[RFC PATCH] unbreak mit kdc

Philipp Gesang philipp.gesang at intra2net.com
Tue Nov 6 08:24:00 UTC 2018 

Hi Andreas,

thanks for the response.

-<| Quoting Andreas Schneider <asn at samba.org>, on Monday, 2018-11-05 06:44:12 PM |>-
> On Monday, 5 November 2018 16:53:49 CET Philipp Gesang via samba-technical 
> wrote:
> > devel master is broken right now in an MIT KRB5 build.
> 
> ouch this only produces a warning and not an error.
>
> I think we need:
> 
> -Werror=incompatible-pointer-types
> 
> for --picky-developer at least!

It already errors out for me with --picky-developer (GCC 8.2.1).

> > Please review the attached patch which restores compilation for
> > me. Some inserts have been tagged “XXX” because frankly I have
> > no idea what status code would be appropriate. Suggestions would
> > be very much appreciated.
> 
> For the failing init of krb5 ctx, kdm5 and kdb I would return 
> NT_STATUS_INTERNAL_ERROR.
> 
> For the failing connection to samdb I would return: 
> NT_STATUS_CONNECTION_INVALID or NT_STATUS_CONNECTION_ABORTED

Ok. See attached v2.

Philipp
-------------- next part --------------
From b940e70de19ff6e1d3246717df24f5b251dcfc83 Mon Sep 17 00:00:00 2001
From: Philipp Gesang <philipp.gesang at intra2net.com>
Date: Mon, 5 Nov 2018 15:54:35 +0100
Subject: [PATCH] s4-kdc: restore MIT KDC backend

Fix fallout from the KDC prefork patchset (99aea42520fc..).

GCC warns when Samba is being built with --with-system-mitkrb5.
Fix this by adapting the signature of mitkdc_task_init() to match
task_init which has been extended to return a status code.

Status codes try to mimick those of kdc-heimdal.c:kdc_task_init()
as closely as possible.

Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
---
 source4/kdc/kdc-service-mit.c | 35 +++++++++++++++++++----------------
 source4/kdc/kdc-service-mit.h |  2 +-
 2 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c
index 8ae1c219dc7..dd6902f083d 100644
--- a/source4/kdc/kdc-service-mit.c
+++ b/source4/kdc/kdc-service-mit.c
@@ -134,7 +134,7 @@ out:
 /*
  * Startup a copy of the krb5kdc as a child daemon
  */
-void mitkdc_task_init(struct task_server *task)
+NTSTATUS mitkdc_task_init(struct task_server *task)
 {
 	struct tevent_req *subreq;
 	const char * const *kdc_cmd;
@@ -155,13 +155,13 @@ void mitkdc_task_init(struct task_server *task)
 				      "The KDC is not required in standalone "
 				      "server configuration, terminate!",
 				      false);
-		return;
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
 	case ROLE_DOMAIN_MEMBER:
 		task_server_terminate(task,
 				      "The KDC is not required in member "
 				      "server configuration",
 				      false);
-		return;
+		return NT_STATUS_INVALID_DOMAIN_ROLE;
 	case ROLE_ACTIVE_DIRECTORY_DC:
 		/* Yes, we want to start the KDC */
 		break;
@@ -173,7 +173,7 @@ void mitkdc_task_init(struct task_server *task)
 		task_server_terminate(task,
 				      "KDC: no network interfaces configured",
 				      false);
-		return;
+		return NT_STATUS_UNSUCCESSFUL;
 	}
 
 	kdc_config = talloc_asprintf(task,
@@ -183,7 +183,7 @@ void mitkdc_task_init(struct task_server *task)
 		task_server_terminate(task,
 				      "KDC: no memory",
 				      false);
-		return;
+		return NT_STATUS_NO_MEMORY;
 	}
 	setenv("KRB5_KDC_PROFILE", kdc_config, 0);
 	TALLOC_FREE(kdc_config);
@@ -208,7 +208,7 @@ void mitkdc_task_init(struct task_server *task)
 		task_server_terminate(task,
 				      "Failed to startup mitkdc task",
 				      true);
-		return;
+		return NT_STATUS_INTERNAL_ERROR;
 	}
 
 	tevent_req_set_callback(subreq, mitkdc_server_done, task);
@@ -227,7 +227,7 @@ void mitkdc_task_init(struct task_server *task)
 	kdc = talloc_zero(task, struct kdc_server);
 	if (kdc == NULL) {
 		task_server_terminate(task, "KDC: Out of memory", true);
-		return;
+		return NT_STATUS_NO_MEMORY;
 	}
 	talloc_set_destructor(kdc, kdc_server_destroy);
 
@@ -236,7 +236,7 @@ void mitkdc_task_init(struct task_server *task)
 	kdc->base_ctx = talloc_zero(kdc, struct samba_kdc_base_context);
 	if (kdc->base_ctx == NULL) {
 		task_server_terminate(task, "KDC: Out of memory", true);
-		return;
+		return NT_STATUS_NO_MEMORY;
 	}
 
 	kdc->base_ctx->ev_ctx = task->event_ctx;
@@ -249,9 +249,9 @@ void mitkdc_task_init(struct task_server *task)
 				     &kdc->smb_krb5_context);
 	if (code != 0) {
 		task_server_terminate(task,
-				      "KDC: Unable to initialized krb5 context",
+				      "KDC: Unable to initialize krb5 context",
 				      true);
-		return;
+		return NT_STATUS_INTERNAL_ERROR;
 	}
 
 	code = kadm5_init_krb5_context(&kdc->smb_krb5_context->krb5_context);
@@ -259,7 +259,7 @@ void mitkdc_task_init(struct task_server *task)
 		task_server_terminate(task,
 				      "KDC: Unable to init kadm5 krb5_context",
 				      true);
-		return;
+		return NT_STATUS_INTERNAL_ERROR;
 	}
 
 	ZERO_STRUCT(config);
@@ -279,7 +279,7 @@ void mitkdc_task_init(struct task_server *task)
 		task_server_terminate(task,
 				      "KDC: Initialize kadm5",
 				      true);
-		return;
+		return NT_STATUS_INTERNAL_ERROR;
 	}
 	kdc->private_data = server_handle;
 
@@ -288,7 +288,7 @@ void mitkdc_task_init(struct task_server *task)
 		task_server_terminate(task,
 				      "KDC: Unable to KDB",
 				      true);
-		return;
+		return NT_STATUS_INTERNAL_ERROR;
 	}
 
 	kdc->keytab_name = talloc_asprintf(kdc, "KDB:");
@@ -296,7 +296,7 @@ void mitkdc_task_init(struct task_server *task)
 		task_server_terminate(task,
 				      "KDC: Out of memory",
 				      true);
-		return;
+		return NT_STATUS_NO_MEMORY;
 	}
 
 	kdc->samdb = samdb_connect(kdc,
@@ -307,9 +307,9 @@ void mitkdc_task_init(struct task_server *task)
 				   0);
 	if (kdc->samdb == NULL) {
 		task_server_terminate(task,
-				      "KDC: Unable to connect to sambdb",
+				      "KDC: Unable to connect to samdb",
 				      true);
-		return;
+		return NT_STATUS_CONNECTION_INVALID;
 	}
 
 	status = startup_kpasswd_server(kdc,
@@ -320,9 +320,12 @@ void mitkdc_task_init(struct task_server *task)
 		task_server_terminate(task,
 				      "KDC: Unable to start kpasswd server",
 				      true);
+		return status;
 	}
 
 	DEBUG(5,("Started kpasswd service for kdc_server\n"));
+
+	return NT_STATUS_OK;
 }
 
 /*
diff --git a/source4/kdc/kdc-service-mit.h b/source4/kdc/kdc-service-mit.h
index 6f38fe7ed97..79439331e16 100644
--- a/source4/kdc/kdc-service-mit.h
+++ b/source4/kdc/kdc-service-mit.h
@@ -22,6 +22,6 @@
 #ifndef _KDC_SERVICE_MIT_H
 #define _KDC_SERVICE_MIT_H
 
-void mitkdc_task_init(struct task_server *task);
+NTSTATUS mitkdc_task_init(struct task_server *task);
 
 #endif /* _KDC_SERVICE_MIT_H */
-- 
2.17.2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20181106/8d5bb2d5/signature.sig>

More information about the samba-technical mailing list