1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00

kdc: Remove confusing duplicate open of sam.ldb to find RODC status

Instead, make this query after we open the DB in common with the MIT code.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2024-05-30 11:40:16 +12:00
parent 09ae48b415
commit 9ba5ebf4af
6 changed files with 29 additions and 44 deletions

View File

@ -1194,9 +1194,9 @@ static krb5_error_code hdb_samba4_audit(krb5_context context,
* kpasswdd -> krb5 -> keytab_hdb -> hdb code */
NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
krb5_context context, struct HDB **db)
krb5_context context, struct HDB **db,
struct samba_kdc_db_context **kdc_db_ctx)
{
struct samba_kdc_db_context *kdc_db_ctx = NULL;
NTSTATUS nt_status;
if (hdb_interface_version != HDB_INTERFACE_VERSION) {
@ -1214,12 +1214,12 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
(*db)->hdb_db = NULL;
(*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL;
nt_status = samba_kdc_setup_db_ctx(*db, base_ctx, &kdc_db_ctx);
nt_status = samba_kdc_setup_db_ctx(*db, base_ctx, kdc_db_ctx);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(*db);
return nt_status;
}
(*db)->hdb_db = kdc_db_ctx;
(*db)->hdb_db = *kdc_db_ctx;
(*db)->hdb_dbc = NULL;
(*db)->hdb_open = hdb_samba4_open;
@ -1254,7 +1254,10 @@ NTSTATUS hdb_samba4_kpasswd_create_kdc(struct samba_kdc_base_context *base_ctx,
{
NTSTATUS nt_status;
nt_status = hdb_samba4_create_kdc(base_ctx, context, db);
/* This is only used in other callers */
struct samba_kdc_db_context *kdc_db_ctx = NULL;
nt_status = hdb_samba4_create_kdc(base_ctx, context, db, &kdc_db_ctx);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}

View File

@ -34,7 +34,8 @@
/* from hdb-samba4.c */
NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
krb5_context context, struct HDB **db);
krb5_context context, struct HDB **db,
struct samba_kdc_db_context **kdc_db_ctx);
NTSTATUS hdb_samba4_kpasswd_create_kdc(struct samba_kdc_base_context *base_ctx,
krb5_context context, struct HDB **db);

View File

@ -338,28 +338,6 @@ static void kdc_post_fork(struct task_server *task, struct process_details *pd)
}
kdc = talloc_get_type_abort(task->private_data, struct kdc_server);
/* get a samdb connection */
kdc->samdb = samdb_connect(kdc,
kdc->task->event_ctx,
kdc->task->lp_ctx,
system_session(kdc->task->lp_ctx),
NULL,
0);
if (!kdc->samdb) {
DBG_WARNING("kdc_task_init: unable to connect to samdb\n");
task_server_terminate(task, "kdc: krb5_init_context samdb connect failed", true);
return;
}
ldb_ret = samdb_rodc(kdc->samdb, &kdc->am_rodc);
if (ldb_ret != LDB_SUCCESS) {
DBG_WARNING("kdc_task_init: "
"Cannot determine if we are an RODC: %s\n",
ldb_errstring(kdc->samdb));
task_server_terminate(task, "kdc: krb5_init_context samdb RODC connect failed", true);
return;
}
kdc->proxy_timeout = lpcfg_parm_int(kdc->task->lp_ctx, NULL, "kdc", "proxy timeout", 5);
initialize_krb5_error_table();
@ -473,12 +451,22 @@ static void kdc_post_fork(struct task_server *task, struct process_details *pd)
status = hdb_samba4_create_kdc(kdc->base_ctx,
kdc->smb_krb5_context->krb5_context,
&kdc_config->db[0]);
&kdc_config->db[0],
&kdc->kdc_db_ctx);
if (!NT_STATUS_IS_OK(status)) {
task_server_terminate(task, "kdc: hdb_samba4_create_kdc (setup KDC database) failed", true);
return;
}
ldb_ret = samdb_rodc(kdc->kdc_db_ctx->samdb, &kdc->am_rodc);
if (ldb_ret != LDB_SUCCESS) {
DBG_WARNING("kdc_task_init: "
"Cannot determine if we are an RODC: %s\n",
ldb_errstring(kdc->kdc_db_ctx->samdb));
task_server_terminate(task, "kdc: krb5_init_context samdb RODC query failed", true);
return;
}
ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context,
PLUGIN_TYPE_DATA, "hdb_samba4_interface",
&hdb_samba4_interface);

View File

@ -28,6 +28,7 @@
#include "lib/util/tevent_ntstatus.h"
#include "lib/stream/packet.h"
#include "kdc/kdc-server.h"
#include "kdc/samba_kdc.h"
#include "kdc/kdc-proxy.h"
#include "dsdb/samdb/samdb.h"
#include "libcli/composite/composite.h"
@ -45,7 +46,12 @@ static WERROR kdc_proxy_get_writeable_dcs(struct kdc_server *kdc, TALLOC_CTX *me
uint32_t count, i;
struct repsFromToBlob *reps;
werr = dsdb_loadreps(kdc->samdb, mem_ctx, ldb_get_default_basedn(kdc->samdb), "repsFrom", &reps, &count);
werr = dsdb_loadreps(kdc->kdc_db_ctx->samdb,
mem_ctx,
ldb_get_default_basedn(kdc->kdc_db_ctx->samdb),
"repsFrom",
&reps,
&count);
W_ERROR_NOT_OK_RETURN(werr);
if (count == 0) {

View File

@ -37,11 +37,11 @@ struct kdc_server {
struct task_server *task;
struct smb_krb5_context *smb_krb5_context;
struct samba_kdc_base_context *base_ctx;
struct ldb_context *samdb;
bool am_rodc;
uint32_t proxy_timeout;
const char *kpasswd_keytab_name;
void *private_data;
struct samba_kdc_db_context *kdc_db_ctx;
};
typedef enum kdc_code_e {

View File

@ -318,19 +318,6 @@ NTSTATUS mitkdc_task_init(struct task_server *task)
return NT_STATUS_NO_MEMORY;
}
kdc->samdb = samdb_connect(kdc,
kdc->task->event_ctx,
kdc->task->lp_ctx,
system_session(kdc->task->lp_ctx),
NULL,
0);
if (kdc->samdb == NULL) {
task_server_terminate(task,
"KDC: Unable to connect to samdb",
true);
return NT_STATUS_CONNECTION_INVALID;
}
status = startup_kpasswd_server(kdc,
kdc,
task->lp_ctx,