)
+NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
+ krb5_context context, struct HDB **db)
{
+ struct samba_kdc_db_context *kdc_db_ctx;
struct auth_session_info *session_info;
NTSTATUS nt_status;
- *db = talloc(mem_ctx, HDB);
+ *db = talloc(base_ctx, HDB);
if (!*db) {
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return NT_STATUS_NO_MEMORY;
* credentials to set CRED_DONT_USE_KERBEROS, which would
* break other users of the system_session */
DEBUG(0,("FIXME: Using new system session for hdb\n"));
- nt_status = auth_system_session_info(*db, lp_ctx, &session_info);
+ nt_status = auth_system_session_info(*db, base_ctx->lp_ctx, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
+ return nt_status;
}
#else
- session_info = system_session(lp_ctx);
+ session_info = system_session(kdc_db_ctx->lp_ctx);
if (session_info == NULL) {
return NT_STATUS_INTERNAL_ERROR;
}
cli_credentials_set_kerberos_state(session_info->credentials,
CRED_DONT_USE_KERBEROS);
+ kdc_db_ctx = talloc_zero(*db, struct samba_kdc_db_context);
+ if (kdc_db_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ kdc_db_ctx->ev_ctx = base_ctx->ev_ctx;
+ kdc_db_ctx->lp_ctx = base_ctx->lp_ctx;
+
/* Setup the link to LDB */
- (*db)->hdb_db = samdb_connect(*db, ev_ctx, lp_ctx, session_info);
- if ((*db)->hdb_db == NULL) {
+ kdc_db_ctx->samdb = samdb_connect(kdc_db_ctx, base_ctx->ev_ctx,
+ base_ctx->lp_ctx, session_info);
+ if (kdc_db_ctx->samdb == NULL) {
DEBUG(1, ("hdb_samba4_create: Cannot open samdb for KDC backend!"));
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
+ (*db)->hdb_db = kdc_db_ctx;
+
(*db)->hdb_dbc = NULL;
(*db)->hdb_open = hdb_samba4_open;
(*db)->hdb_close = hdb_samba4_close;
{
NTSTATUS nt_status;
void *ptr;
- struct hdb_samba4_context *hdb_samba4_context;
+ struct samba_kdc_base_context *base_ctx;
if (sscanf(arg, "&%p", &ptr) != 1) {
return EINVAL;
}
- hdb_samba4_context = talloc_get_type_abort(ptr, struct hdb_samba4_context);
+ base_ctx = talloc_get_type_abort(ptr, struct samba_kdc_base_context);
/* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */
- nt_status = hdb_samba4_create_kdc(hdb_samba4_context, hdb_samba4_context->ev_ctx, hdb_samba4_context->lp_ctx,
- context, db);
+ nt_status = hdb_samba4_create_kdc(base_ctx, context, db);
if (NT_STATUS_IS_OK(nt_status)) {
return 0;
git.samba.org / abartlet / samba.git / .git / commitdiff