From 28d78c40ade22c4b5d445dbe23f18ca210e41f8c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 24 Jan 2006 05:31:08 +0000
Subject: r13107: Follow the lead of Heimdal's kpasswdd and use the HDB
 (hdb-ldb in our case) as the keytab.

This avoids issues in replicated setups, as we will replicate the
kpasswd key correctly (including from windows, which is why I care at
the moment).

Andrew Bartlett
(This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
---
 source4/auth/kerberos/kerberos_util.c     | 4 +++-
 source4/auth/kerberos/krb5_init_context.c | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'source4/auth/kerberos')

diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index ad0e18b2e7..776b591ba4 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -397,9 +397,9 @@ static int create_keytab(TALLOC_CTX *parent_ctx,
 		const struct samr_Password *mach_pwd;
 		mach_pwd = cli_credentials_get_nt_hash(machine_account, mem_ctx);
 		if (!mach_pwd) {
-			talloc_free(mem_ctx);
 			DEBUG(1, ("create_keytab: Domain trust informaton for account %s not available\n",
 				  cli_credentials_get_principal(machine_account, mem_ctx)));
+			talloc_free(mem_ctx);
 			return EINVAL;
 		}
 		ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
@@ -410,6 +410,7 @@ static int create_keytab(TALLOC_CTX *parent_ctx,
 			DEBUG(1, ("create_keytab: krb5_keyblock_init failed: %s\n",
 				  smb_get_krb5_error_message(smb_krb5_context->krb5_context, 
 							     ret, mem_ctx)));
+			talloc_free(mem_ctx);
 			return ret;
 		}
 
@@ -516,6 +517,7 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx,
 	switch (ret) {
 	case 0:
 		break;
+	case HEIM_ERR_OPNOTSUPP:
 	case ENOENT:
 	case KRB5_KT_END:
 		/* no point enumerating if there isn't anything here */
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 8e52ac5e3f..830c803524 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -448,6 +448,8 @@ static void smb_krb5_send_and_recv_close_func(krb5_context context, void *data)
 		return ret;
 	}
 
+	(*smb_krb5_context)->krb5_context->mem_ctx = *smb_krb5_context;
+
 	talloc_steal(parent_ctx, *smb_krb5_context);
 	talloc_free(tmp_ctx);
 
-- 
cgit