svn commit: samba r7304 - in branches/SAMBA_4_0/source/kdc: .

abartlet at samba.org abartlet at samba.org
Sun Jun 5 13:11:42 GMT 2005 

Author: abartlet
Date: 2005-06-05 13:11:42 +0000 (Sun, 05 Jun 2005)
New Revision: 7304

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=7304

Log:
Make the libkdc actually work:
 - Remove (some) excess logging
 - use samdb_connect() to hook into the right handling for multiple tdb handles
 - move the connect to the server startup, rather than per-packet.
 - Fix config.mk dependency

Tested with a WinXP domain join.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/kdc/config.mk
   branches/SAMBA_4_0/source/kdc/hdb-ldb.c
   branches/SAMBA_4_0/source/kdc/kdc.c


Changeset:
Modified: branches/SAMBA_4_0/source/kdc/config.mk
===================================================================
--- branches/SAMBA_4_0/source/kdc/config.mk	2005-06-05 12:10:40 UTC (rev 7303)
+++ branches/SAMBA_4_0/source/kdc/config.mk	2005-06-05 13:11:42 UTC (rev 7304)
@@ -7,6 +7,6 @@
 		kdc/kdc.o \
 		kdc/hdb-ldb.o
 REQUIRED_SUBSYSTEMS = \
-		LDB EXT_LIB_KRB5 EXT_LIB_KDC
+		LIBLDB EXT_LIB_KRB5 EXT_LIB_KDC
 # End SUBSYSTEM KDC
 #######################

Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c	2005-06-05 12:10:40 UTC (rev 7303)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c	2005-06-05 13:11:42 UTC (rev 7304)
@@ -663,8 +663,6 @@
 				p++;
 			}
 			if (strcasecmp(str, alias_from) == 0) {
-				krb5_warnx(context, "LDB_lookup_spn_alias: got alias %s for service %s", 
-					   mapping, alias_from);
 				*alias_to = mapping;
 				return 0;
 			}
@@ -676,34 +674,17 @@
 
 static krb5_error_code LDB_open(krb5_context context, HDB *db, int flags, mode_t mode)
 {
-	struct ldb_context *sam_db;
-
 	if (db->hdb_master_key_set) {
 		krb5_warnx(context, "LDB_open: use of a master key incompatible with LDB\n");
 		krb5_set_error_string(context, "LDB_open: use of a master key incompatible with LDB\n");
 		return HDB_ERR_NOENTRY;
 	}		
 
-	/* in future, we could cache the connect here, but for now KISS */
-
-	sam_db = ldb_connect(db->hdb_name, 0, NULL);
-	if (sam_db == NULL) {
-		krb5_warnx(context, "LDB_open: hdb_name '%s' failed\n",db->hdb_name);
-		krb5_set_error_string(context, "ldb_connect(%s, 0, NULL) failed!", db->hdb_name);
-		return HDB_ERR_NOENTRY;
-	}
-
-	db->hdb_db = talloc_steal(db, sam_db);
-
-	krb5_warnx(context, "LDB_open: hdb_name '%s' ok\n",db->hdb_name);
-
 	return 0;
 }
 
 static krb5_error_code LDB_close(krb5_context context, HDB *db)
 {
-	talloc_free(db->hdb_db);
-	db->hdb_db = NULL;
 	return 0;
 }
 
@@ -830,12 +811,6 @@
 					realm_msg[0], msg[0], entry);
 		if (ret != 0) {
 			krb5_warnx(context, "LDB_fetch: message2entry failed\n");	
-#if 0 /* master key support removed */
-		} else {
-			if (db->hdb_master_key_set && (!(flags & HDB_F_DECRYPT))) {
-				ret = hdb_seal_keys(context, db, entry);
-			}
-#endif
 		}
 	}
 
@@ -888,16 +863,7 @@
 	if (ret != 0) {
 		talloc_free(priv);
 		db->hdb_openp = NULL;
-#if 0 /* master key support removed */
 	} else {
-		if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-			ret = hdb_unseal_keys(context, db, entry);
-			if (ret != 0) {
-				hdb_free_entry(context,entry);
-			}
-		}
-#endif
-	} else {
 		talloc_free(mem_ctx);
 	}
 
@@ -993,15 +959,6 @@
 	return LDB_seq(context, db, flags, entry);
 }
 
-#if 0 /* no way to easily get context here, and we don't want to use master keys anyway */
-static int LDB_db_destructor(void *ptr) 
-{
-	HDB *db = talloc_get_type(ptr, HDB);
-	hdb_clear_master_key(context, db);
-	return 0;
-}
-#endif
-
 static krb5_error_code LDB_destroy(krb5_context context, HDB *db)
 {
 	talloc_free(db);
@@ -1018,21 +975,14 @@
 
 	(*db)->hdb_master_key_set = 0;
 	(*db)->hdb_db = NULL;
-#if 0
-	talloc_set_destructor(*db, LDB_db_destructor);
-#endif
-	if (!arg || arg[0] == '\0') {
+	/* in future, we could cache the connect here, but for now KISS */
+
+	(*db)->hdb_db = samdb_connect(db);
+	if ((*db)->hdb_db == NULL) {
+		krb5_warnx(context, "hdb_ldb_create: samdb_connect failed!");
+		krb5_set_error_string(context, "samdb_connect failed!");
 		talloc_free(*db);
-		krb5_set_error_string(context, "hdb_ldb_create: no db name specified");
-		return EINVAL;
-	} else {
-		(*db)->hdb_name = talloc_strdup(*db, arg); 
-		if ((*db)->hdb_name == NULL) {
-			krb5_set_error_string(context, "strdup: out of memory");
-			talloc_free(*db);
-			*db = NULL;
-			return ENOMEM;
-		}
+		return HDB_ERR_NOENTRY;
 	}
 
 	(*db)->hdb_openp = 0;

Modified: branches/SAMBA_4_0/source/kdc/kdc.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/kdc.c	2005-06-05 12:10:40 UTC (rev 7303)
+++ branches/SAMBA_4_0/source/kdc/kdc.c	2005-06-05 13:11:42 UTC (rev 7304)
@@ -251,6 +251,9 @@
 	}
 	krb5_kdc_default_config(kdc->config);
 
+	/* NAT and the like make this pointless, and painful */
+	kdc->config->check_ticket_addresses = FALSE;
+
 	initialize_krb5_error_table();
 
 	ret = smb_krb5_init_context(kdc, &kdc->smb_krb5_context);

More information about the samba-cvs mailing list