diff options
-rw-r--r-- | source3/libnet/libnet_dssync_keytab.c | 19 | ||||
-rw-r--r-- | source3/libnet/libnet_keytab.c | 189 | ||||
-rw-r--r-- | source3/libnet/libnet_proto.h | 5 |
3 files changed, 99 insertions, 114 deletions
diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 03d5bf2348..4bd4a79a00 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -113,7 +113,6 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, if (new_utdv) { enum ndr_err_code ndr_err; DATA_BLOB blob; - char *principal; if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(replUpToDateVectorBlob, new_utdv); @@ -136,24 +135,6 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, if (!NT_STATUS_IS_OK(status)) { goto done; } - - principal = talloc_asprintf(mem_ctx, "UTDV/%s@%s", - ctx->nc_dn, ctx->dns_domain_name); - if (!principal) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - ret = libnet_keytab_remove_entries(keytab_ctx, principal, - 0, ENCTYPE_NULL); - if (ret) { - status = krb5_to_nt_status(ret); - ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to remove old UTDV entries from " - "keytab %s: %s", keytab_ctx->keytab_name, - error_message(ret)); - goto done; - } } ret = libnet_keytab_add(keytab_ctx); diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index bc3163d6f6..b427e879c3 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -105,6 +105,97 @@ krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +/** + * Remove all entries that have the given principal, kvno and enctype. + */ +static krb5_error_code libnet_keytab_remove_entries(krb5_context context, + krb5_keytab keytab, + const char *principal, + int kvno, + const krb5_enctype enctype) +{ + krb5_error_code ret; + krb5_kt_cursor cursor; + krb5_keytab_entry kt_entry; + + ZERO_STRUCT(kt_entry); + ZERO_STRUCT(cursor); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) { + return 0; + } + + while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0) + { + char *princ_s = NULL; + + if (kt_entry.vno != kvno) { + goto cont; + } + + if (kt_entry.key.enctype != enctype) { + goto cont; + } + + ret = smb_krb5_unparse_name(context, kt_entry.principal, + &princ_s); + if (ret) { + DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n", + error_message(ret))); + goto cont; + } + + if (strcmp(principal, princ_s) != 0) { + goto cont; + } + + /* match found - remove */ + + DEBUG(10, ("found entry for principal %s, kvno %d, " + "enctype %d - trying to remove it\n", + princ_s, kt_entry.vno, kt_entry.key.enctype)); + + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + ZERO_STRUCT(cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + + ret = krb5_kt_remove_entry(context, keytab, + &kt_entry); + if (ret) { + DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n", + error_message(ret))); + goto cont; + } + DEBUG(10, ("removed entry for principal %s, kvno %d, " + "enctype %d\n", princ_s, kt_entry.vno, + kt_entry.key.enctype)); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + +cont: + smb_krb5_kt_free_entry(context, &kt_entry); + SAFE_FREE(princ_s); + } + + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + } + + return ret; +} + static krb5_error_code libnet_keytab_add_entry(krb5_context context, krb5_keytab keytab, krb5_kvno kvno, @@ -116,6 +207,14 @@ static krb5_error_code libnet_keytab_add_entry(krb5_context context, krb5_keytab_entry kt_entry; krb5_error_code ret; + /* remove duplicates first ... */ + ret = libnet_keytab_remove_entries(context, keytab, princ_s, kvno, + enctype); + if (ret) { + DEBUG(1, ("libnet_keytab_remove_entries failed: %s\n", + error_message(ret))); + } + ZERO_STRUCT(kt_entry); kt_entry.vno = kvno; @@ -278,94 +377,4 @@ cont: return entry; } -/** - * Remove all entries that have the given principal, kvno and enctype. - */ -krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx, - const char *principal, - int kvno, - const krb5_enctype enctype) -{ - krb5_error_code ret; - krb5_kt_cursor cursor; - krb5_keytab_entry kt_entry; - - ZERO_STRUCT(kt_entry); - ZERO_STRUCT(cursor); - - ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); - if (ret) { - return 0; - } - - while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) - { - char *princ_s = NULL; - - if (kt_entry.vno != kvno) { - goto cont; - } - - if (kt_entry.key.enctype != enctype) { - goto cont; - } - - ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, - &princ_s); - if (ret) { - DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n", - error_message(ret))); - goto cont; - } - - if (strcmp(principal, princ_s) != 0) { - goto cont; - } - - /* match found - remove */ - - DEBUG(10, ("found entry for principal %s, kvno %d, " - "enctype %d - trying to remove it\n", - princ_s, kt_entry.vno, kt_entry.key.enctype)); - - ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); - ZERO_STRUCT(cursor); - if (ret) { - DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", - error_message(ret))); - goto cont; - } - - ret = krb5_kt_remove_entry(ctx->context, ctx->keytab, - &kt_entry); - if (ret) { - DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n", - error_message(ret))); - goto cont; - } - DEBUG(10, ("removed entry for principal %s, kvno %d, " - "enctype %d\n", princ_s, kt_entry.vno, - kt_entry.key.enctype)); - - ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); - if (ret) { - DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n", - error_message(ret))); - goto cont; - } - -cont: - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - } - - ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); - if (ret) { - DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", - error_message(ret))); - } - - return ret; -} - #endif /* HAVE_KRB5 */ diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 26ffbfce8c..43046a44c0 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -55,11 +55,6 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c const char *principal, int kvno, const const krb5_enctype enctype, TALLOC_CTX *mem_ctx); - -krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx, - const char *principal, - int kvno, - const krb5_enctype enctype); #endif /* The following definitions come from libnet/libnet_samsync.c */ |