From: Jo Sutton Date: Wed, 24 Apr 2024 01:45:08 +0000 (+1200) Subject: s4:libnet: Pass SDB_F_ADMIN_DATA flag through to samba_kdc_message2entry() X-Git-Tag: tdb-1.4.11~579 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=048de3da01f2f7c7210085a624e38d671b38aeda;p=thirdparty%2Fsamba.git s4:libnet: Pass SDB_F_ADMIN_DATA flag through to samba_kdc_message2entry() This will allow us to specify whether to specify this flag for a keytab export. Signed-off-by: Jo Sutton Reviewed-by: Andrew Bartlett --- diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 217ae8134b5..6bc55e767ed 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -3311,6 +3311,7 @@ struct samba_kdc_seq { static krb5_error_code samba_kdc_seq(krb5_context context, struct samba_kdc_db_context *kdc_db_ctx, + const unsigned sdb_flags, struct sdb_entry *entry) { krb5_error_code ret; @@ -3364,7 +3365,7 @@ static krb5_error_code samba_kdc_seq(krb5_context context, ret = samba_kdc_message2entry(context, kdc_db_ctx, mem_ctx, principal, SAMBA_KDC_ENT_TYPE_ANY, - SDB_F_ADMIN_DATA|SDB_F_GET_ANY, + sdb_flags|SDB_F_GET_ANY, 0 /* kvno */, priv->realm_dn, msg, entry); krb5_free_principal(context, principal); @@ -3420,7 +3421,7 @@ trusts: mem_ctx, trust_direction, priv->realm_dn, - SDB_F_ADMIN_DATA|SDB_F_GET_ANY, + sdb_flags|SDB_F_GET_ANY, 0, /* kvno */ msg, entry); @@ -3436,6 +3437,7 @@ trusts: krb5_error_code samba_kdc_firstkey(krb5_context context, struct samba_kdc_db_context *kdc_db_ctx, + const unsigned sdb_flags, struct sdb_entry *entry) { struct ldb_context *ldb_ctx = kdc_db_ctx->samdb; @@ -3500,7 +3502,7 @@ krb5_error_code samba_kdc_firstkey(krb5_context context, kdc_db_ctx->seq_ctx = priv; - ret = samba_kdc_seq(context, kdc_db_ctx, entry); + ret = samba_kdc_seq(context, kdc_db_ctx, sdb_flags, entry); if (ret != 0) { TALLOC_FREE(priv); @@ -3511,9 +3513,10 @@ krb5_error_code samba_kdc_firstkey(krb5_context context, krb5_error_code samba_kdc_nextkey(krb5_context context, struct samba_kdc_db_context *kdc_db_ctx, + const unsigned sdb_flags, struct sdb_entry *entry) { - return samba_kdc_seq(context, kdc_db_ctx, entry); + return samba_kdc_seq(context, kdc_db_ctx, sdb_flags, entry); } /* Check if a given entry may delegate or do s4u2self to this target principal diff --git a/source4/kdc/db-glue.h b/source4/kdc/db-glue.h index 1ac692eb820..f06cca4b42b 100644 --- a/source4/kdc/db-glue.h +++ b/source4/kdc/db-glue.h @@ -68,10 +68,12 @@ krb5_error_code samba_kdc_fetch(krb5_context context, krb5_error_code samba_kdc_firstkey(krb5_context context, struct samba_kdc_db_context *kdc_db_ctx, + const unsigned sdb_flags, struct sdb_entry *entry); krb5_error_code samba_kdc_nextkey(krb5_context context, struct samba_kdc_db_context *kdc_db_ctx, + const unsigned sdb_flags, struct sdb_entry *entry); krb5_error_code diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 40161b52895..5ed6bf2d1fe 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -237,7 +237,7 @@ static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsign kdc_db_ctx = talloc_get_type_abort(db->hdb_db, struct samba_kdc_db_context); - ret = samba_kdc_firstkey(context, kdc_db_ctx, &sentry); + ret = samba_kdc_firstkey(context, kdc_db_ctx, SDB_F_ADMIN_DATA, &sentry); switch (ret) { case 0: break; @@ -266,7 +266,7 @@ static krb5_error_code hdb_samba4_nextkey(krb5_context context, HDB *db, unsigne kdc_db_ctx = talloc_get_type_abort(db->hdb_db, struct samba_kdc_db_context); - ret = samba_kdc_nextkey(context, kdc_db_ctx, &sentry); + ret = samba_kdc_nextkey(context, kdc_db_ctx, SDB_F_ADMIN_DATA, &sentry); switch (ret) { case 0: break; diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c index 2f280871cc0..2593cbfcd4b 100644 --- a/source4/kdc/mit_samba.c +++ b/source4/kdc/mit_samba.c @@ -348,7 +348,7 @@ krb5_error_code mit_samba_get_firstkey(struct mit_samba_context *ctx, return ENOMEM; } - ret = samba_kdc_firstkey(ctx->context, ctx->db_ctx, &sentry); + ret = samba_kdc_firstkey(ctx->context, ctx->db_ctx, SDB_F_ADMIN_DATA, &sentry); switch (ret) { case 0: break; @@ -386,7 +386,7 @@ krb5_error_code mit_samba_get_nextkey(struct mit_samba_context *ctx, return ENOMEM; } - ret = samba_kdc_nextkey(ctx->context, ctx->db_ctx, &sentry); + ret = samba_kdc_nextkey(ctx->context, ctx->db_ctx, SDB_F_ADMIN_DATA, &sentry); switch (ret) { case 0: break; diff --git a/source4/libnet/libnet_export_keytab.c b/source4/libnet/libnet_export_keytab.c index 68912285e3b..77c48f6cc9f 100644 --- a/source4/libnet/libnet_export_keytab.c +++ b/source4/libnet/libnet_export_keytab.c @@ -37,6 +37,7 @@ static NTSTATUS sdb_kt_copy(TALLOC_CTX *mem_ctx, const char *principal, bool keep_stale_entries, bool include_historic_keys, + const unsigned sdb_flags, const char **error_string) { struct sdb_entry sentry = {}; @@ -74,15 +75,15 @@ static NTSTATUS sdb_kt_copy(TALLOC_CTX *mem_ctx, } code = samba_kdc_fetch(context, db_ctx, k5_princ, - SDB_F_GET_ANY | SDB_F_ADMIN_DATA, + SDB_F_GET_ANY | sdb_flags, 0, &sentry); krb5_free_principal(context, k5_princ); } else { - code = samba_kdc_firstkey(context, db_ctx, &sentry); + code = samba_kdc_firstkey(context, db_ctx, sdb_flags, &sentry); } - for (; code == 0; code = samba_kdc_nextkey(context, db_ctx, &sentry)) { + for (; code == 0; code = samba_kdc_nextkey(context, db_ctx, sdb_flags, &sentry)) { int i; bool found_previous = false; tmp_ctx = talloc_new(mem_ctx); @@ -352,6 +353,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s struct samba_kdc_base_context *base_ctx; struct samba_kdc_db_context *db_ctx = NULL; const char *error_string = NULL; + unsigned sdb_flags; NTSTATUS status; bool keep_stale_entries = r->in.keep_stale_entries; @@ -408,6 +410,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s } } + sdb_flags = SDB_F_ADMIN_DATA; status = sdb_kt_copy(mem_ctx, smb_krb5_context, @@ -416,6 +419,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, s r->in.principal, keep_stale_entries, !r->in.only_current_keys, + sdb_flags, &error_string); talloc_free(db_ctx);