The branch, master has been updated via 78075cf waf: Add talloc as a dependency via 38d7617 sdb: Assert if the HDB flags will change via ab08575 hdb-samba: Translate SDB errors to HDB errors from a3af166 s4-torture: add test for CLUSCTL_NODE_GET_ID in clusapi_NodeControl.
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 78075cfcda6e6899f6a7e147b8d35ec258c4bb7d Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 4 12:00:33 2015 +0200 waf: Add talloc as a dependency Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Wed Aug 5 04:08:30 CEST 2015 on sn-devel-104 commit 38d76178026761a871243c436d905664d2b6f57b Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 3 13:10:28 2015 +0200 sdb: Assert if the HDB flags will change Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit ab0857540551648af28b6d1079d539e9b1b35e00 Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 4 11:35:45 2015 +0200 hdb-samba: Translate SDB errors to HDB errors Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: source4/kdc/hdb-samba4.c | 123 ++++++++++++++++++++++++++++++++++++---------- source4/kdc/sdb_to_hdb.c | 36 +++++++++++++- source4/kdc/wscript_build | 4 +- 3 files changed, 133 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index c8f26e0..14a974a 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -95,24 +95,33 @@ static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db, kdc_db_ctx = talloc_get_type_abort(db->hdb_db, struct samba_kdc_db_context); - code = samba_kdc_fetch(context, - kdc_db_ctx, - principal, - flags, - kvno, - &sdb_entry_ex); - /* - * If SDB_ERR_WRONG_REALM is returned we need to process the sdb_entry - * to fill the principal in the HDB entry. - */ - if (code != 0 && code != SDB_ERR_WRONG_REALM) { - return code; + ret = samba_kdc_fetch(context, + kdc_db_ctx, + principal, + flags, + kvno, + &sdb_entry_ex); + switch (ret) { + case 0: + code = 0; + break; + case SDB_ERR_WRONG_REALM: + /* + * If SDB_ERR_WRONG_REALM is returned we need to process the + * sdb_entry to fill the principal in the HDB entry. + */ + code = HDB_ERR_WRONG_REALM; + break; + case SDB_ERR_NOENTRY: + return HDB_ERR_NOENTRY; + default: + return HDB_ERR_NOT_FOUND_HERE; } ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry_ex); sdb_free_entry(&sdb_entry_ex); - if (code == 0 && ret != 0) { + if (code != 0 && ret != 0) { code = ret; } @@ -130,8 +139,15 @@ static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsign struct samba_kdc_db_context); ret = samba_kdc_firstkey(context, kdc_db_ctx, &sdb_entry_ex); - if (ret) { - return ret; + switch (ret) { + case 0: + break; + case SDB_ERR_WRONG_REALM: + return HDB_ERR_WRONG_REALM; + case SDB_ERR_NOENTRY: + return HDB_ERR_NOENTRY; + default: + return HDB_ERR_NOT_FOUND_HERE; } ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry); @@ -150,8 +166,15 @@ static krb5_error_code hdb_samba4_nextkey(krb5_context context, HDB *db, unsigne struct samba_kdc_db_context); ret = samba_kdc_nextkey(context, kdc_db_ctx, &sdb_entry_ex); - if (ret) { - return ret; + switch (ret) { + case 0: + break; + case SDB_ERR_WRONG_REALM: + return HDB_ERR_WRONG_REALM; + case SDB_ERR_NOENTRY: + return HDB_ERR_NOENTRY; + default: + return HDB_ERR_NOT_FOUND_HERE; } ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry); @@ -172,15 +195,31 @@ hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db, { struct samba_kdc_db_context *kdc_db_ctx; struct samba_kdc_entry *skdc_entry; + krb5_error_code ret; kdc_db_ctx = talloc_get_type_abort(db->hdb_db, struct samba_kdc_db_context); skdc_entry = talloc_get_type_abort(entry->ctx, struct samba_kdc_entry); - return samba_kdc_check_s4u2proxy(context, kdc_db_ctx, - skdc_entry, - target_principal); + ret = samba_kdc_check_s4u2proxy(context, kdc_db_ctx, + skdc_entry, + target_principal); + switch (ret) { + case 0: + break; + case SDB_ERR_WRONG_REALM: + ret = HDB_ERR_WRONG_REALM; + break; + case SDB_ERR_NOENTRY: + ret = HDB_ERR_NOENTRY; + break; + default: + ret = HDB_ERR_NOT_FOUND_HERE; + break; + } + + return ret; } static krb5_error_code @@ -190,15 +229,31 @@ hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db, { struct samba_kdc_db_context *kdc_db_ctx; struct samba_kdc_entry *skdc_entry; + krb5_error_code ret; kdc_db_ctx = talloc_get_type_abort(db->hdb_db, struct samba_kdc_db_context); skdc_entry = talloc_get_type_abort(entry->ctx, struct samba_kdc_entry); - return samba_kdc_check_pkinit_ms_upn_match(context, kdc_db_ctx, - skdc_entry, - certificate_principal); + ret = samba_kdc_check_pkinit_ms_upn_match(context, kdc_db_ctx, + skdc_entry, + certificate_principal); + switch (ret) { + case 0: + break; + case SDB_ERR_WRONG_REALM: + ret = HDB_ERR_WRONG_REALM; + break; + case SDB_ERR_NOENTRY: + ret = HDB_ERR_NOENTRY; + break; + default: + ret = HDB_ERR_NOT_FOUND_HERE; + break; + } + + return ret; } static krb5_error_code @@ -208,15 +263,31 @@ hdb_samba4_check_s4u2self(krb5_context context, HDB *db, { struct samba_kdc_db_context *kdc_db_ctx; struct samba_kdc_entry *skdc_entry; + krb5_error_code ret; kdc_db_ctx = talloc_get_type_abort(db->hdb_db, struct samba_kdc_db_context); skdc_entry = talloc_get_type_abort(entry->ctx, struct samba_kdc_entry); - return samba_kdc_check_s4u2self(context, kdc_db_ctx, - skdc_entry, - target_principal); + ret = samba_kdc_check_s4u2self(context, kdc_db_ctx, + skdc_entry, + target_principal); + switch (ret) { + case 0: + break; + case SDB_ERR_WRONG_REALM: + ret = HDB_ERR_WRONG_REALM; + break; + case SDB_ERR_NOENTRY: + ret = HDB_ERR_NOENTRY; + break; + default: + ret = HDB_ERR_NOT_FOUND_HERE; + break; + } + + return ret; } static krb5_error_code hdb_samba4_auth_status(krb5_context context, HDB *db, diff --git a/source4/kdc/sdb_to_hdb.c b/source4/kdc/sdb_to_hdb.c index e11d616..7ac0b0e 100644 --- a/source4/kdc/sdb_to_hdb.c +++ b/source4/kdc/sdb_to_hdb.c @@ -31,8 +31,40 @@ static void sdb_flags_to_hdb_flags(const struct SDBFlags *s, HDBFlags *h) { - /* as long as we are a 100% copy... */ - memcpy(h, s, sizeof(*s)); + SMB_ASSERT(sizeof(struct SDBFlags) == sizeof(HDBFlags)); + + h->initial = s->initial; + h->forwardable = s->forwardable; + h->proxiable = s->proxiable; + h->renewable = s->renewable; + h->postdate = s->postdate; + h->server = s->server; + h->client = s->client; + h->invalid = s->invalid; + h->require_preauth = s->require_preauth; + h->change_pw = s->change_pw; + h->require_hwauth = s->require_hwauth; + h->ok_as_delegate = s->ok_as_delegate; + h->user_to_user = s->user_to_user; + h->immutable = s->immutable; + h->trusted_for_delegation = s->trusted_for_delegation; + h->allow_kerberos4 = s->allow_kerberos4; + h->allow_digest = s->allow_digest; + h->locked_out = s->locked_out; + h->_unused18 = s->_unused18; + h->_unused19 = s->_unused19; + h->_unused20 = s->_unused20; + h->_unused21 = s->_unused21; + h->_unused22 = s->_unused22; + h->_unused23 = s->_unused23; + h->_unused24 = s->_unused24; + h->_unused25 = s->_unused25; + h->_unused26 = s->_unused26; + h->_unused27 = s->_unused27; + h->_unused28 = s->_unused28; + h->_unused29 = s->_unused29; + h->_unused30 = s->_unused30; + h->do_not_store = s->do_not_store; } static int sdb_salt_to_Salt(const struct sdb_salt *s, Salt *h) diff --git a/source4/kdc/wscript_build b/source4/kdc/wscript_build index 7b8fcb1..2abafa6 100755 --- a/source4/kdc/wscript_build +++ b/source4/kdc/wscript_build @@ -61,13 +61,13 @@ bld.SAMBA_SUBSYSTEM('WDC_SAMBA4', bld.SAMBA_SUBSYSTEM('sdb', source='sdb.c', includes=kdc_include, - deps='krb5', + deps='talloc krb5', ) bld.SAMBA_SUBSYSTEM('sdb_hdb', source='sdb_to_hdb.c', includes=kdc_include, - deps='sdb hdb', + deps='talloc sdb hdb', autoproto='sdb_hdb.h', enabled=bld.CONFIG_SET('SAMBA4_USES_HEIMDAL') ) -- Samba Shared Repository