kdc.c

samba最新软件

					    peer_addr->addr,
					    peer_addr->sockaddr,
					    datagram_reply);
	if (ret == -1) {
		*reply = data_blob(NULL, 0);
		return false;
	}
	if (k5_reply.length) {
		*reply = data_blob_talloc(mem_ctx, k5_reply.data, k5_reply.length);
		krb5_free_data_contents(kdc->smb_krb5_context->krb5_context, &k5_reply);
	} else {
		*reply = data_blob(NULL, 0);	
	}
	return true;
}

/*
  called when we get a new connection
*/
static void kdc_tcp_generic_accept(struct stream_connection *conn, kdc_process_fn_t process_fn)
{
	struct kdc_server *kdc = talloc_get_type(conn->private, struct kdc_server);
	struct kdc_tcp_connection *kdcconn;

	kdcconn = talloc_zero(conn, struct kdc_tcp_connection);
	if (!kdcconn) {
		stream_terminate_connection(conn, "kdc_tcp_accept: out of memory");
		return;
	}
	kdcconn->conn	 = conn;
	kdcconn->kdc	 = kdc;
	kdcconn->process = process_fn;
	conn->private    = kdcconn;

	kdcconn->packet = packet_init(kdcconn);
	if (kdcconn->packet == NULL) {
		kdc_tcp_terminate_connection(kdcconn, "kdc_tcp_accept: out of memory");
		return;
	}
	packet_set_private(kdcconn->packet, kdcconn);
	packet_set_socket(kdcconn->packet, conn->socket);
	packet_set_callback(kdcconn->packet, kdc_tcp_recv);
	packet_set_full_request(kdcconn->packet, packet_full_request_u32);
	packet_set_error_handler(kdcconn->packet, kdc_tcp_recv_error);
	packet_set_event_context(kdcconn->packet, conn->event.ctx);
	packet_set_fde(kdcconn->packet, conn->event.fde);
	packet_set_serialise(kdcconn->packet);
}

static void kdc_tcp_accept(struct stream_connection *conn)
{
	kdc_tcp_generic_accept(conn, kdc_process);
}

static const struct stream_server_ops kdc_tcp_stream_ops = {
	.name			= "kdc_tcp",
	.accept_connection	= kdc_tcp_accept,
	.recv_handler		= kdc_tcp_recv_handler,
	.send_handler		= kdc_tcp_send
};

static void kpasswdd_tcp_accept(struct stream_connection *conn)
{
	kdc_tcp_generic_accept(conn, kpasswdd_process);
}

static const struct stream_server_ops kpasswdd_tcp_stream_ops = {
	.name			= "kpasswdd_tcp",
	.accept_connection	= kpasswdd_tcp_accept,
	.recv_handler		= kdc_tcp_recv_handler,
	.send_handler		= kdc_tcp_send
};

/*
  start listening on the given address
*/
static NTSTATUS kdc_add_socket(struct kdc_server *kdc, const char *address,
			       uint16_t kdc_port, uint16_t kpasswd_port)
{
	const struct model_ops *model_ops;
 	struct kdc_socket *kdc_socket;
 	struct kdc_socket *kpasswd_socket;
	struct socket_address *kdc_address, *kpasswd_address;
	NTSTATUS status;

	kdc_socket = talloc(kdc, struct kdc_socket);
	NT_STATUS_HAVE_NO_MEMORY(kdc_socket);

	kpasswd_socket = talloc(kdc, struct kdc_socket);
	NT_STATUS_HAVE_NO_MEMORY(kpasswd_socket);

	status = socket_create("ip", SOCKET_TYPE_DGRAM, &kdc_socket->sock, 0);
	if (!NT_STATUS_IS_OK(status)) {
		talloc_free(kdc_socket);
		return status;
	}

	status = socket_create("ip", SOCKET_TYPE_DGRAM, &kpasswd_socket->sock, 0);
	if (!NT_STATUS_IS_OK(status)) {
		talloc_free(kpasswd_socket);
		return status;
	}

	kdc_socket->kdc = kdc;
	kdc_socket->send_queue = NULL;
	kdc_socket->process = kdc_process;

	talloc_steal(kdc_socket, kdc_socket->sock);

	kdc_socket->fde = event_add_fd(kdc->task->event_ctx, kdc, 
				       socket_get_fd(kdc_socket->sock), EVENT_FD_READ,
				       kdc_socket_handler, kdc_socket);

	kdc_address = socket_address_from_strings(kdc_socket, kdc_socket->sock->backend_name, 
						  address, kdc_port);
	NT_STATUS_HAVE_NO_MEMORY(kdc_address);

	status = socket_listen(kdc_socket->sock, kdc_address, 0, 0);
	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0,("Failed to bind to %s:%d UDP for kdc - %s\n", 
			 address, kdc_port, nt_errstr(status)));
		talloc_free(kdc_socket);
		return status;
	}

	kpasswd_socket->kdc = kdc;
	kpasswd_socket->send_queue = NULL;
	kpasswd_socket->process = kpasswdd_process;

	talloc_steal(kpasswd_socket, kpasswd_socket->sock);

	kpasswd_socket->fde = event_add_fd(kdc->task->event_ctx, kdc, 
					   socket_get_fd(kpasswd_socket->sock), EVENT_FD_READ,
					   kdc_socket_handler, kpasswd_socket);
	
	kpasswd_address = socket_address_from_strings(kpasswd_socket, kpasswd_socket->sock->backend_name, 
						      address, kpasswd_port);
	NT_STATUS_HAVE_NO_MEMORY(kpasswd_address);

	status = socket_listen(kpasswd_socket->sock, kpasswd_address, 0, 0);
	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0,("Failed to bind to %s:%d UDP for kpasswd - %s\n", 
			 address, kpasswd_port, nt_errstr(status)));
		talloc_free(kpasswd_socket);
		return status;
	}

	/* within the kdc task we want to be a single process, so
	   ask for the single process model ops and pass these to the
	   stream_setup_socket() call. */
	model_ops = process_model_byname("single");
	if (!model_ops) {
		DEBUG(0,("Can't find 'single' process model_ops\n"));
		talloc_free(kdc_socket);
		return NT_STATUS_INTERNAL_ERROR;
	}

	status = stream_setup_socket(kdc->task->event_ctx, 
				     kdc->task->lp_ctx,
				     model_ops, 
				     &kdc_tcp_stream_ops, 
				     "ip", address, &kdc_port, 
				     lp_socket_options(kdc->task->lp_ctx), 
				     kdc);
	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0,("Failed to bind to %s:%u TCP - %s\n",
			 address, kdc_port, nt_errstr(status)));
		talloc_free(kdc_socket);
		return status;
	}

	status = stream_setup_socket(kdc->task->event_ctx, 
				     kdc->task->lp_ctx,
				     model_ops, 
				     &kpasswdd_tcp_stream_ops, 
				     "ip", address, &kpasswd_port, 
				     lp_socket_options(kdc->task->lp_ctx), 
				     kdc);
	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0,("Failed to bind to %s:%u TCP - %s\n",
			 address, kpasswd_port, nt_errstr(status)));
		talloc_free(kdc_socket);
		return status;
	}

	return NT_STATUS_OK;
}


/*
  setup our listening sockets on the configured network interfaces
*/
static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc, struct loadparm_context *lp_ctx,
				       struct interface *ifaces)
{
	int num_interfaces;
	TALLOC_CTX *tmp_ctx = talloc_new(kdc);
	NTSTATUS status;
	int i;

	num_interfaces = iface_count(ifaces);
	
	for (i=0; i<num_interfaces; i++) {
		const char *address = talloc_strdup(tmp_ctx, iface_n_ip(ifaces, i));
		status = kdc_add_socket(kdc, address, lp_krb5_port(lp_ctx), 
					lp_kpasswd_port(lp_ctx));
		NT_STATUS_NOT_OK_RETURN(status);
	}

	talloc_free(tmp_ctx);

	return NT_STATUS_OK;
}

static struct krb5plugin_windc_ftable windc_plugin_table = {
	.minor_version = KRB5_WINDC_PLUGING_MINOR,
	.init = samba_kdc_plugin_init,
	.fini = samba_kdc_plugin_fini,
	.pac_generate = samba_kdc_get_pac,
	.pac_verify = samba_kdc_reget_pac,
	.client_access = samba_kdc_check_client_access,
};


/*
  startup the kdc task
*/
static void kdc_task_init(struct task_server *task)
{
	struct kdc_server *kdc;
	NTSTATUS status;
	krb5_error_code ret;
	struct interface *ifaces;

	switch (lp_server_role(task->lp_ctx)) {
	case ROLE_STANDALONE:
		task_server_terminate(task, "kdc: no KDC required in standalone configuration");
		return;
	case ROLE_DOMAIN_MEMBER:
		task_server_terminate(task, "kdc: no KDC required in member server configuration");
		return;
	case ROLE_DOMAIN_CONTROLLER:
		/* Yes, we want a KDC */
		break;
	}

	load_interfaces(task, lp_interfaces(task->lp_ctx), &ifaces);

	if (iface_count(ifaces) == 0) {
		task_server_terminate(task, "kdc: no network interfaces configured");
		return;
	}

	task_server_set_title(task, "task[kdc]");

	kdc = talloc(task, struct kdc_server);
	if (kdc == NULL) {
		task_server_terminate(task, "kdc: out of memory");
		return;
	}

	kdc->task = task;

	initialize_krb5_error_table();

	ret = smb_krb5_init_context(kdc, task->event_ctx, task->lp_ctx, &kdc->smb_krb5_context);
	if (ret) {
		DEBUG(1,("kdc_task_init: krb5_init_context failed (%s)\n", 
			 error_message(ret)));
		task_server_terminate(task, "kdc: krb5_init_context failed");
		return; 
	}

	krb5_add_et_list(kdc->smb_krb5_context->krb5_context, initialize_hdb_error_table_r);

	ret = krb5_kdc_get_config(kdc->smb_krb5_context->krb5_context, 
				  &kdc->config);
	if(ret) {
		task_server_terminate(task, "kdc: failed to get KDC configuration");
		return;
	}

	kdc->config->logf = kdc->smb_krb5_context->logf;
	kdc->config->db = talloc(kdc, struct HDB *);
	if (!kdc->config->db) {
		task_server_terminate(task, "kdc: out of memory");
		return;
	}
	kdc->config->num_db = 1;
		
	status = kdc_hdb_ldb_create(kdc, task->event_ctx, task->lp_ctx, 
				    kdc->smb_krb5_context->krb5_context, 
				    &kdc->config->db[0], NULL);
	if (!NT_STATUS_IS_OK(status)) {
		task_server_terminate(task, "kdc: hdb_ldb_create (setup KDC database) failed");
		return; 
	}

	ret = krb5_kt_register(kdc->smb_krb5_context->krb5_context, &hdb_kt_ops);
	if(ret) {
		task_server_terminate(task, "kdc: failed to register hdb keytab");
		return;
	}

	/* Registar WinDC hooks */
	ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context, 
				   PLUGIN_TYPE_DATA, "windc",
				   &windc_plugin_table);
	if(ret) {
		task_server_terminate(task, "kdc: failed to register hdb keytab");
		return;
	}

	krb5_kdc_windc_init(kdc->smb_krb5_context->krb5_context);

	kdc_mem_ctx = kdc->smb_krb5_context;
	kdc_lp_ctx = task->lp_ctx;

	/* start listening on the configured network interfaces */
	status = kdc_startup_interfaces(kdc, task->lp_ctx, ifaces);
	if (!NT_STATUS_IS_OK(status)) {
		task_server_terminate(task, "kdc failed to setup interfaces");
		return;
	}

	irpc_add_name(task->msg_ctx, "kdc_server");
}


/* called at smbd startup - register ourselves as a server service */
NTSTATUS server_service_kdc_init(void)
{
	return register_server_service("kdc", kdc_task_init);
}