diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-12-04 12:17:02 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:47:02 -0500 |
commit | c7c6b5620b4d5a40798ad536ee1b1426438de878 (patch) | |
tree | a4232466324c8c47d6694d138985172557d7a2cf | |
parent | 9afdb938cd5e3c86d72d7ef8c5a8fced13291c9c (diff) | |
download | samba-c7c6b5620b4d5a40798ad536ee1b1426438de878.tar.gz samba-c7c6b5620b4d5a40798ad536ee1b1426438de878.tar.bz2 samba-c7c6b5620b4d5a40798ad536ee1b1426438de878.zip |
r12056: Some clarification fixes for the keytab code, and use the right
function for enctype to string.
Andrew Bartlett
(This used to be commit ae6c968cb27f451e5f8cea62be7f33b4b4716f82)
-rw-r--r-- | source4/auth/kerberos/kerberos_util.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 47476aa1b6..3437c943bb 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -50,7 +50,7 @@ krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, char *machine_username; char *salt_body; char *lower_realm; - char *salt_principal; + const char *salt_principal; struct principal_container *mem_ctx = talloc(parent_ctx, struct principal_container); if (!mem_ctx) { return ENOMEM; @@ -249,7 +249,7 @@ static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx, int i; krb5_error_code ret; krb5_enctype *enctypes; - char *enctype_string = NULL; + char *enctype_string; struct enctypes_container *etc; krb5_data password; TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); @@ -283,7 +283,7 @@ static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx, krb5_keytab_entry entry; ret = create_kerberos_key_from_string(smb_krb5_context->krb5_context, salt_princ, &password, &entry.keyblock, enctypes[i]); - if (ret) { + if (ret != 0) { talloc_free(mem_ctx); return ret; } @@ -291,19 +291,21 @@ static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx, entry.principal = princ; entry.vno = kvno; ret = krb5_kt_add_entry(smb_krb5_context->krb5_context, keytab, &entry); + enctype_string = NULL; + krb5_enctype_to_string(smb_krb5_context->krb5_context, enctypes[i], &enctype_string); if (ret != 0) { - DEBUG(1, ("Failed to add entry for %s(kvno %d) to keytab: %s", + DEBUG(1, ("Failed to add %s entry for %s(kvno %d) to keytab: %s\n", + enctype_string, princ_string, kvno, smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx))); talloc_free(mem_ctx); + free(enctype_string); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &entry.keyblock); return ret; } - enctype_string = NULL; - krb5_keytype_to_string(smb_krb5_context->krb5_context, enctypes[i], &enctype_string); DEBUG(5, ("Added %s(kvno %d) to keytab (%s)\n", princ_string, kvno, enctype_string)); @@ -318,7 +320,7 @@ static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx, static int create_keytab(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, - struct keytab_container *keytab_container, + krb5_keytab keytab, BOOL add_old) { krb5_error_code ret; @@ -328,7 +330,6 @@ static int create_keytab(TALLOC_CTX *parent_ctx, int kvno; krb5_principal salt_princ; krb5_principal princ; - krb5_keytab keytab; const char *princ_string; TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); @@ -336,8 +337,6 @@ static int create_keytab(TALLOC_CTX *parent_ctx, return ENOMEM; } - keytab = keytab_container->keytab; - princ_string = cli_credentials_get_principal(machine_account, mem_ctx); /* Get the principal we will store the new keytab entries under */ ret = principal_from_credentials(mem_ctx, machine_account, smb_krb5_context, &princ); @@ -400,7 +399,7 @@ static int create_keytab(TALLOC_CTX *parent_ctx, return ret; } - krb5_keytype_to_string(smb_krb5_context->krb5_context, ENCTYPE_ARCFOUR_HMAC, &enctype_string); + krb5_enctype_to_string(smb_krb5_context->krb5_context, ENCTYPE_ARCFOUR_HMAC, &enctype_string); DEBUG(5, ("Added %s(kvno %d) to keytab (%s)\n", cli_credentials_get_principal(machine_account, mem_ctx), cli_credentials_get_kvno(machine_account), @@ -417,7 +416,7 @@ static int create_keytab(TALLOC_CTX *parent_ctx, kvno = cli_credentials_get_kvno(machine_account); /* good, we actually have the real plaintext */ ret = keytab_add_keys(mem_ctx, princ_string, princ, salt_princ, - kvno, password_s, smb_krb5_context, keytab); + kvno, password_s, smb_krb5_context, keytab); if (!ret) { talloc_free(mem_ctx); return ret; @@ -599,7 +598,7 @@ int update_keytab(TALLOC_CTX *parent_ctx, * Otherwise, add kvno, and kvno -1 */ ret = create_keytab(mem_ctx, machine_account, smb_krb5_context, - keytab_container, + keytab_container->keytab, found_previous ? False : True); talloc_free(mem_ctx); return ret; @@ -639,7 +638,9 @@ int create_memory_keytab(TALLOC_CTX *parent_ctx, ret = update_keytab(mem_ctx, machine_account, smb_krb5_context, *keytab_container); if (ret == 0) { talloc_steal(parent_ctx, *keytab_container); - } + } else { + *keytab_container = NULL; + } talloc_free(mem_ctx); return ret; } |