The branch, master has been updated
via 7a0ff3b unix_msg: add a test for dgram socket caching
via 95f3d9b unix_msg: always create a send queue for a peer
via 16d0766 unix_msg: introduce send queue caching
via bb526a6 unix_msg: add flag to prepare_socket_nonblock()
via d2b0694 messaging: Call messaging_dgm_send under become_root only
if necessary
via e0de912 unix_msg: Return errno from find_send_queue
via 3f45fce unix_msg: modify find_send_queue() to take a struct
sockaddr_un
via cfce212 s4/messaging: messaging_dgm_ref talloc hierarchy fix
via b3cf15e s4-kdc: Remove obsolete kpasswdd heimdal implementation
via 510e504 s4-kdc: Switch to the new kpasswd service implementation
via 7e4c996 s4-kdc: Add new kpasswd service Heimdal backend
via 69749b6 s4-kdc: Add a new kpasswd service implementation
via 7fed514 s4-kdc: Allow to set the keytab_name in the kdc_server
structure
via b61ca17 s4-kdc: Add a kpasswd_samdb_set_password() helper function
from 76360ca s3/smbd: use stat from smb_fname if valid in
refuse_symlink()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7a0ff3bc261f6f8aad87366862f884e344603bef
Author: Ralph Boehme <s...@samba.org>
Date: Fri Aug 19 12:02:12 2016 +0200
unix_msg: add a test for dgram socket caching
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Tue Sep 13 04:11:30 CEST 2016 on sn-devel-144
commit 95f3d9bb497c9e18bbdead25f6abf485014ba769
Author: Ralph Boehme <s...@samba.org>
Date: Fri Aug 19 09:22:54 2016 +0200
unix_msg: always create a send queue for a peer
Previously, we only created a send queue for a peer if the initial send
to the non-blocking non-connected socket reported EWOULDBOCK (because
the channel was full).
With this change, we now always create a send queue and use a connected,
non-blocking datagram socket from the beginning.
Initially, the socket of the send queue is set to non-blocking mode and
we attempt a direct send via sendmsg(). If that returns EWOULDBOCK, we
set the send queue to blocking mode and let the threadpool handle the
IO.
When a send queue becomes empty, we set the send queue socket back to
non-blocking.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 16d076662139be1e1ebd5f26509bad3188dd9bc8
Author: Ralph Boehme <s...@samba.org>
Date: Fri Aug 19 16:25:11 2016 +0200
unix_msg: introduce send queue caching
This introduces caching of unix datagram send queues. Right now send
queues are only created for peers if the channel to the peer is full and
a send reported EWOULDBLOCK.
At this stage, performance will actually be slightly worse, because now
if there's a cached queue for a peer without queued messages, we don't
attempt direct send anymore until the send queue is removed from the
cache.
The next commit will modify unix_msg to always create a send queue with
the datagram socket in connected mode and again attempt an non-blocking
send on the connected socket first. Then only if that returns
EWOULDBLOCK, the send has to go through the threadpool.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit bb526a61d1970617a349781f67cd955b282335c4
Author: Ralph Boehme <s...@samba.org>
Date: Mon Aug 22 14:02:43 2016 +0200
unix_msg: add flag to prepare_socket_nonblock()
This allows prepare_socket_nonblock() to be called to set a socket to
non-blocking (as before) as well as blocking. This will be used in a
subsequent commit.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit d2b0694666b59021b7a2c2a8745cb50f57fc2a76
Author: Ralph Boehme <s...@samba.org>
Date: Thu Sep 1 14:08:55 2016 +0200
messaging: Call messaging_dgm_send under become_root only if necessary
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit e0de912793fe23ba3e61541e69b36199d57d7f0f
Author: Ralph Boehme <s...@samba.org>
Date: Thu Sep 1 14:04:30 2016 +0200
unix_msg: Return errno from find_send_queue
Signed-off-by: : Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 3f45fcebdcab365ed7fb3d2689a989597a8832fe
Author: Ralph Boehme <s...@samba.org>
Date: Fri Aug 19 16:14:52 2016 +0200
unix_msg: modify find_send_queue() to take a struct sockaddr_un
In one of the next commits unix_dgram_send_queue_init() will be moved
into find_send_queue and that takes a struct sockaddr_un.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit cfce21281a835dbc7d7bb9560e4339f4c1acf907
Author: Ralph Boehme <s...@samba.org>
Date: Fri Sep 9 07:12:11 2016 +0200
s4/messaging: messaging_dgm_ref talloc hierarchy fix
Ensure the messaging dgm context goes away *before* the tevent
context. The messaging dgm context will likely have active fd or timer
events, their rundown will touch the associated tevent context.
Otoh, I deliberately don't free the imessaging context here, that's going
to happen as part of freeing the talloc_autofree_context() as before. I
think it suffers the same problem, eg imessaging_deregister() works on
an imessaging_context that might already be freed. But as it works,
don't change it.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit b3cf15e530fc41c4cf78e7adf3507b68436f2544
Author: Jeremy Allison <j...@samba.org>
Date: Mon Sep 12 12:11:55 2016 -0700
s4-kdc: Remove obsolete kpasswdd heimdal implementation
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 510e504a5b8a2dd05803e9dc7ab34786a8b77967
Author: Andreas Schneider <a...@samba.org>
Date: Wed Sep 7 16:38:06 2016 +0200
s4-kdc: Switch to the new kpasswd service implementation
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 7e4c996bb13a6cc3e713e5aa2a76a556cb185f1e
Author: Andreas Schneider <a...@samba.org>
Date: Wed Sep 7 16:03:15 2016 +0200
s4-kdc: Add new kpasswd service Heimdal backend
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 69749b61308e4a659fcee4e59fe151ffc71801b0
Author: Andreas Schneider <a...@samba.org>
Date: Wed Sep 7 12:32:14 2016 +0200
s4-kdc: Add a new kpasswd service implementation
This function is intended to be be passed to kdc_add_socket(). The
function kpasswd_handle_request() which is called by kpasswd_process()
is Kerberos implementation specific and should be implemented in a
kpasswd-service-<kerberos flavour>.c file.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 7fed51473537362392dbd0a8047e3be06760b25a
Author: Andreas Schneider <a...@samba.org>
Date: Wed Sep 7 12:30:21 2016 +0200
s4-kdc: Allow to set the keytab_name in the kdc_server structure
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit b61ca170ffc35985218de0a1dc9c582df9f378ab
Author: Andreas Schneider <a...@samba.org>
Date: Wed Sep 7 15:07:49 2016 +0200
s4-kdc: Add a kpasswd_samdb_set_password() helper function
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/lib/messages.c | 9 +-
source3/lib/unix_msg/tests.c | 30 ++
source3/lib/unix_msg/unix_msg.c | 145 +++++-
source3/lib/unix_msg/unix_msg.h | 2 +
source3/lib/unix_msg/wscript_build | 2 +-
source4/kdc/kdc-heimdal.c | 13 +-
source4/kdc/kdc-server.h | 1 +
source4/kdc/kpasswd-heimdal.c | 551 ---------------------
source4/kdc/kpasswd-helper.c | 83 ++++
source4/kdc/kpasswd-helper.h | 10 +
source4/kdc/kpasswd-service-heimdal.c | 296 +++++++++++
source4/kdc/kpasswd-service.c | 348 +++++++++++++
.../kdc/{kpasswd-helper.h => kpasswd-service.h} | 37 +-
source4/kdc/wscript_build | 16 +-
source4/lib/messaging/messaging.c | 38 +-
source4/lib/messaging/messaging.h | 1 +
source4/smbd/server.c | 8 +
17 files changed, 992 insertions(+), 598 deletions(-)
delete mode 100644 source4/kdc/kpasswd-heimdal.c
create mode 100644 source4/kdc/kpasswd-service-heimdal.c
create mode 100644 source4/kdc/kpasswd-service.c
copy source4/kdc/{kpasswd-helper.h => kpasswd-service.h} (55%)
Changeset truncated at 500 lines:
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index 12e7dbc..3ed6dfe 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -464,9 +464,14 @@ int messaging_send_iov_from(struct messaging_context
*msg_ctx,
iov2[0] = (struct iovec){ .iov_base = hdr, .iov_len = sizeof(hdr) };
memcpy(&iov2[1], iov, iovlen * sizeof(*iov));
- become_root();
ret = messaging_dgm_send(dst.pid, iov2, iovlen+1, fds, num_fds);
- unbecome_root();
+
+ if (ret == EACCES) {
+ become_root();
+ ret = messaging_dgm_send(dst.pid, iov2, iovlen+1,
+ fds, num_fds);
+ unbecome_root();
+ }
return ret;
}
diff --git a/source3/lib/unix_msg/tests.c b/source3/lib/unix_msg/tests.c
index 9a15f9d..c743c37 100644
--- a/source3/lib/unix_msg/tests.c
+++ b/source3/lib/unix_msg/tests.c
@@ -126,6 +126,36 @@ int main(void)
expect_messages(ev, &state, 1);
+ printf("test send queue caching\n");
+
+ /*
+ * queues are cached for some time, so this tests sending
+ * still works after the cache expires and the queue was
+ * freed.
+ */
+ sleep(SENDQ_CACHE_TIME_SECS + 1);
+ ret = tevent_loop_once(ev);
+ if (ret == -1) {
+ fprintf(stderr, "tevent_loop_once failed: %s\n",
+ strerror(errno));
+ exit(1);
+ }
+
+ msg = random();
+ iov.iov_base = &msg;
+ iov.iov_len = sizeof(msg);
+ state.buf = &msg;
+ state.buflen = sizeof(msg);
+
+ ret = unix_msg_send(ctx1, &addr2, &iov, 1, NULL, 0);
+ if (ret != 0) {
+ fprintf(stderr, "unix_msg_send failed: %s\n",
+ strerror(ret));
+ return 1;
+ }
+
+ expect_messages(ev, &state, 1);
+
printf("sending six large, interleaved messages\n");
for (i=0; i<sizeof(buf); i++) {
diff --git a/source3/lib/unix_msg/unix_msg.c b/source3/lib/unix_msg/unix_msg.c
index 5fac68b..8645c97 100644
--- a/source3/lib/unix_msg/unix_msg.c
+++ b/source3/lib/unix_msg/unix_msg.c
@@ -26,6 +26,7 @@
#include "lib/util/iov_buf.h"
#include "lib/util/msghdr.h"
#include <fcntl.h>
+#include "lib/util/time.h"
/*
* This file implements two abstractions: The "unix_dgram" functions implement
@@ -51,6 +52,7 @@ struct unix_dgram_send_queue {
struct unix_dgram_ctx *ctx;
int sock;
struct unix_dgram_msg *msgs;
+ struct poll_timeout *timeout;
char path[];
};
@@ -80,7 +82,7 @@ static void unix_dgram_recv_handler(struct poll_watch *w, int
fd, short events,
void *private_data);
/* Set socket non blocking. */
-static int prepare_socket_nonblock(int sock)
+static int prepare_socket_nonblock(int sock, bool nonblock)
{
int flags;
#ifdef O_NONBLOCK
@@ -97,7 +99,11 @@ static int prepare_socket_nonblock(int sock)
if (flags == -1) {
return errno;
}
- flags |= FLAG_TO_SET;
+ if (nonblock) {
+ flags |= FLAG_TO_SET;
+ } else {
+ flags &= ~FLAG_TO_SET;
+ }
if (fcntl(sock, F_SETFL, flags) == -1) {
return errno;
}
@@ -127,7 +133,7 @@ static int prepare_socket_cloexec(int sock)
/* Set socket non blocking and close on exec. */
static int prepare_socket(int sock)
{
- int ret = prepare_socket_nonblock(sock);
+ int ret = prepare_socket_nonblock(sock, true);
if (ret) {
return ret;
@@ -360,6 +366,8 @@ static int unix_dgram_init_pthreadpool(struct
unix_dgram_ctx *ctx)
return 0;
}
+static int unix_dgram_sendq_schedule_free(struct unix_dgram_send_queue *q);
+
static int unix_dgram_send_queue_init(
struct unix_dgram_ctx *ctx, const struct sockaddr_un *dst,
struct unix_dgram_send_queue **result)
@@ -376,6 +384,7 @@ static int unix_dgram_send_queue_init(
}
q->ctx = ctx;
q->msgs = NULL;
+ q->timeout = NULL;
memcpy(q->path, dst->sun_path, pathlen);
q->sock = socket(AF_UNIX, SOCK_DGRAM, 0);
@@ -384,7 +393,7 @@ static int unix_dgram_send_queue_init(
goto fail_free;
}
- err = prepare_socket_cloexec(q->sock);
+ err = prepare_socket(q->sock);
if (err != 0) {
goto fail_close;
}
@@ -407,6 +416,12 @@ static int unix_dgram_send_queue_init(
DLIST_ADD(ctx->send_queues, q);
+ ret = unix_dgram_sendq_schedule_free(q);
+ if (ret != 0) {
+ err = ENOMEM;
+ goto fail_close;
+ }
+
*result = q;
return 0;
@@ -430,20 +445,78 @@ static void unix_dgram_send_queue_free(struct
unix_dgram_send_queue *q)
}
close(q->sock);
DLIST_REMOVE(ctx->send_queues, q);
+ ctx->ev_funcs->timeout_free(q->timeout);
free(q);
}
-static struct unix_dgram_send_queue *find_send_queue(
- struct unix_dgram_ctx *ctx, const char *dst_sock)
+static void unix_dgram_sendq_scheduled_free_handler(
+ struct poll_timeout *t, void *private_data);
+
+static int unix_dgram_sendq_schedule_free(struct unix_dgram_send_queue *q)
+{
+ struct unix_dgram_ctx *ctx = q->ctx;
+ struct timeval timeout;
+
+ if (q->timeout != NULL) {
+ return 0;
+ }
+
+ GetTimeOfDay(&timeout);
+ timeout.tv_sec += SENDQ_CACHE_TIME_SECS;
+
+ q->timeout = ctx->ev_funcs->timeout_new(
+ ctx->ev_funcs,
+ timeout,
+ unix_dgram_sendq_scheduled_free_handler,
+ q);
+ if (q->timeout == NULL) {
+ unix_dgram_send_queue_free(q);
+ return ENOMEM;
+ }
+
+ return 0;
+}
+
+static void unix_dgram_sendq_scheduled_free_handler(struct poll_timeout *t,
+ void *private_data)
+{
+ struct unix_dgram_send_queue *q = private_data;
+ int ret;
+
+ q->ctx->ev_funcs->timeout_free(q->timeout);
+ q->timeout = NULL;
+
+ if (q->msgs == NULL) {
+ unix_dgram_send_queue_free(q);
+ return;
+ }
+
+ ret = unix_dgram_sendq_schedule_free(q);
+ if (ret != 0) {
+ unix_dgram_send_queue_free(q);
+ return;
+ }
+}
+
+static int find_send_queue(struct unix_dgram_ctx *ctx,
+ const struct sockaddr_un *dst,
+ struct unix_dgram_send_queue **ps)
{
struct unix_dgram_send_queue *s;
+ int ret;
for (s = ctx->send_queues; s != NULL; s = s->next) {
- if (strcmp(s->path, dst_sock) == 0) {
- return s;
+ if (strcmp(s->path, dst->sun_path) == 0) {
+ *ps = s;
+ return 0;
}
}
- return NULL;
+ ret = unix_dgram_send_queue_init(ctx, dst, &s);
+ if (ret != 0) {
+ return ret;
+ }
+ *ps = s;
+ return 0;
}
static int queue_msg(struct unix_dgram_send_queue *q,
@@ -549,12 +622,17 @@ static void unix_dgram_job_finished(struct poll_watch *w,
int fd, short events,
if (q->msgs != NULL) {
ret = pthreadpool_pipe_add_job(ctx->send_pool, q->sock,
unix_dgram_send_job, q->msgs);
- if (ret == 0) {
+ if (ret != 0) {
+ unix_dgram_send_queue_free(q);
return;
}
+ return;
}
- unix_dgram_send_queue_free(q);
+ ret = prepare_socket_nonblock(q->sock, true);
+ if (ret != 0) {
+ unix_dgram_send_queue_free(q);
+ }
}
static int unix_dgram_send(struct unix_dgram_ctx *ctx,
@@ -600,12 +678,16 @@ static int unix_dgram_send(struct unix_dgram_ctx *ctx,
return EINVAL;
}
- /*
- * To preserve message ordering, we have to queue a message when
- * others are waiting in line already.
- */
- q = find_send_queue(ctx, dst->sun_path);
- if (q != NULL) {
+ ret = find_send_queue(ctx, dst, &q);
+ if (ret != 0) {
+ return ret;
+ }
+
+ if (q->msgs) {
+ /*
+ * To preserve message ordering, we have to queue a
+ * message when others are waiting in line already.
+ */
return queue_msg(q, iov, iovlen, fds, num_fds);
}
@@ -614,8 +696,6 @@ static int unix_dgram_send(struct unix_dgram_ctx *ctx,
*/
msg = (struct msghdr) {
- .msg_name = discard_const_p(struct sockaddr_un, dst),
- .msg_namelen = sizeof(*dst),
.msg_iov = discard_const_p(struct iovec, iov),
.msg_iovlen = iovlen
};
@@ -629,7 +709,7 @@ static int unix_dgram_send(struct unix_dgram_ctx *ctx,
uint8_t buf[fdlen];
msghdr_prep_fds(&msg, buf, fdlen, fds, num_fds);
- ret = sendmsg(ctx->sock, &msg, 0);
+ ret = sendmsg(q->sock, &msg, 0);
}
if (ret >= 0) {
@@ -645,11 +725,20 @@ static int unix_dgram_send(struct unix_dgram_ctx *ctx,
return errno;
}
- ret = unix_dgram_send_queue_init(ctx, dst, &q);
+ ret = queue_msg(q, iov, iovlen, fds, num_fds);
if (ret != 0) {
+ unix_dgram_send_queue_free(q);
return ret;
}
- ret = queue_msg(q, iov, iovlen, fds, num_fds);
+
+ /*
+ * While sending the messages via the pthreadpool, we set the
+ * socket back to blocking mode. When the sendqueue becomes
+ * empty and we could attempt direct sends again, the
+ * finished-jobs-handler of the pthreadpool will set it back
+ * to non-blocking.
+ */
+ ret = prepare_socket_nonblock(q->sock, false);
if (ret != 0) {
unix_dgram_send_queue_free(q);
return ret;
@@ -670,8 +759,16 @@ static int unix_dgram_sock(struct unix_dgram_ctx *ctx)
static int unix_dgram_free(struct unix_dgram_ctx *ctx)
{
- if (ctx->send_queues != NULL) {
- return EBUSY;
+ struct unix_dgram_send_queue *q;
+
+ for (q = ctx->send_queues; q != NULL;) {
+ struct unix_dgram_send_queue *q_next = q->next;
+
+ if (q->msgs != NULL) {
+ return EBUSY;
+ }
+ unix_dgram_send_queue_free(q);
+ q = q_next;
}
if (ctx->send_pool != NULL) {
diff --git a/source3/lib/unix_msg/unix_msg.h b/source3/lib/unix_msg/unix_msg.h
index 34c166b..375d4ac 100644
--- a/source3/lib/unix_msg/unix_msg.h
+++ b/source3/lib/unix_msg/unix_msg.h
@@ -116,4 +116,6 @@ int unix_msg_send(struct unix_msg_ctx *ctx, const struct
sockaddr_un *dst,
*/
int unix_msg_free(struct unix_msg_ctx *ctx);
+#define SENDQ_CACHE_TIME_SECS 10
+
#endif
diff --git a/source3/lib/unix_msg/wscript_build
b/source3/lib/unix_msg/wscript_build
index b16d52c..469f87e 100644
--- a/source3/lib/unix_msg/wscript_build
+++ b/source3/lib/unix_msg/wscript_build
@@ -2,7 +2,7 @@
bld.SAMBA3_SUBSYSTEM('UNIX_MSG',
source='unix_msg.c',
- deps='replace PTHREADPOOL iov_buf msghdr')
+ deps='replace PTHREADPOOL iov_buf msghdr time-basic')
bld.SAMBA3_BINARY('unix_msg_test',
source='tests.c',
diff --git a/source4/kdc/kdc-heimdal.c b/source4/kdc/kdc-heimdal.c
index be45073..f2927e5 100644
--- a/source4/kdc/kdc-heimdal.c
+++ b/source4/kdc/kdc-heimdal.c
@@ -33,6 +33,7 @@
#include "kdc/kdc-proxy.h"
#include "kdc/kdc-glue.h"
#include "kdc/pac-glue.h"
+#include "kdc/kpasswd-service.h"
#include "dsdb/samdb/samdb.h"
#include "auth/session.h"
#include "libds/common/roles.h"
@@ -151,7 +152,7 @@ static NTSTATUS kdc_startup_interfaces(struct kdc_server
*kdc, struct loadparm_c
if (kpasswd_port) {
status = kdc_add_socket(kdc, model_ops,
"kpasswd", wcard[i],
kpasswd_port,
- kpasswdd_process,
false);
+ kpasswd_process, false);
if (NT_STATUS_IS_OK(status)) {
num_binds++;
}
@@ -177,7 +178,7 @@ static NTSTATUS kdc_startup_interfaces(struct kdc_server
*kdc, struct loadparm_c
if (kpasswd_port) {
status = kdc_add_socket(kdc, model_ops,
"kpasswd", address,
kpasswd_port,
- kpasswdd_process,
done_wildcard);
+ kpasswd_process, done_wildcard);
NT_STATUS_NOT_OK_RETURN(status);
}
}
@@ -411,6 +412,14 @@ static void kdc_task_init(struct task_server *task)
return;
}
+ kdc->keytab_name = talloc_asprintf(kdc, "HDB:samba4&%p", kdc->base_ctx);
+ if (kdc->keytab_name == NULL) {
+ task_server_terminate(task,
+ "kdc: Failed to set keytab name",
+ true);
+ return;
+ }
+
/* Register WinDC hooks */
ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context,
PLUGIN_TYPE_DATA, "windc",
diff --git a/source4/kdc/kdc-server.h b/source4/kdc/kdc-server.h
index 47e6c68..fd883c2 100644
--- a/source4/kdc/kdc-server.h
+++ b/source4/kdc/kdc-server.h
@@ -40,6 +40,7 @@ struct kdc_server {
struct ldb_context *samdb;
bool am_rodc;
uint32_t proxy_timeout;
+ const char *keytab_name;
void *private_data;
};
diff --git a/source4/kdc/kpasswd-heimdal.c b/source4/kdc/kpasswd-heimdal.c
deleted file mode 100644
index 49fc755..0000000
--- a/source4/kdc/kpasswd-heimdal.c
+++ /dev/null
@@ -1,551 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- kpasswd Server implementation
-
- Copyright (C) Andrew Bartlett <abart...@samba.org> 2005
- Copyright (C) Andrew Tridgell 2005
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "smbd/service_task.h"
-#include "auth/gensec/gensec.h"
-#include "auth/credentials/credentials.h"
-#include "auth/auth.h"
-#include "dsdb/samdb/samdb.h"
-#include "../lib/util/util_ldb.h"
-#include "libcli/security/security.h"
-#include "param/param.h"
-#include "kdc/kdc-server.h"
-#include "kdc/kdc-glue.h"
-#include "dsdb/common/util.h"
-#include "kdc/kpasswd_glue.h"
-#include "kdc/kpasswd-helper.h"
-
-/* Return true if there is a valid error packet formed in the error_blob */
-static bool kpasswdd_make_unauth_error_reply(struct kdc_server *kdc,
- TALLOC_CTX *mem_ctx,
- uint16_t result_code,
- const char *error_string,
- DATA_BLOB *error_blob)
-{
- bool ret;
- int kret;
- DATA_BLOB error_bytes;
- krb5_data k5_error_bytes, k5_error_blob;
- ret = kpasswd_make_error_reply(mem_ctx, result_code, error_string,
- &error_bytes);
- if (!ret) {
- return false;
- }
- k5_error_bytes.data = error_bytes.data;
- k5_error_bytes.length = error_bytes.length;
- kret = smb_krb5_mk_error(kdc->smb_krb5_context->krb5_context,
- result_code,
- NULL,
- &k5_error_bytes,
- NULL,
- NULL,
- &k5_error_blob);
- if (kret) {
- return false;
- }
- *error_blob = data_blob_talloc(mem_ctx, k5_error_blob.data,
k5_error_blob.length);
- smb_krb5_free_data_contents(kdc->smb_krb5_context->krb5_context,
- &k5_error_blob);
- if (!error_blob->data) {
- return false;
- }
- return true;
-}
-
--
Samba Shared Repository
