1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4:libnet: Pass SDB_F_ADMIN_DATA flag through to samba_kdc_message2entry()

This will allow us to specify whether to specify this flag for a keytab
export.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Jo Sutton 2024-04-24 13:45:08 +12:00 committed by Andrew Bartlett
parent aa8aeeb655
commit 048de3da01
5 changed files with 20 additions and 11 deletions

View File

@ -3311,6 +3311,7 @@ struct samba_kdc_seq {
static krb5_error_code samba_kdc_seq(krb5_context context,
struct samba_kdc_db_context *kdc_db_ctx,
const unsigned sdb_flags,
struct sdb_entry *entry)
{
krb5_error_code ret;
@ -3364,7 +3365,7 @@ static krb5_error_code samba_kdc_seq(krb5_context context,
ret = samba_kdc_message2entry(context, kdc_db_ctx, mem_ctx,
principal, SAMBA_KDC_ENT_TYPE_ANY,
SDB_F_ADMIN_DATA|SDB_F_GET_ANY,
sdb_flags|SDB_F_GET_ANY,
0 /* kvno */,
priv->realm_dn, msg, entry);
krb5_free_principal(context, principal);
@ -3420,7 +3421,7 @@ trusts:
mem_ctx,
trust_direction,
priv->realm_dn,
SDB_F_ADMIN_DATA|SDB_F_GET_ANY,
sdb_flags|SDB_F_GET_ANY,
0, /* kvno */
msg,
entry);
@ -3436,6 +3437,7 @@ trusts:
krb5_error_code samba_kdc_firstkey(krb5_context context,
struct samba_kdc_db_context *kdc_db_ctx,
const unsigned sdb_flags,
struct sdb_entry *entry)
{
struct ldb_context *ldb_ctx = kdc_db_ctx->samdb;
@ -3500,7 +3502,7 @@ krb5_error_code samba_kdc_firstkey(krb5_context context,
kdc_db_ctx->seq_ctx = priv;
ret = samba_kdc_seq(context, kdc_db_ctx, entry);
ret = samba_kdc_seq(context, kdc_db_ctx, sdb_flags, entry);
if (ret != 0) {
TALLOC_FREE(priv);
@ -3511,9 +3513,10 @@ krb5_error_code samba_kdc_firstkey(krb5_context context,
krb5_error_code samba_kdc_nextkey(krb5_context context,
struct samba_kdc_db_context *kdc_db_ctx,
const unsigned sdb_flags,
struct sdb_entry *entry)
{
return samba_kdc_seq(context, kdc_db_ctx, entry);
return samba_kdc_seq(context, kdc_db_ctx, sdb_flags, entry);
}
/* Check if a given entry may delegate or do s4u2self to this target principal

View File

@ -68,10 +68,12 @@ krb5_error_code samba_kdc_fetch(krb5_context context,
krb5_error_code samba_kdc_firstkey(krb5_context context,
struct samba_kdc_db_context *kdc_db_ctx,
const unsigned sdb_flags,
struct sdb_entry *entry);
krb5_error_code samba_kdc_nextkey(krb5_context context,
struct samba_kdc_db_context *kdc_db_ctx,
const unsigned sdb_flags,
struct sdb_entry *entry);
krb5_error_code

View File

@ -237,7 +237,7 @@ static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsign
kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
ret = samba_kdc_firstkey(context, kdc_db_ctx, &sentry);
ret = samba_kdc_firstkey(context, kdc_db_ctx, SDB_F_ADMIN_DATA, &sentry);
switch (ret) {
case 0:
break;
@ -266,7 +266,7 @@ static krb5_error_code hdb_samba4_nextkey(krb5_context context, HDB *db, unsigne
kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
ret = samba_kdc_nextkey(context, kdc_db_ctx, &sentry);
ret = samba_kdc_nextkey(context, kdc_db_ctx, SDB_F_ADMIN_DATA, &sentry);
switch (ret) {
case 0:
break;

View File

@ -348,7 +348,7 @@ krb5_error_code mit_samba_get_firstkey(struct mit_samba_context *ctx,
return ENOMEM;
}
ret = samba_kdc_firstkey(ctx->context, ctx->db_ctx, &sentry);
ret = samba_kdc_firstkey(ctx->context, ctx->db_ctx, SDB_F_ADMIN_DATA, &sentry);
switch (ret) {
case 0:
break;
@ -386,7 +386,7 @@ krb5_error_code mit_samba_get_nextkey(struct mit_samba_context *ctx,
return ENOMEM;
}
ret = samba_kdc_nextkey(ctx->context, ctx->db_ctx, &sentry);
ret = samba_kdc_nextkey(ctx->context, ctx->db_ctx, SDB_F_ADMIN_DATA, &sentry);
switch (ret) {
case 0:
break;

View File

@ -37,6 +37,7 @@ static NTSTATUS sdb_kt_copy(TALLOC_CTX *mem_ctx,
const char *principal,
bool keep_stale_entries,
bool include_historic_keys,
const unsigned sdb_flags,
const char **error_string)
{
struct sdb_entry sentry = {};
@ -74,15 +75,15 @@ static NTSTATUS sdb_kt_copy(TALLOC_CTX *mem_ctx,
}
code = samba_kdc_fetch(context, db_ctx, k5_princ,
SDB_F_GET_ANY | SDB_F_ADMIN_DATA,
SDB_F_GET_ANY | sdb_flags,
0, &sentry);
krb5_free_principal(context, k5_princ);
} else {
code = samba_kdc_firstkey(context, db_ctx, &sentry);
code = samba_kdc_firstkey(context, db_ctx, sdb_flags, &sentry);
}
for (; code == 0; code = samba_kdc_nextkey(context, db_ctx, &sentry)) {
for (; code == 0; code = samba_kdc_nextkey(context, db_ctx, sdb_flags, &sentry)) {
int i;
bool found_previous = false;
tmp_ctx = talloc_new(mem_ctx);
@ -352,6 +353,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s
struct samba_kdc_base_context *base_ctx;
struct samba_kdc_db_context *db_ctx = NULL;
const char *error_string = NULL;
unsigned sdb_flags;
NTSTATUS status;
bool keep_stale_entries = r->in.keep_stale_entries;
@ -408,6 +410,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s
}
}
sdb_flags = SDB_F_ADMIN_DATA;
status = sdb_kt_copy(mem_ctx,
smb_krb5_context,
@ -416,6 +419,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s
r->in.principal,
keep_stale_entries,
!r->in.only_current_keys,
sdb_flags,
&error_string);
talloc_free(db_ctx);