svn commit: samba r7304 - in branches/SAMBA_4_0/source/kdc: .
abartlet at samba.org
abartlet at samba.org
Sun Jun 5 13:11:42 GMT 2005
Author: abartlet
Date: 2005-06-05 13:11:42 +0000 (Sun, 05 Jun 2005)
New Revision: 7304
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=7304
Log:
Make the libkdc actually work:
- Remove (some) excess logging
- use samdb_connect() to hook into the right handling for multiple tdb handles
- move the connect to the server startup, rather than per-packet.
- Fix config.mk dependency
Tested with a WinXP domain join.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/kdc/config.mk
branches/SAMBA_4_0/source/kdc/hdb-ldb.c
branches/SAMBA_4_0/source/kdc/kdc.c
Changeset:
Modified: branches/SAMBA_4_0/source/kdc/config.mk
===================================================================
--- branches/SAMBA_4_0/source/kdc/config.mk 2005-06-05 12:10:40 UTC (rev 7303)
+++ branches/SAMBA_4_0/source/kdc/config.mk 2005-06-05 13:11:42 UTC (rev 7304)
@@ -7,6 +7,6 @@
kdc/kdc.o \
kdc/hdb-ldb.o
REQUIRED_SUBSYSTEMS = \
- LDB EXT_LIB_KRB5 EXT_LIB_KDC
+ LIBLDB EXT_LIB_KRB5 EXT_LIB_KDC
# End SUBSYSTEM KDC
#######################
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2005-06-05 12:10:40 UTC (rev 7303)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2005-06-05 13:11:42 UTC (rev 7304)
@@ -663,8 +663,6 @@
p++;
}
if (strcasecmp(str, alias_from) == 0) {
- krb5_warnx(context, "LDB_lookup_spn_alias: got alias %s for service %s",
- mapping, alias_from);
*alias_to = mapping;
return 0;
}
@@ -676,34 +674,17 @@
static krb5_error_code LDB_open(krb5_context context, HDB *db, int flags, mode_t mode)
{
- struct ldb_context *sam_db;
-
if (db->hdb_master_key_set) {
krb5_warnx(context, "LDB_open: use of a master key incompatible with LDB\n");
krb5_set_error_string(context, "LDB_open: use of a master key incompatible with LDB\n");
return HDB_ERR_NOENTRY;
}
- /* in future, we could cache the connect here, but for now KISS */
-
- sam_db = ldb_connect(db->hdb_name, 0, NULL);
- if (sam_db == NULL) {
- krb5_warnx(context, "LDB_open: hdb_name '%s' failed\n",db->hdb_name);
- krb5_set_error_string(context, "ldb_connect(%s, 0, NULL) failed!", db->hdb_name);
- return HDB_ERR_NOENTRY;
- }
-
- db->hdb_db = talloc_steal(db, sam_db);
-
- krb5_warnx(context, "LDB_open: hdb_name '%s' ok\n",db->hdb_name);
-
return 0;
}
static krb5_error_code LDB_close(krb5_context context, HDB *db)
{
- talloc_free(db->hdb_db);
- db->hdb_db = NULL;
return 0;
}
@@ -830,12 +811,6 @@
realm_msg[0], msg[0], entry);
if (ret != 0) {
krb5_warnx(context, "LDB_fetch: message2entry failed\n");
-#if 0 /* master key support removed */
- } else {
- if (db->hdb_master_key_set && (!(flags & HDB_F_DECRYPT))) {
- ret = hdb_seal_keys(context, db, entry);
- }
-#endif
}
}
@@ -888,16 +863,7 @@
if (ret != 0) {
talloc_free(priv);
db->hdb_openp = NULL;
-#if 0 /* master key support removed */
} else {
- if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
- ret = hdb_unseal_keys(context, db, entry);
- if (ret != 0) {
- hdb_free_entry(context,entry);
- }
- }
-#endif
- } else {
talloc_free(mem_ctx);
}
@@ -993,15 +959,6 @@
return LDB_seq(context, db, flags, entry);
}
-#if 0 /* no way to easily get context here, and we don't want to use master keys anyway */
-static int LDB_db_destructor(void *ptr)
-{
- HDB *db = talloc_get_type(ptr, HDB);
- hdb_clear_master_key(context, db);
- return 0;
-}
-#endif
-
static krb5_error_code LDB_destroy(krb5_context context, HDB *db)
{
talloc_free(db);
@@ -1018,21 +975,14 @@
(*db)->hdb_master_key_set = 0;
(*db)->hdb_db = NULL;
-#if 0
- talloc_set_destructor(*db, LDB_db_destructor);
-#endif
- if (!arg || arg[0] == '\0') {
+ /* in future, we could cache the connect here, but for now KISS */
+
+ (*db)->hdb_db = samdb_connect(db);
+ if ((*db)->hdb_db == NULL) {
+ krb5_warnx(context, "hdb_ldb_create: samdb_connect failed!");
+ krb5_set_error_string(context, "samdb_connect failed!");
talloc_free(*db);
- krb5_set_error_string(context, "hdb_ldb_create: no db name specified");
- return EINVAL;
- } else {
- (*db)->hdb_name = talloc_strdup(*db, arg);
- if ((*db)->hdb_name == NULL) {
- krb5_set_error_string(context, "strdup: out of memory");
- talloc_free(*db);
- *db = NULL;
- return ENOMEM;
- }
+ return HDB_ERR_NOENTRY;
}
(*db)->hdb_openp = 0;
Modified: branches/SAMBA_4_0/source/kdc/kdc.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/kdc.c 2005-06-05 12:10:40 UTC (rev 7303)
+++ branches/SAMBA_4_0/source/kdc/kdc.c 2005-06-05 13:11:42 UTC (rev 7304)
@@ -251,6 +251,9 @@
}
krb5_kdc_default_config(kdc->config);
+ /* NAT and the like make this pointless, and painful */
+ kdc->config->check_ticket_addresses = FALSE;
+
initialize_krb5_error_table();
ret = smb_krb5_init_context(kdc, &kdc->smb_krb5_context);
More information about the samba-cvs
mailing list