r23649: Fix the build (by moving smb_krb5_open_keytab() to clikrb5.c).

Guenther (This used to be commit 19020d19dca7f34be92c8c2ec49ae7dbde60f8c1)
author: Günther Deschner <gd@samba.org> 2007-06-29 09:42:14 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 12:23:41 -0500
commit: a24867293257585260deb0587e7e1b710654843a (patch)
tree: 8fe706051cfe33edba6371cf6ad30f0e24779786 /source3/libsmb
parent: a2618aa8d5a46305c02a083b880ce299681810c3 (diff)
download: samba-a24867293257585260deb0587e7e1b710654843a.tar.gz
samba-a24867293257585260deb0587e7e1b710654843a.tar.bz2
samba-a24867293257585260deb0587e7e1b710654843a.zip
1 files changed, 137 insertions, 1 deletions
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 1e322974cc..5836fc34e0 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -4,7 +4,7 @@
    Copyright (C) Andrew Tridgell 2001
    Copyright (C) Luke Howard 2002-2003
    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
-   Copyright (C) Guenther Deschner 2005
+   Copyright (C) Guenther Deschner 2005-2007
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1544,6 +1544,142 @@ done:
 #endif
 }
 
+/**********************************************************************
+ * Open a krb5 keytab with flags, handles readonly or readwrite access and
+ * allows to process non-default keytab names.
+ * @param context krb5_context 
+ * @param keytab_name_req string
+ * @param write_access BOOL if writable keytab is required
+ * @param krb5_keytab pointer to krb5_keytab (close with krb5_kt_close())
+ * @return krb5_error_code
+**********************************************************************/
+
+/* This MAX_NAME_LEN is a constant defined in krb5.h */
+#ifndef MAX_KEYTAB_NAME_LEN
+#define MAX_KEYTAB_NAME_LEN 1100
+#endif
+
+ krb5_error_code smb_krb5_open_keytab(krb5_context context,
+				      const char *keytab_name_req,
+				      BOOL write_access,
+				      krb5_keytab *keytab)
+{
+	krb5_error_code ret = 0;
+	TALLOC_CTX *mem_ctx;
+	char keytab_string[MAX_KEYTAB_NAME_LEN];
+	BOOL found_valid_name = False;
+	const char *pragma = "FILE";
+	const char *tmp = NULL;
+
+	if (!write_access && !keytab_name_req) {
+		/* caller just wants to read the default keytab readonly, so be it */
+		return krb5_kt_default(context, keytab);
+	}
+
+	mem_ctx = talloc_init("smb_krb5_open_keytab");
+	if (!mem_ctx) {
+		return ENOMEM;
+	}
+
+#ifdef HAVE_WRFILE_KEYTAB 
+	if (write_access) {
+		pragma = "WRFILE";
+	}
+#endif
+
+	if (keytab_name_req) {
+
+		if (strlen(keytab_name_req) > MAX_KEYTAB_NAME_LEN) {
+			ret = KRB5_CONFIG_NOTENUFSPACE;
+			goto out;
+		}
+
+		if ((strncmp(keytab_name_req, "WRFILE:/", 8) == 0) || 
+		    (strncmp(keytab_name_req, "FILE:/", 6) == 0)) {
+		    	tmp = keytab_name_req;
+			goto resolve;
+		}
+
+		if (keytab_name_req[0] != '/') {
+			ret = KRB5_KT_BADNAME;
+			goto out;
+		}
+
+		tmp = talloc_asprintf(mem_ctx, "%s:%s", pragma, keytab_name_req);
+		if (!tmp) {
+			ret = ENOMEM;
+			goto out;
+		}
+
+		goto resolve;
+	}
+
+	/* we need to handle more complex keytab_strings, like:
+	 * "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab" */
+
+	ret = krb5_kt_default_name(context, &keytab_string[0], MAX_KEYTAB_NAME_LEN - 2);
+	if (ret) {
+		goto out;
+	}
+
+	DEBUG(10,("smb_krb5_open_keytab: krb5_kt_default_name returned %s\n", keytab_string));
+
+	tmp = talloc_strdup(mem_ctx, keytab_string);
+	if (!tmp) {
+		ret = ENOMEM;
+		goto out;
+	}
+		
+	if (strncmp(tmp, "ANY:", 4) == 0) {
+		tmp += 4;
+	}
+
+	memset(&keytab_string, '\0', sizeof(keytab_string));
+
+	while (next_token(&tmp, keytab_string, ",", sizeof(keytab_string))) {
+
+		if (strncmp(keytab_string, "WRFILE:", 7) == 0) {
+			found_valid_name = True;
+			tmp = keytab_string;
+			tmp += 7;
+		}
+
+		if (strncmp(keytab_string, "FILE:", 5) == 0) {
+			found_valid_name = True;
+			tmp = keytab_string;
+			tmp += 5;
+		}
+
+		if (found_valid_name) {
+
+			if (tmp[0] != '/') {
+				ret = KRB5_KT_BADNAME;
+				goto out;
+			}
+
+			tmp = talloc_asprintf(mem_ctx, "%s:%s", pragma, tmp);
+			if (!tmp) {
+				ret = ENOMEM;
+				goto out;
+			}
+			break;
+		}
+	}
+		
+	if (!found_valid_name) {
+		ret = KRB5_KT_UNKNOWN_TYPE;
+		goto out;
+	}
+
+ resolve:
+ 	DEBUG(10,("smb_krb5_open_keytab: resolving: %s\n", tmp));
+	ret = krb5_kt_resolve(context, tmp, keytab);
+
+ out:
+ 	TALLOC_FREE(mem_ctx);
+ 	return ret;
+}
+
 #else /* HAVE_KRB5 */
  /* this saves a few linking headaches */
  int cli_krb5_get_ticket(const char *principal, time_t time_offset,
author	Günther Deschner <gd@samba.org>	2007-06-29 09:42:14 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 12:23:41 -0500
commit	a24867293257585260deb0587e7e1b710654843a (patch)
tree	8fe706051cfe33edba6371cf6ad30f0e24779786 /source3/libsmb
parent	a2618aa8d5a46305c02a083b880ce299681810c3 (diff)
download	samba-a24867293257585260deb0587e7e1b710654843a.tar.gz samba-a24867293257585260deb0587e7e1b710654843a.tar.bz2 samba-a24867293257585260deb0587e7e1b710654843a.zip