r12411: Add 'net samdump keytab <keytab>'.

This extracts a remote windows domain into a keytab, suitable for use
in ethereal for kerberos decryption.

For the moment, like net samdump and net samsync, the 'password
server' smb.conf option must be set to the binding string for the
server. eg:

password server = ncacn_np:mypdc

Andrew Bartlett
(This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)

2 files changed, 9 insertions, 22 deletions

diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index 1f7a7cf435..8d84e8cdb5 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -301,13 +301,13 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
 	 * (chewing CPU time) from the password */
 	keytab = ldb_msg_find_string(msgs[0], "krb5Keytab", NULL);
 	if (keytab) {
-		cli_credentials_set_keytab(cred, keytab, CRED_SPECIFIED);
+		cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
 	} else {
 		keytab = ldb_msg_find_string(msgs[0], "privateKeytab", NULL);
 		if (keytab) {
 			keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, keytab));
 			if (keytab) {
-				cli_credentials_set_keytab(cred, keytab, CRED_SPECIFIED);
+				cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
 			}
 		}
 	}
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index 173739e9b8..5f40ca1046 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -398,7 +398,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
 		return ENOMEM;
 	}
 
-	ret = create_memory_keytab(mem_ctx, cred, smb_krb5_context, &ktc);
+	ret = smb_krb5_create_memory_keytab(mem_ctx, cred, smb_krb5_context, &ktc);
 	if (ret) {
 		talloc_free(mem_ctx);
 		return ret;
@@ -417,14 +417,13 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
 /* Given the name of a keytab (presumably in the format
  * FILE:/etc/krb5.keytab), open it and attach it */
 
-int cli_credentials_set_keytab(struct cli_credentials *cred, 
-			       const char *keytab_name, 
-			       enum credentials_obtained obtained) 
+int cli_credentials_set_keytab_name(struct cli_credentials *cred, 
+				    const char *keytab_name, 
+				    enum credentials_obtained obtained) 
 {
 	krb5_error_code ret;
 	struct keytab_container *ktc;
 	struct smb_krb5_context *smb_krb5_context;
-	krb5_keytab keytab;
 	TALLOC_CTX *mem_ctx;
 
 	if (cred->keytab_obtained >= obtained) {
@@ -441,24 +440,12 @@ int cli_credentials_set_keytab(struct cli_credentials *cred,
 		return ENOMEM;
 	}
 
-	ret = krb5_kt_resolve(smb_krb5_context->krb5_context, keytab_name, &keytab);
+	ret = smb_krb5_open_keytab(mem_ctx, smb_krb5_context, 
+				   keytab_name, &ktc);
 	if (ret) {
-		DEBUG(1,("failed to open krb5 keytab: %s\n", 
-			 smb_get_krb5_error_message(smb_krb5_context->krb5_context, 
-						    ret, mem_ctx)));
-		talloc_free(mem_ctx);
 		return ret;
 	}
 
-	ktc = talloc(mem_ctx, struct keytab_container);
-	if (!ktc) {
-		talloc_free(mem_ctx);
-		return ENOMEM;
-	}
-
-	ktc->smb_krb5_context = talloc_reference(ktc, smb_krb5_context);
-	ktc->keytab = keytab;
-
 	cred->keytab_obtained = obtained;
 
 	talloc_steal(cred, ktc);
@@ -492,7 +479,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred)
 		return ret;
 	}
 
-	ret = update_keytab(mem_ctx, cred, smb_krb5_context, ktc);
+	ret = smb_krb5_update_keytab(mem_ctx, cred, smb_krb5_context, ktc);
 
 	talloc_free(mem_ctx);
 	return ret;