[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue Nov 29 19:23:02 MST 2011
The branch, master has been updated
via 12ce07e s4-kdc: Add hdb plugin for samba4, to allow kadmin to work
from 0ee447f s3:dbwrap_tdb: pass NTSTATUS code further up from db_tdb_fetch_parse in db_tdb_fetch()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 12ce07e53b9453f35a1483d941bfce9c23f790a0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Nov 30 07:45:25 2011 +1100
s4-kdc: Add hdb plugin for samba4, to allow kadmin to work
This will help users who are used to the kadmin interface, and could
be extended to import existing MIT or Heimdal keys into a Samba4 AD
domain.
To use, add to your krb5.conf
[kdc]
database = {
dbname = samba4:
}
or
[kdc]
database = {
dbname = samba4:/usr/local/samba/etc/smb.conf
}
And copy hdb_samba4.so from PREFIX/modules/hdb to your Heimdal lib directory
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Wed Nov 30 03:22:11 CET 2011 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source4/kdc/hdb-samba4-plugin.c | 84 +++++++++++++++++++++++++++++++++
source4/kdc/hdb-samba4.c | 32 ------------
source4/kdc/kdc.c | 3 +-
source4/kdc/samba_kdc.h | 2 +
source4/kdc/wscript_build | 20 ++++++--
source4/libnet/libnet_export_keytab.c | 4 +-
6 files changed, 103 insertions(+), 42 deletions(-)
create mode 100644 source4/kdc/hdb-samba4-plugin.c
Changeset truncated at 500 lines:
diff --git a/source4/kdc/hdb-samba4-plugin.c b/source4/kdc/hdb-samba4-plugin.c
new file mode 100644
index 0000000..568386d
--- /dev/null
+++ b/source4/kdc/hdb-samba4-plugin.c
@@ -0,0 +1,84 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ KDC Server startup
+
+ Copyright (C) Andrew Bartlett <abartlet at samba.org> 2005-20011
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "kdc/kdc-glue.h"
+#include "kdc/db-glue.h"
+#include "lib/util/samba_util.h"
+#include "lib/param/param.h"
+#include "source4/lib/events/events.h"
+
+static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg)
+{
+ NTSTATUS nt_status;
+ void *ptr;
+ struct samba_kdc_base_context *base_ctx;
+
+ if (sscanf(arg, "&%p", &ptr) == 1) {
+ base_ctx = talloc_get_type_abort(ptr, struct samba_kdc_base_context);
+ } else if (arg[0] == '\0' || file_exist(arg)) {
+ /* This mode for use in kadmin, rather than in Samba */
+
+ setup_logging("hdb_samba4", DEBUG_DEFAULT_STDERR);
+
+ base_ctx = talloc_zero(NULL, struct samba_kdc_base_context);
+ if (!base_ctx) {
+ return ENOMEM;
+ }
+
+ base_ctx->ev_ctx = s4_event_context_init(base_ctx);
+ base_ctx->lp_ctx = loadparm_init_global(false);
+ if (arg[0]) {
+ lpcfg_load(base_ctx->lp_ctx, arg);
+ } else {
+ lpcfg_load_default(base_ctx->lp_ctx);
+ }
+ } else {
+ return EINVAL;
+ }
+
+ /* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */
+ nt_status = hdb_samba4_create_kdc(base_ctx, context, db);
+
+ if (NT_STATUS_IS_OK(nt_status)) {
+ return 0;
+ } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) {
+
+ krb5_set_error_message(context, EINVAL, "Failed to open Samba4 LDB at %s", lpcfg_private_path(base_ctx, base_ctx->lp_ctx, "sam.ldb"));
+ } else {
+ krb5_set_error_message(context, EINVAL, "Failed to connect to Samba4 DB: %s (%s)", get_friendly_nt_error_msg(nt_status), nt_errstr(nt_status));
+ }
+
+ return EINVAL;
+}
+
+/* Only used in the hdb-backed keytab code
+ * for a keytab of 'samba4&<address>' or samba4, to find
+ * kpasswd's key in the main DB, and to
+ * copy all the keys into a file (libnet_keytab_export)
+ *
+ * The <address> is the string form of a pointer to a talloced struct hdb_samba_context
+ */
+struct hdb_method hdb_samba4_interface = {
+ .interface_version = HDB_INTERFACE_VERSION,
+ .prefix = "samba4",
+ .create = hdb_samba4_create
+};
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index f82712e..6a9e558 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -218,35 +218,3 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
return NT_STATUS_OK;
}
-
-static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg)
-{
- NTSTATUS nt_status;
- void *ptr;
- struct samba_kdc_base_context *base_ctx;
-
- if (sscanf(arg, "&%p", &ptr) != 1) {
- return EINVAL;
- }
- base_ctx = talloc_get_type_abort(ptr, struct samba_kdc_base_context);
- /* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */
- nt_status = hdb_samba4_create_kdc(base_ctx, context, db);
-
- if (NT_STATUS_IS_OK(nt_status)) {
- return 0;
- }
- return EINVAL;
-}
-
-/* Only used in the hdb-backed keytab code
- * for a keytab of 'samba4&<address>', to find
- * kpasswd's key in the main DB, and to
- * copy all the keys into a file (libnet_keytab_export)
- *
- * The <address> is the string form of a pointer to a talloced struct hdb_samba_context
- */
-struct hdb_method hdb_samba4 = {
- .interface_version = HDB_INTERFACE_VERSION,
- .prefix = "samba4",
- .create = hdb_samba4_create
-};
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 4e1e27c..9679144 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -38,7 +38,6 @@
NTSTATUS server_service_kdc_init(void);
extern struct krb5plugin_windc_ftable windc_plugin_table;
-extern struct hdb_method hdb_samba4;
static NTSTATUS kdc_proxy_unavailable_error(struct kdc_server *kdc,
TALLOC_CTX *mem_ctx,
@@ -1006,7 +1005,7 @@ static void kdc_task_init(struct task_server *task)
ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context,
PLUGIN_TYPE_DATA, "hdb",
- &hdb_samba4);
+ &hdb_samba4_interface);
if(ret) {
task_server_terminate(task, "kdc: failed to register hdb plugin", true);
return;
diff --git a/source4/kdc/samba_kdc.h b/source4/kdc/samba_kdc.h
index 3852955..1c3bb16 100644
--- a/source4/kdc/samba_kdc.h
+++ b/source4/kdc/samba_kdc.h
@@ -49,4 +49,6 @@ struct samba_kdc_entry {
hdb_entry_ex *entry_ex;
};
+extern struct hdb_method hdb_samba4_interface;
+
#endif /* _SAMBA_KDC_H_ */
diff --git a/source4/kdc/wscript_build b/source4/kdc/wscript_build
index aec1cb2..6a6e4f2 100644
--- a/source4/kdc/wscript_build
+++ b/source4/kdc/wscript_build
@@ -9,12 +9,22 @@ bld.SAMBA_MODULE('service_kdc',
)
-bld.SAMBA_SUBSYSTEM('HDB_SAMBA4',
- source='hdb-samba4.c',
- deps='ldb auth4_sam auth_sam_reply samba-credentials hdb db-glue samba-hostconfig com_err',
- includes='../heimdal/kdc',
- )
-
+bld.SAMBA_LIBRARY('HDB_SAMBA4',
+ source='hdb-samba4.c hdb-samba4-plugin.c',
+ deps='ldb auth4_sam auth_sam_reply samba-credentials hdb db-glue samba-hostconfig com_err',
+ includes='../heimdal/kdc',
+ private_library=True
+ )
+
+# A plugin for Heimdal's kadmin for users who need to operate that tool
+bld.SAMBA_LIBRARY('HDB_SAMBA4_PLUGIN',
+ source='hdb-samba4-plugin.c',
+ deps='hdb HDB_SAMBA4 samba-util samba-hostconfig ',
+ includes='../heimdal/kdc',
+ link_name='modules/hdb/hdb_samba4.so',
+ realname='hdb_samba4.so',
+ install_path='${MODULESDIR}/hdb',
+ )
bld.SAMBA_SUBSYSTEM('WDC_SAMBA4',
source='wdc-samba4.c',
diff --git a/source4/libnet/libnet_export_keytab.c b/source4/libnet/libnet_export_keytab.c
index 2dae370..593f5fd 100644
--- a/source4/libnet/libnet_export_keytab.c
+++ b/source4/libnet/libnet_export_keytab.c
@@ -5,8 +5,6 @@
#include "kdc/samba_kdc.h"
#include "libnet/libnet.h"
-extern struct hdb_method hdb_samba4;
-
NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_export_keytab *r)
{
krb5_error_code ret;
@@ -35,7 +33,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s
ret = krb5_plugin_register(smb_krb5_context->krb5_context,
PLUGIN_TYPE_DATA, "hdb",
- &hdb_samba4);
+ &hdb_samba4_interface);
if(ret) {
return NT_STATUS_NO_MEMORY;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list