diff options
Diffstat (limited to 'source3/libads')
-rw-r--r-- | source3/libads/kerberos_keytab.c | 138 |
1 files changed, 1 insertions, 137 deletions
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index a1038e1f2d2..d86b902ad52 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -5,7 +5,7 @@ Copyright (C) Remus Koos 2001 Copyright (C) Luke Howard 2003 Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - Copyright (C) Guenther Deschner 2003,2007 + Copyright (C) Guenther Deschner 2003 Copyright (C) Rakesh Patel 2004 Copyright (C) Dan Perry 2004 Copyright (C) Jeremy Allison 2004 @@ -30,142 +30,6 @@ #ifdef HAVE_KRB5 -/* This MAX_NAME_LEN is a constant defined in krb5.h */ -#ifndef MAX_KEYTAB_NAME_LEN -#define MAX_KEYTAB_NAME_LEN 1100 -#endif - -/********************************************************************** - * Open a krb5 keytab with flags, handles readonly or readwrite access and - * allows to process non-default keytab names. - * @param context krb5_context - * @param keytab_name_req string - * @param write_access BOOL if writable keytab is required - * @param krb5_keytab pointer to krb5_keytab (close with krb5_kt_close()) - * @return krb5_error_code -**********************************************************************/ - - krb5_error_code smb_krb5_open_keytab(krb5_context context, - const char *keytab_name_req, - BOOL write_access, - krb5_keytab *keytab) -{ - krb5_error_code ret = 0; - TALLOC_CTX *mem_ctx; - char keytab_string[MAX_KEYTAB_NAME_LEN]; - BOOL found_valid_name = False; - const char *pragma = "FILE"; - const char *tmp = NULL; - - if (!write_access && !keytab_name_req) { - /* caller just wants to read the default keytab readonly, so be it */ - return krb5_kt_default(context, keytab); - } - - mem_ctx = talloc_init("smb_krb5_open_keytab"); - if (!mem_ctx) { - return ENOMEM; - } - -#ifdef HAVE_WRFILE_KEYTAB - if (write_access) { - pragma = "WRFILE"; - } -#endif - - if (keytab_name_req) { - - if (strlen(keytab_name_req) > MAX_KEYTAB_NAME_LEN) { - ret = KRB5_CONFIG_NOTENUFSPACE; - goto out; - } - - if ((strncmp(keytab_name_req, "WRFILE:/", 8) == 0) || - (strncmp(keytab_name_req, "FILE:/", 6) == 0)) { - tmp = keytab_name_req; - goto resolve; - } - - if (keytab_name_req[0] != '/') { - ret = KRB5_KT_BADNAME; - goto out; - } - - tmp = talloc_asprintf(mem_ctx, "%s:%s", pragma, keytab_name_req); - if (!tmp) { - ret = ENOMEM; - goto out; - } - - goto resolve; - } - - /* we need to handle more complex keytab_strings, like: - * "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab" */ - - ret = krb5_kt_default_name(context, &keytab_string[0], MAX_KEYTAB_NAME_LEN - 2); - if (ret) { - goto out; - } - - DEBUG(10,("smb_krb5_open_keytab: krb5_kt_default_name returned %s\n", keytab_string)); - - tmp = talloc_strdup(mem_ctx, keytab_string); - if (!tmp) { - ret = ENOMEM; - goto out; - } - - if (strncmp(tmp, "ANY:", 4) == 0) { - tmp += 4; - } - - memset(&keytab_string, '\0', sizeof(keytab_string)); - - while (next_token(&tmp, keytab_string, ",", sizeof(keytab_string))) { - - if (strncmp(keytab_string, "WRFILE:", 7) == 0) { - found_valid_name = True; - tmp = keytab_string; - tmp += 7; - } - - if (strncmp(keytab_string, "FILE:", 5) == 0) { - found_valid_name = True; - tmp = keytab_string; - tmp += 5; - } - - if (found_valid_name) { - - if (tmp[0] != '/') { - ret = KRB5_KT_BADNAME; - goto out; - } - - tmp = talloc_asprintf(mem_ctx, "%s:%s", pragma, tmp); - if (!tmp) { - ret = ENOMEM; - goto out; - } - break; - } - } - - if (!found_valid_name) { - ret = KRB5_KT_UNKNOWN_TYPE; - goto out; - } - - resolve: - DEBUG(10,("smb_krb5_open_keytab: resolving: %s\n", tmp)); - ret = krb5_kt_resolve(context, tmp, keytab); - - out: - TALLOC_FREE(mem_ctx); - return ret; -} - /********************************************************************** **********************************************************************/ |