sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-10 13:57:47 +03:00
Code
samba-mirror/source4/dsdb/samdb/ldb_modules/update_keytab.c

511 lines
12 KiB
C
Raw Normal View History

r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
/*
ldb database library
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
the Free Software Foundation; either version 3 of the License, or
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
*/
/*
* Name: ldb
*
* Component: ldb update_keytabs module
*
* Description: Update keytabs whenever their matching secret record changes
*
* Author: Andrew Bartlett
*/
#include "includes.h"
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
#include "ldb_module.h"
dsdb: Fix build against system ldb.
2009-06-18 03:09:14 +02:00
#include "lib/util/dlinklist.h"
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
#include "system/kerberos.h"
s4-kerberos Move 'set key into keytab' code out of credentials. This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-23 17:01:44 +10:00
#include "auth/kerberos/kerberos.h"
s4-auth-krb: Move keytab functions in a separate file. Confine ldb dependency. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-30 19:33:53 -04:00
#include "auth/kerberos/kerberos_srv_keytab.h"
build: avoid util.h as a public header name due to conflict with MacOS
2011-09-20 14:26:36 -07:00
#include "dsdb/samdb/ldb_modules/util.h"
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
#include "param/secrets.h"
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
struct dn_list {
s4-kerberos Move 'set key into keytab' code out of credentials. This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-23 17:01:44 +10:00
struct ldb_message *msg;
bool do_delete;
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
struct dn_list *prev, *next;
};
struct update_kt_private {
struct dn_list *changed_dns;
};
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
struct update_kt_ctx {
struct ldb_module *module;
struct ldb_request *req;
struct ldb_dn *dn;
s4:update_keytab: s/delete/do_delete metze
2009-02-02 11:10:15 +01:00
bool do_delete;
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
struct ldb_reply *op_reply;
bool found;
};
Make sure prototypes are always included, make some functions static and remove some unused functions.
2008-10-20 18:59:51 +02:00
static struct update_kt_ctx *update_kt_ctx_init(struct ldb_module *module,
struct ldb_request *req)
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
{
struct update_kt_ctx *ac;
ac = talloc_zero(req, struct update_kt_ctx);
if (ac == NULL) {
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ldb_oom(ldb_module_get_ctx(module));
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
return NULL;
}
ac->module = module;
ac->req = req;
return ac;
}
/* FIXME: too many semi-async searches here for my taste, direct and indirect as
* cli_credentials_set_secrets() performs a sync ldb search.
* Just hope we are lucky and nothing breaks (using the tdb backend masks a lot
* of async issues). -SSS
*/
s4-dsdb: replaced the calls to ldb_search() in dsdb modules with dsdb_module_search() this ensures we follow the module stack, and set the parent on child requests
2011-01-17 13:39:46 +11:00
static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool do_delete,
struct ldb_request *parent)
{
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct update_kt_private *data = talloc_get_type(ldb_module_get_private(module), struct update_kt_private);
r21315: ldb now supports filters like (&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again we can use such a filter:-) we should only update the keytab for records matching this filter, that means we need to do a search before calling cli_credentials_set_secrets() metze (This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75)
2007-02-13 13:43:23 +00:00
struct dn_list *item;
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
char *filter;
r21315: ldb now supports filters like (&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again we can use such a filter:-) we should only update the keytab for records matching this filter, that means we need to do a search before calling cli_credentials_set_secrets() metze (This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75)
2007-02-13 13:43:23 +00:00
struct ldb_result *res;
int ret;
s4:update_keytab LDB module - no need to filter for the DN We launch a search request with base scope on exactly the same DN (see downwards). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-25 20:06:45 +02:00
filter = talloc_asprintf(data,
"(&(objectClass=kerberosSecret)(privateKeytab=*))");
r21315: ldb now supports filters like (&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again we can use such a filter:-) we should only update the keytab for records matching this filter, that means we need to do a search before calling cli_credentials_set_secrets() metze (This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75)
2007-02-13 13:43:23 +00:00
if (!filter) {
s4-dsdb: use ldb_operr() in the dsdb code this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-07-06 13:21:54 +10:00
return ldb_oom(ldb);
r21315: ldb now supports filters like (&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again we can use such a filter:-) we should only update the keytab for records matching this filter, that means we need to do a search before calling cli_credentials_set_secrets() metze (This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75)
2007-02-13 13:43:23 +00:00
}
s4-dsdb: replaced the calls to ldb_search() in dsdb modules with dsdb_module_search() this ensures we follow the module stack, and set the parent on child requests
2011-01-17 13:39:46 +11:00
ret = dsdb_module_search(module, data, &res,
dn, LDB_SCOPE_BASE, NULL,
DSDB_FLAG_NEXT_MODULE, parent,
"%s", filter);
s4-kerberos Move 'set key into keytab' code out of credentials. This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-23 17:01:44 +10:00
talloc_free(filter);
r21315: ldb now supports filters like (&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again we can use such a filter:-) we should only update the keytab for records matching this filter, that means we need to do a search before calling cli_credentials_set_secrets() metze (This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75)
2007-02-13 13:43:23 +00:00
if (ret != LDB_SUCCESS) {
return ret;
}
if (res->count != 1) {
/* if it's not a kerberosSecret then we don't have anything to update */
talloc_free(res);
return LDB_SUCCESS;
}
item = talloc(data->changed_dns? (void *)data->changed_dns: (void *)data, struct dn_list);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
if (!item) {
s4-kerberos Move 'set key into keytab' code out of credentials. This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-23 17:01:44 +10:00
talloc_free(res);
s4-dsdb: use ldb_operr() in the dsdb code this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-07-06 13:21:54 +10:00
return ldb_oom(ldb);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
}
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
s4-kerberos Move 'set key into keytab' code out of credentials. This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-23 17:01:44 +10:00
item->msg = talloc_steal(item, res->msgs[0]);
item->do_delete = do_delete;
talloc_free(res);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
dlist: remove unneeded type argument from DLIST_ADD_END() Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-05 11:32:18 +01:00
DLIST_ADD_END(data->changed_dns, item);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
return LDB_SUCCESS;
}
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
static int ukt_search_modified(struct update_kt_ctx *ac);
static int update_kt_op_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
struct ldb_context *ldb;
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
struct update_kt_ctx *ac;
int ret;
ac = talloc_get_type(req->context, struct update_kt_ctx);
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ldb = ldb_module_get_ctx(ac->module);
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
if (ares->error != LDB_SUCCESS) {
return ldb_module_done(ac->req, ares->controls,
ares->response, ares->error);
}
if (ares->type != LDB_REPLY_DONE) {
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ldb_set_errstring(ldb, "Invalid request type!\n");
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
s4:update_keytab: s/delete/do_delete metze
2009-02-02 11:10:15 +01:00
if (ac->do_delete) {
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
return ldb_module_done(ac->req, ares->controls,
ares->response, LDB_SUCCESS);
}
ac->op_reply = talloc_steal(ac, ares);
ret = ukt_search_modified(ac);
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req, NULL, NULL, ret);
}
return LDB_SUCCESS;
}
static int ukt_del_op(struct update_kt_ctx *ac)
{
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
struct ldb_context *ldb;
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
struct ldb_request *down_req;
int ret;
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ldb = ldb_module_get_ctx(ac->module);
ret = ldb_build_del_req(&down_req, ldb, ac,
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
ac->dn,
ac->req->controls,
ac, update_kt_op_callback,
ac->req);
ldb: mark the location of a lot more ldb requests
2010-09-24 12:50:13 -07:00
LDB_REQ_SET_LOCATION(down_req);
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
if (ret != LDB_SUCCESS) {
return ret;
}
return ldb_next_request(ac->module, down_req);
}
static int ukt_search_modified_callback(struct ldb_request *req,
struct ldb_reply *ares)
{
struct update_kt_ctx *ac;
int ret;
ac = talloc_get_type(req->context, struct update_kt_ctx);
if (!ares) {
return ldb_module_done(ac->req, NULL, NULL,
LDB_ERR_OPERATIONS_ERROR);
}
if (ares->error != LDB_SUCCESS) {
return ldb_module_done(ac->req, ares->controls,
ares->response, ares->error);
}
switch (ares->type) {
case LDB_REPLY_ENTRY:
ac->found = true;
break;
case LDB_REPLY_REFERRAL:
/* ignore */
break;
case LDB_REPLY_DONE:
if (ac->found) {
/* do the dirty sync job here :/ */
s4-dsdb: replaced the calls to ldb_search() in dsdb modules with dsdb_module_search() this ensures we follow the module stack, and set the parent on child requests
2011-01-17 13:39:46 +11:00
ret = add_modified(ac->module, ac->dn, ac->do_delete, ac->req);
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
}
s4:update_keytab: s/delete/do_delete metze
2009-02-02 11:10:15 +01:00
if (ac->do_delete) {
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
ret = ukt_del_op(ac);
if (ret != LDB_SUCCESS) {
return ldb_module_done(ac->req,
NULL, NULL, ret);
}
break;
}
return ldb_module_done(ac->req, ac->op_reply->controls,
ac->op_reply->response, LDB_SUCCESS);
}
talloc_free(ares);
return LDB_SUCCESS;
}
static int ukt_search_modified(struct update_kt_ctx *ac)
{
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
struct ldb_context *ldb;
s4:update_keytab LDB module - we don't need to search for the "distinguishedName" attribute Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Nov 6 20:08:28 UTC 2010 on sn-devel-104
2010-11-06 20:23:35 +01:00
static const char * const no_attrs[] = { NULL };
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
struct ldb_request *search_req;
int ret;
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ldb = ldb_module_get_ctx(ac->module);
ret = ldb_build_search_req(&search_req, ldb, ac,
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
ac->dn, LDB_SCOPE_BASE,
"(&(objectClass=kerberosSecret)"
s4:update_keytab LDB module - we don't need to search for the "distinguishedName" attribute Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Nov 6 20:08:28 UTC 2010 on sn-devel-104
2010-11-06 20:23:35 +01:00
"(privateKeytab=*))", no_attrs,
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
NULL,
ac, ukt_search_modified_callback,
ac->req);
ldb: mark the location of a lot more ldb requests
2010-09-24 12:50:13 -07:00
LDB_REQ_SET_LOCATION(search_req);
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
if (ret != LDB_SUCCESS) {
return ret;
}
return ldb_next_request(ac->module, search_req);
}
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
/* add */
static int update_kt_add(struct ldb_module *module, struct ldb_request *req)
{
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
struct ldb_context *ldb;
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
struct update_kt_ctx *ac;
struct ldb_request *down_req;
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
int ret;
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ldb = ldb_module_get_ctx(module);
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
ac = update_kt_ctx_init(module, req);
if (ac == NULL) {
s4-dsdb: use ldb_operr() in the dsdb code this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-07-06 13:21:54 +10:00
return ldb_operr(ldb);
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
}
ac->dn = req->op.add.message->dn;
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ret = ldb_build_add_req(&down_req, ldb, ac,
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
req->op.add.message,
req->controls,
ac, update_kt_op_callback,
req);
ldb: mark the location of a lot more ldb requests
2010-09-24 12:50:13 -07:00
LDB_REQ_SET_LOCATION(down_req);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
if (ret != LDB_SUCCESS) {
return ret;
}
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
return ldb_next_request(module, down_req);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
}
/* modify */
static int update_kt_modify(struct ldb_module *module, struct ldb_request *req)
{
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
struct ldb_context *ldb;
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
struct update_kt_ctx *ac;
struct ldb_request *down_req;
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
int ret;
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ldb = ldb_module_get_ctx(module);
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
ac = update_kt_ctx_init(module, req);
if (ac == NULL) {
s4-dsdb: use ldb_operr() in the dsdb code this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-07-06 13:21:54 +10:00
return ldb_operr(ldb);
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
}
ac->dn = req->op.mod.message->dn;
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ret = ldb_build_mod_req(&down_req, ldb, ac,
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
req->op.mod.message,
req->controls,
ac, update_kt_op_callback,
req);
ldb: mark the location of a lot more ldb requests
2010-09-24 12:50:13 -07:00
LDB_REQ_SET_LOCATION(down_req);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
if (ret != LDB_SUCCESS) {
return ret;
}
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
return ldb_next_request(module, down_req);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
}
/* delete */
static int update_kt_delete(struct ldb_module *module, struct ldb_request *req)
{
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
struct update_kt_ctx *ac;
ac = update_kt_ctx_init(module, req);
if (ac == NULL) {
s4-dsdb: use ldb_operr() in the dsdb code this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-07-06 13:21:54 +10:00
return ldb_operr(ldb_module_get_ctx(module));
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
}
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
ac->dn = req->op.del.dn;
s4:update_keytab: s/delete/do_delete metze
2009-02-02 11:10:15 +01:00
ac->do_delete = true;
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
return ukt_search_modified(ac);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
}
/* rename */
static int update_kt_rename(struct ldb_module *module, struct ldb_request *req)
{
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
struct ldb_context *ldb;
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
struct update_kt_ctx *ac;
struct ldb_request *down_req;
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
int ret;
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ldb = ldb_module_get_ctx(module);
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
ac = update_kt_ctx_init(module, req);
if (ac == NULL) {
s4-dsdb: use ldb_operr() in the dsdb code this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-07-06 13:21:54 +10:00
return ldb_operr(ldb);
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
}
ac->dn = req->op.rename.newdn;
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ret = ldb_build_rename_req(&down_req, ldb, ac,
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
req->op.rename.olddn,
req->op.rename.newdn,
req->controls,
ac, update_kt_op_callback,
req);
ldb: mark the location of a lot more ldb requests
2010-09-24 12:50:13 -07:00
LDB_REQ_SET_LOCATION(down_req);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
if (ret != LDB_SUCCESS) {
return ret;
}
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
return ldb_next_request(module, down_req);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
}
hook on prepare_commit instead of transaction_end This allows for safe transaction end aborts
2009-09-03 18:33:17 +10:00
/* prepare for a commit */
static int update_kt_prepare_commit(struct ldb_module *module)
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
{
s4-kerberos Move 'set key into keytab' code out of credentials. This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-23 17:01:44 +10:00
struct ldb_context *ldb = ldb_module_get_ctx(module);
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
struct update_kt_private *data = talloc_get_type(ldb_module_get_private(module), struct update_kt_private);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
struct dn_list *p;
s4-kerberos Move 'set key into keytab' code out of credentials. This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-23 17:01:44 +10:00
struct smb_krb5_context *smb_krb5_context;
dsdb: Specify no event context to smb_krb5_init_context() in dsdb These routines parse principals and generate keys only, no network communication is done. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-17 21:48:30 +12:00
int krb5_ret = smb_krb5_init_context(data,
ldb_get_opaque(ldb, "loadparm"),
s4-kerberos Move 'set key into keytab' code out of credentials. This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-23 17:01:44 +10:00
&smb_krb5_context);
s4:dsdb fix compiler warnings about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-12-10 17:52:30 +01:00
TALLOC_CTX *tmp_ctx = NULL;
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
s4-kerberos Move 'set key into keytab' code out of credentials. This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-23 17:01:44 +10:00
if (krb5_ret != 0) {
ldb_asprintf_errstring(ldb, "Failed to setup krb5_context: %s", error_message(krb5_ret));
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
goto fail;
s4-kerberos Move 'set key into keytab' code out of credentials. This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-23 17:01:44 +10:00
}
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
tmp_ctx = talloc_new(data);
if (!tmp_ctx) {
ldb_oom(ldb);
goto fail;
}
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
for (p=data->changed_dns; p; p = p->next) {
s4-kerberos Rework keytab handling to export servicePrincipalName entries This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett
2010-09-24 14:17:58 +10:00
const char *error_string;
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
const char *realm;
char *upper_realm;
struct ldb_message_element *spn_el = ldb_msg_find_element(p->msg, "servicePrincipalName");
s4:dsdb/ldb_modules: avoid invalid pointer type warnings Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-27 09:29:36 +01:00
const char **SPNs = NULL;
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
int num_SPNs = 0;
int i;
realm = ldb_msg_find_attr_as_string(p->msg, "realm", NULL);
if (spn_el) {
upper_realm = strupper_talloc(tmp_ctx, realm);
if (!upper_realm) {
ldb_oom(ldb);
goto fail;
}
num_SPNs = spn_el->num_values;
s4:dsdb/ldb_modules: avoid invalid pointer type warnings Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-27 09:29:36 +01:00
SPNs = talloc_array(tmp_ctx, const char *, num_SPNs);
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
if (!SPNs) {
ldb_oom(ldb);
goto fail;
}
for (i = 0; i < num_SPNs; i++) {
s4:dsdb/ldb_modules: avoid invalid pointer type warnings Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-27 09:29:36 +01:00
SPNs[i] = talloc_asprintf(SPNs, "%*.*s@%s",
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
(int)spn_el->values[i].length,
(int)spn_el->values[i].length,
(const char *)spn_el->values[i].data,
upper_realm);
if (!SPNs[i]) {
ldb_oom(ldb);
goto fail;
}
}
}
srv_keytab: Pass krb5_context directly, it's all we use anyways. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-01 19:08:15 -04:00
krb5_ret = smb_krb5_update_keytab(tmp_ctx, smb_krb5_context->krb5_context,
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
keytab_name_from_msg(tmp_ctx, ldb, p->msg),
ldb_msg_find_attr_as_string(p->msg, "samAccountName", NULL),
s4:dsdb/ldb_modules: avoid invalid pointer type warnings Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-27 09:29:36 +01:00
realm, SPNs, num_SPNs,
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
ldb_msg_find_attr_as_string(p->msg, "saltPrincipal", NULL),
ldb_msg_find_attr_as_string(p->msg, "secret", NULL),
ldb_msg_find_attr_as_string(p->msg, "priorSecret", NULL),
ldb_msg_find_attr_as_int(p->msg, "msDS-KeyVersionNumber", 0),
(uint32_t)ldb_msg_find_attr_as_int(p->msg, "msDS-SupportedEncryptionTypes", ENC_ALL_TYPES),
s4-auth-krb: Remove unneded dependency on kerberos_util. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 03:23:19 -04:00
p->do_delete, NULL, &error_string);
s4-kerberos Move 'set key into keytab' code out of credentials. This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-23 17:01:44 +10:00
if (krb5_ret != 0) {
s4-kerberos Rework keytab handling to export servicePrincipalName entries This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett
2010-09-24 14:17:58 +10:00
ldb_asprintf_errstring(ldb, "Failed to update keytab from entry %s in %s: %s",
ldb_dn_get_linearized(p->msg->dn),
(const char *)ldb_get_opaque(ldb, "ldb_url"),
error_string);
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
goto fail;
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
}
}
talloc_free(data->changed_dns);
data->changed_dns = NULL;
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
talloc_free(tmp_ctx);
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
hook on prepare_commit instead of transaction_end This allows for safe transaction end aborts
2009-09-03 18:33:17 +10:00
return ldb_next_prepare_commit(module);
s4-auth-krb: Simplify salt_princ handling. This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-31 01:27:02 -04:00
fail:
talloc_free(data->changed_dns);
data->changed_dns = NULL;
talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR;
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
}
/* end a transaction */
static int update_kt_del_trans(struct ldb_module *module)
{
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
struct update_kt_private *data = talloc_get_type(ldb_module_get_private(module), struct update_kt_private);
LDB ASYNC: samba4 modules
2008-09-11 18:36:28 -04:00
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
talloc_free(data->changed_dns);
data->changed_dns = NULL;
r25249: Thanks to Andrew Kroeger for pointing out this silly typo (calling end_transaction in delete_tranaction would be very much the wrong thing to do) in the update_keytab module. Andrew Bartlett (This used to be commit aad9545ca12bc8a3aeaf5cc870d137d89c34bb39)
2007-09-20 07:51:08 +00:00
return ldb_next_del_trans(module);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
}
static int update_kt_init(struct ldb_module *module)
{
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
struct ldb_context *ldb;
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
struct update_kt_private *data;
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ldb = ldb_module_get_ctx(module);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
data = talloc(module, struct update_kt_private);
if (data == NULL) {
s4-dsdb: use ldb_operr() in the dsdb code this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-07-06 13:21:54 +10:00
return ldb_oom(ldb);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
}
data->changed_dns = NULL;
Fix the mess with ldb includes. Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-29 18:39:30 -05:00
ldb_module_set_private(module, data);
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
return ldb_next_init(module);
}
s4-dsdb: convert the rest of the ldb modules to the new module type
2010-11-01 15:28:02 +11:00
static const struct ldb_module_ops ldb_update_keytab_module_ops = {
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
.name = "update_keytab",
.init_context = update_kt_init,
.add = update_kt_add,
.modify = update_kt_modify,
.rename = update_kt_rename,
.del = update_kt_delete,
hook on prepare_commit instead of transaction_end This allows for safe transaction end aborts
2009-09-03 18:33:17 +10:00
.prepare_commit = update_kt_prepare_commit,
r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-02-04 07:17:03 +00:00
.del_transaction = update_kt_del_trans,
};
s4-dsdb: convert the rest of the ldb modules to the new module type
2010-11-01 15:28:02 +11:00
int ldb_update_keytab_module_init(const char *version)
{
s4-ldb: enable version checking in dsdb ldb modules
2010-11-01 22:30:45 +11:00
LDB_MODULE_CHECK_VERSION(version);
s4-dsdb: convert the rest of the ldb modules to the new module type
2010-11-01 15:28:02 +11:00
return ldb_register_module(&ldb_update_keytab_module_ops);
}
Copy Permalink