summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-01-20 11:51:59 +0100
committerStefan Metzmacher <metze@samba.org>2012-01-20 23:55:53 +0100
commit6158ea1abd1aa12785022bfd1fa23924f144b45b (patch)
tree84b562d133ddebfd9ceb12627ba91841dedeb132
parentf86ab2947040f8e0cd6fd73da31ebe33ac18d2eb (diff)
downloadsamba-6158ea1abd1aa12785022bfd1fa23924f144b45b.tar.gz
samba-6158ea1abd1aa12785022bfd1fa23924f144b45b.tar.bz2
samba-6158ea1abd1aa12785022bfd1fa23924f144b45b.zip
s3-gse: create memory keytab in gse_krb5_get_server_keytab()
The other functions just add entries to it. metze
-rw-r--r--source3/librpc/crypto/gse_krb5.c52
1 files changed, 25 insertions, 27 deletions
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
index 43b5eb2577..0e53f410fc 100644
--- a/source3/librpc/crypto/gse_krb5.c
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -169,8 +169,8 @@ out:
#define SRV_MEM_KEYTAB_NAME "MEMORY:cifs_srv_keytab"
#define CLEARTEXT_PRIV_ENCTYPE -99
-static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
- krb5_keytab *keytab)
+static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx,
+ krb5_keytab *keytab)
{
krb5_error_code ret;
char *pwd = NULL;
@@ -194,16 +194,6 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
}
pwd_len = strlen(pwd);
- if (*keytab == NULL) {
- /* create memory keytab */
- ret = krb5_kt_resolve(krbctx, SRV_MEM_KEYTAB_NAME, keytab);
- if (ret) {
- DEBUG(1, (__location__ ": Failed to get memory "
- "keytab!\n"));
- return ret;
- }
- }
-
ZERO_STRUCT(kt_entry);
ZERO_STRUCT(kt_cursor);
@@ -331,19 +321,12 @@ out:
krb5_free_principal(krbctx, princ);
}
- if (ret) {
- if (*keytab) {
- krb5_kt_close(krbctx, *keytab);
- *keytab = NULL;
- }
- }
-
return ret;
}
-static krb5_error_code get_mem_keytab_from_system_keytab(krb5_context krbctx,
- krb5_keytab *keytab,
- bool verify)
+static krb5_error_code fill_mem_keytab_from_system_keytab(krb5_context krbctx,
+ krb5_keytab *keytab,
+ bool verify)
{
return KRB5_KT_NOTFOUND;
}
@@ -357,26 +340,34 @@ krb5_error_code gse_krb5_get_server_keytab(krb5_context krbctx,
*keytab = NULL;
+ /* create memory keytab */
+ ret = krb5_kt_resolve(krbctx, SRV_MEM_KEYTAB_NAME, keytab);
+ if (ret) {
+ DEBUG(1, (__location__ ": Failed to get memory "
+ "keytab!\n"));
+ return ret;
+ }
+
switch (lp_kerberos_method()) {
default:
case KERBEROS_VERIFY_SECRETS:
- ret = get_mem_keytab_from_secrets(krbctx, keytab);
+ ret = fill_mem_keytab_from_secrets(krbctx, keytab);
break;
case KERBEROS_VERIFY_SYSTEM_KEYTAB:
- ret = get_mem_keytab_from_system_keytab(krbctx, keytab, true);
+ ret = fill_mem_keytab_from_system_keytab(krbctx, keytab, true);
break;
case KERBEROS_VERIFY_DEDICATED_KEYTAB:
/* just use whatever keytab is configured */
- ret = get_mem_keytab_from_system_keytab(krbctx, keytab, false);
+ ret = fill_mem_keytab_from_system_keytab(krbctx, keytab, false);
break;
case KERBEROS_VERIFY_SECRETS_AND_KEYTAB:
- ret1 = get_mem_keytab_from_secrets(krbctx, keytab);
+ ret1 = fill_mem_keytab_from_secrets(krbctx, keytab);
if (ret1) {
DEBUG(3, (__location__ ": Warning! Unable to set mem "
"keytab from secrets!\n"));
}
/* Now append system keytab keys too */
- ret2 = get_mem_keytab_from_system_keytab(krbctx, keytab, true);
+ ret2 = fill_mem_keytab_from_system_keytab(krbctx, keytab, true);
if (ret2) {
DEBUG(3, (__location__ ": Warning! Unable to set mem "
"keytab from system keytab!\n"));
@@ -389,6 +380,13 @@ krb5_error_code gse_krb5_get_server_keytab(krb5_context krbctx,
break;
}
+ if (ret) {
+ krb5_kt_close(krbctx, *keytab);
+ *keytab = NULL;
+ DEBUG(1,("%s: Error! Unable to set mem keytab - %d\n",
+ __location__, ret));
+ }
+
return ret;
}