*/
#include "includes.h"
+#include "smb_krb5.h"
#ifdef HAVE_KRB5
while(!krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) {
bool compare_name_ok = False;
- ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc);
+ ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, &ktprinc);
if (ret) {
DEBUG(1,("smb_krb5_kt_add_entry_ext: smb_krb5_unparse_name failed (%s)\n",
error_message(ret)));
ktprinc, kt_entry.vno));
}
- SAFE_FREE(ktprinc);
+ TALLOC_FREE(ktprinc);
if (compare_name_ok) {
if (kt_entry.vno == kvno - 1) {
for (i = 0; enctypes[i]; i++) {
krb5_keyblock *keyp;
-#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK)
-#error krb5_keytab_entry has no key or keyblock member
-#endif
-#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */
- keyp = &kt_entry.key;
-#endif
-#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */
- keyp = &kt_entry.keyblock;
-#endif
+ keyp = KRB5_KT_KEY(&kt_entry);
+
if (create_kerberos_key_from_string(context, princ, &password, keyp, enctypes[i], no_salt)) {
continue;
}
ret = -1;
goto out;
}
+ ZERO_STRUCT(password);
password.data = password_s;
password.length = strlen(password_s);
if (strchr_m(srvPrinc, '@')) {
/* It's a fully-named principal. */
- asprintf(&princ_s, "%s", srvPrinc);
+ if (asprintf(&princ_s, "%s", srvPrinc) == -1) {
+ ret = -1;
+ goto out;
+ }
} else if (srvPrinc[strlen(srvPrinc)-1] == '$') {
/* It's the machine account, as used by smbclient clients. */
- asprintf(&princ_s, "%s@%s", srvPrinc, lp_realm());
+ if (asprintf(&princ_s, "%s@%s", srvPrinc, lp_realm()) == -1) {
+ ret = -1;
+ goto out;
+ }
} else {
/* It's a normal service principal. Add the SPN now so that we
* can obtain credentials for it and double-check the salt value
* used to generate the service's keys. */
- asprintf(&princ_s, "%s/%s@%s", srvPrinc, my_fqdn, lp_realm());
- asprintf(&short_princ_s, "%s/%s@%s", srvPrinc, machine_name, lp_realm());
+ if (asprintf(&princ_s, "%s/%s@%s", srvPrinc, my_fqdn, lp_realm()) == -1) {
+ ret = -1;
+ goto out;
+ }
+ if (asprintf(&short_princ_s, "%s/%s@%s", srvPrinc, machine_name, lp_realm()) == -1) {
+ ret = -1;
+ goto out;
+ }
/* According to http://support.microsoft.com/kb/326985/en-us,
certain principal names are automatically mapped to the host/...
}
}
- TALLOC_FREE( ctx );
-
/* Now loop through the keytab and update any other existing entries... */
kvno = (krb5_kvno) ads_get_machine_kvno(ads, machine_name);
if (kvno == -1) {
DEBUG(1,("ads_keytab_create_default: ads_get_machine_kvno failed to determine the system's kvno.\n"));
+ TALLOC_FREE(ctx);
return -1;
}
ret = krb5_init_context(&context);
if (ret) {
DEBUG(1,("ads_keytab_create_default: could not krb5_init_context: %s\n",error_message(ret)));
+ TALLOC_FREE(ctx);
return ret;
}
if (!found) {
goto done;
}
- oldEntries = SMB_MALLOC_ARRAY(char *, found );
+ oldEntries = talloc_array(ctx, char *, found );
if (!oldEntries) {
DEBUG(1,("ads_keytab_create_default: Failed to allocate space to store the old keytab entries (malloc failed?).\n"));
ret = -1;
char *p;
/* This returns a malloc'ed string in ktprinc. */
- ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc);
+ ret = smb_krb5_unparse_name(oldEntries, context, kt_entry.principal, &ktprinc);
if (ret) {
DEBUG(1,("smb_krb5_unparse_name failed (%s)\n", error_message(ret)));
goto done;
break;
}
if (!strcmp(oldEntries[i], ktprinc)) {
- SAFE_FREE(ktprinc);
+ TALLOC_FREE(ktprinc);
break;
}
}
if (i == found) {
- SAFE_FREE(ktprinc);
+ TALLOC_FREE(ktprinc);
}
}
smb_krb5_kt_free_entry(context, &kt_entry);
ret = 0;
for (i = 0; oldEntries[i]; i++) {
ret |= ads_keytab_add_entry(ads, oldEntries[i]);
- SAFE_FREE(oldEntries[i]);
+ TALLOC_FREE(oldEntries[i]);
}
krb5_kt_end_seq_get(context, keytab, &cursor);
}
done:
- SAFE_FREE(oldEntries);
+ TALLOC_FREE(oldEntries);
+ TALLOC_FREE(ctx);
{
krb5_keytab_entry zero_kt_entry;
char *etype_s = NULL;
krb5_enctype enctype = 0;
- ret = smb_krb5_unparse_name(context, kt_entry.principal, &princ_s);
+ ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal, &princ_s);
if (ret) {
goto out;
}
ret = smb_krb5_enctype_to_string(context, enctype, &etype_s);
if (ret) {
- SAFE_FREE(princ_s);
- goto out;
+ if (asprintf(&etype_s, "UNKNOWN: %d\n", enctype) == -1)
+ {
+ TALLOC_FREE(princ_s);
+ goto out;
+ }
}
printf("%3d %s\t\t %s\n", kt_entry.vno, etype_s, princ_s);
- SAFE_FREE(princ_s);
+ TALLOC_FREE(princ_s);
SAFE_FREE(etype_s);
ret = smb_krb5_kt_free_entry(context, &kt_entry);