summaryrefslogtreecommitdiff
path: root/source3/libads
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libads')
-rw-r--r--source3/libads/kerberos_keytab.c138
1 files changed, 1 insertions, 137 deletions
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index a1038e1f2d2..d86b902ad52 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -5,7 +5,7 @@
Copyright (C) Remus Koos 2001
Copyright (C) Luke Howard 2003
Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003
- Copyright (C) Guenther Deschner 2003,2007
+ Copyright (C) Guenther Deschner 2003
Copyright (C) Rakesh Patel 2004
Copyright (C) Dan Perry 2004
Copyright (C) Jeremy Allison 2004
@@ -30,142 +30,6 @@
#ifdef HAVE_KRB5
-/* This MAX_NAME_LEN is a constant defined in krb5.h */
-#ifndef MAX_KEYTAB_NAME_LEN
-#define MAX_KEYTAB_NAME_LEN 1100
-#endif
-
-/**********************************************************************
- * Open a krb5 keytab with flags, handles readonly or readwrite access and
- * allows to process non-default keytab names.
- * @param context krb5_context
- * @param keytab_name_req string
- * @param write_access BOOL if writable keytab is required
- * @param krb5_keytab pointer to krb5_keytab (close with krb5_kt_close())
- * @return krb5_error_code
-**********************************************************************/
-
- krb5_error_code smb_krb5_open_keytab(krb5_context context,
- const char *keytab_name_req,
- BOOL write_access,
- krb5_keytab *keytab)
-{
- krb5_error_code ret = 0;
- TALLOC_CTX *mem_ctx;
- char keytab_string[MAX_KEYTAB_NAME_LEN];
- BOOL found_valid_name = False;
- const char *pragma = "FILE";
- const char *tmp = NULL;
-
- if (!write_access && !keytab_name_req) {
- /* caller just wants to read the default keytab readonly, so be it */
- return krb5_kt_default(context, keytab);
- }
-
- mem_ctx = talloc_init("smb_krb5_open_keytab");
- if (!mem_ctx) {
- return ENOMEM;
- }
-
-#ifdef HAVE_WRFILE_KEYTAB
- if (write_access) {
- pragma = "WRFILE";
- }
-#endif
-
- if (keytab_name_req) {
-
- if (strlen(keytab_name_req) > MAX_KEYTAB_NAME_LEN) {
- ret = KRB5_CONFIG_NOTENUFSPACE;
- goto out;
- }
-
- if ((strncmp(keytab_name_req, "WRFILE:/", 8) == 0) ||
- (strncmp(keytab_name_req, "FILE:/", 6) == 0)) {
- tmp = keytab_name_req;
- goto resolve;
- }
-
- if (keytab_name_req[0] != '/') {
- ret = KRB5_KT_BADNAME;
- goto out;
- }
-
- tmp = talloc_asprintf(mem_ctx, "%s:%s", pragma, keytab_name_req);
- if (!tmp) {
- ret = ENOMEM;
- goto out;
- }
-
- goto resolve;
- }
-
- /* we need to handle more complex keytab_strings, like:
- * "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab" */
-
- ret = krb5_kt_default_name(context, &keytab_string[0], MAX_KEYTAB_NAME_LEN - 2);
- if (ret) {
- goto out;
- }
-
- DEBUG(10,("smb_krb5_open_keytab: krb5_kt_default_name returned %s\n", keytab_string));
-
- tmp = talloc_strdup(mem_ctx, keytab_string);
- if (!tmp) {
- ret = ENOMEM;
- goto out;
- }
-
- if (strncmp(tmp, "ANY:", 4) == 0) {
- tmp += 4;
- }
-
- memset(&keytab_string, '\0', sizeof(keytab_string));
-
- while (next_token(&tmp, keytab_string, ",", sizeof(keytab_string))) {
-
- if (strncmp(keytab_string, "WRFILE:", 7) == 0) {
- found_valid_name = True;
- tmp = keytab_string;
- tmp += 7;
- }
-
- if (strncmp(keytab_string, "FILE:", 5) == 0) {
- found_valid_name = True;
- tmp = keytab_string;
- tmp += 5;
- }
-
- if (found_valid_name) {
-
- if (tmp[0] != '/') {
- ret = KRB5_KT_BADNAME;
- goto out;
- }
-
- tmp = talloc_asprintf(mem_ctx, "%s:%s", pragma, tmp);
- if (!tmp) {
- ret = ENOMEM;
- goto out;
- }
- break;
- }
- }
-
- if (!found_valid_name) {
- ret = KRB5_KT_UNKNOWN_TYPE;
- goto out;
- }
-
- resolve:
- DEBUG(10,("smb_krb5_open_keytab: resolving: %s\n", tmp));
- ret = krb5_kt_resolve(context, tmp, keytab);
-
- out:
- TALLOC_FREE(mem_ctx);
- return ret;
-}
-
/**********************************************************************
**********************************************************************/