[PATCHSET] Samba AD with MIT Kerberos

Jeremy Allison jra at samba.org
Tue Apr 25 20:39:39 UTC 2017 

On Tue, Apr 25, 2017 at 04:25:46PM +0200, Andreas Schneider via samba-technical wrote:
> On Tuesday, 25 April 2017 10:26:06 CEST Andreas Schneider via samba-technical 
> wrote:
> > On Monday, 13 March 2017 18:40:21 CEST Andrew Bartlett wrote:
> > > On Mon, 2017-03-13 at 08:29 +0100, Andreas Schneider via samba-
> > > 
> > > technical wrote:
> > > > Hello,
> > > > 
> > > > after more than 3 years of work I finally got this:
> > > > 	ALL OK (14658 tests in 2030 testsuites)
> > > > 
> > > > The testsuite completed for the first time!
> > 
> > Here is a new rebased version which fixes the issues with the KDC tests if
> > we do not build the AD DC.
> > 
> > On Ubuntu 14.04 I got:
> > 
> > ./script/autobuild.py --testbase=/tmp samba-systemkrb5
> > All OK
> > 
> > So it successfully passed. I have a private autobuild running too now.
> > 
> > 
> > Thanks for your help to address these issues.
> 
> 
> I've found another issue in a common test function. The attached patchset 
> succeded in a private autobuild:
> 
> 
>     Your autobuild on sn-devel-144 has succeeded after 244.0 minutes.
> 
> 
> Please review.

Just a few minor nits I've found so far.



In [PATCH 10/51] s4-kdc: Add a MIT Kerberos KDC service:

+/*                 
+   Unix SMB/CIFS implementation.
+
+   run s3 file server within Samba4

Should be:

+++ b/source4/kdc/kdc-service-mit.c
@@ -0,0 +1,120 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   run MIT krb5 server within Samba4
+

Also: 

+NTSTATUS server_service_mitkdc_init(void);
+
+NTSTATUS server_service_mitkdc_init(void)
+{
+       return register_server_service("kdc", mitkdc_task_init);
+}

needs to be:

+NTSTATUS server_service_mitkdc_init(TALLOC_CTX *);
+
+NTSTATUS server_service_mitkdc_init(TALLOC_CTX *ctx)
+{
+       return register_server_service("kdc", mitkdc_task_init);
+}

Sorry :-(.
--------------------------------------------------

In [PATCH 11/51] s4-kdc: Add MIT KRB5 based irpc service for PAC validation

+NTSTATUS samba_setup_mit_kdc_irpc(struct task_server *task)
+{
+       struct samba_kdc_base_context base_ctx;
+       struct mit_kdc_irpc_context *mki_ctx;
+       NTSTATUS status;
+       int code;
+
+       mki_ctx = talloc_zero(task, struct mit_kdc_irpc_context);

Missing check for NULL return from talloc_zero

--------------------------------------------------

In [PATCH 34/51] s4-kdc: Start the kpasswd service with MIT KDC

+       tmp_ctx = talloc_new(mem_ctx);
+       if (tmp_ctx == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }


Use talloc_named_const() instead so we have a good name
for this context.

Cheers,

	Jeremy.

More information about the samba-technical mailing list