svn commit: samba r13012 - in branches/SAMBA_3_0/source/libsmb: .

[jra at samba.org]

Author: jra
Date: 2006-01-18 19:25:18 +0000 (Wed, 18 Jan 2006)
New Revision: 13012

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13012

Log:
Fix #3421 - it turns out krb5_kt_get_entry() on MIT
does an implicit open/read/close and blows away an
open keytab handle - so make sure we use a new
handle.
Wonderful analysis from Luke <ldeller at xplantechnology.com>
helped fix this.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/libsmb/clikrb5.c


Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/clikrb5.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/clikrb5.c	2006-01-18 19:25:16 UTC (rev 13011)
+++ branches/SAMBA_3_0/source/libsmb/clikrb5.c	2006-01-18 19:25:18 UTC (rev 13012)
@@ -767,7 +767,6 @@
 
 static krb5_error_code
 get_key_from_keytab(krb5_context context,
-		    krb5_keytab keytab,
 		    krb5_const_principal server,
 		    krb5_enctype enctype,
 		    krb5_kvno kvno,
@@ -775,13 +774,18 @@
 {
 	krb5_keytab_entry entry;
 	krb5_error_code ret;
-	krb5_keytab real_keytab;
+	krb5_keytab keytab;
 	char *name = NULL;
 
-	if (keytab == NULL) {
-		krb5_kt_default(context, &real_keytab);
-	} else {
-		real_keytab = keytab;
+	/* We have to open a new keytab handle here, as MIT does
+	   an implicit open/getnext/close on krb5_kt_get_entry. We
+	   may be in the middle of a keytab enumeration when this is
+	   called. JRA. */
+
+	ret = krb5_kt_default(context, &keytab);
+	if (ret) {
+		DEBUG(0,("get_key_from_keytab: failed to open keytab: %s\n", error_message(ret)));
+		return ret;
 	}
 
 	if ( DEBUGLEVEL >= 10 ) {
@@ -792,7 +796,7 @@
 	}
 
 	ret = krb5_kt_get_entry(context,
-				real_keytab,
+				keytab,
 				server,
 				kvno,
 				enctype,
@@ -819,10 +823,7 @@
 	smb_krb5_kt_free_entry(context, &entry);
 	
 out:    
-	if (keytab == NULL) {
-		krb5_kt_close(context, real_keytab);
-	}
-		
+	krb5_kt_close(context, keytab);
 	return ret;
 }
 
@@ -913,7 +914,6 @@
 	}
 
 	ret = get_key_from_keytab(context, 
-				  keytab,
 				  server,
 				  enctype,
 				  kvno,