diff options
Diffstat (limited to 'source3/libads')
-rw-r--r-- | source3/libads/kerberos.c | 140 | ||||
-rw-r--r-- | source3/libads/kerberos_proto.h | 3 |
2 files changed, 0 insertions, 143 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index a43c7b167c..f1df31ca4f 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -424,146 +424,6 @@ char* kerberos_secrets_fetch_des_salt( void ) } /************************************************************************ - Routine to get the default realm from the kerberos credentials cache. - Caller must free if the return value is not NULL. -************************************************************************/ - -char *kerberos_get_default_realm_from_ccache(TALLOC_CTX *mem_ctx) -{ - char *realm = NULL; - krb5_context ctx = NULL; - krb5_ccache cc = NULL; - krb5_principal princ = NULL; - - initialize_krb5_error_table(); - if (krb5_init_context(&ctx)) { - return NULL; - } - - DEBUG(5,("kerberos_get_default_realm_from_ccache: " - "Trying to read krb5 cache: %s\n", - krb5_cc_default_name(ctx))); - if (krb5_cc_default(ctx, &cc)) { - DEBUG(0,("kerberos_get_default_realm_from_ccache: " - "failed to read default cache\n")); - goto out; - } - if (krb5_cc_get_principal(ctx, cc, &princ)) { - DEBUG(0,("kerberos_get_default_realm_from_ccache: " - "failed to get default principal\n")); - goto out; - } - -#if defined(HAVE_KRB5_PRINCIPAL_GET_REALM) - realm = talloc_strdup(mem_ctx, krb5_principal_get_realm(ctx, princ)); -#elif defined(HAVE_KRB5_PRINC_REALM) - { - krb5_data *realm_data = krb5_princ_realm(ctx, princ); - realm = talloc_strndup(mem_ctx, realm_data->data, realm_data->length); - } -#endif - - out: - - if (ctx) { - if (princ) { - krb5_free_principal(ctx, princ); - } - if (cc) { - krb5_cc_close(ctx, cc); - } - krb5_free_context(ctx); - } - - return realm; -} - -/************************************************************************ - Routine to get the realm from a given DNS name. -************************************************************************/ - -char *kerberos_get_realm_from_hostname(TALLOC_CTX *mem_ctx, const char *hostname) -{ -#if defined(HAVE_KRB5_REALM_TYPE) - /* Heimdal. */ - krb5_realm *realm_list = NULL; -#else - /* MIT */ - char **realm_list = NULL; -#endif - char *realm = NULL; - krb5_error_code kerr; - krb5_context ctx = NULL; - - initialize_krb5_error_table(); - if (krb5_init_context(&ctx)) { - return NULL; - } - - kerr = krb5_get_host_realm(ctx, hostname, &realm_list); - if (kerr != 0) { - DEBUG(3,("kerberos_get_realm_from_hostname %s: " - "failed %s\n", - hostname ? hostname : "(NULL)", - error_message(kerr) )); - goto out; - } - - if (realm_list && realm_list[0]) { - realm = talloc_strdup(mem_ctx, realm_list[0]); - } - - out: - - if (ctx) { - if (realm_list) { - krb5_free_host_realm(ctx, realm_list); - realm_list = NULL; - } - krb5_free_context(ctx); - ctx = NULL; - } - return realm; -} - -char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx, - const char *service, - const char *remote_name) -{ - char *realm = NULL; - char *host = NULL; - char *principal; - host = strchr_m(remote_name, '.'); - if (host) { - /* DNS name. */ - realm = kerberos_get_realm_from_hostname(talloc_tos(), remote_name); - } else { - /* NetBIOS name - use our realm. */ - realm = kerberos_get_default_realm_from_ccache(talloc_tos()); - } - - if (realm == NULL || *realm == '\0') { - realm = talloc_strdup(talloc_tos(), lp_realm()); - if (!realm) { - return NULL; - } - DEBUG(3,("kerberos_get_principal_from_service_hostname: " - "cannot get realm from, " - "desthost %s or default ccache. Using default " - "smb.conf realm %s\n", - remote_name, - realm)); - } - - principal = talloc_asprintf(mem_ctx, - "%s/%s@%s", - service, remote_name, - realm); - TALLOC_FREE(realm); - return principal; -} - -/************************************************************************ Routine to get the salting principal for this service. This is maintained for backwards compatibilty with releases prior to 3.0.24. Since we store the salting principal string only at join, we may have diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h index 6a7811d652..50c56dc081 100644 --- a/source3/libads/kerberos_proto.h +++ b/source3/libads/kerberos_proto.h @@ -52,9 +52,6 @@ bool kerberos_secrets_store_des_salt( const char* salt ); char* kerberos_secrets_fetch_des_salt( void ); char *kerberos_get_default_realm_from_ccache(TALLOC_CTX *mem_ctx); char *kerberos_get_realm_from_hostname(TALLOC_CTX *mem_ctx, const char *hostname); -char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx, - const char *service, - const char *remote_name); bool kerberos_secrets_store_salting_principal(const char *service, int enctype, |