summaryrefslogtreecommitdiff
path: root/source/libads/kerberos_keytab.c
diff options
context:
space:
mode:
Diffstat (limited to 'source/libads/kerberos_keytab.c')
-rw-r--r--source/libads/kerberos_keytab.c83
1 files changed, 35 insertions, 48 deletions
diff --git a/source/libads/kerberos_keytab.c b/source/libads/kerberos_keytab.c
index 883f582445..ab6d1d30ad 100644
--- a/source/libads/kerberos_keytab.c
+++ b/source/libads/kerberos_keytab.c
@@ -32,14 +32,9 @@
/**********************************************************************
**********************************************************************/
-int smb_krb5_kt_add_entry_ext(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- krb5_enctype *enctypes,
- krb5_data password,
- bool no_salt,
- bool keep_old_entries)
+static int smb_krb5_kt_add_entry( krb5_context context, krb5_keytab keytab,
+ krb5_kvno kvno, const char *princ_s,
+ krb5_enctype *enctypes, krb5_data password )
{
krb5_error_code ret = 0;
krb5_kt_cursor cursor;
@@ -53,20 +48,20 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
ret = smb_krb5_parse_name(context, princ_s, &princ);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry_ext: smb_krb5_parse_name(%s) failed (%s)\n", princ_s, error_message(ret)));
+ DEBUG(1,("smb_krb5_kt_add_entry: smb_krb5_parse_name(%s) failed (%s)\n", princ_s, error_message(ret)));
goto out;
}
/* Seek and delete old keytab entries */
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if (ret != KRB5_KT_END && ret != ENOENT ) {
- DEBUG(3,("smb_krb5_kt_add_entry_ext: Will try to delete old keytab entries\n"));
+ DEBUG(3,("smb_krb5_kt_add_entry: Will try to delete old keytab entries\n"));
while(!krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) {
bool compare_name_ok = False;
ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry_ext: smb_krb5_unparse_name failed (%s)\n",
+ DEBUG(1,("smb_krb5_kt_add_entry: smb_krb5_unparse_name failed (%s)\n",
error_message(ret)));
goto out;
}
@@ -87,7 +82,7 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
#endif
if (!compare_name_ok) {
- DEBUG(10,("smb_krb5_kt_add_entry_ext: ignoring keytab entry principal %s, kvno = %d\n",
+ DEBUG(10,("smb_krb5_kt_add_entry: ignoring keytab entry principal %s, kvno = %d\n",
ktprinc, kt_entry.vno));
}
@@ -95,38 +90,39 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
if (compare_name_ok) {
if (kt_entry.vno == kvno - 1) {
- DEBUG(5,("smb_krb5_kt_add_entry_ext: Saving previous (kvno %d) entry for principal: %s.\n",
+ DEBUG(5,("smb_krb5_kt_add_entry: Saving previous (kvno %d) entry for principal: %s.\n",
kvno - 1, princ_s));
- } else if (!keep_old_entries) {
- DEBUG(5,("smb_krb5_kt_add_entry_ext: Found old entry for principal: %s (kvno %d) - trying to remove it.\n",
+ } else {
+
+ DEBUG(5,("smb_krb5_kt_add_entry: Found old entry for principal: %s (kvno %d) - trying to remove it.\n",
princ_s, kt_entry.vno));
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
ZERO_STRUCT(cursor);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry_ext: krb5_kt_end_seq_get() failed (%s)\n",
+ DEBUG(1,("smb_krb5_kt_add_entry: krb5_kt_end_seq_get() failed (%s)\n",
error_message(ret)));
goto out;
}
ret = krb5_kt_remove_entry(context, keytab, &kt_entry);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry_ext: krb5_kt_remove_entry failed (%s)\n",
+ DEBUG(1,("smb_krb5_kt_add_entry: krb5_kt_remove_entry failed (%s)\n",
error_message(ret)));
goto out;
}
- DEBUG(5,("smb_krb5_kt_add_entry_ext: removed old entry for principal: %s (kvno %d).\n",
+ DEBUG(5,("smb_krb5_kt_add_entry: removed old entry for principal: %s (kvno %d).\n",
princ_s, kt_entry.vno));
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry_ext: krb5_kt_start_seq failed (%s)\n",
+ DEBUG(1,("smb_krb5_kt_add_entry: krb5_kt_start_seq failed (%s)\n",
error_message(ret)));
goto out;
}
ret = smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry_ext: krb5_kt_remove_entry failed (%s)\n",
+ DEBUG(1,("smb_krb5_kt_add_entry: krb5_kt_remove_entry failed (%s)\n",
error_message(ret)));
goto out;
}
@@ -138,7 +134,7 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
ret = smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry_ext: smb_krb5_kt_free_entry failed (%s)\n", error_message(ret)));
+ DEBUG(1,("smb_krb5_kt_add_entry: smb_krb5_kt_free_entry failed (%s)\n", error_message(ret)));
goto out;
}
}
@@ -146,7 +142,7 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
ZERO_STRUCT(cursor);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry_ext: krb5_kt_end_seq_get failed (%s)\n",error_message(ret)));
+ DEBUG(1,("smb_krb5_kt_add_entry: krb5_kt_end_seq_get failed (%s)\n",error_message(ret)));
goto out;
}
}
@@ -161,22 +157,29 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
for (i = 0; enctypes[i]; i++) {
krb5_keyblock *keyp;
- keyp = KRB5_KT_KEY(&kt_entry);
-
- if (create_kerberos_key_from_string(context, princ, &password, keyp, enctypes[i], no_salt)) {
+#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK)
+#error krb5_keytab_entry has no key or keyblock member
+#endif
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */
+ keyp = &kt_entry.key;
+#endif
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */
+ keyp = &kt_entry.keyblock;
+#endif
+ if (create_kerberos_key_from_string(context, princ, &password, keyp, enctypes[i])) {
continue;
}
kt_entry.principal = princ;
kt_entry.vno = kvno;
- DEBUG(3,("smb_krb5_kt_add_entry_ext: adding keytab entry for (%s) with encryption type (%d) and version (%d)\n",
+ DEBUG(3,("smb_krb5_kt_add_entry: adding keytab entry for (%s) with encryption type (%d) and version (%d)\n",
princ_s, enctypes[i], kt_entry.vno));
ret = krb5_kt_add_entry(context, keytab, &kt_entry);
krb5_free_keyblock_contents(context, keyp);
ZERO_STRUCT(kt_entry);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry_ext: adding entry to keytab failed (%s)\n", error_message(ret)));
+ DEBUG(1,("smb_krb5_kt_add_entry: adding entry to keytab failed (%s)\n", error_message(ret)));
goto out;
}
}
@@ -205,22 +208,6 @@ out:
return (int)ret;
}
-static int smb_krb5_kt_add_entry(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- krb5_enctype *enctypes,
- krb5_data password)
-{
- return smb_krb5_kt_add_entry_ext(context,
- keytab,
- kvno,
- princ_s,
- enctypes,
- password,
- false,
- false);
-}
/**********************************************************************
Adds a single service principal, i.e. 'host' to the system keytab
@@ -326,9 +313,9 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
}
}
- kvno = (krb5_kvno) ads_get_machine_kvno(ads, global_myname());
+ kvno = (krb5_kvno) ads_get_kvno(ads, global_myname());
if (kvno == -1) { /* -1 indicates failure, everything else is OK */
- DEBUG(1,("ads_keytab_add_entry: ads_get_machine_kvno failed to determine the system's kvno.\n"));
+ DEBUG(1,("ads_keytab_add_entry: ads_get_kvno failed to determine the system's kvno.\n"));
ret = -1;
goto out;
}
@@ -394,7 +381,7 @@ int ads_keytab_flush(ADS_STRUCT *ads)
goto out;
}
- kvno = (krb5_kvno) ads_get_machine_kvno(ads, global_myname());
+ kvno = (krb5_kvno) ads_get_kvno(ads, global_myname());
if (kvno == -1) { /* -1 indicates a failure */
DEBUG(1,("ads_keytab_flush: Error determining the system's kvno.\n"));
goto out;
@@ -541,9 +528,9 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
/* Now loop through the keytab and update any other existing entries... */
- kvno = (krb5_kvno) ads_get_machine_kvno(ads, machine_name);
+ kvno = (krb5_kvno) ads_get_kvno(ads, machine_name);
if (kvno == -1) {
- DEBUG(1,("ads_keytab_create_default: ads_get_machine_kvno failed to determine the system's kvno.\n"));
+ DEBUG(1,("ads_keytab_create_default: ads_get_kvno failed to determine the system's kvno.\n"));
return -1;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-19 15:05:37 +0000