Copyright (C) Remus Koos 2001
Copyright (C) Luke Howard 2003
Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003
- Copyright (C) Guenther Deschner 2003,2007
+ Copyright (C) Guenther Deschner 2003
Copyright (C) Rakesh Patel 2004
Copyright (C) Dan Perry 2004
Copyright (C) Jeremy Allison 2004
#ifdef HAVE_KRB5
-/* This MAX_NAME_LEN is a constant defined in krb5.h */
-#ifndef MAX_KEYTAB_NAME_LEN
-#define MAX_KEYTAB_NAME_LEN 1100
-#endif
-
-/**********************************************************************
- * Open a krb5 keytab with flags, handles readonly or readwrite access and
- * allows to process non-default keytab names.
- * @param context krb5_context
- * @param keytab_name_req string
- * @param write_access BOOL if writable keytab is required
- * @param krb5_keytab pointer to krb5_keytab (close with krb5_kt_close())
- * @return krb5_error_code
-**********************************************************************/
-
- krb5_error_code smb_krb5_open_keytab(krb5_context context,
- const char *keytab_name_req,
- BOOL write_access,
- krb5_keytab *keytab)
-{
- krb5_error_code ret = 0;
- TALLOC_CTX *mem_ctx;
- char keytab_string[MAX_KEYTAB_NAME_LEN];
- BOOL found_valid_name = False;
- const char *pragma = "FILE";
- const char *tmp = NULL;
-
- if (!write_access && !keytab_name_req) {
- /* caller just wants to read the default keytab readonly, so be it */
- return krb5_kt_default(context, keytab);
- }
-
- mem_ctx = talloc_init("smb_krb5_open_keytab");
- if (!mem_ctx) {
- return ENOMEM;
- }
-
-#ifdef HAVE_WRFILE_KEYTAB
- if (write_access) {
- pragma = "WRFILE";
- }
-#endif
-
- if (keytab_name_req) {
-
- if (strlen(keytab_name_req) > MAX_KEYTAB_NAME_LEN) {
- ret = KRB5_CONFIG_NOTENUFSPACE;
- goto out;
- }
-
- if ((strncmp(keytab_name_req, "WRFILE:/", 8) == 0) ||
- (strncmp(keytab_name_req, "FILE:/", 6) == 0)) {
- tmp = keytab_name_req;
- goto resolve;
- }
-
- if (keytab_name_req[0] != '/') {
- ret = KRB5_KT_BADNAME;
- goto out;
- }
-
- tmp = talloc_asprintf(mem_ctx, "%s:%s", pragma, keytab_name_req);
- if (!tmp) {
- ret = ENOMEM;
- goto out;
- }
-
- goto resolve;
- }
-
- /* we need to handle more complex keytab_strings, like:
- * "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab" */
-
- ret = krb5_kt_default_name(context, &keytab_string[0], MAX_KEYTAB_NAME_LEN - 2);
- if (ret) {
- goto out;
- }
-
- DEBUG(10,("smb_krb5_open_keytab: krb5_kt_default_name returned %s\n", keytab_string));
-
- tmp = talloc_strdup(mem_ctx, keytab_string);
- if (!tmp) {
- ret = ENOMEM;
- goto out;
- }
-
- if (strncmp(tmp, "ANY:", 4) == 0) {
- tmp += 4;
- }
-
- memset(&keytab_string, '\0', sizeof(keytab_string));
-
- while (next_token(&tmp, keytab_string, ",", sizeof(keytab_string))) {
-
- if (strncmp(keytab_string, "WRFILE:", 7) == 0) {
- found_valid_name = True;
- tmp = keytab_string;
- tmp += 7;
- }
-
- if (strncmp(keytab_string, "FILE:", 5) == 0) {
- found_valid_name = True;
- tmp = keytab_string;
- tmp += 5;
- }
-
- if (found_valid_name) {
-
- if (tmp[0] != '/') {
- ret = KRB5_KT_BADNAME;
- goto out;
- }
-
- tmp = talloc_asprintf(mem_ctx, "%s:%s", pragma, tmp);
- if (!tmp) {
- ret = ENOMEM;
- goto out;
- }
- break;
- }
- }
-
- if (!found_valid_name) {
- ret = KRB5_KT_UNKNOWN_TYPE;
- goto out;
- }
-
- resolve:
- DEBUG(10,("smb_krb5_open_keytab: resolving: %s\n", tmp));
- ret = krb5_kt_resolve(context, tmp, keytab);
-
- out:
- TALLOC_FREE(mem_ctx);
- return ret;
-}
-
/**********************************************************************
**********************************************************************/
Copyright (C) Andrew Tridgell 2001
Copyright (C) Luke Howard 2002-2003
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
- Copyright (C) Guenther Deschner 2005
+ Copyright (C) Guenther Deschner 2005-2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#endif
}
+/**********************************************************************
+ * Open a krb5 keytab with flags, handles readonly or readwrite access and
+ * allows to process non-default keytab names.
+ * @param context krb5_context
+ * @param keytab_name_req string
+ * @param write_access BOOL if writable keytab is required
+ * @param krb5_keytab pointer to krb5_keytab (close with krb5_kt_close())
+ * @return krb5_error_code
+**********************************************************************/
+
+/* This MAX_NAME_LEN is a constant defined in krb5.h */
+#ifndef MAX_KEYTAB_NAME_LEN
+#define MAX_KEYTAB_NAME_LEN 1100
+#endif
+
+ krb5_error_code smb_krb5_open_keytab(krb5_context context,
+ const char *keytab_name_req,
+ BOOL write_access,
+ krb5_keytab *keytab)
+{
+ krb5_error_code ret = 0;
+ TALLOC_CTX *mem_ctx;
+ char keytab_string[MAX_KEYTAB_NAME_LEN];
+ BOOL found_valid_name = False;
+ const char *pragma = "FILE";
+ const char *tmp = NULL;
+
+ if (!write_access && !keytab_name_req) {
+ /* caller just wants to read the default keytab readonly, so be it */
+ return krb5_kt_default(context, keytab);
+ }
+
+ mem_ctx = talloc_init("smb_krb5_open_keytab");
+ if (!mem_ctx) {
+ return ENOMEM;
+ }
+
+#ifdef HAVE_WRFILE_KEYTAB
+ if (write_access) {
+ pragma = "WRFILE";
+ }
+#endif
+
+ if (keytab_name_req) {
+
+ if (strlen(keytab_name_req) > MAX_KEYTAB_NAME_LEN) {
+ ret = KRB5_CONFIG_NOTENUFSPACE;
+ goto out;
+ }
+
+ if ((strncmp(keytab_name_req, "WRFILE:/", 8) == 0) ||
+ (strncmp(keytab_name_req, "FILE:/", 6) == 0)) {
+ tmp = keytab_name_req;
+ goto resolve;
+ }
+
+ if (keytab_name_req[0] != '/') {
+ ret = KRB5_KT_BADNAME;
+ goto out;
+ }
+
+ tmp = talloc_asprintf(mem_ctx, "%s:%s", pragma, keytab_name_req);
+ if (!tmp) {
+ ret = ENOMEM;
+ goto out;
+ }
+
+ goto resolve;
+ }
+
+ /* we need to handle more complex keytab_strings, like:
+ * "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab" */
+
+ ret = krb5_kt_default_name(context, &keytab_string[0], MAX_KEYTAB_NAME_LEN - 2);
+ if (ret) {
+ goto out;
+ }
+
+ DEBUG(10,("smb_krb5_open_keytab: krb5_kt_default_name returned %s\n", keytab_string));
+
+ tmp = talloc_strdup(mem_ctx, keytab_string);
+ if (!tmp) {
+ ret = ENOMEM;
+ goto out;
+ }
+
+ if (strncmp(tmp, "ANY:", 4) == 0) {
+ tmp += 4;
+ }
+
+ memset(&keytab_string, '\0', sizeof(keytab_string));
+
+ while (next_token(&tmp, keytab_string, ",", sizeof(keytab_string))) {
+
+ if (strncmp(keytab_string, "WRFILE:", 7) == 0) {
+ found_valid_name = True;
+ tmp = keytab_string;
+ tmp += 7;
+ }
+
+ if (strncmp(keytab_string, "FILE:", 5) == 0) {
+ found_valid_name = True;
+ tmp = keytab_string;
+ tmp += 5;
+ }
+
+ if (found_valid_name) {
+
+ if (tmp[0] != '/') {
+ ret = KRB5_KT_BADNAME;
+ goto out;
+ }
+
+ tmp = talloc_asprintf(mem_ctx, "%s:%s", pragma, tmp);
+ if (!tmp) {
+ ret = ENOMEM;
+ goto out;
+ }
+ break;
+ }
+ }
+
+ if (!found_valid_name) {
+ ret = KRB5_KT_UNKNOWN_TYPE;
+ goto out;
+ }
+
+ resolve:
+ DEBUG(10,("smb_krb5_open_keytab: resolving: %s\n", tmp));
+ ret = krb5_kt_resolve(context, tmp, keytab);
+
+ out:
+ TALLOC_FREE(mem_ctx);
+ return ret;
+}
+
#else /* HAVE_KRB5 */
/* this saves a few linking headaches */
int cli_krb5_get_ticket(const char *principal, time_t time_offset,
git.samba.org / tprouty / samba.git / commitdiff