summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libnet/libnet_dssync_keytab.c19
-rw-r--r--source3/libnet/libnet_keytab.c189
-rw-r--r--source3/libnet/libnet_proto.h5
3 files changed, 99 insertions, 114 deletions
diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c
index 03d5bf2348..4bd4a79a00 100644
--- a/source3/libnet/libnet_dssync_keytab.c
+++ b/source3/libnet/libnet_dssync_keytab.c
@@ -113,7 +113,6 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
if (new_utdv) {
enum ndr_err_code ndr_err;
DATA_BLOB blob;
- char *principal;
if (DEBUGLEVEL >= 10) {
NDR_PRINT_DEBUG(replUpToDateVectorBlob, new_utdv);
@@ -136,24 +135,6 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
-
- principal = talloc_asprintf(mem_ctx, "UTDV/%s@%s",
- ctx->nc_dn, ctx->dns_domain_name);
- if (!principal) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- ret = libnet_keytab_remove_entries(keytab_ctx, principal,
- 0, ENCTYPE_NULL);
- if (ret) {
- status = krb5_to_nt_status(ret);
- ctx->error_message = talloc_asprintf(mem_ctx,
- "Failed to remove old UTDV entries from "
- "keytab %s: %s", keytab_ctx->keytab_name,
- error_message(ret));
- goto done;
- }
}
ret = libnet_keytab_add(keytab_ctx);
diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c
index bc3163d6f6..b427e879c3 100644
--- a/source3/libnet/libnet_keytab.c
+++ b/source3/libnet/libnet_keytab.c
@@ -105,6 +105,97 @@ krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx,
/****************************************************************
****************************************************************/
+/**
+ * Remove all entries that have the given principal, kvno and enctype.
+ */
+static krb5_error_code libnet_keytab_remove_entries(krb5_context context,
+ krb5_keytab keytab,
+ const char *principal,
+ int kvno,
+ const krb5_enctype enctype)
+{
+ krb5_error_code ret;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry kt_entry;
+
+ ZERO_STRUCT(kt_entry);
+ ZERO_STRUCT(cursor);
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if (ret) {
+ return 0;
+ }
+
+ while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0)
+ {
+ char *princ_s = NULL;
+
+ if (kt_entry.vno != kvno) {
+ goto cont;
+ }
+
+ if (kt_entry.key.enctype != enctype) {
+ goto cont;
+ }
+
+ ret = smb_krb5_unparse_name(context, kt_entry.principal,
+ &princ_s);
+ if (ret) {
+ DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n",
+ error_message(ret)));
+ goto cont;
+ }
+
+ if (strcmp(principal, princ_s) != 0) {
+ goto cont;
+ }
+
+ /* match found - remove */
+
+ DEBUG(10, ("found entry for principal %s, kvno %d, "
+ "enctype %d - trying to remove it\n",
+ princ_s, kt_entry.vno, kt_entry.key.enctype));
+
+ ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+ ZERO_STRUCT(cursor);
+ if (ret) {
+ DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n",
+ error_message(ret)));
+ goto cont;
+ }
+
+ ret = krb5_kt_remove_entry(context, keytab,
+ &kt_entry);
+ if (ret) {
+ DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n",
+ error_message(ret)));
+ goto cont;
+ }
+ DEBUG(10, ("removed entry for principal %s, kvno %d, "
+ "enctype %d\n", princ_s, kt_entry.vno,
+ kt_entry.key.enctype));
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if (ret) {
+ DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n",
+ error_message(ret)));
+ goto cont;
+ }
+
+cont:
+ smb_krb5_kt_free_entry(context, &kt_entry);
+ SAFE_FREE(princ_s);
+ }
+
+ ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+ if (ret) {
+ DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n",
+ error_message(ret)));
+ }
+
+ return ret;
+}
+
static krb5_error_code libnet_keytab_add_entry(krb5_context context,
krb5_keytab keytab,
krb5_kvno kvno,
@@ -116,6 +207,14 @@ static krb5_error_code libnet_keytab_add_entry(krb5_context context,
krb5_keytab_entry kt_entry;
krb5_error_code ret;
+ /* remove duplicates first ... */
+ ret = libnet_keytab_remove_entries(context, keytab, princ_s, kvno,
+ enctype);
+ if (ret) {
+ DEBUG(1, ("libnet_keytab_remove_entries failed: %s\n",
+ error_message(ret)));
+ }
+
ZERO_STRUCT(kt_entry);
kt_entry.vno = kvno;
@@ -278,94 +377,4 @@ cont:
return entry;
}
-/**
- * Remove all entries that have the given principal, kvno and enctype.
- */
-krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx,
- const char *principal,
- int kvno,
- const krb5_enctype enctype)
-{
- krb5_error_code ret;
- krb5_kt_cursor cursor;
- krb5_keytab_entry kt_entry;
-
- ZERO_STRUCT(kt_entry);
- ZERO_STRUCT(cursor);
-
- ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor);
- if (ret) {
- return 0;
- }
-
- while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0)
- {
- char *princ_s = NULL;
-
- if (kt_entry.vno != kvno) {
- goto cont;
- }
-
- if (kt_entry.key.enctype != enctype) {
- goto cont;
- }
-
- ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal,
- &princ_s);
- if (ret) {
- DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n",
- error_message(ret)));
- goto cont;
- }
-
- if (strcmp(principal, princ_s) != 0) {
- goto cont;
- }
-
- /* match found - remove */
-
- DEBUG(10, ("found entry for principal %s, kvno %d, "
- "enctype %d - trying to remove it\n",
- princ_s, kt_entry.vno, kt_entry.key.enctype));
-
- ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor);
- ZERO_STRUCT(cursor);
- if (ret) {
- DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n",
- error_message(ret)));
- goto cont;
- }
-
- ret = krb5_kt_remove_entry(ctx->context, ctx->keytab,
- &kt_entry);
- if (ret) {
- DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n",
- error_message(ret)));
- goto cont;
- }
- DEBUG(10, ("removed entry for principal %s, kvno %d, "
- "enctype %d\n", princ_s, kt_entry.vno,
- kt_entry.key.enctype));
-
- ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor);
- if (ret) {
- DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n",
- error_message(ret)));
- goto cont;
- }
-
-cont:
- smb_krb5_kt_free_entry(ctx->context, &kt_entry);
- SAFE_FREE(princ_s);
- }
-
- ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor);
- if (ret) {
- DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n",
- error_message(ret)));
- }
-
- return ret;
-}
-
#endif /* HAVE_KRB5 */
diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h
index 26ffbfce8c..43046a44c0 100644
--- a/source3/libnet/libnet_proto.h
+++ b/source3/libnet/libnet_proto.h
@@ -55,11 +55,6 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c
const char *principal, int kvno,
const const krb5_enctype enctype,
TALLOC_CTX *mem_ctx);
-
-krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx,
- const char *principal,
- int kvno,
- const krb5_enctype enctype);
#endif
/* The following definitions come from libnet/libnet_samsync.c */