diff options
| author | Ralph Boehme <slow@samba.org> | 2016-04-17 16:28:00 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2016-04-25 10:35:14 +0200 |
| commit | deab6c6df76180f875c411c3f6b1a9cf6696b88c (patch) | |
| tree | 141f1ef28386c3102987c1cfbf6fac382d372415 /source4/libnet | |
| parent | 35b2fb4ff3252a8fc340c8d7278314c7a0f6f894 (diff) | |
| download | samba-deab6c6df76180f875c411c3f6b1a9cf6696b88c.tar.gz | |
s4/libnet: fix exporting to keytab by SPN
Fix a regression introduced by 5c5d586d3ebd40 that broke exporting
service principals by their spn with
samba-tool exportkeytab --principal=<SPN>.
Iterating with samba_kdc_nextkey() only returns UPNs, so this can't work
with SPNs. If we want to search for a specific SPN, we have to use
samba_kdc_fetch().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4/libnet')
| -rw-r--r-- | source4/libnet/libnet_export_keytab.c | 39 |
1 files changed, 23 insertions, 16 deletions
diff --git a/source4/libnet/libnet_export_keytab.c b/source4/libnet/libnet_export_keytab.c index ee2c47083c0..8bceecc4636 100644 --- a/source4/libnet/libnet_export_keytab.c +++ b/source4/libnet/libnet_export_keytab.c @@ -56,10 +56,27 @@ static NTSTATUS sdb_kt_copy(TALLOC_CTX *mem_ctx, goto done; } - for (code = samba_kdc_firstkey(context, db_ctx, &sentry); - code == 0; - code = samba_kdc_nextkey(context, db_ctx, &sentry)) { - bool principal_found = false; + if (copy_one_principal) { + krb5_principal k5_princ; + + code = smb_krb5_parse_name(context, principal, &k5_princ); + if (code != 0) { + *error_string = smb_get_krb5_error_message(context, + code, + mem_ctx); + status = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + code = samba_kdc_fetch(context, db_ctx, k5_princ, + SDB_F_GET_ANY, 0, &sentry); + + krb5_free_principal(context, k5_princ); + } else { + code = samba_kdc_firstkey(context, db_ctx, &sentry); + } + + for (; code == 0; code = samba_kdc_nextkey(context, db_ctx, &sentry)) { int i; code = krb5_unparse_name(context, @@ -73,17 +90,7 @@ static NTSTATUS sdb_kt_copy(TALLOC_CTX *mem_ctx, goto done; } - if (principal != NULL) { - int cmp; - - cmp = strcmp(principal, entry_principal); - if (cmp == 0) { - principal_found = true; - } - } - - if (sentry.entry.keys.len == 0 || - (copy_one_principal && !principal_found)) { + if (sentry.entry.keys.len == 0) { SAFE_FREE(entry_principal); sdb_free_entry(&sentry); sentry = (struct sdb_entry_ex) { @@ -123,7 +130,7 @@ static NTSTATUS sdb_kt_copy(TALLOC_CTX *mem_ctx, } } - if (principal_found) { + if (copy_one_principal) { break; } |