summaryrefslogtreecommitdiff
path: root/source4/auth/credentials
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-12-21 22:02:52 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:47:35 -0500
commit221c1512a8b4de9a568c0a0cdafa97ab5c53368c (patch)
treea3c696e37929ef2b758ba9466a07b0779b659b61 /source4/auth/credentials
parentf45b0ff698414f4fcdb49f1324ebfc5576f785ae (diff)
downloadsamba-221c1512a8b4de9a568c0a0cdafa97ab5c53368c.tar.gz
samba-221c1512a8b4de9a568c0a0cdafa97ab5c53368c.tar.bz2
samba-221c1512a8b4de9a568c0a0cdafa97ab5c53368c.zip
r12411: Add 'net samdump keytab <keytab>'.
This extracts a remote windows domain into a keytab, suitable for use in ethereal for kerberos decryption. For the moment, like net samdump and net samsync, the 'password server' smb.conf option must be set to the binding string for the server. eg: password server = ncacn_np:mypdc Andrew Bartlett (This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)
Diffstat (limited to 'source4/auth/credentials')
-rw-r--r--source4/auth/credentials/credentials_files.c4
-rw-r--r--source4/auth/credentials/credentials_krb5.c27
2 files changed, 9 insertions, 22 deletions
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index 1f7a7cf435..8d84e8cdb5 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -301,13 +301,13 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
* (chewing CPU time) from the password */
keytab = ldb_msg_find_string(msgs[0], "krb5Keytab", NULL);
if (keytab) {
- cli_credentials_set_keytab(cred, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
} else {
keytab = ldb_msg_find_string(msgs[0], "privateKeytab", NULL);
if (keytab) {
keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, keytab));
if (keytab) {
- cli_credentials_set_keytab(cred, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
}
}
}
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index 173739e9b8..5f40ca1046 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -398,7 +398,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
return ENOMEM;
}
- ret = create_memory_keytab(mem_ctx, cred, smb_krb5_context, &ktc);
+ ret = smb_krb5_create_memory_keytab(mem_ctx, cred, smb_krb5_context, &ktc);
if (ret) {
talloc_free(mem_ctx);
return ret;
@@ -417,14 +417,13 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
/* Given the name of a keytab (presumably in the format
* FILE:/etc/krb5.keytab), open it and attach it */
-int cli_credentials_set_keytab(struct cli_credentials *cred,
- const char *keytab_name,
- enum credentials_obtained obtained)
+int cli_credentials_set_keytab_name(struct cli_credentials *cred,
+ const char *keytab_name,
+ enum credentials_obtained obtained)
{
krb5_error_code ret;
struct keytab_container *ktc;
struct smb_krb5_context *smb_krb5_context;
- krb5_keytab keytab;
TALLOC_CTX *mem_ctx;
if (cred->keytab_obtained >= obtained) {
@@ -441,24 +440,12 @@ int cli_credentials_set_keytab(struct cli_credentials *cred,
return ENOMEM;
}
- ret = krb5_kt_resolve(smb_krb5_context->krb5_context, keytab_name, &keytab);
+ ret = smb_krb5_open_keytab(mem_ctx, smb_krb5_context,
+ keytab_name, &ktc);
if (ret) {
- DEBUG(1,("failed to open krb5 keytab: %s\n",
- smb_get_krb5_error_message(smb_krb5_context->krb5_context,
- ret, mem_ctx)));
- talloc_free(mem_ctx);
return ret;
}
- ktc = talloc(mem_ctx, struct keytab_container);
- if (!ktc) {
- talloc_free(mem_ctx);
- return ENOMEM;
- }
-
- ktc->smb_krb5_context = talloc_reference(ktc, smb_krb5_context);
- ktc->keytab = keytab;
-
cred->keytab_obtained = obtained;
talloc_steal(cred, ktc);
@@ -492,7 +479,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred)
return ret;
}
- ret = update_keytab(mem_ctx, cred, smb_krb5_context, ktc);
+ ret = smb_krb5_update_keytab(mem_ctx, cred, smb_krb5_context, ktc);
talloc_free(mem_ctx);
return ret;