static krb5_error_code hdb_samba4_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { struct samba_kdc_db_context *kdc_db_ctx; struct sdb_entry_ex sdb_entry_ex = {}; krb5_error_code ret; kdc_db_ctx = talloc_get_type_abort(db->hdb_db, struct samba_kdc_db_context); ret = samba_kdc_nextkey(context, kdc_db_ctx, &sdb_entry_ex); switch (ret) { case 0: break; case SDB_ERR_WRONG_REALM: return HDB_ERR_WRONG_REALM; case SDB_ERR_NOENTRY: return HDB_ERR_NOENTRY; default: return HDB_ERR_NOT_FOUND_HERE; } ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry); sdb_free_entry(&sdb_entry_ex); return ret; }
static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal, unsigned flags, krb5_kvno kvno, hdb_entry_ex *entry_ex) { struct samba_kdc_db_context *kdc_db_ctx; struct sdb_entry_ex sdb_entry_ex = {}; krb5_error_code code, ret; kdc_db_ctx = talloc_get_type_abort(db->hdb_db, struct samba_kdc_db_context); ret = samba_kdc_fetch(context, kdc_db_ctx, principal, flags, kvno, &sdb_entry_ex); switch (ret) { case 0: code = 0; break; case SDB_ERR_WRONG_REALM: /* * If SDB_ERR_WRONG_REALM is returned we need to process the * sdb_entry to fill the principal in the HDB entry. */ code = HDB_ERR_WRONG_REALM; break; case SDB_ERR_NOENTRY: return HDB_ERR_NOENTRY; default: return HDB_ERR_NOT_FOUND_HERE; } ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry_ex); sdb_free_entry(&sdb_entry_ex); if (code != 0 && ret != 0) { code = ret; } return code; }
int mit_samba_get_nextkey(struct mit_samba_context *ctx, krb5_db_entry **_kentry) { struct sdb_entry_ex sentry = { .free_entry = NULL, }; krb5_db_entry *kentry; int ret; kentry = malloc(sizeof(krb5_db_entry)); if (kentry == NULL) { return ENOMEM; } ret = samba_kdc_nextkey(ctx->context, ctx->db_ctx, &sentry); switch (ret) { case 0: break; case SDB_ERR_NOENTRY: free(kentry); return KRB5_KDB_NOENTRY; case SDB_ERR_NOT_FOUND_HERE: /* FIXME: RODC support */ default: free(kentry); return ret; } ret = sdb_entry_ex_to_kdb_entry_ex(ctx->context, &sentry, kentry); sdb_free_entry(&sentry); if (ret) { free(kentry); } else { *_kentry = kentry; } return ret; }
int mit_samba_get_principal(struct mit_samba_context *ctx, krb5_const_principal principal, unsigned int kflags, krb5_db_entry **_kentry) { struct sdb_entry_ex sentry = { .free_entry = NULL, }; krb5_db_entry *kentry; int ret; int sflags = 0; kentry = malloc(sizeof(krb5_db_entry)); if (kentry == NULL) { return ENOMEM; } if (kflags & KRB5_KDB_FLAG_CANONICALIZE) { sflags |= SDB_F_CANON; } if (kflags & (KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY | KRB5_KDB_FLAG_INCLUDE_PAC)) { /* * KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY is equal to * SDB_F_FOR_AS_REQ * * We use ANY to also allow AS_REQ for service principal names * This is supported by Windows. */ sflags |= SDB_F_GET_ANY|SDB_F_FOR_AS_REQ; } else if (ks_is_tgs_principal(ctx, principal)) { sflags |= SDB_F_GET_KRBTGT; } else { sflags |= SDB_F_GET_SERVER|SDB_F_FOR_TGS_REQ; } /* always set this or the created_by data will not be populated by samba's * backend and we will fail to parse the entry later */ sflags |= SDB_F_ADMIN_DATA; ret = samba_kdc_fetch(ctx->context, ctx->db_ctx, principal, sflags, 0, &sentry); switch (ret) { case 0: break; case SDB_ERR_NOENTRY: ret = KRB5_KDB_NOENTRY; goto done; case SDB_ERR_WRONG_REALM: /* * If we have a wrong realm e.g. if we try get a cross forest * ticket, we return a ticket with the correct realm. The KDC * will detect this an return the appropriate return code. */ ret = 0; break; case SDB_ERR_NOT_FOUND_HERE: /* FIXME: RODC support */ default: goto done; } ret = sdb_entry_ex_to_kdb_entry_ex(ctx->context, &sentry, kentry); sdb_free_entry(&sentry); done: if (ret) { free(kentry); } else { *_kentry = kentry; } return ret; }