diff options
author | Jeremy Allison <jra@samba.org> | 2006-01-18 19:25:18 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:06:10 -0500 |
commit | 90372e1e9372ccce8e08dbe3d816d8e69b62a4f5 (patch) | |
tree | 199407e7d2945e632e2ddd7d75e4fdf277c13f28 | |
parent | fcd791c1dad75af91e796f0e3fe3be5fbfcd02f0 (diff) | |
download | samba-90372e1e9372ccce8e08dbe3d816d8e69b62a4f5.tar.gz samba-90372e1e9372ccce8e08dbe3d816d8e69b62a4f5.tar.bz2 samba-90372e1e9372ccce8e08dbe3d816d8e69b62a4f5.zip |
r13012: Fix #3421 - it turns out krb5_kt_get_entry() on MIT
does an implicit open/read/close and blows away an
open keytab handle - so make sure we use a new
handle.
Wonderful analysis from Luke <ldeller@xplantechnology.com>
helped fix this.
Jeremy.
(This used to be commit 9d2f2385ad68cbe11bdfb82b5f2d016626f6e679)
-rw-r--r-- | source3/libsmb/clikrb5.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 67e9f539ad..6e87f73df1 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -767,7 +767,6 @@ static krb5_enctype get_enctype_from_ap_req(krb5_ap_req *ap_req) static krb5_error_code get_key_from_keytab(krb5_context context, - krb5_keytab keytab, krb5_const_principal server, krb5_enctype enctype, krb5_kvno kvno, @@ -775,13 +774,18 @@ get_key_from_keytab(krb5_context context, { krb5_keytab_entry entry; krb5_error_code ret; - krb5_keytab real_keytab; + krb5_keytab keytab; char *name = NULL; - if (keytab == NULL) { - krb5_kt_default(context, &real_keytab); - } else { - real_keytab = keytab; + /* We have to open a new keytab handle here, as MIT does + an implicit open/getnext/close on krb5_kt_get_entry. We + may be in the middle of a keytab enumeration when this is + called. JRA. */ + + ret = krb5_kt_default(context, &keytab); + if (ret) { + DEBUG(0,("get_key_from_keytab: failed to open keytab: %s\n", error_message(ret))); + return ret; } if ( DEBUGLEVEL >= 10 ) { @@ -792,7 +796,7 @@ get_key_from_keytab(krb5_context context, } ret = krb5_kt_get_entry(context, - real_keytab, + keytab, server, kvno, enctype, @@ -819,10 +823,7 @@ get_key_from_keytab(krb5_context context, smb_krb5_kt_free_entry(context, &entry); out: - if (keytab == NULL) { - krb5_kt_close(context, real_keytab); - } - + krb5_kt_close(context, keytab); return ret; } @@ -913,7 +914,6 @@ krb5_error_code decode_krb5_ap_req(const krb5_data *code, krb5_ap_req **rep); } ret = get_key_from_keytab(context, - keytab, server, enctype, kvno, |