svn commit: samba r13321 - in branches/SAMBA_4_0/source/kdc: .
abartlet at samba.org
abartlet at samba.org
Fri Feb 3 23:19:01 GMT 2006
Author: abartlet
Date: 2006-02-03 23:19:00 +0000 (Fri, 03 Feb 2006)
New Revision: 13321
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13321
Log:
Bind to each interface and to the 0.0.0.0 interface on the KDC. This
was pointed out by Maurice Massar. It ensures we get the addresses
for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over
localhost).
Also never run the KDC unless we are a DC.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/kdc/kdc.c
Changeset:
Modified: branches/SAMBA_4_0/source/kdc/kdc.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/kdc.c 2006-02-03 23:07:58 UTC (rev 13320)
+++ branches/SAMBA_4_0/source/kdc/kdc.c 2006-02-03 23:19:00 UTC (rev 13321)
@@ -33,6 +33,8 @@
#include "lib/messaging/irpc.h"
#include "lib/stream/packet.h"
+#include "librpc/gen_ndr/samr.h"
+
/* hold all the info needed to send a reply */
struct kdc_reply {
struct kdc_reply *next, *prev;
@@ -499,22 +501,22 @@
int num_interfaces = iface_count();
TALLOC_CTX *tmp_ctx = talloc_new(kdc);
NTSTATUS status;
+
+ int i;
+
+ for (i=0; i<num_interfaces; i++) {
+ const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i));
+ status = kdc_add_socket(kdc, address);
+ NT_STATUS_NOT_OK_RETURN(status);
+ }
/* if we are allowing incoming packets from any address, then
we need to bind to the wildcard address */
if (!lp_bind_interfaces_only()) {
status = kdc_add_socket(kdc, "0.0.0.0");
NT_STATUS_NOT_OK_RETURN(status);
- } else {
- int i;
-
- for (i=0; i<num_interfaces; i++) {
- const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i));
- status = kdc_add_socket(kdc, address);
- NT_STATUS_NOT_OK_RETURN(status);
- }
}
-
+
talloc_free(tmp_ctx);
return NT_STATUS_OK;
@@ -529,6 +531,19 @@
NTSTATUS status;
krb5_error_code ret;
+ switch (lp_server_role()) {
+ case ROLE_STANDALONE:
+ task_server_terminate(task, "kdc: no KDC required in standalone configuration");
+ return;
+ case ROLE_DOMAIN_MEMBER:
+ task_server_terminate(task, "kdc: no KDC required in member server configuration");
+ return;
+ case ROLE_DOMAIN_PDC:
+ case ROLE_DOMAIN_BDC:
+ /* Yes, we want a KDC */
+ break;
+ }
+
if (iface_count() == 0) {
task_server_terminate(task, "kdc: no network interfaces configured");
return;
More information about the samba-cvs
mailing list