lib/krb5_wrap: use krb5_const_principal in smb_krb5_create_key_from_string.
[kai/samba-autobuild/.git] / source4 / auth / kerberos / srv_keytab.c
index bd423166873fdb75596aa0e58c73ed8a5f74ccbe..754f2c2c2c9c0cd97fb7627a2bc577e333cf2690 100644 (file)
@@ -143,7 +143,7 @@ static krb5_error_code salt_principal(TALLOC_CTX *parent_ctx,
                return ENOMEM;
        }
 
-       machine_username = talloc_strdup(tmp_ctx, samAccountName);
+       machine_username = strlower_talloc(tmp_ctx, samAccountName);
        if (!machine_username) {
                *error_string = "Cannot duplicate samAccountName";
                talloc_free(tmp_ctx);
@@ -210,10 +210,12 @@ static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx,
 
                ZERO_STRUCT(entry);
 
-               ret = create_kerberos_key_from_string_direct(context,
-                                               salt_princ, &password,
-                                               KRB5_KT_KEY(&entry),
-                                               enctypes[i]);
+               ret = smb_krb5_create_key_from_string(context,
+                                                     salt_princ,
+                                                     NULL,
+                                                     &password,
+                                                     enctypes[i],
+                                                     KRB5_KT_KEY(&entry));
                if (ret != 0) {
                        return ret;
                }
@@ -378,6 +380,7 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx,
                unsigned int i;
                bool matched = false;
                krb5_keytab_entry entry;
+
                ret = krb5_kt_next_entry(context, keytab, &entry, &cursor);
                if (ret) {
                        break;
@@ -395,6 +398,8 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx,
                        /* Free the entry,
                         * it wasn't the one we were looking for anyway */
                        krb5_kt_free_entry(context, &entry);
+                       /* Make sure we do not double free */
+                       ZERO_STRUCT(entry);
                        continue;
                }
 
@@ -412,11 +417,15 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx,
 
                        ret = krb5_kt_remove_entry(context, keytab, &entry);
                        krb5_kt_free_entry(context, &entry);
+                       /* Make sure we do not double free */
+                       ZERO_STRUCT(entry);
 
                        /* Deleted: Restart from the top */
                        ret2 = krb5_kt_start_seq_get(context, keytab, &cursor);
                        if (ret2) {
                                krb5_kt_free_entry(context, &entry);
+                               /* Make sure we do not double free */
+                               ZERO_STRUCT(entry);
                                DEBUG(1, ("failed to restart enumeration of keytab: %s\n",
                                          smb_get_krb5_error_message(context,
                                                                ret, mem_ctx)));
@@ -435,6 +444,8 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx,
 
                /* Free the entry, we don't need it any more */
                krb5_kt_free_entry(context, &entry);
+               /* Make sure we do not double free */
+               ZERO_STRUCT(entry);
        }
        krb5_kt_end_seq_get(context, keytab, &cursor);