diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-01-24 05:31:08 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:51:26 -0500 |
| commit | 28d78c40ade22c4b5d445dbe23f18ca210e41f8c (patch) | |
| tree | d3cd9bdaca50e4cd7af031f1b2550836b9190417 /source4/auth/kerberos | |
| parent | fc29c3250af5fbcd81725e38fb48ca1ec5ae23bf (diff) | |
| download | samba-28d78c40ade22c4b5d445dbe23f18ca210e41f8c.tar.gz samba-28d78c40ade22c4b5d445dbe23f18ca210e41f8c.tar.bz2 samba-28d78c40ade22c4b5d445dbe23f18ca210e41f8c.zip | |
r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in our
case) as the keytab.
This avoids issues in replicated setups, as we will replicate the
kpasswd key correctly (including from windows, which is why I care at
the moment).
Andrew Bartlett
(This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
Diffstat (limited to 'source4/auth/kerberos')
| -rw-r--r-- | source4/auth/kerberos/kerberos_util.c | 4 | ||||
| -rw-r--r-- | source4/auth/kerberos/krb5_init_context.c | 2 |
2 files changed, 5 insertions, 1 deletions
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index ad0e18b2e7..776b591ba4 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -397,9 +397,9 @@ static int create_keytab(TALLOC_CTX *parent_ctx, const struct samr_Password *mach_pwd; mach_pwd = cli_credentials_get_nt_hash(machine_account, mem_ctx); if (!mach_pwd) { - talloc_free(mem_ctx); DEBUG(1, ("create_keytab: Domain trust informaton for account %s not available\n", cli_credentials_get_principal(machine_account, mem_ctx))); + talloc_free(mem_ctx); return EINVAL; } ret = krb5_keyblock_init(smb_krb5_context->krb5_context, @@ -410,6 +410,7 @@ static int create_keytab(TALLOC_CTX *parent_ctx, DEBUG(1, ("create_keytab: krb5_keyblock_init failed: %s\n", smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx))); + talloc_free(mem_ctx); return ret; } @@ -516,6 +517,7 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx, switch (ret) { case 0: break; + case HEIM_ERR_OPNOTSUPP: case ENOENT: case KRB5_KT_END: /* no point enumerating if there isn't anything here */ diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 8e52ac5e3f..830c803524 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -448,6 +448,8 @@ static void smb_krb5_send_and_recv_close_func(krb5_context context, void *data) return ret; } + (*smb_krb5_context)->krb5_context->mem_ctx = *smb_krb5_context; + talloc_steal(parent_ctx, *smb_krb5_context); talloc_free(tmp_ctx); |