From: Jo Sutton Date: Mon, 15 Apr 2024 02:39:45 +0000 (+1200) Subject: s4:kdc: Pass ldb context into samba_kdc_message2entry_keys() X-Git-Tag: tdb-1.4.11~923 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a048ef0f81d4f212019a9687a726eb0bfd67227;p=thirdparty%2Fsamba.git s4:kdc: Pass ldb context into samba_kdc_message2entry_keys() This ldb context can be used to query the current gMSA time. Signed-off-by: Jo Sutton Reviewed-by: Andrew Bartlett --- diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index d12045d8e1c..099d10e7917 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -400,6 +400,7 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con krb5_ret = dsdb_extract_aes_256_key(smb_krb5_context->krb5_context, tmp_ctx, + sam_ctx, msg, userAccountControl, NULL, /* kvno */ @@ -551,6 +552,7 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con krb5_ret = dsdb_extract_aes_256_key(smb_krb5_context->krb5_context, tmp_ctx, + sam_ctx, msg, userAccountControl, &request_kvno, /* kvno */ diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index c352eb9f5dc..5783e67eddf 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -3164,6 +3164,7 @@ static int check_password_restrictions(struct setup_password_fields_io *io, WERR */ krb5_ret = dsdb_extract_aes_256_key(io->smb_krb5_context->krb5_context, io->ac, + ldb, io->ac->search_res->message, io->u.userAccountControl, &request_kvno, /* kvno */ @@ -4066,6 +4067,7 @@ static int setup_io(struct ph_context *ac, */ krb5_ret = dsdb_extract_aes_256_key(io->smb_krb5_context->krb5_context, io->ac, + ldb, existing_msg, io->u.userAccountControl, NULL, /* kvno */ diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 783602d8e00..b08f196d225 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -577,6 +577,7 @@ fail: krb5_error_code samba_kdc_message2entry_keys(krb5_context context, TALLOC_CTX *mem_ctx, + struct ldb_context *ldb, const struct ldb_message *msg, bool is_krbtgt, bool is_rodc, @@ -1670,7 +1671,8 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, supported_session_etypes &= kdc_enctypes; /* Get keys from the db */ - ret = samba_kdc_message2entry_keys(context, p, msg, + ret = samba_kdc_message2entry_keys(context, p, + kdc_db_ctx->samdb, msg, is_krbtgt, is_rodc, userAccountControl, ent_type, flags, kvno, entry, @@ -1696,7 +1698,8 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, (kdc_enctypes & ENC_RC4_HMAC_MD5) != 0) { supported_enctypes = ENC_RC4_HMAC_MD5; - ret = samba_kdc_message2entry_keys(context, p, msg, + ret = samba_kdc_message2entry_keys(context, p, + kdc_db_ctx->samdb, msg, is_krbtgt, is_rodc, userAccountControl, ent_type, flags, kvno, entry, @@ -3790,6 +3793,7 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte krb5_error_code dsdb_extract_aes_256_key(krb5_context context, TALLOC_CTX *mem_ctx, + struct ldb_context *ldb, const struct ldb_message *msg, uint32_t user_account_control, const uint32_t *kvno, @@ -3808,6 +3812,7 @@ krb5_error_code dsdb_extract_aes_256_key(krb5_context context, krb5_ret = samba_kdc_message2entry_keys(context, mem_ctx, + ldb, msg, false, /* is_krbtgt */ false, /* is_rodc */ diff --git a/source4/kdc/db-glue.h b/source4/kdc/db-glue.h index fb74726b40c..1ac692eb820 100644 --- a/source4/kdc/db-glue.h +++ b/source4/kdc/db-glue.h @@ -42,6 +42,7 @@ enum samba_kdc_ent_type { */ krb5_error_code samba_kdc_message2entry_keys(krb5_context context, TALLOC_CTX *mem_ctx, + struct ldb_context *ldb, const struct ldb_message *msg, bool is_krbtgt, bool is_rodc, @@ -105,6 +106,7 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte krb5_error_code dsdb_extract_aes_256_key(krb5_context context, TALLOC_CTX *mem_ctx, + struct ldb_context *ldb, const struct ldb_message *msg, uint32_t user_account_control, const uint32_t *kvno,