r7241: The KDC almost links...

Using current lorikeet/heimdal, and with the KDC module enabled (it is
disabled by default), I almost get the KDC to link.

(To enable the KDC for testing, comment out the only line in
smbd/config.m4, and add 'kdc' to the 'server services' line in
smb.conf).
(This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)

source4/auth/kerberos/config.m4

@@ -176,6 +176,8 @@ if test x$with_krb5_support != x"no"; then
 		with_krb5_support="no"
 	fi
 
+	AC_CHECK_HEADERS(kdc.h)
+
 	CFLAGS=$ac_save_CFLAGS
 	CPPFLAGS=$ac_save_CPPFLAGS
 	LDFLAGS=$ac_save_LDFLAGS
@@ -202,6 +204,8 @@ if test x"$with_krb5_support" != x"no"; then
  	AC_CHECK_LIB_EXT(com_err, KRB5_LIBS, _et_list)
 	AC_CHECK_LIB_EXT(k5crypto, KRB5_LIBS, krb5_encrypt_data)
 
+	AC_CHECK_LIB_EXT(kdc, KRB5_LIBS, krb5_kdc_default_config)
+
 	# Heimdal checks.
 	# But only if we didn't have a krb5-config to tell us this already
 	if test x"$FOUND_KRB5_VIA_CONFIG" != x"yes"; then
@@ -493,3 +497,4 @@ fi
 
 SMB_EXT_LIB(KRB5,[${KRB5_LIBS}],[${KRB5_CFLAGS}],[${KRB5_CPPFLAGS}],[${KRB5_LDFLAGS}])
 
+

source4/kdc/config.mk

@@ -4,7 +4,8 @@
 # Start SUBSYSTEM CLDAPD
 [SUBSYSTEM::KDC]
 INIT_OBJ_FILES = \
-		kdc/kdc.o
+		kdc/kdc.o \
+		kdc/hdb-ldb.o
 REQUIRED_SUBSYSTEMS = \
 		SOCKET
 # End SUBSYSTEM CLDAPD

source4/kdc/kdc.c

@@ -26,10 +26,10 @@
 #include "lib/events/events.h"
 #include "lib/socket/socket.h"
 #include "kdc/kdc.h"
-
+#include "system/network.h"
 
 /*
-  handle fd events on a cldap_socket
+  handle fd events on a KDC socket
 */
 static void kdc_socket_handler(struct event_context *ev, struct fd_event *fde,
 			       uint16_t flags, void *private)
@@ -37,15 +37,17 @@ static void kdc_socket_handler(struct event_context *ev, struct fd_event *fde,
 	NTSTATUS status;
 	struct kdc_socket *kdc_socket = talloc_get_type(private, struct kdc_socket);
 	if (flags & EVENT_FD_WRITE) {
-		/* this should not happen */
+		/* not sure on write events yet */
 	} else if (flags & EVENT_FD_READ) {
 		TALLOC_CTX *tmp_ctx = talloc_new(kdc_socket);
 		DATA_BLOB blob = data_blob_talloc(tmp_ctx, NULL, 64 * 1024);
+		krb5_data reply;
 		size_t nread;
 		const char *src_addr;
 		int src_port;
+		struct sockaddr_in src_sock_addr;
+		struct ipv4_addr addr;
 
-		DEBUG(0, ("incoming!\n"));
 
 		status = socket_recvfrom(kdc_socket->sock, blob.data, blob.length, &nread, 0,
 					 &src_addr, &src_port);
@@ -58,8 +60,33 @@ static void kdc_socket_handler(struct event_context *ev, struct fd_event *fde,
 		
 		DEBUG(2,("Received krb5 packet of length %d from %s:%d\n", 
 			 blob.length, src_addr, src_port));
-		
 
+		/* TODO:  This really should be in a utility function somewhere */
+		ZERO_STRUCT(src_sock_addr);
+#ifdef HAVE_SOCK_SIN_LEN
+		src_sock_addr.sin_len         = sizeof(src_sock_addr);
+#endif
+		addr                     = interpret_addr2(src_addr);
+		src_sock_addr.sin_addr.s_addr = addr.addr;
+		src_sock_addr.sin_port        = htons(src_port);
+		src_sock_addr.sin_family      = PF_INET;
+
+		/* Call krb5 */
+		if (krb5_kdc_process_krb5_request(kdc_socket->kdc->krb5_context, 
+						  kdc_socket->kdc->config,
+						  blob.data, blob.length, 
+						  &reply,
+						  src_addr,
+						  &src_sock_addr) != -1) {
+			size_t sendlen = reply.length;
+			DATA_BLOB reply_blob;
+			reply_blob.data = reply.data;
+			reply_blob.length = reply.length;
+			socket_sendto(kdc_socket->sock, &reply_blob, &sendlen, 0,
+				      src_addr, src_port);
+			krb5_data_free(&reply);
+		}
+		talloc_free(tmp_ctx);
 	}
 }
 
@@ -88,6 +115,8 @@ static NTSTATUS kdc_add_socket(struct kdc_server *kdc, const char *address)
 				       socket_get_fd(kdc_socket->sock), 0,
 				       kdc_socket_handler, kdc_socket);
 
+	EVENT_FD_READABLE(kdc_socket->fde);
+
 	status = socket_listen(kdc_socket->sock, address, lp_krb5_port(), 0, 0);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0,("Failed to bind to %s:%d - %s\n", 
@@ -136,6 +165,7 @@ static void kdc_task_init(struct task_server *task)
 {
 	struct kdc_server *kdc;
 	NTSTATUS status;
+	krb5_error_code ret;
 
 	if (iface_count() == 0) {
 		task_terminate(task, "kdc: no network interfaces configured");
@@ -158,7 +188,33 @@ static void kdc_task_init(struct task_server *task)
 	}
 	krb5_kdc_default_config(kdc->config);
 
+	initialize_krb5_error_table();
+
+	ret = krb5_init_context(&kdc->krb5_context);
+	if (ret) {
+		DEBUG(1,("kdc_task_init: krb5_init_context failed (%s)\n", 
+			 error_message(ret)));
+		task_terminate(task, "kdc: krb5_init_context failed");
+		return; 
+	}
+
 	/* TODO: Fill in the hdb and logging details */
+	kdc_openlog(kdc->krb5_context, kdc->config);
+	
+	kdc->config->db = talloc(kdc->config, struct HDB *);
+	if (!kdc->config->db) {
+		task_terminate(task, "kdc: out of memory");
+		return;
+	}
+	kdc->config->num_db = 1;
+		
+	ret = hdb_ldb_create(kdc->krb5_context, &kdc->config->db[0], lp_sam_url());
+	if (ret != 0) {
+		DEBUG(1, ("kdc_task_init: hdb_ldb_create fails: %s\n", 
+			  smb_get_krb5_error_message(kdc->krb5_context, ret, kdc))); 
+		task_terminate(task, "kdc: hdb_ldb_create failed");
+		return; 
+	}
 
 	/* start listening on the configured network interfaces */
 	status = kdc_startup_interfaces(kdc);

source4/kdc/kdc.h

@@ -22,8 +22,10 @@
 */
 
 #include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
 #include <kdc.h>
 
+krb5_error_code hdb_ldb_create(krb5_context context, struct HDB **db, const char *arg);
 
 /*
   top level context structure for the cldap server
@@ -31,6 +33,7 @@
 struct kdc_server {
 	struct task_server *task;
 	struct krb5_kdc_configuration *config;
+	krb5_context krb5_context;
 };
 
 struct kdc_socket {