The branch, master has been updated via 7a0ff3b unix_msg: add a test for dgram socket caching via 95f3d9b unix_msg: always create a send queue for a peer via 16d0766 unix_msg: introduce send queue caching via bb526a6 unix_msg: add flag to prepare_socket_nonblock() via d2b0694 messaging: Call messaging_dgm_send under become_root only if necessary via e0de912 unix_msg: Return errno from find_send_queue via 3f45fce unix_msg: modify find_send_queue() to take a struct sockaddr_un via cfce212 s4/messaging: messaging_dgm_ref talloc hierarchy fix via b3cf15e s4-kdc: Remove obsolete kpasswdd heimdal implementation via 510e504 s4-kdc: Switch to the new kpasswd service implementation via 7e4c996 s4-kdc: Add new kpasswd service Heimdal backend via 69749b6 s4-kdc: Add a new kpasswd service implementation via 7fed514 s4-kdc: Allow to set the keytab_name in the kdc_server structure via b61ca17 s4-kdc: Add a kpasswd_samdb_set_password() helper function from 76360ca s3/smbd: use stat from smb_fname if valid in refuse_symlink()
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 7a0ff3bc261f6f8aad87366862f884e344603bef Author: Ralph Boehme <s...@samba.org> Date: Fri Aug 19 12:02:12 2016 +0200 unix_msg: add a test for dgram socket caching Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Tue Sep 13 04:11:30 CEST 2016 on sn-devel-144 commit 95f3d9bb497c9e18bbdead25f6abf485014ba769 Author: Ralph Boehme <s...@samba.org> Date: Fri Aug 19 09:22:54 2016 +0200 unix_msg: always create a send queue for a peer Previously, we only created a send queue for a peer if the initial send to the non-blocking non-connected socket reported EWOULDBOCK (because the channel was full). With this change, we now always create a send queue and use a connected, non-blocking datagram socket from the beginning. Initially, the socket of the send queue is set to non-blocking mode and we attempt a direct send via sendmsg(). If that returns EWOULDBOCK, we set the send queue to blocking mode and let the threadpool handle the IO. When a send queue becomes empty, we set the send queue socket back to non-blocking. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 16d076662139be1e1ebd5f26509bad3188dd9bc8 Author: Ralph Boehme <s...@samba.org> Date: Fri Aug 19 16:25:11 2016 +0200 unix_msg: introduce send queue caching This introduces caching of unix datagram send queues. Right now send queues are only created for peers if the channel to the peer is full and a send reported EWOULDBLOCK. At this stage, performance will actually be slightly worse, because now if there's a cached queue for a peer without queued messages, we don't attempt direct send anymore until the send queue is removed from the cache. The next commit will modify unix_msg to always create a send queue with the datagram socket in connected mode and again attempt an non-blocking send on the connected socket first. Then only if that returns EWOULDBLOCK, the send has to go through the threadpool. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit bb526a61d1970617a349781f67cd955b282335c4 Author: Ralph Boehme <s...@samba.org> Date: Mon Aug 22 14:02:43 2016 +0200 unix_msg: add flag to prepare_socket_nonblock() This allows prepare_socket_nonblock() to be called to set a socket to non-blocking (as before) as well as blocking. This will be used in a subsequent commit. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit d2b0694666b59021b7a2c2a8745cb50f57fc2a76 Author: Ralph Boehme <s...@samba.org> Date: Thu Sep 1 14:08:55 2016 +0200 messaging: Call messaging_dgm_send under become_root only if necessary Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit e0de912793fe23ba3e61541e69b36199d57d7f0f Author: Ralph Boehme <s...@samba.org> Date: Thu Sep 1 14:04:30 2016 +0200 unix_msg: Return errno from find_send_queue Signed-off-by: : Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 3f45fcebdcab365ed7fb3d2689a989597a8832fe Author: Ralph Boehme <s...@samba.org> Date: Fri Aug 19 16:14:52 2016 +0200 unix_msg: modify find_send_queue() to take a struct sockaddr_un In one of the next commits unix_dgram_send_queue_init() will be moved into find_send_queue and that takes a struct sockaddr_un. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit cfce21281a835dbc7d7bb9560e4339f4c1acf907 Author: Ralph Boehme <s...@samba.org> Date: Fri Sep 9 07:12:11 2016 +0200 s4/messaging: messaging_dgm_ref talloc hierarchy fix Ensure the messaging dgm context goes away *before* the tevent context. The messaging dgm context will likely have active fd or timer events, their rundown will touch the associated tevent context. Otoh, I deliberately don't free the imessaging context here, that's going to happen as part of freeing the talloc_autofree_context() as before. I think it suffers the same problem, eg imessaging_deregister() works on an imessaging_context that might already be freed. But as it works, don't change it. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit b3cf15e530fc41c4cf78e7adf3507b68436f2544 Author: Jeremy Allison <j...@samba.org> Date: Mon Sep 12 12:11:55 2016 -0700 s4-kdc: Remove obsolete kpasswdd heimdal implementation Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 510e504a5b8a2dd05803e9dc7ab34786a8b77967 Author: Andreas Schneider <a...@samba.org> Date: Wed Sep 7 16:38:06 2016 +0200 s4-kdc: Switch to the new kpasswd service implementation Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 7e4c996bb13a6cc3e713e5aa2a76a556cb185f1e Author: Andreas Schneider <a...@samba.org> Date: Wed Sep 7 16:03:15 2016 +0200 s4-kdc: Add new kpasswd service Heimdal backend Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 69749b61308e4a659fcee4e59fe151ffc71801b0 Author: Andreas Schneider <a...@samba.org> Date: Wed Sep 7 12:32:14 2016 +0200 s4-kdc: Add a new kpasswd service implementation This function is intended to be be passed to kdc_add_socket(). The function kpasswd_handle_request() which is called by kpasswd_process() is Kerberos implementation specific and should be implemented in a kpasswd-service-<kerberos flavour>.c file. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 7fed51473537362392dbd0a8047e3be06760b25a Author: Andreas Schneider <a...@samba.org> Date: Wed Sep 7 12:30:21 2016 +0200 s4-kdc: Allow to set the keytab_name in the kdc_server structure Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit b61ca170ffc35985218de0a1dc9c582df9f378ab Author: Andreas Schneider <a...@samba.org> Date: Wed Sep 7 15:07:49 2016 +0200 s4-kdc: Add a kpasswd_samdb_set_password() helper function Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/lib/messages.c | 9 +- source3/lib/unix_msg/tests.c | 30 ++ source3/lib/unix_msg/unix_msg.c | 145 +++++- source3/lib/unix_msg/unix_msg.h | 2 + source3/lib/unix_msg/wscript_build | 2 +- source4/kdc/kdc-heimdal.c | 13 +- source4/kdc/kdc-server.h | 1 + source4/kdc/kpasswd-heimdal.c | 551 --------------------- source4/kdc/kpasswd-helper.c | 83 ++++ source4/kdc/kpasswd-helper.h | 10 + source4/kdc/kpasswd-service-heimdal.c | 296 +++++++++++ source4/kdc/kpasswd-service.c | 348 +++++++++++++ .../kdc/{kpasswd-helper.h => kpasswd-service.h} | 37 +- source4/kdc/wscript_build | 16 +- source4/lib/messaging/messaging.c | 38 +- source4/lib/messaging/messaging.h | 1 + source4/smbd/server.c | 8 + 17 files changed, 992 insertions(+), 598 deletions(-) delete mode 100644 source4/kdc/kpasswd-heimdal.c create mode 100644 source4/kdc/kpasswd-service-heimdal.c create mode 100644 source4/kdc/kpasswd-service.c copy source4/kdc/{kpasswd-helper.h => kpasswd-service.h} (55%) Changeset truncated at 500 lines: diff --git a/source3/lib/messages.c b/source3/lib/messages.c index 12e7dbc..3ed6dfe 100644 --- a/source3/lib/messages.c +++ b/source3/lib/messages.c @@ -464,9 +464,14 @@ int messaging_send_iov_from(struct messaging_context *msg_ctx, iov2[0] = (struct iovec){ .iov_base = hdr, .iov_len = sizeof(hdr) }; memcpy(&iov2[1], iov, iovlen * sizeof(*iov)); - become_root(); ret = messaging_dgm_send(dst.pid, iov2, iovlen+1, fds, num_fds); - unbecome_root(); + + if (ret == EACCES) { + become_root(); + ret = messaging_dgm_send(dst.pid, iov2, iovlen+1, + fds, num_fds); + unbecome_root(); + } return ret; } diff --git a/source3/lib/unix_msg/tests.c b/source3/lib/unix_msg/tests.c index 9a15f9d..c743c37 100644 --- a/source3/lib/unix_msg/tests.c +++ b/source3/lib/unix_msg/tests.c @@ -126,6 +126,36 @@ int main(void) expect_messages(ev, &state, 1); + printf("test send queue caching\n"); + + /* + * queues are cached for some time, so this tests sending + * still works after the cache expires and the queue was + * freed. + */ + sleep(SENDQ_CACHE_TIME_SECS + 1); + ret = tevent_loop_once(ev); + if (ret == -1) { + fprintf(stderr, "tevent_loop_once failed: %s\n", + strerror(errno)); + exit(1); + } + + msg = random(); + iov.iov_base = &msg; + iov.iov_len = sizeof(msg); + state.buf = &msg; + state.buflen = sizeof(msg); + + ret = unix_msg_send(ctx1, &addr2, &iov, 1, NULL, 0); + if (ret != 0) { + fprintf(stderr, "unix_msg_send failed: %s\n", + strerror(ret)); + return 1; + } + + expect_messages(ev, &state, 1); + printf("sending six large, interleaved messages\n"); for (i=0; i<sizeof(buf); i++) { diff --git a/source3/lib/unix_msg/unix_msg.c b/source3/lib/unix_msg/unix_msg.c index 5fac68b..8645c97 100644 --- a/source3/lib/unix_msg/unix_msg.c +++ b/source3/lib/unix_msg/unix_msg.c @@ -26,6 +26,7 @@ #include "lib/util/iov_buf.h" #include "lib/util/msghdr.h" #include <fcntl.h> +#include "lib/util/time.h" /* * This file implements two abstractions: The "unix_dgram" functions implement @@ -51,6 +52,7 @@ struct unix_dgram_send_queue { struct unix_dgram_ctx *ctx; int sock; struct unix_dgram_msg *msgs; + struct poll_timeout *timeout; char path[]; }; @@ -80,7 +82,7 @@ static void unix_dgram_recv_handler(struct poll_watch *w, int fd, short events, void *private_data); /* Set socket non blocking. */ -static int prepare_socket_nonblock(int sock) +static int prepare_socket_nonblock(int sock, bool nonblock) { int flags; #ifdef O_NONBLOCK @@ -97,7 +99,11 @@ static int prepare_socket_nonblock(int sock) if (flags == -1) { return errno; } - flags |= FLAG_TO_SET; + if (nonblock) { + flags |= FLAG_TO_SET; + } else { + flags &= ~FLAG_TO_SET; + } if (fcntl(sock, F_SETFL, flags) == -1) { return errno; } @@ -127,7 +133,7 @@ static int prepare_socket_cloexec(int sock) /* Set socket non blocking and close on exec. */ static int prepare_socket(int sock) { - int ret = prepare_socket_nonblock(sock); + int ret = prepare_socket_nonblock(sock, true); if (ret) { return ret; @@ -360,6 +366,8 @@ static int unix_dgram_init_pthreadpool(struct unix_dgram_ctx *ctx) return 0; } +static int unix_dgram_sendq_schedule_free(struct unix_dgram_send_queue *q); + static int unix_dgram_send_queue_init( struct unix_dgram_ctx *ctx, const struct sockaddr_un *dst, struct unix_dgram_send_queue **result) @@ -376,6 +384,7 @@ static int unix_dgram_send_queue_init( } q->ctx = ctx; q->msgs = NULL; + q->timeout = NULL; memcpy(q->path, dst->sun_path, pathlen); q->sock = socket(AF_UNIX, SOCK_DGRAM, 0); @@ -384,7 +393,7 @@ static int unix_dgram_send_queue_init( goto fail_free; } - err = prepare_socket_cloexec(q->sock); + err = prepare_socket(q->sock); if (err != 0) { goto fail_close; } @@ -407,6 +416,12 @@ static int unix_dgram_send_queue_init( DLIST_ADD(ctx->send_queues, q); + ret = unix_dgram_sendq_schedule_free(q); + if (ret != 0) { + err = ENOMEM; + goto fail_close; + } + *result = q; return 0; @@ -430,20 +445,78 @@ static void unix_dgram_send_queue_free(struct unix_dgram_send_queue *q) } close(q->sock); DLIST_REMOVE(ctx->send_queues, q); + ctx->ev_funcs->timeout_free(q->timeout); free(q); } -static struct unix_dgram_send_queue *find_send_queue( - struct unix_dgram_ctx *ctx, const char *dst_sock) +static void unix_dgram_sendq_scheduled_free_handler( + struct poll_timeout *t, void *private_data); + +static int unix_dgram_sendq_schedule_free(struct unix_dgram_send_queue *q) +{ + struct unix_dgram_ctx *ctx = q->ctx; + struct timeval timeout; + + if (q->timeout != NULL) { + return 0; + } + + GetTimeOfDay(&timeout); + timeout.tv_sec += SENDQ_CACHE_TIME_SECS; + + q->timeout = ctx->ev_funcs->timeout_new( + ctx->ev_funcs, + timeout, + unix_dgram_sendq_scheduled_free_handler, + q); + if (q->timeout == NULL) { + unix_dgram_send_queue_free(q); + return ENOMEM; + } + + return 0; +} + +static void unix_dgram_sendq_scheduled_free_handler(struct poll_timeout *t, + void *private_data) +{ + struct unix_dgram_send_queue *q = private_data; + int ret; + + q->ctx->ev_funcs->timeout_free(q->timeout); + q->timeout = NULL; + + if (q->msgs == NULL) { + unix_dgram_send_queue_free(q); + return; + } + + ret = unix_dgram_sendq_schedule_free(q); + if (ret != 0) { + unix_dgram_send_queue_free(q); + return; + } +} + +static int find_send_queue(struct unix_dgram_ctx *ctx, + const struct sockaddr_un *dst, + struct unix_dgram_send_queue **ps) { struct unix_dgram_send_queue *s; + int ret; for (s = ctx->send_queues; s != NULL; s = s->next) { - if (strcmp(s->path, dst_sock) == 0) { - return s; + if (strcmp(s->path, dst->sun_path) == 0) { + *ps = s; + return 0; } } - return NULL; + ret = unix_dgram_send_queue_init(ctx, dst, &s); + if (ret != 0) { + return ret; + } + *ps = s; + return 0; } static int queue_msg(struct unix_dgram_send_queue *q, @@ -549,12 +622,17 @@ static void unix_dgram_job_finished(struct poll_watch *w, int fd, short events, if (q->msgs != NULL) { ret = pthreadpool_pipe_add_job(ctx->send_pool, q->sock, unix_dgram_send_job, q->msgs); - if (ret == 0) { + if (ret != 0) { + unix_dgram_send_queue_free(q); return; } + return; } - unix_dgram_send_queue_free(q); + ret = prepare_socket_nonblock(q->sock, true); + if (ret != 0) { + unix_dgram_send_queue_free(q); + } } static int unix_dgram_send(struct unix_dgram_ctx *ctx, @@ -600,12 +678,16 @@ static int unix_dgram_send(struct unix_dgram_ctx *ctx, return EINVAL; } - /* - * To preserve message ordering, we have to queue a message when - * others are waiting in line already. - */ - q = find_send_queue(ctx, dst->sun_path); - if (q != NULL) { + ret = find_send_queue(ctx, dst, &q); + if (ret != 0) { + return ret; + } + + if (q->msgs) { + /* + * To preserve message ordering, we have to queue a + * message when others are waiting in line already. + */ return queue_msg(q, iov, iovlen, fds, num_fds); } @@ -614,8 +696,6 @@ static int unix_dgram_send(struct unix_dgram_ctx *ctx, */ msg = (struct msghdr) { - .msg_name = discard_const_p(struct sockaddr_un, dst), - .msg_namelen = sizeof(*dst), .msg_iov = discard_const_p(struct iovec, iov), .msg_iovlen = iovlen }; @@ -629,7 +709,7 @@ static int unix_dgram_send(struct unix_dgram_ctx *ctx, uint8_t buf[fdlen]; msghdr_prep_fds(&msg, buf, fdlen, fds, num_fds); - ret = sendmsg(ctx->sock, &msg, 0); + ret = sendmsg(q->sock, &msg, 0); } if (ret >= 0) { @@ -645,11 +725,20 @@ static int unix_dgram_send(struct unix_dgram_ctx *ctx, return errno; } - ret = unix_dgram_send_queue_init(ctx, dst, &q); + ret = queue_msg(q, iov, iovlen, fds, num_fds); if (ret != 0) { + unix_dgram_send_queue_free(q); return ret; } - ret = queue_msg(q, iov, iovlen, fds, num_fds); + + /* + * While sending the messages via the pthreadpool, we set the + * socket back to blocking mode. When the sendqueue becomes + * empty and we could attempt direct sends again, the + * finished-jobs-handler of the pthreadpool will set it back + * to non-blocking. + */ + ret = prepare_socket_nonblock(q->sock, false); if (ret != 0) { unix_dgram_send_queue_free(q); return ret; @@ -670,8 +759,16 @@ static int unix_dgram_sock(struct unix_dgram_ctx *ctx) static int unix_dgram_free(struct unix_dgram_ctx *ctx) { - if (ctx->send_queues != NULL) { - return EBUSY; + struct unix_dgram_send_queue *q; + + for (q = ctx->send_queues; q != NULL;) { + struct unix_dgram_send_queue *q_next = q->next; + + if (q->msgs != NULL) { + return EBUSY; + } + unix_dgram_send_queue_free(q); + q = q_next; } if (ctx->send_pool != NULL) { diff --git a/source3/lib/unix_msg/unix_msg.h b/source3/lib/unix_msg/unix_msg.h index 34c166b..375d4ac 100644 --- a/source3/lib/unix_msg/unix_msg.h +++ b/source3/lib/unix_msg/unix_msg.h @@ -116,4 +116,6 @@ int unix_msg_send(struct unix_msg_ctx *ctx, const struct sockaddr_un *dst, */ int unix_msg_free(struct unix_msg_ctx *ctx); +#define SENDQ_CACHE_TIME_SECS 10 + #endif diff --git a/source3/lib/unix_msg/wscript_build b/source3/lib/unix_msg/wscript_build index b16d52c..469f87e 100644 --- a/source3/lib/unix_msg/wscript_build +++ b/source3/lib/unix_msg/wscript_build @@ -2,7 +2,7 @@ bld.SAMBA3_SUBSYSTEM('UNIX_MSG', source='unix_msg.c', - deps='replace PTHREADPOOL iov_buf msghdr') + deps='replace PTHREADPOOL iov_buf msghdr time-basic') bld.SAMBA3_BINARY('unix_msg_test', source='tests.c', diff --git a/source4/kdc/kdc-heimdal.c b/source4/kdc/kdc-heimdal.c index be45073..f2927e5 100644 --- a/source4/kdc/kdc-heimdal.c +++ b/source4/kdc/kdc-heimdal.c @@ -33,6 +33,7 @@ #include "kdc/kdc-proxy.h" #include "kdc/kdc-glue.h" #include "kdc/pac-glue.h" +#include "kdc/kpasswd-service.h" #include "dsdb/samdb/samdb.h" #include "auth/session.h" #include "libds/common/roles.h" @@ -151,7 +152,7 @@ static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc, struct loadparm_c if (kpasswd_port) { status = kdc_add_socket(kdc, model_ops, "kpasswd", wcard[i], kpasswd_port, - kpasswdd_process, false); + kpasswd_process, false); if (NT_STATUS_IS_OK(status)) { num_binds++; } @@ -177,7 +178,7 @@ static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc, struct loadparm_c if (kpasswd_port) { status = kdc_add_socket(kdc, model_ops, "kpasswd", address, kpasswd_port, - kpasswdd_process, done_wildcard); + kpasswd_process, done_wildcard); NT_STATUS_NOT_OK_RETURN(status); } } @@ -411,6 +412,14 @@ static void kdc_task_init(struct task_server *task) return; } + kdc->keytab_name = talloc_asprintf(kdc, "HDB:samba4&%p", kdc->base_ctx); + if (kdc->keytab_name == NULL) { + task_server_terminate(task, + "kdc: Failed to set keytab name", + true); + return; + } + /* Register WinDC hooks */ ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context, PLUGIN_TYPE_DATA, "windc", diff --git a/source4/kdc/kdc-server.h b/source4/kdc/kdc-server.h index 47e6c68..fd883c2 100644 --- a/source4/kdc/kdc-server.h +++ b/source4/kdc/kdc-server.h @@ -40,6 +40,7 @@ struct kdc_server { struct ldb_context *samdb; bool am_rodc; uint32_t proxy_timeout; + const char *keytab_name; void *private_data; }; diff --git a/source4/kdc/kpasswd-heimdal.c b/source4/kdc/kpasswd-heimdal.c deleted file mode 100644 index 49fc755..0000000 --- a/source4/kdc/kpasswd-heimdal.c +++ /dev/null @@ -1,551 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - kpasswd Server implementation - - Copyright (C) Andrew Bartlett <abart...@samba.org> 2005 - Copyright (C) Andrew Tridgell 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "smbd/service_task.h" -#include "auth/gensec/gensec.h" -#include "auth/credentials/credentials.h" -#include "auth/auth.h" -#include "dsdb/samdb/samdb.h" -#include "../lib/util/util_ldb.h" -#include "libcli/security/security.h" -#include "param/param.h" -#include "kdc/kdc-server.h" -#include "kdc/kdc-glue.h" -#include "dsdb/common/util.h" -#include "kdc/kpasswd_glue.h" -#include "kdc/kpasswd-helper.h" - -/* Return true if there is a valid error packet formed in the error_blob */ -static bool kpasswdd_make_unauth_error_reply(struct kdc_server *kdc, - TALLOC_CTX *mem_ctx, - uint16_t result_code, - const char *error_string, - DATA_BLOB *error_blob) -{ - bool ret; - int kret; - DATA_BLOB error_bytes; - krb5_data k5_error_bytes, k5_error_blob; - ret = kpasswd_make_error_reply(mem_ctx, result_code, error_string, - &error_bytes); - if (!ret) { - return false; - } - k5_error_bytes.data = error_bytes.data; - k5_error_bytes.length = error_bytes.length; - kret = smb_krb5_mk_error(kdc->smb_krb5_context->krb5_context, - result_code, - NULL, - &k5_error_bytes, - NULL, - NULL, - &k5_error_blob); - if (kret) { - return false; - } - *error_blob = data_blob_talloc(mem_ctx, k5_error_blob.data, k5_error_blob.length); - smb_krb5_free_data_contents(kdc->smb_krb5_context->krb5_context, - &k5_error_blob); - if (!error_blob->data) { - return false; - } - return true; -} - -- Samba Shared Repository