diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-05-19 16:28:42 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2017-06-27 16:57:44 +0200 |
| commit | 1d1cf9792f9227e65857c85ff66a961331e3c16e (patch) | |
| tree | 9ac76c0510ff89b49e5f3981504cbc591fc6e1ce /source3 | |
| parent | 5fe939e32cdaf7bb5b6dac67e7b0118ce65846be (diff) | |
| download | samba-1d1cf9792f9227e65857c85ff66a961331e3c16e.tar.gz | |
s3:gse_krb5: simplify fill_keytab_from_password() by using kerberos_fetch_salt_princ()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/librpc/crypto/gse_krb5.c | 40 |
1 files changed, 14 insertions, 26 deletions
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c index 4dd39eaf08d..2c9fc033efa 100644 --- a/source3/librpc/crypto/gse_krb5.c +++ b/source3/librpc/crypto/gse_krb5.c @@ -122,6 +122,8 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx, krb5_enctype *enctypes; krb5_keytab_entry kt_entry; unsigned int i; + krb5_principal salt_princ = NULL; + char *salt_princ_s = NULL; ret = smb_krb5_get_allowed_etypes(krbctx, &enctypes); if (ret) { @@ -130,11 +132,19 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx, return ret; } + salt_princ_s = kerberos_secrets_fetch_salt_princ(); + if (salt_princ_s == NULL) { + ret = ENOMEM; + goto out; + } + ret = krb5_parse_name(krbctx, salt_princ_s, &salt_princ); + SAFE_FREE(salt_princ_s); + if (ret != 0) { + goto out; + } + for (i = 0; enctypes[i]; i++) { krb5_keyblock *key = NULL; - krb5_principal salt_princ = NULL; - char *salt_princ_s; - char *princ_s; int rc; if (!(key = SMB_MALLOC_P(krb5_keyblock))) { @@ -142,28 +152,6 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx, goto out; } - ret = krb5_unparse_name(krbctx, princ, &princ_s); - if (ret != 0) { - SAFE_FREE(key); - continue; - } - - salt_princ_s = kerberos_fetch_salt_princ_for_host_princ(krbctx, - princ_s, - enctypes[i]); - SAFE_FREE(princ_s); - if (salt_princ_s == NULL) { - SAFE_FREE(key); - continue; - } - - ret = krb5_parse_name(krbctx, salt_princ_s, &salt_princ); - SAFE_FREE(salt_princ_s); - if (ret != 0) { - SAFE_FREE(key); - continue; - } - rc = create_kerberos_key_from_string(krbctx, princ, salt_princ, @@ -171,7 +159,6 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx, key, enctypes[i], false); - krb5_free_principal(krbctx, salt_princ); if (rc != 0) { DEBUG(10, ("Failed to create key for enctype %d " "(error: %s)\n", @@ -199,6 +186,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx, ret = 0; out: + krb5_free_principal(krbctx, salt_princ); SAFE_FREE(enctypes); return ret; } |