s3:secrets: move kerberos_secrets_*salt related functions to machine_account_secrets.c
authorStefan Metzmacher <metze@samba.org>
Fri, 19 May 2017 15:17:00 +0000 (17:17 +0200)
committerStefan Metzmacher <metze@samba.org>
Tue, 27 Jun 2017 14:57:44 +0000 (16:57 +0200)
These don't use any krb5_context related functions and they just
work on secrets.tdb, so they really belong to machine_account_secrets.c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
source3/include/secrets.h
source3/libads/kerberos.c
source3/libads/kerberos_proto.h
source3/libnet/libnet_keytab.c
source3/passdb/machine_account_secrets.c

index f397129..c40a951 100644 (file)
@@ -133,6 +133,10 @@ bool secrets_store_machine_pw_sync(const char *pass, const char *oldpass, const
                                   uint32_t secure_channel,
                                   bool delete_join);
 
+char* kerberos_standard_des_salt( void );
+bool kerberos_secrets_store_des_salt( const char* salt );
+char *kerberos_secrets_fetch_salt_princ(void);
+
 /* The following definitions come from passdb/secrets_lsa.c  */
 NTSTATUS lsa_secret_get(TALLOC_CTX *mem_ctx,
                        const char *secret_name,
index 6cfbca6..cfb09a7 100644 (file)
@@ -272,103 +272,6 @@ int ads_kdestroy(const char *cc_name)
        return code;
 }
 
-/************************************************************************
- Return the standard DES salt key
-************************************************************************/
-
-char* kerberos_standard_des_salt( void )
-{
-       fstring salt;
-
-       fstr_sprintf( salt, "host/%s.%s@", lp_netbios_name(), lp_realm() );
-       (void)strlower_m( salt );
-       fstrcat( salt, lp_realm() );
-
-       return SMB_STRDUP( salt );
-}
-
-/************************************************************************
-************************************************************************/
-
-static char* des_salt_key( void )
-{
-       char *key;
-
-       if (asprintf(&key, "%s/DES/%s", SECRETS_SALTING_PRINCIPAL,
-                    lp_realm()) == -1) {
-               return NULL;
-       }
-
-       return key;
-}
-
-/************************************************************************
-************************************************************************/
-
-bool kerberos_secrets_store_des_salt( const char* salt )
-{
-       char* key;
-       bool ret;
-
-       if ( (key = des_salt_key()) == NULL ) {
-               DEBUG(0,("kerberos_secrets_store_des_salt: failed to generate key!\n"));
-               return False;
-       }
-
-       if ( !salt ) {
-               DEBUG(8,("kerberos_secrets_store_des_salt: deleting salt\n"));
-               secrets_delete( key );
-               return True;
-       }
-
-       DEBUG(3,("kerberos_secrets_store_des_salt: Storing salt \"%s\"\n", salt));
-
-       ret = secrets_store( key, salt, strlen(salt)+1 );
-
-       SAFE_FREE( key );
-
-       return ret;
-}
-
-/************************************************************************
-************************************************************************/
-
-static
-char* kerberos_secrets_fetch_des_salt( void )
-{
-       char *salt, *key;
-
-       if ( (key = des_salt_key()) == NULL ) {
-               DEBUG(0,("kerberos_secrets_fetch_des_salt: failed to generate key!\n"));
-               return NULL;
-       }
-
-       salt = (char*)secrets_fetch( key, NULL );
-
-       SAFE_FREE( key );
-
-       return salt;
-}
-
-/************************************************************************
- Routine to get the salting principal for this service.
- Caller must free if return is not null.
- ************************************************************************/
-
-char *kerberos_secrets_fetch_salt_princ(void)
-{
-       char *salt_princ_s;
-       /* lookup new key first */
-
-       salt_princ_s = kerberos_secrets_fetch_des_salt();
-       if (salt_princ_s == NULL) {
-               /* fall back to host/machine.realm@REALM */
-               salt_princ_s = kerberos_standard_des_salt();
-       }
-
-       return salt_princ_s;
-}
-
 int create_kerberos_key_from_string(krb5_context context,
                                        krb5_principal host_princ,
                                        krb5_principal salt_princ,
index e481d1d..f92cabd 100644 (file)
@@ -56,9 +56,6 @@ int kerberos_kinit_password_ext(const char *principal,
                                time_t renewable_time,
                                NTSTATUS *ntstatus);
 int ads_kdestroy(const char *cc_name);
-char* kerberos_standard_des_salt( void );
-bool kerberos_secrets_store_des_salt( const char* salt );
-char *kerberos_secrets_fetch_salt_princ(void);
 
 int kerberos_kinit_password(const char *principal,
                            const char *password,
index 1b5ac67..c76e7b2 100644 (file)
@@ -22,6 +22,7 @@
 #include "includes.h"
 #include "smb_krb5.h"
 #include "ads.h"
+#include "secrets.h"
 #include "libnet/libnet_keytab.h"
 
 #ifdef HAVE_KRB5
index 3f097ab..3f6d6b6 100644 (file)
@@ -553,6 +553,102 @@ bool secrets_store_machine_pw_sync(const char *pass, const char *oldpass, const
        return ret;
 }
 
+/************************************************************************
+ Return the standard DES salt key
+************************************************************************/
+
+char* kerberos_standard_des_salt( void )
+{
+       fstring salt;
+
+       fstr_sprintf( salt, "host/%s.%s@", lp_netbios_name(), lp_realm() );
+       (void)strlower_m( salt );
+       fstrcat( salt, lp_realm() );
+
+       return SMB_STRDUP( salt );
+}
+
+/************************************************************************
+************************************************************************/
+
+static char* des_salt_key( void )
+{
+       char *key;
+
+       if (asprintf(&key, "%s/DES/%s", SECRETS_SALTING_PRINCIPAL,
+                    lp_realm()) == -1) {
+               return NULL;
+       }
+
+       return key;
+}
+
+/************************************************************************
+************************************************************************/
+
+bool kerberos_secrets_store_des_salt( const char* salt )
+{
+       char* key;
+       bool ret;
+
+       if ( (key = des_salt_key()) == NULL ) {
+               DEBUG(0,("kerberos_secrets_store_des_salt: failed to generate key!\n"));
+               return False;
+       }
+
+       if ( !salt ) {
+               DEBUG(8,("kerberos_secrets_store_des_salt: deleting salt\n"));
+               secrets_delete( key );
+               return True;
+       }
+
+       DEBUG(3,("kerberos_secrets_store_des_salt: Storing salt \"%s\"\n", salt));
+
+       ret = secrets_store( key, salt, strlen(salt)+1 );
+
+       SAFE_FREE( key );
+
+       return ret;
+}
+
+/************************************************************************
+************************************************************************/
+
+static
+char* kerberos_secrets_fetch_des_salt( void )
+{
+       char *salt, *key;
+
+       if ( (key = des_salt_key()) == NULL ) {
+               DEBUG(0,("kerberos_secrets_fetch_des_salt: failed to generate key!\n"));
+               return NULL;
+       }
+
+       salt = (char*)secrets_fetch( key, NULL );
+
+       SAFE_FREE( key );
+
+       return salt;
+}
+
+/************************************************************************
+ Routine to get the salting principal for this service.
+ Caller must free if return is not null.
+ ************************************************************************/
+
+char *kerberos_secrets_fetch_salt_princ(void)
+{
+       char *salt_princ_s;
+       /* lookup new key first */
+
+       salt_princ_s = kerberos_secrets_fetch_des_salt();
+       if (salt_princ_s == NULL) {
+               /* fall back to host/machine.realm@REALM */
+               salt_princ_s = kerberos_standard_des_salt();
+       }
+
+       return salt_princ_s;
+}
 
 /************************************************************************
  Routine to fetch the previous plaintext machine account password for a realm