From f6bc42d80c2e9350ca5ccf46887267d6509a2c76 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 18:05:13 +0200 Subject: dssync keytab: move handling of removal of duplicates to libnet_keytab_add_entry(). This makes libnet_keytab_remove_entries static and moves it up. libnet_keytab_add_entry() now removes the duplicates in advance. No special handling neede for the UTDV - this is also needed for other entries... Michael (This used to be commit 3c463745445f6b64017918f442bf1021be219e83) --- source3/libnet/libnet_keytab.c | 189 +++++++++++++++++++++-------------------- 1 file changed, 99 insertions(+), 90 deletions(-) (limited to 'source3/libnet/libnet_keytab.c') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index bc3163d6f6..b427e879c3 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -105,6 +105,97 @@ krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +/** + * Remove all entries that have the given principal, kvno and enctype. + */ +static krb5_error_code libnet_keytab_remove_entries(krb5_context context, + krb5_keytab keytab, + const char *principal, + int kvno, + const krb5_enctype enctype) +{ + krb5_error_code ret; + krb5_kt_cursor cursor; + krb5_keytab_entry kt_entry; + + ZERO_STRUCT(kt_entry); + ZERO_STRUCT(cursor); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) { + return 0; + } + + while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0) + { + char *princ_s = NULL; + + if (kt_entry.vno != kvno) { + goto cont; + } + + if (kt_entry.key.enctype != enctype) { + goto cont; + } + + ret = smb_krb5_unparse_name(context, kt_entry.principal, + &princ_s); + if (ret) { + DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n", + error_message(ret))); + goto cont; + } + + if (strcmp(principal, princ_s) != 0) { + goto cont; + } + + /* match found - remove */ + + DEBUG(10, ("found entry for principal %s, kvno %d, " + "enctype %d - trying to remove it\n", + princ_s, kt_entry.vno, kt_entry.key.enctype)); + + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + ZERO_STRUCT(cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + + ret = krb5_kt_remove_entry(context, keytab, + &kt_entry); + if (ret) { + DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n", + error_message(ret))); + goto cont; + } + DEBUG(10, ("removed entry for principal %s, kvno %d, " + "enctype %d\n", princ_s, kt_entry.vno, + kt_entry.key.enctype)); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + +cont: + smb_krb5_kt_free_entry(context, &kt_entry); + SAFE_FREE(princ_s); + } + + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + } + + return ret; +} + static krb5_error_code libnet_keytab_add_entry(krb5_context context, krb5_keytab keytab, krb5_kvno kvno, @@ -116,6 +207,14 @@ static krb5_error_code libnet_keytab_add_entry(krb5_context context, krb5_keytab_entry kt_entry; krb5_error_code ret; + /* remove duplicates first ... */ + ret = libnet_keytab_remove_entries(context, keytab, princ_s, kvno, + enctype); + if (ret) { + DEBUG(1, ("libnet_keytab_remove_entries failed: %s\n", + error_message(ret))); + } + ZERO_STRUCT(kt_entry); kt_entry.vno = kvno; @@ -278,94 +377,4 @@ cont: return entry; } -/** - * Remove all entries that have the given principal, kvno and enctype. - */ -krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx, - const char *principal, - int kvno, - const krb5_enctype enctype) -{ - krb5_error_code ret; - krb5_kt_cursor cursor; - krb5_keytab_entry kt_entry; - - ZERO_STRUCT(kt_entry); - ZERO_STRUCT(cursor); - - ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); - if (ret) { - return 0; - } - - while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) - { - char *princ_s = NULL; - - if (kt_entry.vno != kvno) { - goto cont; - } - - if (kt_entry.key.enctype != enctype) { - goto cont; - } - - ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, - &princ_s); - if (ret) { - DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n", - error_message(ret))); - goto cont; - } - - if (strcmp(principal, princ_s) != 0) { - goto cont; - } - - /* match found - remove */ - - DEBUG(10, ("found entry for principal %s, kvno %d, " - "enctype %d - trying to remove it\n", - princ_s, kt_entry.vno, kt_entry.key.enctype)); - - ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); - ZERO_STRUCT(cursor); - if (ret) { - DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", - error_message(ret))); - goto cont; - } - - ret = krb5_kt_remove_entry(ctx->context, ctx->keytab, - &kt_entry); - if (ret) { - DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n", - error_message(ret))); - goto cont; - } - DEBUG(10, ("removed entry for principal %s, kvno %d, " - "enctype %d\n", princ_s, kt_entry.vno, - kt_entry.key.enctype)); - - ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); - if (ret) { - DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n", - error_message(ret))); - goto cont; - } - -cont: - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - } - - ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); - if (ret) { - DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", - error_message(ret))); - } - - return ret; -} - #endif /* HAVE_KRB5 */ -- cgit