svn commit: samba r13321 - in branches/SAMBA_4_0/source/kdc: .

abartlet at samba.org abartlet at samba.org
Fri Feb 3 23:19:01 GMT 2006


Author: abartlet
Date: 2006-02-03 23:19:00 +0000 (Fri, 03 Feb 2006)
New Revision: 13321

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13321

Log:
Bind to each interface and to the 0.0.0.0 interface on the KDC.  This
was pointed out by Maurice Massar.  It ensures we get the addresses
for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over
localhost).

Also never run the KDC unless we are a DC.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/kdc/kdc.c


Changeset:
Modified: branches/SAMBA_4_0/source/kdc/kdc.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/kdc.c	2006-02-03 23:07:58 UTC (rev 13320)
+++ branches/SAMBA_4_0/source/kdc/kdc.c	2006-02-03 23:19:00 UTC (rev 13321)
@@ -33,6 +33,8 @@
 #include "lib/messaging/irpc.h"
 #include "lib/stream/packet.h"
 
+#include "librpc/gen_ndr/samr.h"
+
 /* hold all the info needed to send a reply */
 struct kdc_reply {
 	struct kdc_reply *next, *prev;
@@ -499,22 +501,22 @@
 	int num_interfaces = iface_count();
 	TALLOC_CTX *tmp_ctx = talloc_new(kdc);
 	NTSTATUS status;
+	
+	int i;
+	
+	for (i=0; i<num_interfaces; i++) {
+		const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i));
+		status = kdc_add_socket(kdc, address);
+		NT_STATUS_NOT_OK_RETURN(status);
+	}
 
 	/* if we are allowing incoming packets from any address, then
 	   we need to bind to the wildcard address */
 	if (!lp_bind_interfaces_only()) {
 		status = kdc_add_socket(kdc, "0.0.0.0");
 		NT_STATUS_NOT_OK_RETURN(status);
-	} else {
-		int i;
-
-		for (i=0; i<num_interfaces; i++) {
-			const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i));
-			status = kdc_add_socket(kdc, address);
-			NT_STATUS_NOT_OK_RETURN(status);
-		}
 	}
-
+		
 	talloc_free(tmp_ctx);
 
 	return NT_STATUS_OK;
@@ -529,6 +531,19 @@
 	NTSTATUS status;
 	krb5_error_code ret;
 
+	switch (lp_server_role()) {
+	case ROLE_STANDALONE:
+		task_server_terminate(task, "kdc: no KDC required in standalone configuration");
+		return;
+	case ROLE_DOMAIN_MEMBER:
+		task_server_terminate(task, "kdc: no KDC required in member server configuration");
+		return;
+	case ROLE_DOMAIN_PDC:
+	case ROLE_DOMAIN_BDC:
+		/* Yes, we want a KDC */
+		break;
+	}
+
 	if (iface_count() == 0) {
 		task_server_terminate(task, "kdc: no network interfaces configured");
 		return;



More information about the samba-cvs mailing list