summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/auth/kerberos/config.mk3
-rw-r--r--source4/auth/kerberos/keytab_copy.c146
-rw-r--r--source4/kdc/config.mk16
-rw-r--r--source4/libnet/config.mk4
-rw-r--r--source4/libnet/libnet.h1
-rw-r--r--source4/libnet/libnet_export_keytab.c54
-rw-r--r--source4/libnet/libnet_export_keytab.h28
-rw-r--r--source4/utils/net/config.mk3
-rw-r--r--source4/utils/net/net.c4
-rw-r--r--source4/utils/net/net_export_keytab.c110
10 files changed, 8 insertions, 361 deletions
diff --git a/source4/auth/kerberos/config.mk b/source4/auth/kerberos/config.mk
index 609b036b64..822bf398a7 100644
--- a/source4/auth/kerberos/config.mk
+++ b/source4/auth/kerberos/config.mk
@@ -12,8 +12,7 @@ KERBEROS_OBJ_FILES = $(addprefix $(authsrcdir)/kerberos/, \
kerberos_heimdal.o \
kerberos_pac.o \
gssapi_parse.o \
- krb5_init_context.o \
- keytab_copy.o)
+ krb5_init_context.o)
$(eval $(call proto_header_template,$(authsrcdir)/kerberos/proto.h,$(KERBEROS_OBJ_FILES:.o=.c)))
diff --git a/source4/auth/kerberos/keytab_copy.c b/source4/auth/kerberos/keytab_copy.c
deleted file mode 100644
index ba4ea2bf39..0000000000
--- a/source4/auth/kerberos/keytab_copy.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "includes.h"
-#include "system/kerberos.h"
-#include "auth/kerberos/kerberos.h"
-
-static const krb5_boolean verbose_flag = FALSE;
-
-static krb5_boolean
-compare_keyblock(const krb5_keyblock *a, const krb5_keyblock *b)
-{
- if(a->keytype != b->keytype ||
- a->keyvalue.length != b->keyvalue.length ||
- memcmp(a->keyvalue.data, b->keyvalue.data, a->keyvalue.length) != 0)
- return FALSE;
- return TRUE;
-}
-
-krb5_error_code kt_copy (krb5_context context, const char *from, const char *to)
-{
- krb5_error_code ret;
- krb5_keytab src_keytab, dst_keytab;
- krb5_kt_cursor cursor;
- krb5_keytab_entry entry, dummy;
-
- ret = krb5_kt_resolve (context, from, &src_keytab);
- if (ret) {
- krb5_warn (context, ret, "resolving src keytab `%s'", from);
- return 1;
- }
-
- ret = krb5_kt_resolve (context, to, &dst_keytab);
- if (ret) {
- krb5_kt_close (context, src_keytab);
- krb5_warn (context, ret, "resolving dst keytab `%s'", to);
- return 1;
- }
-
- ret = krb5_kt_start_seq_get (context, src_keytab, &cursor);
- if (ret) {
- krb5_warn (context, ret, "krb5_kt_start_seq_get %s", from);
- goto out;
- }
-
- if (verbose_flag)
- fprintf(stderr, "copying %s to %s\n", from, to);
-
- while((ret = krb5_kt_next_entry(context, src_keytab,
- &entry, &cursor)) == 0) {
- char *name_str;
- char *etype_str;
- ret = krb5_unparse_name (context, entry.principal, &name_str);
- if(ret) {
- krb5_warn(context, ret, "krb5_unparse_name");
- name_str = NULL; /* XXX */
- }
- ret = krb5_enctype_to_string(context, entry.keyblock.keytype, &etype_str);
- if(ret) {
- krb5_warn(context, ret, "krb5_enctype_to_string");
- etype_str = NULL; /* XXX */
- }
- ret = krb5_kt_get_entry(context, dst_keytab,
- entry.principal,
- entry.vno,
- entry.keyblock.keytype,
- &dummy);
- if(ret == 0) {
- /* this entry is already in the new keytab, so no need to
- copy it; if the keyblocks are not the same, something
- is weird, so complain about that */
- if(!compare_keyblock(&entry.keyblock, &dummy.keyblock)) {
- krb5_warnx(context, "entry with different keyvalue "
- "already exists for %s, keytype %s, kvno %d",
- name_str, etype_str, entry.vno);
- }
- krb5_kt_free_entry(context, &dummy);
- krb5_kt_free_entry (context, &entry);
- free(name_str);
- free(etype_str);
- continue;
- } else if(ret != KRB5_KT_NOTFOUND) {
- krb5_warn (context, ret, "%s: fetching %s/%s/%u",
- to, name_str, etype_str, entry.vno);
- krb5_kt_free_entry (context, &entry);
- free(name_str);
- free(etype_str);
- break;
- }
- if (verbose_flag)
- fprintf (stderr, "copying %s, keytype %s, kvno %d\n", name_str,
- etype_str, entry.vno);
- ret = krb5_kt_add_entry (context, dst_keytab, &entry);
- krb5_kt_free_entry (context, &entry);
- if (ret) {
- krb5_warn (context, ret, "%s: adding %s/%s/%u",
- to, name_str, etype_str, entry.vno);
- free(name_str);
- free(etype_str);
- break;
- }
- free(name_str);
- free(etype_str);
- }
- krb5_kt_end_seq_get (context, src_keytab, &cursor);
-
- out:
- krb5_kt_close (context, src_keytab);
- krb5_kt_close (context, dst_keytab);
- if (ret == KRB5_KT_END) {
- return 0;
- } else if (ret == 0) {
- return EINVAL;
- }
- return ret;
-}
diff --git a/source4/kdc/config.mk b/source4/kdc/config.mk
index 56199d6364..03fa2db295 100644
--- a/source4/kdc/config.mk
+++ b/source4/kdc/config.mk
@@ -6,7 +6,7 @@
INIT_FUNCTION = server_service_kdc_init
SUBSYSTEM = service
PRIVATE_DEPENDENCIES = \
- HEIMDAL_KDC HDB_SAMBA4 PAC_GLUE LIBSAMBA-HOSTCONFIG
+ HEIMDAL_KDC HDB_SAMBA4 LIBSAMBA-HOSTCONFIG
# End SUBSYSTEM KDC
#######################
@@ -22,17 +22,5 @@ PRIVATE_DEPENDENCIES = \
# End SUBSYSTEM KDC
#######################
-HDB_SAMBA4_OBJ_FILES = $(addprefix $(kdcsrcdir)/, hdb-samba4.o)
-
-#######################
-# Start SUBSYSTEM KDC
-[SUBSYSTEM::PAC_GLUE]
-CFLAGS = -Iheimdal/kdc -Iheimdal/lib/hdb
-PRIVATE_DEPENDENCIES = \
- LIBLDB auth_sam auth_sam_reply CREDENTIALS \
- HEIMDAL_HDB LIBSAMBA-HOSTCONFIG
-# End SUBSYSTEM KDC
-#######################
-
-PAC_GLUE_OBJ_FILES = $(addprefix $(kdcsrcdir)/, pac-glue.o)
+HDB_SAMBA4_OBJ_FILES = $(addprefix $(kdcsrcdir)/, hdb-samba4.o pac-glue.o)
$(eval $(call proto_header_template,$(kdcsrcdir)/pac_glue.h,$(HDB_SAMBA4_OBJ_FILES:.o=.c)))
diff --git a/source4/libnet/config.mk b/source4/libnet/config.mk
index eede8c871d..07d5434ebf 100644
--- a/source4/libnet/config.mk
+++ b/source4/libnet/config.mk
@@ -1,5 +1,5 @@
[SUBSYSTEM::LIBSAMBA-NET]
-PUBLIC_DEPENDENCIES = CREDENTIALS dcerpc dcerpc_samr RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI LIBCLI_COMPOSITE LIBCLI_RESOLVE LIBCLI_FINDDCS LIBCLI_CLDAP LIBCLI_FINDDCS gensec_schannel LIBCLI_AUTH LIBNDR SMBPASSWD PROVISION LIBCLI_SAMSYNC HDB_SAMBA4
+PUBLIC_DEPENDENCIES = CREDENTIALS dcerpc dcerpc_samr RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI LIBCLI_COMPOSITE LIBCLI_RESOLVE LIBCLI_FINDDCS LIBCLI_CLDAP LIBCLI_FINDDCS gensec_schannel LIBCLI_AUTH LIBNDR SMBPASSWD PROVISION LIBCLI_SAMSYNC
LIBSAMBA-NET_OBJ_FILES = $(addprefix $(libnetsrcdir)/, \
libnet.o libnet_passwd.o libnet_time.o libnet_rpc.o \
@@ -7,7 +7,7 @@ LIBSAMBA-NET_OBJ_FILES = $(addprefix $(libnetsrcdir)/, \
libnet_vampire.o libnet_samdump.o libnet_samdump_keytab.o \
libnet_samsync_ldb.o libnet_user.o libnet_group.o libnet_share.o \
libnet_lookup.o libnet_domain.o userinfo.o groupinfo.o userman.o \
- groupman.o prereq_domain.o libnet_samsync.o libnet_export_keytab.o)
+ groupman.o prereq_domain.o libnet_samsync.o)
$(eval $(call proto_header_template,$(libnetsrcdir)/libnet_proto.h,$(LIBSAMBA-NET_OBJ_FILES:.o=.c)))
diff --git a/source4/libnet/libnet.h b/source4/libnet/libnet.h
index 9964a3f526..543a131806 100644
--- a/source4/libnet/libnet.h
+++ b/source4/libnet/libnet.h
@@ -75,5 +75,4 @@ struct libnet_context {
#include "libnet/libnet_share.h"
#include "libnet/libnet_lookup.h"
#include "libnet/libnet_domain.h"
-#include "libnet/libnet_export_keytab.h"
#include "libnet/libnet_proto.h"
diff --git a/source4/libnet/libnet_export_keytab.c b/source4/libnet/libnet_export_keytab.c
deleted file mode 100644
index 43fd0aa30e..0000000000
--- a/source4/libnet/libnet_export_keytab.c
+++ /dev/null
@@ -1,54 +0,0 @@
-#include "includes.h"
-#include "system/kerberos.h"
-#include "auth/kerberos/kerberos.h"
-#include <hdb.h>
-#include "kdc/hdb-samba4.h"
-#include "auth/kerberos/keytab_copy.h"
-#include "libnet/libnet.h"
-
-NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_export_keytab *r)
-{
- krb5_error_code ret;
- struct smb_krb5_context *smb_krb5_context;
- const char *from_keytab;
-
- /* Register hdb-samba4 hooks for use as a keytab */
-
- struct hdb_samba4_context *hdb_samba4_context = talloc(mem_ctx, struct hdb_samba4_context);
- if (!hdb_samba4_context) {
- return NT_STATUS_NO_MEMORY;
- }
-
- hdb_samba4_context->ev_ctx = ctx->event_ctx;
- hdb_samba4_context->lp_ctx = ctx->lp_ctx;
-
- from_keytab = talloc_asprintf(hdb_samba4_context, "HDB:samba4&%p", hdb_samba4_context);
- if (!from_keytab) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = smb_krb5_init_context(ctx, ctx->event_ctx, ctx->lp_ctx, &smb_krb5_context);
- if (ret) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = krb5_plugin_register(smb_krb5_context->krb5_context,
- PLUGIN_TYPE_DATA, "hdb",
- &hdb_samba4);
- if(ret) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = krb5_kt_register(smb_krb5_context->krb5_context, &hdb_kt_ops);
- if(ret) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = kt_copy(smb_krb5_context->krb5_context, from_keytab, r->in.keytab_name);
- if(ret) {
- r->out.error_string = smb_get_krb5_error_message(smb_krb5_context->krb5_context,
- ret, mem_ctx);
- return NT_STATUS_UNSUCCESSFUL;
- }
- return NT_STATUS_OK;
-}
diff --git a/source4/libnet/libnet_export_keytab.h b/source4/libnet/libnet_export_keytab.h
deleted file mode 100644
index 194f8907a3..0000000000
--- a/source4/libnet/libnet_export_keytab.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-struct libnet_export_keytab {
- struct {
- const char *keytab_name;
- } in;
- struct {
- const char *error_string;
- } out;
-};
-
diff --git a/source4/utils/net/config.mk b/source4/utils/net/config.mk
index ff8cb2c526..b2f0fcf6b1 100644
--- a/source4/utils/net/config.mk
+++ b/source4/utils/net/config.mk
@@ -21,8 +21,7 @@ net_OBJ_FILES = $(addprefix $(utilssrcdir)/net/, \
net_time.o \
net_join.o \
net_vampire.o \
- net_user.o \
- net_export_keytab.o)
+ net_user.o)
$(eval $(call proto_header_template,$(utilssrcdir)/net/net_proto.h,$(net_OBJ_FILES:.o=.c)))
diff --git a/source4/utils/net/net.c b/source4/utils/net/net.c
index a96c672dfd..d934403ade 100644
--- a/source4/utils/net/net.c
+++ b/source4/utils/net/net.c
@@ -104,11 +104,11 @@ static const struct net_functable net_functable[] = {
{"time", "get remote server's time\n", net_time, net_time_usage},
{"join", "join a domain\n", net_join, net_join_usage},
{"samdump", "dump the sam of a domain\n", net_samdump, net_samdump_usage},
- {"export", "dump the sam of this domain\n", net_export, net_export_usage},
{"vampire", "join and syncronise an AD domain onto the local server\n", net_vampire, net_vampire_usage},
{"samsync", "synchronise into the local ldb the sam of an NT4 domain\n", net_samsync_ldb, net_samsync_ldb_usage},
{"user", "manage user accounts\n", net_user, net_user_usage},
- {"machinepw", "Get a machine password out of our SAM\n", net_machinepw, net_machinepw_usage},
+ {"machinepw", "Get a machine password out of our SAM\n", net_machinepw,
+ net_machinepw_usage},
{NULL, NULL, NULL, NULL}
};
diff --git a/source4/utils/net/net_export_keytab.c b/source4/utils/net/net_export_keytab.c
deleted file mode 100644
index 7f13278a9e..0000000000
--- a/source4/utils/net/net_export_keytab.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- Samba Unix/Linux SMB client library
- Distributed SMB/CIFS Server Management Utility
-
- Copyright (C) 2004 Stefan Metzmacher <metze@samba.org>
- Copyright (C) 2005 Andrew Bartlett <abartlet@samba.org>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "utils/net/net.h"
-#include "libnet/libnet.h"
-#include "param/param.h"
-
-static int net_export_keytab_usage(struct net_context *ctx, int argc, const char **argv)
-{
- d_printf("net export keytab <keytab>\n");
- return 0;
-}
-
-static int net_export_keytab_help(struct net_context *ctx, int argc, const char **argv)
-{
- d_printf("Dumps kerberos keys of the domain into a keytab.\n");
- return 0;
-}
-
-static int net_export_keytab(struct net_context *ctx, int argc, const char **argv)
-{
- NTSTATUS status;
- struct libnet_context *libnetctx;
- struct libnet_export_keytab r;
-
- switch (argc) {
- case 0:
- return net_export_keytab_usage(ctx, argc, argv);
- break;
- case 1:
- r.in.keytab_name = argv[0];
- break;
- }
-
- libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
- if (!libnetctx) {
- return -1;
- }
- libnetctx->cred = ctx->credentials;
-
- r.out.error_string = NULL;
-
- status = libnet_export_keytab(libnetctx, ctx, &r);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("libnet_export_keytab returned %s: %s\n",
- nt_errstr(status),
- r.out.error_string));
- return -1;
- }
-
- talloc_free(libnetctx);
-
- return 0;
-}
-
-/* main function table */
-static const struct net_functable net_export_functable[] = {
- {"keytab", "dump keys into a keytab\n", net_export_keytab, net_export_keytab_usage},
- {NULL, NULL, NULL, NULL}
-};
-
-int net_export(struct net_context *ctx, int argc, const char **argv)
-{
- int rc;
-
- switch (argc) {
- case 0:
- rc = net_export_usage(ctx, argc, argv);
- return rc;
- case 1:
- default:
- rc = net_run_function(ctx, argc, argv, net_export_functable,
- net_export_usage);
- return rc;
- }
-
- return 0;
-}
-
-int net_export_usage(struct net_context *ctx, int argc, const char **argv)
-{
- d_printf("net export keytab <keytab>\n");
- return 0;
-}
-
-int net_export_help(struct net_context *ctx, int argc, const char **argv)
-{
- d_printf("Dumps the sam of the domain we are joined to.\n");
- return 0;
-}
-