static krb5_error_code
get_key_from_keytab(krb5_context context,
- krb5_keytab keytab,
krb5_const_principal server,
krb5_enctype enctype,
krb5_kvno kvno,
{
krb5_keytab_entry entry;
krb5_error_code ret;
- krb5_keytab real_keytab;
+ krb5_keytab keytab;
char *name = NULL;
- if (keytab == NULL) {
- krb5_kt_default(context, &real_keytab);
- } else {
- real_keytab = keytab;
+ /* We have to open a new keytab handle here, as MIT does
+ an implicit open/getnext/close on krb5_kt_get_entry. We
+ may be in the middle of a keytab enumeration when this is
+ called. JRA. */
+
+ ret = krb5_kt_default(context, &keytab);
+ if (ret) {
+ DEBUG(0,("get_key_from_keytab: failed to open keytab: %s\n", error_message(ret)));
+ return ret;
}
if ( DEBUGLEVEL >= 10 ) {
}
ret = krb5_kt_get_entry(context,
- real_keytab,
+ keytab,
server,
kvno,
enctype,
smb_krb5_kt_free_entry(context, &entry);
out:
- if (keytab == NULL) {
- krb5_kt_close(context, real_keytab);
- }
-
+ krb5_kt_close(context, keytab);
return ret;
}
}
ret = get_key_from_keytab(context,
- keytab,
server,
enctype,
kvno,