int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
struct cli_credentials *machine_account,
struct smb_krb5_context *smb_krb5_context,
const char **enctype_strings,
struct keytab_container *keytab_container)
{
krb5_error_code ret;
BOOL found_previous;
TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
if (!mem_ctx) {
return ENOMEM;
}
ret = remove_old_entries(mem_ctx, machine_account,
smb_krb5_context, keytab_container->keytab, &found_previous);
if (ret != 0) {
talloc_free(mem_ctx);
return ret;
}
/* Create a new keytab. If during the cleanout we found
* entires for kvno -1, then don't try and duplicate them.
* Otherwise, add kvno, and kvno -1 */
ret = create_keytab(mem_ctx, machine_account, smb_krb5_context,
enctype_strings,
keytab_container->keytab,
found_previous ? False : True);
talloc_free(mem_ctx);
return ret;
}
static void workspace_nfs_releasedir(fuse_req_t req, struct workspace_dh_struct *dh)
{
struct resource_struct *resource=dh->object->resource;
struct net_nfs_export_struct *nfs_export=(struct net_nfs_export_struct *) resource->data;
struct nfs_context *nfs_ctx=(struct nfs_context *) nfs_export->data;
struct nfsdir *dir=(struct nfsdir *) dh->handle.data;
struct directory_struct *directory=NULL;
logoutput("workspace_nfs_releasedir");
directory=dh->directory;
if (dir) {
pthread_mutex_lock(&nfs_export->mutex);
nfs_closedir(nfs_ctx, dir);
pthread_mutex_unlock(&nfs_export->mutex);
}
fuse_reply_err(req, 0);
if (directory) {
/* when synced with backend and there were entries at start test these are not synced */
if (dh->mode & _WORKSPACE_READDIR_MODE_NONEMPTY) remove_old_entries(dh->object, directory, &dh->synctime);
memcpy(&directory->synctime, &dh->synctime, sizeof(struct timespec));
}
// clean_pathcache();
}
static void overlay_releasedir(fuse_req_t req, struct workspace_dh_struct *dh)
{
struct overlay_readdir_struct *overlay_readdir=(struct overlay_readdir_struct *)dh->handle.data;
struct directory_struct *directory=NULL;
struct timespec synctime;
unsigned int error=0;
unsigned int mode=0;
logoutput("RELEASEDIR");
directory=dh->directory;
if (overlay_readdir) {
mode=overlay_readdir->mode;
close_readdir(overlay_readdir);
if (overlay_readdir->fd>0) {
close(overlay_readdir->fd);
overlay_readdir->fd=0;
}
free(overlay_readdir);
overlay_readdir=NULL;
}
fuse_reply_err(req, 0);
if (directory) {
/* when synced with backend and there were entries at start test these are not synced */
if ((dh->mode & _WORKSPACE_READDIR_MODE_NONEMPTY) && (mode & (_FW_READDIR_MODE_SIMPLE | _FW_READDIR_MODE_FULL))) remove_old_entries(dh->object, directory, &dh->synctime);
memcpy(&directory->synctime, &dh->synctime, sizeof(struct timespec));
}
clean_pathcache();
}
int child_function(int id)
{
struct socket_info *b,*bp,*a,*ap;
int sleep_time;
is_main = 0;
b = bind_address;
bp = bind_address_port;
a = alternate_address;
ap = alternate_address_port;
//each of the childs has the main address different from the other
if (id == 1)
{
bind_address = b;
bind_address_port = bp;
alternate_address = a;
alternate_address_port = ap;
}
if (id == 2)
{
bind_address = bp;
bind_address_port = b;
alternate_address = ap;
alternate_address_port = a;
}
if (id == 3)
{
bind_address = a;
bind_address_port = ap;
alternate_address = b;
alternate_address_port = bp;
}
if (id == 4)
{
bind_address = ap;
bind_address_port = a;
alternate_address = bp;
alternate_address_port = b;
}
if (id <= 4)
{
is_udp = 1;
LOG("Child %d [%d] started ...\n",id,getpid());
LOG("Listening on:\n");
LOG("\tb [%d] %.*s:%d\n",id,bind_address->name.len,bind_address->name.s,bind_address->port_no);
LOG("\tbp[%d] %.*s:%d\n",id,bind_address_port->name.len,bind_address_port->name.s,bind_address_port->port_no);
LOG("\ta [%d] %.*s:%d\n",id,alternate_address->name.len,alternate_address->name.s,alternate_address->port_no);
LOG("\tap[%d] %.*s:%d\n",id,alternate_address_port->name.len,alternate_address_port->name.s,alternate_address_port->port_no);
/*
for(i=1;i<THREADS_PER_SOCKET;i++)
{
fork();
}
*/
return udp_rcv_loop();
}
#ifdef USE_TLS
//start the TLS server
if (id == 5)
{
//tls server
is_tls = 1;
init_tls();
tls_bind_address = duplicate_sock_info(bind_address);
if (tls_init(tls_bind_address) != 1)
{
LOG("TLS bind failed:trying after 25 seconds\n");
sleep(10);
if (tls_init(tls_bind_address) != 1)
{
LOG("Second TLS bind failed.Givving Up\n");
for(;;) pause();
}
else LOG("TLS succeeded from second attempt\n");
}
return tls_rcv_loop();
}
#endif
#ifdef USE_TLS
//start the timer
if (id == 6)
{
//timer server scope is to detect expired credentials
is_timer = 1;
LOG("[%d] timer activated\n",getpid());
sleep_time = -1;
while(1)
{
if (sleep_time == -1) sleep(EXPIRE-TIMER_RESOLUTION);//EXPIRE-TIMER_RESOLUTION is better
else sleep(sleep_time+10);//to be sure it expired
remove_old_entries(&sleep_time);
LOG("[%d] timer activates now sleep_time=%d\n",getpid(),sleep_time);
}
}
#endif
return 1;
}
krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
krb5_context context,
const char *keytab_name,
const char *samAccountName,
const char *realm,
const char **SPNs,
int num_SPNs,
const char *saltPrincipal,
const char *new_secret,
const char *old_secret,
int kvno,
uint32_t supp_enctypes,
bool delete_all_kvno,
krb5_keytab *_keytab,
const char **error_string)
{
krb5_keytab keytab;
krb5_error_code ret;
bool found_previous;
TALLOC_CTX *tmp_ctx;
krb5_principal *principals = NULL;
if (keytab_name == NULL) {
return ENOENT;
}
ret = krb5_kt_resolve(context, keytab_name, &keytab);
if (ret) {
*error_string = smb_get_krb5_error_message(context,
ret, parent_ctx);
return ret;
}
DEBUG(5, ("Opened keytab %s\n", keytab_name));
tmp_ctx = talloc_new(parent_ctx);
if (!tmp_ctx) {
return ENOMEM;
}
/* Get the principal we will store the new keytab entries under */
ret = principals_from_list(tmp_ctx,
samAccountName, realm, SPNs, num_SPNs,
context, &principals, error_string);
if (ret != 0) {
*error_string = talloc_asprintf(parent_ctx,
"Failed to load principals from ldb message: %s\n",
*error_string);
goto done;
}
ret = remove_old_entries(tmp_ctx, kvno, principals, delete_all_kvno,
context, keytab, &found_previous, error_string);
if (ret != 0) {
*error_string = talloc_asprintf(parent_ctx,
"Failed to remove old principals from keytab: %s\n",
*error_string);
goto done;
}
if (!delete_all_kvno) {
/* Create a new keytab. If during the cleanout we found
* entires for kvno -1, then don't try and duplicate them.
* Otherwise, add kvno, and kvno -1 */
ret = create_keytab(tmp_ctx,
samAccountName, realm, saltPrincipal,
kvno, new_secret, old_secret,
supp_enctypes, principals,
context, keytab,
found_previous ? false : true,
error_string);
if (ret) {
talloc_steal(parent_ctx, *error_string);
}
}
if (ret == 0 && _keytab != NULL) {
/* caller wants the keytab handle back */
*_keytab = keytab;
}
done:
keytab_principals_free(context, principals);
if (ret != 0 || _keytab == NULL) {
krb5_kt_close(context, keytab);
}
talloc_free(tmp_ctx);
return ret;
}
