diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-01-20 11:51:59 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-01-20 23:55:53 +0100 |
commit | 6158ea1abd1aa12785022bfd1fa23924f144b45b (patch) | |
tree | 84b562d133ddebfd9ceb12627ba91841dedeb132 | |
parent | f86ab2947040f8e0cd6fd73da31ebe33ac18d2eb (diff) | |
download | samba-6158ea1abd1aa12785022bfd1fa23924f144b45b.tar.gz samba-6158ea1abd1aa12785022bfd1fa23924f144b45b.tar.bz2 samba-6158ea1abd1aa12785022bfd1fa23924f144b45b.zip |
s3-gse: create memory keytab in gse_krb5_get_server_keytab()
The other functions just add entries to it.
metze
-rw-r--r-- | source3/librpc/crypto/gse_krb5.c | 52 |
1 files changed, 25 insertions, 27 deletions
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c index 43b5eb2577..0e53f410fc 100644 --- a/source3/librpc/crypto/gse_krb5.c +++ b/source3/librpc/crypto/gse_krb5.c @@ -169,8 +169,8 @@ out: #define SRV_MEM_KEYTAB_NAME "MEMORY:cifs_srv_keytab" #define CLEARTEXT_PRIV_ENCTYPE -99 -static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx, - krb5_keytab *keytab) +static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx, + krb5_keytab *keytab) { krb5_error_code ret; char *pwd = NULL; @@ -194,16 +194,6 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx, } pwd_len = strlen(pwd); - if (*keytab == NULL) { - /* create memory keytab */ - ret = krb5_kt_resolve(krbctx, SRV_MEM_KEYTAB_NAME, keytab); - if (ret) { - DEBUG(1, (__location__ ": Failed to get memory " - "keytab!\n")); - return ret; - } - } - ZERO_STRUCT(kt_entry); ZERO_STRUCT(kt_cursor); @@ -331,19 +321,12 @@ out: krb5_free_principal(krbctx, princ); } - if (ret) { - if (*keytab) { - krb5_kt_close(krbctx, *keytab); - *keytab = NULL; - } - } - return ret; } -static krb5_error_code get_mem_keytab_from_system_keytab(krb5_context krbctx, - krb5_keytab *keytab, - bool verify) +static krb5_error_code fill_mem_keytab_from_system_keytab(krb5_context krbctx, + krb5_keytab *keytab, + bool verify) { return KRB5_KT_NOTFOUND; } @@ -357,26 +340,34 @@ krb5_error_code gse_krb5_get_server_keytab(krb5_context krbctx, *keytab = NULL; + /* create memory keytab */ + ret = krb5_kt_resolve(krbctx, SRV_MEM_KEYTAB_NAME, keytab); + if (ret) { + DEBUG(1, (__location__ ": Failed to get memory " + "keytab!\n")); + return ret; + } + switch (lp_kerberos_method()) { default: case KERBEROS_VERIFY_SECRETS: - ret = get_mem_keytab_from_secrets(krbctx, keytab); + ret = fill_mem_keytab_from_secrets(krbctx, keytab); break; case KERBEROS_VERIFY_SYSTEM_KEYTAB: - ret = get_mem_keytab_from_system_keytab(krbctx, keytab, true); + ret = fill_mem_keytab_from_system_keytab(krbctx, keytab, true); break; case KERBEROS_VERIFY_DEDICATED_KEYTAB: /* just use whatever keytab is configured */ - ret = get_mem_keytab_from_system_keytab(krbctx, keytab, false); + ret = fill_mem_keytab_from_system_keytab(krbctx, keytab, false); break; case KERBEROS_VERIFY_SECRETS_AND_KEYTAB: - ret1 = get_mem_keytab_from_secrets(krbctx, keytab); + ret1 = fill_mem_keytab_from_secrets(krbctx, keytab); if (ret1) { DEBUG(3, (__location__ ": Warning! Unable to set mem " "keytab from secrets!\n")); } /* Now append system keytab keys too */ - ret2 = get_mem_keytab_from_system_keytab(krbctx, keytab, true); + ret2 = fill_mem_keytab_from_system_keytab(krbctx, keytab, true); if (ret2) { DEBUG(3, (__location__ ": Warning! Unable to set mem " "keytab from system keytab!\n")); @@ -389,6 +380,13 @@ krb5_error_code gse_krb5_get_server_keytab(krb5_context krbctx, break; } + if (ret) { + krb5_kt_close(krbctx, *keytab); + *keytab = NULL; + DEBUG(1,("%s: Error! Unable to set mem keytab - %d\n", + __location__, ret)); + } + return ret; } |