mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
kdc: Remove confusing duplicate open of sam.ldb to find RODC status
Instead, make this query after we open the DB in common with the MIT code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This commit is contained in:
parent
09ae48b415
commit
9ba5ebf4af
@ -1194,9 +1194,9 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
|
||||
* kpasswdd -> krb5 -> keytab_hdb -> hdb code */
|
||||
|
||||
NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
|
||||
krb5_context context, struct HDB **db)
|
||||
krb5_context context, struct HDB **db,
|
||||
struct samba_kdc_db_context **kdc_db_ctx)
|
||||
{
|
||||
struct samba_kdc_db_context *kdc_db_ctx = NULL;
|
||||
NTSTATUS nt_status;
|
||||
|
||||
if (hdb_interface_version != HDB_INTERFACE_VERSION) {
|
||||
@ -1214,12 +1214,12 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
|
||||
(*db)->hdb_db = NULL;
|
||||
(*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL;
|
||||
|
||||
nt_status = samba_kdc_setup_db_ctx(*db, base_ctx, &kdc_db_ctx);
|
||||
nt_status = samba_kdc_setup_db_ctx(*db, base_ctx, kdc_db_ctx);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
talloc_free(*db);
|
||||
return nt_status;
|
||||
}
|
||||
(*db)->hdb_db = kdc_db_ctx;
|
||||
(*db)->hdb_db = *kdc_db_ctx;
|
||||
|
||||
(*db)->hdb_dbc = NULL;
|
||||
(*db)->hdb_open = hdb_samba4_open;
|
||||
@ -1254,7 +1254,10 @@ NTSTATUS hdb_samba4_kpasswd_create_kdc(struct samba_kdc_base_context *base_ctx,
|
||||
{
|
||||
NTSTATUS nt_status;
|
||||
|
||||
nt_status = hdb_samba4_create_kdc(base_ctx, context, db);
|
||||
/* This is only used in other callers */
|
||||
struct samba_kdc_db_context *kdc_db_ctx = NULL;
|
||||
|
||||
nt_status = hdb_samba4_create_kdc(base_ctx, context, db, &kdc_db_ctx);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
return nt_status;
|
||||
}
|
||||
|
@ -34,7 +34,8 @@
|
||||
|
||||
/* from hdb-samba4.c */
|
||||
NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
|
||||
krb5_context context, struct HDB **db);
|
||||
krb5_context context, struct HDB **db,
|
||||
struct samba_kdc_db_context **kdc_db_ctx);
|
||||
|
||||
NTSTATUS hdb_samba4_kpasswd_create_kdc(struct samba_kdc_base_context *base_ctx,
|
||||
krb5_context context, struct HDB **db);
|
||||
|
@ -338,28 +338,6 @@ static void kdc_post_fork(struct task_server *task, struct process_details *pd)
|
||||
}
|
||||
kdc = talloc_get_type_abort(task->private_data, struct kdc_server);
|
||||
|
||||
/* get a samdb connection */
|
||||
kdc->samdb = samdb_connect(kdc,
|
||||
kdc->task->event_ctx,
|
||||
kdc->task->lp_ctx,
|
||||
system_session(kdc->task->lp_ctx),
|
||||
NULL,
|
||||
0);
|
||||
if (!kdc->samdb) {
|
||||
DBG_WARNING("kdc_task_init: unable to connect to samdb\n");
|
||||
task_server_terminate(task, "kdc: krb5_init_context samdb connect failed", true);
|
||||
return;
|
||||
}
|
||||
|
||||
ldb_ret = samdb_rodc(kdc->samdb, &kdc->am_rodc);
|
||||
if (ldb_ret != LDB_SUCCESS) {
|
||||
DBG_WARNING("kdc_task_init: "
|
||||
"Cannot determine if we are an RODC: %s\n",
|
||||
ldb_errstring(kdc->samdb));
|
||||
task_server_terminate(task, "kdc: krb5_init_context samdb RODC connect failed", true);
|
||||
return;
|
||||
}
|
||||
|
||||
kdc->proxy_timeout = lpcfg_parm_int(kdc->task->lp_ctx, NULL, "kdc", "proxy timeout", 5);
|
||||
|
||||
initialize_krb5_error_table();
|
||||
@ -473,12 +451,22 @@ static void kdc_post_fork(struct task_server *task, struct process_details *pd)
|
||||
|
||||
status = hdb_samba4_create_kdc(kdc->base_ctx,
|
||||
kdc->smb_krb5_context->krb5_context,
|
||||
&kdc_config->db[0]);
|
||||
&kdc_config->db[0],
|
||||
&kdc->kdc_db_ctx);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
task_server_terminate(task, "kdc: hdb_samba4_create_kdc (setup KDC database) failed", true);
|
||||
return;
|
||||
}
|
||||
|
||||
ldb_ret = samdb_rodc(kdc->kdc_db_ctx->samdb, &kdc->am_rodc);
|
||||
if (ldb_ret != LDB_SUCCESS) {
|
||||
DBG_WARNING("kdc_task_init: "
|
||||
"Cannot determine if we are an RODC: %s\n",
|
||||
ldb_errstring(kdc->kdc_db_ctx->samdb));
|
||||
task_server_terminate(task, "kdc: krb5_init_context samdb RODC query failed", true);
|
||||
return;
|
||||
}
|
||||
|
||||
ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context,
|
||||
PLUGIN_TYPE_DATA, "hdb_samba4_interface",
|
||||
&hdb_samba4_interface);
|
||||
|
@ -28,6 +28,7 @@
|
||||
#include "lib/util/tevent_ntstatus.h"
|
||||
#include "lib/stream/packet.h"
|
||||
#include "kdc/kdc-server.h"
|
||||
#include "kdc/samba_kdc.h"
|
||||
#include "kdc/kdc-proxy.h"
|
||||
#include "dsdb/samdb/samdb.h"
|
||||
#include "libcli/composite/composite.h"
|
||||
@ -45,7 +46,12 @@ static WERROR kdc_proxy_get_writeable_dcs(struct kdc_server *kdc, TALLOC_CTX *me
|
||||
uint32_t count, i;
|
||||
struct repsFromToBlob *reps;
|
||||
|
||||
werr = dsdb_loadreps(kdc->samdb, mem_ctx, ldb_get_default_basedn(kdc->samdb), "repsFrom", &reps, &count);
|
||||
werr = dsdb_loadreps(kdc->kdc_db_ctx->samdb,
|
||||
mem_ctx,
|
||||
ldb_get_default_basedn(kdc->kdc_db_ctx->samdb),
|
||||
"repsFrom",
|
||||
&reps,
|
||||
&count);
|
||||
W_ERROR_NOT_OK_RETURN(werr);
|
||||
|
||||
if (count == 0) {
|
||||
|
@ -37,11 +37,11 @@ struct kdc_server {
|
||||
struct task_server *task;
|
||||
struct smb_krb5_context *smb_krb5_context;
|
||||
struct samba_kdc_base_context *base_ctx;
|
||||
struct ldb_context *samdb;
|
||||
bool am_rodc;
|
||||
uint32_t proxy_timeout;
|
||||
const char *kpasswd_keytab_name;
|
||||
void *private_data;
|
||||
struct samba_kdc_db_context *kdc_db_ctx;
|
||||
};
|
||||
|
||||
typedef enum kdc_code_e {
|
||||
|
@ -318,19 +318,6 @@ NTSTATUS mitkdc_task_init(struct task_server *task)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
kdc->samdb = samdb_connect(kdc,
|
||||
kdc->task->event_ctx,
|
||||
kdc->task->lp_ctx,
|
||||
system_session(kdc->task->lp_ctx),
|
||||
NULL,
|
||||
0);
|
||||
if (kdc->samdb == NULL) {
|
||||
task_server_terminate(task,
|
||||
"KDC: Unable to connect to samdb",
|
||||
true);
|
||||
return NT_STATUS_CONNECTION_INVALID;
|
||||
}
|
||||
|
||||
status = startup_kpasswd_server(kdc,
|
||||
kdc,
|
||||
task->lp_ctx,
|
||||
|
Loading…
Reference in New Issue
Block a user