From 8b52e2bc63904824022bcd9c51e52209a905b914 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 26 Jun 2008 21:48:41 +0200 Subject: net_vampire: separate keytab code from samsync code. Guenther (This used to be commit 69d8442bf3248f97ad23def424901d7fa87bfe48) --- source3/libnet/libnet_keytab.c | 143 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 source3/libnet/libnet_keytab.c (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c new file mode 100644 index 0000000000..90595e76dd --- /dev/null +++ b/source3/libnet/libnet_keytab.c @@ -0,0 +1,143 @@ +/* + Unix SMB/CIFS implementation. + dump the remote SAM using rpc samsync operations + + Copyright (C) Guenther Deschner 2008. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "libnet/libnet.h" + +#ifdef HAVE_KRB5 + +/**************************************************************** +****************************************************************/ + +static int keytab_close(struct libnet_keytab_context *ctx) +{ + if (!ctx) { + return 0; + } + + if (ctx->keytab && ctx->context) { + krb5_kt_close(ctx->context, ctx->keytab); + } + + if (ctx->context) { + krb5_free_context(ctx->context); + } + + if (ctx->ads) { + ads_destroy(&ctx->ads); + } + + TALLOC_FREE(ctx); + + return 0; +} + +/**************************************************************** +****************************************************************/ + +krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx, + const char *keytab_name, + struct libnet_keytab_context **ctx) +{ + krb5_error_code ret = 0; + krb5_context context = NULL; + krb5_keytab keytab = NULL; + const char *keytab_string = NULL; + + struct libnet_keytab_context *r; + + r = TALLOC_ZERO_P(mem_ctx, struct libnet_keytab_context); + if (!r) { + return ENOMEM; + } + + talloc_set_destructor(r, keytab_close); + + initialize_krb5_error_table(); + ret = krb5_init_context(&context); + if (ret) { + DEBUG(1,("keytab_init: could not krb5_init_context: %s\n", + error_message(ret))); + return ret; + } + + ret = smb_krb5_open_keytab(context, keytab_name, true, &keytab); + if (ret) { + DEBUG(1,("keytab_init: smb_krb5_open_keytab failed (%s)\n", + error_message(ret))); + krb5_free_context(context); + return ret; + } + + ret = smb_krb5_keytab_name(mem_ctx, context, keytab, &keytab_string); + if (ret) { + krb5_kt_close(context, keytab); + krb5_free_context(context); + return ret; + } + + r->context = context; + r->keytab = keytab; + r->keytab_name = keytab_string; + + *ctx = r; + + return 0; +} + +/**************************************************************** +****************************************************************/ + +krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) +{ +#if defined(ENCTYPE_ARCFOUR_HMAC) + krb5_error_code ret = 0; + krb5_enctype enctypes[2] = { ENCTYPE_ARCFOUR_HMAC, 0 }; + int i; + + for (i=0; icount; i++) { + + struct libnet_keytab_entry *entry = &ctx->entries[i]; + krb5_data password; + + password.data = (char *)entry->password.data; + password.length = entry->password.length; + + ret = smb_krb5_kt_add_entry(ctx->context, + ctx->keytab, + entry->kvno, + entry->principal, + enctypes, + password, + true); + if (ret) { + DEBUG(1,("libnet_keytab_add: " + "Failed to add entry to keytab file\n")); + return ret; + } + } + + return ret; +#else + return -1; +#endif /* defined(ENCTYPE_ARCFOUR_HMAC) */ +} + +#endif /* HAVE_KRB5 */ -- cgit From 52635c6f58edaa0e948851fd3f06b95d05ab10a4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 30 Jun 2008 10:29:15 +0200 Subject: kerberos: rename smb_krb5_kt_add_entry to smb_krb5_kt_add_entry_ext. Guenther (This used to be commit 48600a0019d70d22574cf08e8fe19d44cc332a0f) --- source3/libnet/libnet_keytab.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 90595e76dd..faa491471e 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -120,13 +120,13 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) password.data = (char *)entry->password.data; password.length = entry->password.length; - ret = smb_krb5_kt_add_entry(ctx->context, - ctx->keytab, - entry->kvno, - entry->principal, - enctypes, - password, - true); + ret = smb_krb5_kt_add_entry_ext(ctx->context, + ctx->keytab, + entry->kvno, + entry->principal, + enctypes, + password, + true); if (ret) { DEBUG(1,("libnet_keytab_add: " "Failed to add entry to keytab file\n")); -- cgit From 16e44ee1126a5126346689785d240ac37a32fad7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 30 Jun 2008 10:32:15 +0200 Subject: kerberos: allow to keep entries with old kvno's while creating keytab. Guenther (This used to be commit 6194244bd9fcc1fb736f3d91433f107270cac1c9) --- source3/libnet/libnet_keytab.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index faa491471e..02c2b6f761 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -126,6 +126,7 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) entry->principal, enctypes, password, + true, true); if (ret) { DEBUG(1,("libnet_keytab_add: " -- cgit From 54d6ae09e268e169ee7f0f5ab02a465b030f4ba4 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 17 Jul 2008 00:53:13 +0200 Subject: libnet_keytab: add a libnet_keytab_search() function that searches and fetches an entry from a keytab file by principal and kvno. This code is by metze. Michael (This used to be commit a51a60066b6703fc4e5db3536903abf1cdaca885) --- source3/libnet/libnet_keytab.c | 77 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 02c2b6f761..cec39273e3 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -141,4 +141,81 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) #endif /* defined(ENCTYPE_ARCFOUR_HMAC) */ } +struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx, + const char *principal, int kvno, + TALLOC_CTX *mem_ctx) +{ + krb5_error_code ret = 0; + krb5_kt_cursor cursor; + krb5_keytab_entry kt_entry; + struct libnet_keytab_entry *entry = NULL; + + ZERO_STRUCT(kt_entry); + ZERO_STRUCT(cursor); + + ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); + if (ret) { + return NULL; + } + + while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) { + char *princ_s = NULL; + + if (kt_entry.vno != kvno) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + continue; + } + + ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, &princ_s); + if (ret) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + continue; + } + + if (strcmp(principal, princ_s) != 0) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + continue; + } + + entry = talloc_zero(mem_ctx, struct libnet_keytab_entry); + if (!entry) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + break; + } + + entry->name = talloc_strdup(entry, princ_s); + if (!entry->name) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + TALLOC_FREE(entry); + break; + } + + entry->principal = talloc_strdup(entry, princ_s); + if (!entry->principal) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + TALLOC_FREE(entry); + break; + } + + entry->password = data_blob_talloc(entry, kt_entry.key.contents, kt_entry.key.length); + if (!entry->password.data) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + TALLOC_FREE(entry); + break; + } + + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + break; + } + + krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); + return entry; +} + #endif /* HAVE_KRB5 */ -- cgit From 18976c0129239b5352fca5e8c7e0e61b2cb5d0bf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 10:16:37 +0200 Subject: libnet keytab: add enctype parameter to libnet_keytab_search(). Not really used yet. Note: callers use ENCTYPE_ARCFOUR_HMAC enctype for UTDV (for now). This is what is currently stored. This is to be changed to ENCTYPE_NULL. Michael (This used to be commit cb91d07413430e0e0a16846d2c44aae8c165400e) --- source3/libnet/libnet_keytab.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index cec39273e3..e51cd05572 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -143,6 +143,7 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx, const char *principal, int kvno, + const krb5_enctype enctype, TALLOC_CTX *mem_ctx) { krb5_error_code ret = 0; -- cgit From 0f94a385807d7d018eaa97178d06fca4a5ad98cf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 13:32:17 +0200 Subject: libnet keytab: test for matching enctype in libnet_keytab_search(). Michael (This used to be commit 484b35f319178f360e406a1bc725dca2e9d95ee3) --- source3/libnet/libnet_keytab.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index e51cd05572..cc51c29326 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -167,6 +167,11 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c continue; } + if (kt_entry.key.enctype != enctype) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + continue; + } + ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, &princ_s); if (ret) { smb_krb5_kt_free_entry(ctx->context, &kt_entry); -- cgit From 3fa9e5fdd45f4554e24f90f316dba55b7a787e0f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 14:39:40 +0200 Subject: libnet_keytab: cleanup libnet_keytab_search(). Michael (This used to be commit 344428d96c9be87eae1d715a8b8fcd6ad02142f8) --- source3/libnet/libnet_keytab.c | 55 +++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 28 deletions(-) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index cc51c29326..175d243705 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -142,7 +142,8 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) } struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx, - const char *principal, int kvno, + const char *principal, + int kvno, const krb5_enctype enctype, TALLOC_CTX *mem_ctx) { @@ -159,65 +160,63 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c return NULL; } - while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) { + while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) + { char *princ_s = NULL; if (kt_entry.vno != kvno) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - continue; + goto cont; } if (kt_entry.key.enctype != enctype) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - continue; + goto cont; } - ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, &princ_s); + ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, + &princ_s); if (ret) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - continue; + goto cont; } if (strcmp(principal, princ_s) != 0) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - continue; + goto cont; } entry = talloc_zero(mem_ctx, struct libnet_keytab_entry); if (!entry) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - break; + goto fail; } entry->name = talloc_strdup(entry, princ_s); if (!entry->name) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - TALLOC_FREE(entry); - break; + goto fail; } entry->principal = talloc_strdup(entry, princ_s); if (!entry->principal) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - TALLOC_FREE(entry); - break; + goto fail; } - entry->password = data_blob_talloc(entry, kt_entry.key.contents, kt_entry.key.length); + entry->password = data_blob_talloc(entry, kt_entry.key.contents, + kt_entry.key.length); if (!entry->password.data) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - TALLOC_FREE(entry); - break; + goto fail; } smb_krb5_kt_free_entry(ctx->context, &kt_entry); SAFE_FREE(princ_s); break; + +fail: + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + TALLOC_FREE(entry); + break; + +cont: + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + continue; } krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); -- cgit From 7205dd5d12476c265bb8cec26df78a531d750db6 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 22 Jul 2008 11:39:01 +0200 Subject: libnet keytab: add function libnet_keytab_remove_entries(). This can be used to remove entries of given principal, kvno and enctype. Michael (This used to be commit a6f61c05b270c82f4bfce8a6850f81a09ad29087) --- source3/libnet/libnet_keytab.c | 90 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 175d243705..a748599c78 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -223,4 +223,94 @@ cont: return entry; } +/** + * Remove all entries that have the given principal, kvno and enctype. + */ +krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx, + const char *principal, + int kvno, + const krb5_enctype enctype) +{ + krb5_error_code ret; + krb5_kt_cursor cursor; + krb5_keytab_entry kt_entry; + + ZERO_STRUCT(kt_entry); + ZERO_STRUCT(cursor); + + ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); + if (ret) { + return 0; + } + + while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) + { + char *princ_s = NULL; + + if (kt_entry.vno != kvno) { + goto cont; + } + + if (kt_entry.key.enctype != enctype) { + goto cont; + } + + ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, + &princ_s); + if (ret) { + DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n", + error_message(ret))); + goto cont; + } + + if (strcmp(principal, princ_s) != 0) { + goto cont; + } + + /* match found - remove */ + + DEBUG(10, ("found entry for principal %s, kvno %d, " + "enctype %d - trying to remove it\n", + princ_s, kt_entry.vno, kt_entry.key.enctype)); + + ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); + ZERO_STRUCT(cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + + ret = krb5_kt_remove_entry(ctx->context, ctx->keytab, + &kt_entry); + if (ret) { + DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n", + error_message(ret))); + goto cont; + } + DEBUG(10, ("removed entry for principal %s, kvno %d, " + "enctype %d\n", princ_s, kt_entry.vno, + kt_entry.key.enctype)); + + ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + +cont: + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + } + + ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + } + + return ret; +} + #endif /* HAVE_KRB5 */ -- cgit From ca0cbabd36f894f94bdc0d95c670a6710906f9ac Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 15:19:18 +0200 Subject: libnet keytab: add function libnet_keytab_add_entry() This is a stripped down version of smb_krb5_kt_add_entry() that takes one explicit enctype instead of an array. And it does not neither salting of keys nor cleanup of old entries. Michael (This used to be commit c83e54f1eb3021d13fb0a3c3f6b556a338d2a8c3) --- source3/libnet/libnet_keytab.c | 54 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index a748599c78..0b8327c38f 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -105,6 +105,60 @@ krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static krb5_error_code libnet_keytab_add_entry(krb5_context context, + krb5_keytab keytab, + krb5_kvno kvno, + const char *princ_s, + krb5_enctype enctype, + krb5_data password) +{ + krb5_keyblock *keyp; + krb5_keytab_entry kt_entry; + krb5_error_code ret; + + ZERO_STRUCT(kt_entry); + + kt_entry.vno = kvno; + + ret = smb_krb5_parse_name(context, princ_s, &kt_entry.principal); + if (ret) { + DEBUG(1, ("smb_krb5_parse_name(%s) failed (%s)\n", + princ_s, error_message(ret))); + return ret; + } + +#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) +#error krb5_keytab_entry has no key or keyblock member +#endif +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ + keyp = &kt_entry.key; +#endif +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ + keyp = &kt_entry.keyblock; +#endif + + if (create_kerberos_key_from_string(context, kt_entry.principal, + &password, keyp, enctype, true)) + { + ret = KRB5KRB_ERR_GENERIC; + goto done; + } + + ret = krb5_kt_add_entry(context, keytab, &kt_entry); + if (ret) { + DEBUG(1, ("adding entry to keytab failed (%s)\n", + error_message(ret))); + } + +done: + krb5_free_keyblock_contents(context, keyp); + krb5_free_principal(context, kt_entry.principal); + ZERO_STRUCT(kt_entry); + smb_krb5_kt_free_entry(context, &kt_entry); + + return ret; +} + krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) { #if defined(ENCTYPE_ARCFOUR_HMAC) -- cgit From ea8129b5f025050620ec6338cdaf369df69d729c Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 15:21:30 +0200 Subject: libnet keytab: use libnet_keytab_add_entry() in libnet_keytab_add(). This will in particular allow us to store ENCTYPE_NULL. Michael (This used to be commit 85c7e3ae29a6f25ed0b6917ff73baea9c6c905c6) --- source3/libnet/libnet_keytab.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 0b8327c38f..6fe718bb81 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -161,9 +161,7 @@ done: krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) { -#if defined(ENCTYPE_ARCFOUR_HMAC) krb5_error_code ret = 0; - krb5_enctype enctypes[2] = { ENCTYPE_ARCFOUR_HMAC, 0 }; int i; for (i=0; icount; i++) { @@ -174,14 +172,12 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) password.data = (char *)entry->password.data; password.length = entry->password.length; - ret = smb_krb5_kt_add_entry_ext(ctx->context, - ctx->keytab, - entry->kvno, - entry->principal, - enctypes, - password, - true, - true); + ret = libnet_keytab_add_entry(ctx->context, + ctx->keytab, + entry->kvno, + entry->principal, + entry->enctype, + password); if (ret) { DEBUG(1,("libnet_keytab_add: " "Failed to add entry to keytab file\n")); @@ -190,9 +186,6 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) } return ret; -#else - return -1; -#endif /* defined(ENCTYPE_ARCFOUR_HMAC) */ } struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx, -- cgit From a6e5a5d71440ff6b66d49abb92200ef30dda9790 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 17:54:01 +0200 Subject: libnet_keytab: add some debug statements to libnet_keytab_search(). Michael (This used to be commit d3354c3516b56f254583f3dd065302b27d02af2b) --- source3/libnet/libnet_keytab.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 6fe718bb81..bc3163d6f6 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -204,6 +204,8 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); if (ret) { + DEBUG(10, ("krb5_kt_start_seq_get failed: %s", + error_message(ret))); return NULL; } @@ -231,25 +233,31 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c entry = talloc_zero(mem_ctx, struct libnet_keytab_entry); if (!entry) { + DEBUG(3, ("talloc failed\n")); goto fail; } entry->name = talloc_strdup(entry, princ_s); if (!entry->name) { + DEBUG(3, ("talloc_strdup_failed\n")); goto fail; } entry->principal = talloc_strdup(entry, princ_s); if (!entry->principal) { + DEBUG(3, ("talloc_strdup_failed\n")); goto fail; } entry->password = data_blob_talloc(entry, kt_entry.key.contents, kt_entry.key.length); if (!entry->password.data) { + DEBUG(3, ("data_blob_talloc failed\n")); goto fail; } + DEBUG(10, ("found entry\n")); + smb_krb5_kt_free_entry(ctx->context, &kt_entry); SAFE_FREE(princ_s); break; -- cgit From f6bc42d80c2e9350ca5ccf46887267d6509a2c76 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 18:05:13 +0200 Subject: dssync keytab: move handling of removal of duplicates to libnet_keytab_add_entry(). This makes libnet_keytab_remove_entries static and moves it up. libnet_keytab_add_entry() now removes the duplicates in advance. No special handling neede for the UTDV - this is also needed for other entries... Michael (This used to be commit 3c463745445f6b64017918f442bf1021be219e83) --- source3/libnet/libnet_keytab.c | 189 +++++++++++++++++++++-------------------- 1 file changed, 99 insertions(+), 90 deletions(-) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index bc3163d6f6..b427e879c3 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -105,6 +105,97 @@ krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +/** + * Remove all entries that have the given principal, kvno and enctype. + */ +static krb5_error_code libnet_keytab_remove_entries(krb5_context context, + krb5_keytab keytab, + const char *principal, + int kvno, + const krb5_enctype enctype) +{ + krb5_error_code ret; + krb5_kt_cursor cursor; + krb5_keytab_entry kt_entry; + + ZERO_STRUCT(kt_entry); + ZERO_STRUCT(cursor); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) { + return 0; + } + + while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0) + { + char *princ_s = NULL; + + if (kt_entry.vno != kvno) { + goto cont; + } + + if (kt_entry.key.enctype != enctype) { + goto cont; + } + + ret = smb_krb5_unparse_name(context, kt_entry.principal, + &princ_s); + if (ret) { + DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n", + error_message(ret))); + goto cont; + } + + if (strcmp(principal, princ_s) != 0) { + goto cont; + } + + /* match found - remove */ + + DEBUG(10, ("found entry for principal %s, kvno %d, " + "enctype %d - trying to remove it\n", + princ_s, kt_entry.vno, kt_entry.key.enctype)); + + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + ZERO_STRUCT(cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + + ret = krb5_kt_remove_entry(context, keytab, + &kt_entry); + if (ret) { + DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n", + error_message(ret))); + goto cont; + } + DEBUG(10, ("removed entry for principal %s, kvno %d, " + "enctype %d\n", princ_s, kt_entry.vno, + kt_entry.key.enctype)); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + +cont: + smb_krb5_kt_free_entry(context, &kt_entry); + SAFE_FREE(princ_s); + } + + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + } + + return ret; +} + static krb5_error_code libnet_keytab_add_entry(krb5_context context, krb5_keytab keytab, krb5_kvno kvno, @@ -116,6 +207,14 @@ static krb5_error_code libnet_keytab_add_entry(krb5_context context, krb5_keytab_entry kt_entry; krb5_error_code ret; + /* remove duplicates first ... */ + ret = libnet_keytab_remove_entries(context, keytab, princ_s, kvno, + enctype); + if (ret) { + DEBUG(1, ("libnet_keytab_remove_entries failed: %s\n", + error_message(ret))); + } + ZERO_STRUCT(kt_entry); kt_entry.vno = kvno; @@ -278,94 +377,4 @@ cont: return entry; } -/** - * Remove all entries that have the given principal, kvno and enctype. - */ -krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx, - const char *principal, - int kvno, - const krb5_enctype enctype) -{ - krb5_error_code ret; - krb5_kt_cursor cursor; - krb5_keytab_entry kt_entry; - - ZERO_STRUCT(kt_entry); - ZERO_STRUCT(cursor); - - ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); - if (ret) { - return 0; - } - - while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) - { - char *princ_s = NULL; - - if (kt_entry.vno != kvno) { - goto cont; - } - - if (kt_entry.key.enctype != enctype) { - goto cont; - } - - ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, - &princ_s); - if (ret) { - DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n", - error_message(ret))); - goto cont; - } - - if (strcmp(principal, princ_s) != 0) { - goto cont; - } - - /* match found - remove */ - - DEBUG(10, ("found entry for principal %s, kvno %d, " - "enctype %d - trying to remove it\n", - princ_s, kt_entry.vno, kt_entry.key.enctype)); - - ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); - ZERO_STRUCT(cursor); - if (ret) { - DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", - error_message(ret))); - goto cont; - } - - ret = krb5_kt_remove_entry(ctx->context, ctx->keytab, - &kt_entry); - if (ret) { - DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n", - error_message(ret))); - goto cont; - } - DEBUG(10, ("removed entry for principal %s, kvno %d, " - "enctype %d\n", princ_s, kt_entry.vno, - kt_entry.key.enctype)); - - ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); - if (ret) { - DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n", - error_message(ret))); - goto cont; - } - -cont: - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - } - - ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); - if (ret) { - DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", - error_message(ret))); - } - - return ret; -} - #endif /* HAVE_KRB5 */ -- cgit From 134d8319c92436efa2e581e62d5ad4e8e1ef1d18 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 31 Jul 2008 23:15:35 +0200 Subject: libnet keytab: use proper counter type (uint32_t) in libnet_keytab_add(). Michael (This used to be commit d0bd9195f04ae0f45c2e571d31625b31347f13e9) --- source3/libnet/libnet_keytab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index b427e879c3..230a4a21f8 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -261,7 +261,7 @@ done: krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) { krb5_error_code ret = 0; - int i; + uint32_t i; for (i=0; icount; i++) { -- cgit From 18573c3e1fba45cd5f8ae3f3e2634d2a1efdf3e3 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 00:03:10 +0200 Subject: libnet keytab: add flag clean_old_entries to libnet_keytab_context. Michael (This used to be commit f40eb8cc20a297c57f6db22e0c2457ce7425d00c) --- source3/libnet/libnet_keytab.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 230a4a21f8..ffff0f59ab 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -96,6 +96,7 @@ krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx, r->context = context; r->keytab = keytab; r->keytab_name = keytab_string; + r->clean_old_entries = false; *ctx = r; -- cgit From 8876d793110262625adefe91efdd835119979e5e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 00:05:42 +0200 Subject: libnet keytab: add parameter ingnore_kvno to libnet_keytab_remove_entries() to allow for removing all entries with given principal and enctype without repecting the kvno (i.e. cleaning "old" entries...) This is called with ignore_kvno == false from libnet_keytab_add_entry() to keep the original behaviour. Michael (This used to be commit 6047f7b68548b33a2c132fc4333355a2c6abb19a) --- source3/libnet/libnet_keytab.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index ffff0f59ab..87d83fc46e 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -113,7 +113,8 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, krb5_keytab keytab, const char *principal, int kvno, - const krb5_enctype enctype) + const krb5_enctype enctype, + bool ignore_kvno) { krb5_error_code ret; krb5_kt_cursor cursor; @@ -131,7 +132,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, { char *princ_s = NULL; - if (kt_entry.vno != kvno) { + if (kt_entry.vno != kvno && !ignore_kvno) { goto cont; } @@ -210,7 +211,7 @@ static krb5_error_code libnet_keytab_add_entry(krb5_context context, /* remove duplicates first ... */ ret = libnet_keytab_remove_entries(context, keytab, princ_s, kvno, - enctype); + enctype, false); if (ret) { DEBUG(1, ("libnet_keytab_remove_entries failed: %s\n", error_message(ret))); -- cgit From 52fee9c87ac26fe2bcf4b4795b2c380cf7543c0f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 00:07:40 +0200 Subject: libnet keytab: implement cleaning of old entries in libnet_keytab_add(). Triggered by the flag clean_old_entries from the libnet_keytab_contex (unused yet...). Michael (This used to be commit a5f4e3ad95c26064881918f3866efa7556055a8f) --- source3/libnet/libnet_keytab.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 87d83fc46e..23eedafe2b 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -265,6 +265,28 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) krb5_error_code ret = 0; uint32_t i; + + if (ctx->clean_old_entries) { + DEBUG(0, ("cleaning old entries...\n")); + for (i=0; i < ctx->count; i++) { + struct libnet_keytab_entry *entry = &ctx->entries[i]; + + ret = libnet_keytab_remove_entries(ctx->context, + ctx->keytab, + entry->principal, + 0, + entry->enctype, + true); + if (ret) { + DEBUG(1,("libnet_keytab_add: Failed to remove " + "old entries for %s (enctype %u): %s\n", + entry->principal, entry->enctype, + error_message(ret))); + return ret; + } + } + } + for (i=0; icount; i++) { struct libnet_keytab_entry *entry = &ctx->entries[i]; -- cgit From a5d4b540e27bc716efa2f72a6013ab841eeca140 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 14:26:46 +0200 Subject: libnet dssync: add my C after dssync keytab changes. Michael (This used to be commit 9391aec8d4600c685b14d3cd1624f8758f2cc80d) --- source3/libnet/libnet_keytab.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 23eedafe2b..08951c553e 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -3,6 +3,7 @@ dump the remote SAM using rpc samsync operations Copyright (C) Guenther Deschner 2008. + Copyright (C) Michael Adam 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- cgit From d8ae40aa3c565d8e0aa5acfe3f9e58434ce74684 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 4 Aug 2008 14:28:02 +0200 Subject: libnet_keytab: fix the build with heimdal metze (This used to be commit ba18af00cc79a4e92372d3c1151061f200bc0655) --- source3/libnet/libnet_keytab.c | 44 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 08951c553e..836cf6ed23 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -24,6 +24,16 @@ #ifdef HAVE_KRB5 +#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ +#define KRB5_KEY_TYPE(k) ((k)->keytype) +#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) +#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) +#else /* MIT */ +#define KRB5_KEY_TYPE(k) ((k)->enctype) +#define KRB5_KEY_LENGTH(k) ((k)->length) +#define KRB5_KEY_DATA(k) ((k)->contents) +#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */ + /**************************************************************** ****************************************************************/ @@ -131,13 +141,24 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0) { + krb5_keyblock *keyp; char *princ_s = NULL; if (kt_entry.vno != kvno && !ignore_kvno) { goto cont; } - if (kt_entry.key.enctype != enctype) { +#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) +#error krb5_keytab_entry has no key or keyblock member +#endif +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ + keyp = &kt_entry.key; +#endif +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ + keyp = &kt_entry.keyblock; +#endif + + if (KRB5_KEY_TYPE(keyp) != enctype) { goto cont; } @@ -157,7 +178,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, DEBUG(10, ("found entry for principal %s, kvno %d, " "enctype %d - trying to remove it\n", - princ_s, kt_entry.vno, kt_entry.key.enctype)); + princ_s, kt_entry.vno, KRB5_KEY_TYPE(keyp))); ret = krb5_kt_end_seq_get(context, keytab, &cursor); ZERO_STRUCT(cursor); @@ -176,7 +197,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, } DEBUG(10, ("removed entry for principal %s, kvno %d, " "enctype %d\n", princ_s, kt_entry.vno, - kt_entry.key.enctype)); + KRB5_KEY_TYPE(keyp))); ret = krb5_kt_start_seq_get(context, keytab, &cursor); if (ret) { @@ -335,13 +356,24 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) { + krb5_keyblock *keyp; char *princ_s = NULL; if (kt_entry.vno != kvno) { goto cont; } - if (kt_entry.key.enctype != enctype) { +#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) +#error krb5_keytab_entry has no key or keyblock member +#endif +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ + keyp = &kt_entry.key; +#endif +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ + keyp = &kt_entry.keyblock; +#endif + + if (KRB5_KEY_TYPE(keyp) != enctype) { goto cont; } @@ -373,8 +405,8 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c goto fail; } - entry->password = data_blob_talloc(entry, kt_entry.key.contents, - kt_entry.key.length); + entry->password = data_blob_talloc(entry, KRB5_KEY_DATA(keyp), + KRB5_KEY_LENGTH(keyp)); if (!entry->password.data) { DEBUG(3, ("data_blob_talloc failed\n")); goto fail; -- cgit From 3907392459533832ada823e614154951365348ee Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 7 Aug 2008 17:49:19 -0700 Subject: Fix "might be used uninitialized" warnings. Jeremy. (This used to be commit 5abd12eec1c9b6d30af5ec1ba16c0922e78d5bea) --- source3/libnet/libnet_keytab.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 836cf6ed23..6447183958 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -314,6 +314,7 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) struct libnet_keytab_entry *entry = &ctx->entries[i]; krb5_data password; + ZERO_STRUCT(password); password.data = (char *)entry->password.data; password.length = entry->password.length; -- cgit From 0380fe9d823d6219441050a9b7298bf039b20742 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 22 Aug 2008 16:08:00 +0200 Subject: kerberos: move the KRB5_KEY* macros to header file. Guenther (This used to be commit c28fa17ffffee3e6fd4897c9c6b4937388a19600) --- source3/libnet/libnet_keytab.c | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 6447183958..a4555239da 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -24,16 +24,6 @@ #ifdef HAVE_KRB5 -#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ -#define KRB5_KEY_TYPE(k) ((k)->keytype) -#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) -#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) -#else /* MIT */ -#define KRB5_KEY_TYPE(k) ((k)->enctype) -#define KRB5_KEY_LENGTH(k) ((k)->length) -#define KRB5_KEY_DATA(k) ((k)->contents) -#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */ - /**************************************************************** ****************************************************************/ -- cgit From bff20e14c38d7139033127182b76aa24e471b581 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 22 Aug 2008 14:58:01 +0200 Subject: kerberos: use KRB5_KT_KEY macro where appropriate. Guenther (This used to be commit a042dffd7121bda3dbc9509f69fcfae06ed4cc22) --- source3/libnet/libnet_keytab.c | 30 +++--------------------------- 1 file changed, 3 insertions(+), 27 deletions(-) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index a4555239da..46c17b219c 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -138,15 +138,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, goto cont; } -#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) -#error krb5_keytab_entry has no key or keyblock member -#endif -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ - keyp = &kt_entry.key; -#endif -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ - keyp = &kt_entry.keyblock; -#endif + keyp = KRB5_KT_KEY(&kt_entry); if (KRB5_KEY_TYPE(keyp) != enctype) { goto cont; @@ -240,15 +232,7 @@ static krb5_error_code libnet_keytab_add_entry(krb5_context context, return ret; } -#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) -#error krb5_keytab_entry has no key or keyblock member -#endif -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ - keyp = &kt_entry.key; -#endif -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ - keyp = &kt_entry.keyblock; -#endif + keyp = KRB5_KT_KEY(&kt_entry); if (create_kerberos_key_from_string(context, kt_entry.principal, &password, keyp, enctype, true)) @@ -354,15 +338,7 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c goto cont; } -#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) -#error krb5_keytab_entry has no key or keyblock member -#endif -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ - keyp = &kt_entry.key; -#endif -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ - keyp = &kt_entry.keyblock; -#endif + keyp = KRB5_KT_KEY(&kt_entry); if (KRB5_KEY_TYPE(keyp) != enctype) { goto cont; -- cgit