libnet: Prepare to allow "samba-tool domain exportkeytab to support -H

We need to allow a samdb to be passed from the python to support
using a specific DB or remote server for gMSA passwords.

The gMSA passwords will not use this code, but we need to be
consistant.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

source4/kdc/db-glue.c

@@ -3643,7 +3643,6 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte
 {
 	int ldb_ret;
 	struct ldb_message *msg = NULL;
-	struct auth_session_info *session_info = NULL;
 	struct samba_kdc_db_context *kdc_db_ctx = NULL;
 	/* The idea here is very simple.  Using Kerberos to
 	 * authenticate the KDC to the LDAP server is highly likely to
@@ -3668,23 +3667,34 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte
 				 &kdc_db_ctx->policy.usr_tkt_lifetime,
 				 &kdc_db_ctx->policy.renewal_lifetime);
 
-	session_info = system_session(kdc_db_ctx->lp_ctx);
-	if (session_info == NULL) {
-		talloc_free(kdc_db_ctx);
-		return NT_STATUS_INTERNAL_ERROR;
-	}
+	/* This is to allow "samba-tool domain exportkeytab to take a -H */
+	if (base_ctx->samdb != NULL) {
+		/*
+		 * Caller is responsible for lifetimes.  In reality
+		 * the whole thing is destroyed before leaving the
+		 * function the samdb was passed into
+		 */
+		kdc_db_ctx->samdb = base_ctx->samdb;
+	} else {
+		struct auth_session_info *session_info = NULL;
+		session_info = system_session(kdc_db_ctx->lp_ctx);
+		if (session_info == NULL) {
+			talloc_free(kdc_db_ctx);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
 
-	/* Setup the link to LDB */
-	kdc_db_ctx->samdb = samdb_connect(kdc_db_ctx,
-					  base_ctx->ev_ctx,
-					  base_ctx->lp_ctx,
-					  session_info,
-					  NULL,
-					  0);
-	if (kdc_db_ctx->samdb == NULL) {
-		DBG_WARNING("Cannot open samdb for KDC backend!\n");
-		talloc_free(kdc_db_ctx);
-		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		/* Setup the link to LDB */
+		kdc_db_ctx->samdb = samdb_connect(kdc_db_ctx,
+						  base_ctx->ev_ctx,
+						  base_ctx->lp_ctx,
+						  session_info,
+						  NULL,
+						  0);
+		if (kdc_db_ctx->samdb == NULL) {
+			DBG_WARNING("Cannot open samdb for KDC backend!\n");
+			talloc_free(kdc_db_ctx);
+			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
 	}
 
 	/* Find out our own krbtgt kvno */

source4/kdc/mit_kdc_irpc.c

@@ -160,7 +160,7 @@ static NTSTATUS netr_samlogon_generic_logon(struct irpc_message *msg,
 
 NTSTATUS samba_setup_mit_kdc_irpc(struct task_server *task)
 {
-	struct samba_kdc_base_context base_ctx;
+	struct samba_kdc_base_context base_ctx = {};
 	struct mit_kdc_irpc_context *mki_ctx;
 	NTSTATUS status;
 	int code;

source4/kdc/mit_samba.c

@@ -78,7 +78,7 @@ krb5_error_code mit_samba_context_init(struct mit_samba_context **_ctx)
 	struct mit_samba_context *ctx;
 	const char *s4_conf_file;
 	krb5_error_code ret;
-	struct samba_kdc_base_context base_ctx;
+	struct samba_kdc_base_context base_ctx = {};
 
 	ctx = talloc_zero(NULL, struct mit_samba_context);
 	if (!ctx) {

source4/kdc/samba_kdc.h

@@ -38,6 +38,7 @@ struct samba_kdc_base_context {
 	struct tevent_context *ev_ctx;
 	struct loadparm_context *lp_ctx;
 	struct imessaging_context *msg_ctx;
+	struct ldb_context *samdb;
 };
 
 struct samba_kdc_seq;

source4/libnet/libnet_export_keytab.c

@@ -170,6 +170,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s
 
 	base_ctx->ev_ctx = ctx->event_ctx;
 	base_ctx->lp_ctx = ctx->lp_ctx;
+	base_ctx->samdb = r->in.samdb;
 
 	status = samba_kdc_setup_db_ctx(mem_ctx, base_ctx, &db_ctx);
 	if (!NT_STATUS_IS_OK(status)) {

source4/libnet/libnet_export_keytab.h

@@ -23,6 +23,7 @@ struct libnet_export_keytab {
 	struct {
 		const char *keytab_name;
 		const char *principal;
+		struct ldb_context *samdb;
 	} in;
 	struct {
 		const char *error_string;