mirror of
https://github.com/samba-team/samba.git
synced 2025-02-23 09:57:40 +03:00
s4:kdc Use a clearer name for the samba kdc entry
Renames hdb_samba4_private to samba_kdc_entry Streamlines members of the entry and the kdc db contextto avoid unnecessary duplication.
This commit is contained in:
Simo Sorce
parent
c6865af445
commit
a097527ab7
@ -181,7 +181,7 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h
|
||||
return flags;
|
||||
}
|
||||
|
||||
static int hdb_samba4_destructor(struct hdb_samba4_private *p)
|
||||
static int samba_kdc_entry_destructor(struct samba_kdc_entry *p)
|
||||
{
|
||||
hdb_entry_ex *entry_ex = p->entry_ex;
|
||||
free_hdb_entry(&entry_ex->entry);
|
||||
@ -505,7 +505,7 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context,
|
||||
krb5_boolean is_computer = FALSE;
|
||||
char *realm = strupper_talloc(mem_ctx, lp_realm(lp_ctx));
|
||||
|
||||
struct hdb_samba4_private *p;
|
||||
struct samba_kdc_entry *p;
|
||||
NTTIME acct_expiry;
|
||||
NTSTATUS status;
|
||||
|
||||
@ -536,22 +536,21 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
p = talloc(mem_ctx, struct hdb_samba4_private);
|
||||
p = talloc(mem_ctx, struct samba_kdc_entry);
|
||||
if (!p) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
p->kdc_db_ctx = kdc_db_ctx;
|
||||
p->entry_ex = entry_ex;
|
||||
p->iconv_convenience = lp_iconv_convenience(lp_ctx);
|
||||
p->lp_ctx = lp_ctx;
|
||||
p->realm_dn = talloc_reference(p, realm_dn);
|
||||
if (!p->realm_dn) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
talloc_set_destructor(p, hdb_samba4_destructor);
|
||||
talloc_set_destructor(p, samba_kdc_entry_destructor);
|
||||
|
||||
entry_ex->ctx = p;
|
||||
entry_ex->free_entry = hdb_samba4_free_entry;
|
||||
@ -697,7 +696,8 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context,
|
||||
entry_ex->entry.generation = NULL;
|
||||
|
||||
/* Get keys from the db */
|
||||
ret = hdb_samba4_message2entry_keys(context, p->iconv_convenience, p, msg, userAccountControl, entry_ex);
|
||||
ret = hdb_samba4_message2entry_keys(context, p->kdc_db_ctx->ic_ctx, p,
|
||||
msg, userAccountControl, entry_ex);
|
||||
if (ret) {
|
||||
/* Could be bougus data in the entry, or out of memory */
|
||||
goto out;
|
||||
@ -722,7 +722,6 @@ static krb5_error_code hdb_samba4_message2entry(krb5_context context,
|
||||
|
||||
|
||||
p->msg = talloc_steal(p, msg);
|
||||
p->samdb = kdc_db_ctx->samdb;
|
||||
|
||||
out:
|
||||
if (ret != 0) {
|
||||
@ -754,23 +753,22 @@ static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context,
|
||||
struct samr_Password password_hash;
|
||||
const struct ldb_val *password_val;
|
||||
struct trustAuthInOutBlob password_blob;
|
||||
struct hdb_samba4_private *p;
|
||||
struct samba_kdc_entry *p;
|
||||
|
||||
enum ndr_err_code ndr_err;
|
||||
int i, ret, trust_direction_flags;
|
||||
|
||||
p = talloc(mem_ctx, struct hdb_samba4_private);
|
||||
p = talloc(mem_ctx, struct samba_kdc_entry);
|
||||
if (!p) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
p->kdc_db_ctx = kdc_db_ctx;
|
||||
p->entry_ex = entry_ex;
|
||||
p->iconv_convenience = lp_iconv_convenience(lp_ctx);
|
||||
p->lp_ctx = lp_ctx;
|
||||
p->realm_dn = realm_dn;
|
||||
|
||||
talloc_set_destructor(p, hdb_samba4_destructor);
|
||||
talloc_set_destructor(p, samba_kdc_entry_destructor);
|
||||
|
||||
entry_ex->ctx = p;
|
||||
entry_ex->free_entry = hdb_samba4_free_entry;
|
||||
@ -799,7 +797,7 @@ static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ndr_err = ndr_pull_struct_blob(password_val, mem_ctx, p->iconv_convenience, &password_blob,
|
||||
ndr_err = ndr_pull_struct_blob(password_val, mem_ctx, p->kdc_db_ctx->ic_ctx, &password_blob,
|
||||
(ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
ret = EINVAL;
|
||||
@ -903,7 +901,6 @@ static krb5_error_code hdb_samba4_trust_message2entry(krb5_context context,
|
||||
|
||||
|
||||
p->msg = talloc_steal(p, msg);
|
||||
p->samdb = kdc_db_ctx->samdb;
|
||||
|
||||
out:
|
||||
if (ret != 0) {
|
||||
@ -1474,7 +1471,7 @@ hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db,
|
||||
struct ldb_message *msg;
|
||||
struct dom_sid *orig_sid;
|
||||
struct dom_sid *target_sid;
|
||||
struct hdb_samba4_private *p = talloc_get_type(entry->ctx, struct hdb_samba4_private);
|
||||
struct samba_kdc_entry *p = talloc_get_type(entry->ctx, struct samba_kdc_entry);
|
||||
const char *delegation_check_attrs[] = {
|
||||
"objectSid", NULL
|
||||
};
|
||||
@ -1547,7 +1544,7 @@ hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db,
|
||||
struct ldb_message *msg;
|
||||
struct dom_sid *orig_sid;
|
||||
struct dom_sid *target_sid;
|
||||
struct hdb_samba4_private *p = talloc_get_type(entry->ctx, struct hdb_samba4_private);
|
||||
struct samba_kdc_entry *p = talloc_get_type(entry->ctx, struct samba_kdc_entry);
|
||||
const char *ms_upn_check_attrs[] = {
|
||||
"objectSid", NULL
|
||||
};
|
||||
@ -1641,6 +1638,7 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
|
||||
}
|
||||
kdc_db_ctx->ev_ctx = base_ctx->ev_ctx;
|
||||
kdc_db_ctx->lp_ctx = base_ctx->lp_ctx;
|
||||
kdc_db_ctx->ic_ctx = lp_iconv_convenience(base_ctx->lp_ctx);
|
||||
|
||||
/* Setup the link to LDB */
|
||||
kdc_db_ctx->samdb = samdb_connect(kdc_db_ctx, base_ctx->ev_ctx,
|
||||
|
||||
@ -5,6 +5,7 @@
|
||||
|
||||
Copyright (C) Andrew Tridgell 2005
|
||||
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
|
||||
Copyright (C) Simo Sorce <idra@samba.org> 2010
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
@ -30,15 +31,14 @@ struct samba_kdc_seq;
|
||||
struct samba_kdc_db_context {
|
||||
struct tevent_context *ev_ctx;
|
||||
struct loadparm_context *lp_ctx;
|
||||
struct smb_iconv_convenience *ic_ctx;
|
||||
struct ldb_context *samdb;
|
||||
};
|
||||
|
||||
extern struct hdb_method hdb_samba4;
|
||||
|
||||
struct hdb_samba4_private {
|
||||
struct ldb_context *samdb;
|
||||
struct smb_iconv_convenience *iconv_convenience;
|
||||
struct loadparm_context *lp_ctx;
|
||||
struct samba_kdc_entry {
|
||||
struct samba_kdc_db_context *kdc_db_ctx;
|
||||
struct ldb_message *msg;
|
||||
struct ldb_dn *realm_dn;
|
||||
hdb_entry_ex *entry_ex;
|
||||
|
||||
@ -101,7 +101,7 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
|
||||
bool samba_princ_needs_pac(struct hdb_entry_ex *princ)
|
||||
{
|
||||
|
||||
struct hdb_samba4_private *p = talloc_get_type(princ->ctx, struct hdb_samba4_private);
|
||||
struct samba_kdc_entry *p = talloc_get_type(princ->ctx, struct samba_kdc_entry);
|
||||
unsigned int userAccountControl;
|
||||
|
||||
|
||||
@ -118,7 +118,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
|
||||
struct hdb_entry_ex *client,
|
||||
DATA_BLOB **_pac_blob)
|
||||
{
|
||||
struct hdb_samba4_private *p = talloc_get_type(client->ctx, struct hdb_samba4_private);
|
||||
struct samba_kdc_entry *p = talloc_get_type(client->ctx, struct samba_kdc_entry);
|
||||
struct auth_serversupplied_info *server_info;
|
||||
DATA_BLOB *pac_blob;
|
||||
NTSTATUS nt_status;
|
||||
@ -134,9 +134,9 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
nt_status = authsam_make_server_info(mem_ctx, p->samdb,
|
||||
lp_netbios_name(p->lp_ctx),
|
||||
lp_sam_name(p->lp_ctx),
|
||||
nt_status = authsam_make_server_info(mem_ctx, p->kdc_db_ctx->samdb,
|
||||
lp_netbios_name(p->kdc_db_ctx->lp_ctx),
|
||||
lp_sam_name(p->kdc_db_ctx->lp_ctx),
|
||||
p->realm_dn,
|
||||
p->msg,
|
||||
data_blob(NULL, 0),
|
||||
@ -149,7 +149,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
nt_status = samba_get_logon_info_pac_blob(mem_ctx,
|
||||
p->iconv_convenience,
|
||||
p->kdc_db_ctx->ic_ctx,
|
||||
server_info, pac_blob);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(0, ("Building PAC failed: %s\n",
|
||||
|
||||
@ -62,7 +62,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context,
|
||||
struct hdb_entry_ex *client,
|
||||
struct hdb_entry_ex *server, krb5_pac *pac)
|
||||
{
|
||||
struct hdb_samba4_private *p = talloc_get_type(server->ctx, struct hdb_samba4_private);
|
||||
struct samba_kdc_entry *p = talloc_get_type(server->ctx, struct samba_kdc_entry);
|
||||
TALLOC_CTX *mem_ctx = talloc_named(p, 0, "samba_kdc_reget_pac context");
|
||||
DATA_BLOB *pac_blob;
|
||||
krb5_error_code ret;
|
||||
@ -85,7 +85,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context,
|
||||
}
|
||||
|
||||
nt_status = samba_kdc_update_pac_blob(mem_ctx, context,
|
||||
p->iconv_convenience,
|
||||
p->kdc_db_ctx->ic_ctx,
|
||||
pac, pac_blob);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(0, ("Building PAC failed: %s\n",
|
||||
@ -116,14 +116,14 @@ static krb5_error_code samba_wdc_check_client_access(void *priv,
|
||||
krb5_error_code ret;
|
||||
NTSTATUS nt_status;
|
||||
TALLOC_CTX *tmp_ctx;
|
||||
struct hdb_samba4_private *p;
|
||||
struct samba_kdc_entry *p;
|
||||
char *workstation = NULL;
|
||||
HostAddresses *addresses = req->req_body.addresses;
|
||||
int i;
|
||||
bool password_change;
|
||||
|
||||
tmp_ctx = talloc_new(client_ex->ctx);
|
||||
p = talloc_get_type(client_ex->ctx, struct hdb_samba4_private);
|
||||
p = talloc_get_type(client_ex->ctx, struct samba_kdc_entry);
|
||||
|
||||
if (!tmp_ctx) {
|
||||
return ENOMEM;
|
||||
@ -152,7 +152,7 @@ static krb5_error_code samba_wdc_check_client_access(void *priv,
|
||||
|
||||
/* we allow all kinds of trusts here */
|
||||
nt_status = authsam_account_ok(tmp_ctx,
|
||||
p->samdb,
|
||||
p->kdc_db_ctx->samdb,
|
||||
MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT,
|
||||
p->realm_dn,
|
||||
p->msg,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user