s3:gse_krb5: simplify fill_keytab_from_password() by using kerberos_fetch_salt_princ()
authorStefan Metzmacher <metze@samba.org>
Fri, 19 May 2017 14:28:42 +0000 (16:28 +0200)
committerStefan Metzmacher <metze@samba.org>
Tue, 27 Jun 2017 14:57:44 +0000 (16:57 +0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
source3/librpc/crypto/gse_krb5.c

index 4dd39eaf08d8f492b6b332cfb5b2f30e4c1ab575..2c9fc033efa94ba7e9d02caa50f503f59c8a91da 100644 (file)
@@ -122,6 +122,8 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
        krb5_enctype *enctypes;
        krb5_keytab_entry kt_entry;
        unsigned int i;
+       krb5_principal salt_princ = NULL;
+       char *salt_princ_s = NULL;
 
        ret = smb_krb5_get_allowed_etypes(krbctx, &enctypes);
        if (ret) {
@@ -130,11 +132,19 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
                return ret;
        }
 
+       salt_princ_s = kerberos_secrets_fetch_salt_princ();
+       if (salt_princ_s == NULL) {
+               ret = ENOMEM;
+               goto out;
+       }
+       ret = krb5_parse_name(krbctx, salt_princ_s, &salt_princ);
+       SAFE_FREE(salt_princ_s);
+       if (ret != 0) {
+               goto out;
+       }
+
        for (i = 0; enctypes[i]; i++) {
                krb5_keyblock *key = NULL;
-               krb5_principal salt_princ = NULL;
-               char *salt_princ_s;
-               char *princ_s;
                int rc;
 
                if (!(key = SMB_MALLOC_P(krb5_keyblock))) {
@@ -142,28 +152,6 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
                        goto out;
                }
 
-               ret = krb5_unparse_name(krbctx, princ, &princ_s);
-               if (ret != 0) {
-                       SAFE_FREE(key);
-                       continue;
-               }
-
-               salt_princ_s = kerberos_fetch_salt_princ_for_host_princ(krbctx,
-                                                                       princ_s,
-                                                                       enctypes[i]);
-               SAFE_FREE(princ_s);
-               if (salt_princ_s == NULL) {
-                       SAFE_FREE(key);
-                       continue;
-               }
-
-               ret = krb5_parse_name(krbctx, salt_princ_s, &salt_princ);
-               SAFE_FREE(salt_princ_s);
-               if (ret != 0) {
-                       SAFE_FREE(key);
-                       continue;
-               }
-
                rc = create_kerberos_key_from_string(krbctx,
                                                     princ,
                                                     salt_princ,
@@ -171,7 +159,6 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
                                                     key,
                                                     enctypes[i],
                                                     false);
-               krb5_free_principal(krbctx, salt_princ);
                if (rc != 0) {
                        DEBUG(10, ("Failed to create key for enctype %d "
                                   "(error: %s)\n",
@@ -199,6 +186,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
        ret = 0;
 
 out:
+       krb5_free_principal(krbctx, salt_princ);
        SAFE_FREE(enctypes);
        return ret;
 }