summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/credentials/credentials_files.c4
-rw-r--r--source4/auth/credentials/credentials_krb5.c27
-rw-r--r--source4/auth/kerberos/kerberos_util.c58
3 files changed, 45 insertions, 44 deletions
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index 1f7a7cf435..8d84e8cdb5 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -301,13 +301,13 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
* (chewing CPU time) from the password */
keytab = ldb_msg_find_string(msgs[0], "krb5Keytab", NULL);
if (keytab) {
- cli_credentials_set_keytab(cred, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
} else {
keytab = ldb_msg_find_string(msgs[0], "privateKeytab", NULL);
if (keytab) {
keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, keytab));
if (keytab) {
- cli_credentials_set_keytab(cred, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
}
}
}
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index 173739e9b8..5f40ca1046 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -398,7 +398,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
return ENOMEM;
}
- ret = create_memory_keytab(mem_ctx, cred, smb_krb5_context, &ktc);
+ ret = smb_krb5_create_memory_keytab(mem_ctx, cred, smb_krb5_context, &ktc);
if (ret) {
talloc_free(mem_ctx);
return ret;
@@ -417,14 +417,13 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
/* Given the name of a keytab (presumably in the format
* FILE:/etc/krb5.keytab), open it and attach it */
-int cli_credentials_set_keytab(struct cli_credentials *cred,
- const char *keytab_name,
- enum credentials_obtained obtained)
+int cli_credentials_set_keytab_name(struct cli_credentials *cred,
+ const char *keytab_name,
+ enum credentials_obtained obtained)
{
krb5_error_code ret;
struct keytab_container *ktc;
struct smb_krb5_context *smb_krb5_context;
- krb5_keytab keytab;
TALLOC_CTX *mem_ctx;
if (cred->keytab_obtained >= obtained) {
@@ -441,24 +440,12 @@ int cli_credentials_set_keytab(struct cli_credentials *cred,
return ENOMEM;
}
- ret = krb5_kt_resolve(smb_krb5_context->krb5_context, keytab_name, &keytab);
+ ret = smb_krb5_open_keytab(mem_ctx, smb_krb5_context,
+ keytab_name, &ktc);
if (ret) {
- DEBUG(1,("failed to open krb5 keytab: %s\n",
- smb_get_krb5_error_message(smb_krb5_context->krb5_context,
- ret, mem_ctx)));
- talloc_free(mem_ctx);
return ret;
}
- ktc = talloc(mem_ctx, struct keytab_container);
- if (!ktc) {
- talloc_free(mem_ctx);
- return ENOMEM;
- }
-
- ktc->smb_krb5_context = talloc_reference(ktc, smb_krb5_context);
- ktc->keytab = keytab;
-
cred->keytab_obtained = obtained;
talloc_steal(cred, ktc);
@@ -492,7 +479,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred)
return ret;
}
- ret = update_keytab(mem_ctx, cred, smb_krb5_context, ktc);
+ ret = smb_krb5_update_keytab(mem_ctx, cred, smb_krb5_context, ktc);
talloc_free(mem_ctx);
return ret;
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index a9ea6f9db3..d8c650b098 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -226,6 +226,32 @@ static int free_keytab(void *ptr) {
return 0;
}
+int smb_krb5_open_keytab(TALLOC_CTX *mem_ctx,
+ struct smb_krb5_context *smb_krb5_context,
+ const char *keytab_name, struct keytab_container **ktc)
+{
+ krb5_keytab keytab;
+ int ret;
+ ret = krb5_kt_resolve(smb_krb5_context->krb5_context, keytab_name, &keytab);
+ if (ret) {
+ DEBUG(1,("failed to open krb5 keytab: %s\n",
+ smb_get_krb5_error_message(smb_krb5_context->krb5_context,
+ ret, mem_ctx)));
+ return ret;
+ }
+
+ *ktc = talloc(mem_ctx, struct keytab_container);
+ if (!*ktc) {
+ return ENOMEM;
+ }
+
+ (*ktc)->smb_krb5_context = talloc_reference(*ktc, smb_krb5_context);
+ (*ktc)->keytab = keytab;
+ talloc_set_destructor(*ktc, free_keytab);
+
+ return 0;
+}
+
struct enctypes_container {
struct smb_krb5_context *smb_krb5_context;
krb5_enctype *enctypes;
@@ -574,10 +600,10 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx,
return ret;
}
-int update_keytab(TALLOC_CTX *parent_ctx,
- struct cli_credentials *machine_account,
- struct smb_krb5_context *smb_krb5_context,
- struct keytab_container *keytab_container)
+int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
+ struct cli_credentials *machine_account,
+ struct smb_krb5_context *smb_krb5_context,
+ struct keytab_container *keytab_container)
{
krb5_error_code ret;
BOOL found_previous;
@@ -604,16 +630,15 @@ int update_keytab(TALLOC_CTX *parent_ctx,
return ret;
}
-int create_memory_keytab(TALLOC_CTX *parent_ctx,
- struct cli_credentials *machine_account,
- struct smb_krb5_context *smb_krb5_context,
- struct keytab_container **keytab_container)
+int smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx,
+ struct cli_credentials *machine_account,
+ struct smb_krb5_context *smb_krb5_context,
+ struct keytab_container **keytab_container)
{
krb5_error_code ret;
TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
const char *rand_string;
const char *keytab_name;
- krb5_keytab keytab;
if (!mem_ctx) {
return ENOMEM;
}
@@ -633,23 +658,12 @@ int create_memory_keytab(TALLOC_CTX *parent_ctx,
return ENOMEM;
}
- /* Find the keytab */
- ret = krb5_kt_resolve(smb_krb5_context->krb5_context, keytab_name, &keytab);
+ ret = smb_krb5_open_keytab(mem_ctx, smb_krb5_context, keytab_name, keytab_container);
if (ret) {
- DEBUG(1,("failed to resolve keytab: %s: %s\n",
- keytab_name,
- smb_get_krb5_error_message(smb_krb5_context->krb5_context,
- ret, mem_ctx)));
- talloc_free(mem_ctx);
return ret;
}
- (*keytab_container)->smb_krb5_context = talloc_reference(*keytab_container, smb_krb5_context);
- (*keytab_container)->keytab = keytab;
-
- talloc_set_destructor(*keytab_container, free_keytab);
-
- ret = update_keytab(mem_ctx, machine_account, smb_krb5_context, *keytab_container);
+ ret = smb_krb5_update_keytab(mem_ctx, machine_account, smb_krb5_context, *keytab_container);
if (ret == 0) {
talloc_steal(parent_ctx, *keytab_container);
} else {
generated by cgit (git 2.34.1) at 2024-12-12 17:10:19 +0000