lib/krb5_wrap: Pull already_hashed case out of smb_krb5_kt_add_entry() The two callers of this function want two very different things, the common point was wanting to call smb_krb5_kt_seek_and_delete_old_entries() however this is now done earlier in sdb_kt_copy() with smb_krb5_remove_obsolete_keytab_entries() or an unlink() in libnet_export_keytab(). Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
lib/krb5_wrap: Rename confusing add_salt parameter to smb_krb5_kt_add_entry() This just adds the key directly, it is not related to if salting is used or not. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
s4:kdc: Consider a single‐component krbtgt principal to be the TGS This matches the behaviour of Windows. NOTE: This commit finally works again! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:kdc: Have smb_krb5_principal_get_comp_string() properly indicate an error The existing implementation did not differentiate between the case where the relevant component was not present, and that where talloc_strndup() failed. To correct this situation, put the result into an out parameter on success and return an error on failure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/krb5_wrap: Check return value of krb5_principal_get_comp_string() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/krb5_wrap: Simplify assignments Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/krb5_wrap: Make use of smb_krb5_make_data() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:krb5_wrap: Remove Heimdal‐only krb5_princ_component() implementation This implementation is no longer called: using a variable of static storage duration as a conduit for return values is only asking for trouble. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:krb5_wrap: Add Heimdal‐specific smb_krb5_princ_component() implementation This implementation doesn’t rely on a variable of static storage duration being used as a conduit for the return value. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:krb5_wrap: Add smb_krb5_princ_component() For now this function is a mere wrapper round krb5_princ_component(), but one whose interface allows for a more sensible implementation. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:krb5_wrap: Have smb_krb5_principal_get_realm() check the return values of intermediate functions Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:krb5_wrap: Eliminate redundant code from smb_krb5_sockaddr_to_kaddr() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:krb5_wrap: Fix spelling in documentation Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:krb5_wrap: Fix references to incorrect function names Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:krb5_wrap: Fix code spelling Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:krb5_wrap: Remove unnecessary cast Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:krb5_wrap: Fix resource leak in smb_krb5_kt_seek_and_delete_old_entries Reported by Red Hat internal covscan leaked_storage: Variable "cursor" going out of scope leaks the storage it points to. Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
krb5_wrap: add krb5_free_string() Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
krb5_wrap: add krb5_free_enctypes() MIT Kerberos implements krb5_free_enctypes(), Heimdal is missing it and offers krb5_xfree() instead. This introduces a wrapper krb5_free_enctypes() around krb5_xfree() for Heimdal. Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
lib:krb5_wrap: Fix debug statements when princ_s is NULL In file included from source4/include/includes.h:61, from lib/krb5_wrap/krb5_samba.c:23: lib/krb5_wrap/krb5_samba.c: In function ‘smb_krb5_kt_seek_and_delete_old_entries’: lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=] 200 | && (dbgtext body) ) | ~^~~~~~~~~~~~~ lib/krb5_wrap/krb5_samba.c:1753:25: note: in expansion of macro ‘DEBUG’ 1753 | DEBUG(5, (__location__ ": Saving previous (kvno %d) " | ^~~~~ lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=] 200 | && (dbgtext body) ) | ~^~~~~~~~~~~~~ lib/krb5_wrap/krb5_samba.c:1763:25: note: in expansion of macro ‘DEBUG’ 1763 | DEBUG(5, (__location__ ": Saving entry with kvno [%d] " | ^~~~~ lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=] 200 | && (dbgtext body) ) | ~^~~~~~~~~~~~~ lib/krb5_wrap/krb5_samba.c:1769:17: note: in expansion of macro ‘DEBUG’ 1769 | DEBUG(5, (__location__ ": Found old entry for principal: %s " | ^~~~~ lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=] 200 | && (dbgtext body) ) | ~^~~~~~~~~~~~~ lib/krb5_wrap/krb5_samba.c:1787:17: note: in expansion of macro ‘DEBUG’ 1787 | DEBUG(5, (__location__ ": removed old entry for principal: " | ^~~~~ Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>