svn commit: samba r22857 - in branches/SAMBA_3_0_26/source: .
include libads libsmb utils
gd at samba.org
gd at samba.org
Mon May 14 16:04:24 GMT 2007
Author: gd
Date: 2007-05-14 16:04:24 +0000 (Mon, 14 May 2007)
New Revision: 22857
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22857
Log:
merge "net ads keytab list" from 3_0.
Guenther
Modified:
branches/SAMBA_3_0_26/source/configure.in
branches/SAMBA_3_0_26/source/include/includes.h
branches/SAMBA_3_0_26/source/libads/kerberos_keytab.c
branches/SAMBA_3_0_26/source/libsmb/clikrb5.c
branches/SAMBA_3_0_26/source/utils/net_ads.c
Changeset:
Modified: branches/SAMBA_3_0_26/source/configure.in
===================================================================
--- branches/SAMBA_3_0_26/source/configure.in 2007-05-14 15:12:14 UTC (rev 22856)
+++ branches/SAMBA_3_0_26/source/configure.in 2007-05-14 16:04:24 UTC (rev 22857)
@@ -3539,6 +3539,7 @@
AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_alloc, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_free, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_get_error, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_enctype_to_string, $KRB5_LIBS)
LIBS="$KRB5_LIBS $LIBS"
@@ -3915,7 +3916,46 @@
[whether krb5_mk_error takes 3 arguments MIT or 9 Heimdal])
fi
+ if test x"$ac_cv_func_ext_krb5_enctype_to_string" = x"yes"; then
+ AC_CACHE_CHECK([for krb5_error_code krb5_enctype_to_string(krb5_context context, krb5_enctype enctype, char **str)],
+ smb_krb5_enctype_to_string_takes_krb5_context_arg,[
+ AC_TRY_RUN_STRICT([
+ #include <krb5.h>
+ int main(void) {
+ krb5_context context;
+ char *str = NULL;
+ krb5_enctype_to_string(context, 1, &str);
+ if (str) free (str);
+ return 0;
+ }
+ ],[$Werror_FLAGS],[$CPPFLAGS],[$LDFLAGS],
+ smb_krb5_enctype_to_string_takes_krb5_context_arg=yes,
+ smb_krb5_enctype_to_string_takes_krb5_context_arg=no)])
+ if test x"$smb_krb5_enctype_to_string_takes_krb5_context_arg" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG,1,
+ [whether krb5_enctype_to_string takes krb5_context argument])
+ fi
+
+ AC_CACHE_CHECK([for krb5_error_code krb5_enctype_to_string(krb5_enctype enctype, char *str, size_t len)],
+ smb_krb5_enctype_to_string_takes_size_t_arg,[
+ AC_TRY_RUN_STRICT([
+ #include <krb5.h>
+ int main(void) {
+ char buf[256];
+ krb5_enctype_to_string(1, buf, 256);
+ return 0;
+ }
+ ],[$Werror_FLAGS],[$CPPFLAGS],[$LDFLAGS],
+ smb_krb5_enctype_to_string_takes_size_t_arg=yes,
+ smb_krb5_enctype_to_string_takes_size_t_arg=no)])
+
+ if test x"$smb_krb5_enctype_to_string_takes_size_t_arg" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG,1,
+ [whether krb5_enctype_to_string takes size_t argument])
+ fi
+ fi
+
#
#
# Now the decisions whether we can support krb5
Modified: branches/SAMBA_3_0_26/source/include/includes.h
===================================================================
--- branches/SAMBA_3_0_26/source/include/includes.h 2007-05-14 15:12:14 UTC (rev 22856)
+++ branches/SAMBA_3_0_26/source/include/includes.h 2007-05-14 16:04:24 UTC (rev 22857)
@@ -1201,6 +1201,11 @@
krb5_error_code error_code,
const krb5_principal server,
krb5_data *reply);
+krb5_enctype smb_get_enctype_from_kt_entry(const krb5_keytab_entry *kt_entry);
+krb5_error_code smb_krb5_enctype_to_string(krb5_context context,
+ krb5_enctype enctype,
+ char **etype_s);
+
#endif /* HAVE_KRB5 */
Modified: branches/SAMBA_3_0_26/source/libads/kerberos_keytab.c
===================================================================
--- branches/SAMBA_3_0_26/source/libads/kerberos_keytab.c 2007-05-14 15:12:14 UTC (rev 22856)
+++ branches/SAMBA_3_0_26/source/libads/kerberos_keytab.c 2007-05-14 16:04:24 UTC (rev 22857)
@@ -691,4 +691,116 @@
}
return ret;
}
+
+/**********************************************************************
+ List system keytab.
+***********************************************************************/
+
+int ads_keytab_list(void)
+{
+ krb5_error_code ret = 0;
+ krb5_context context = NULL;
+ krb5_keytab keytab = NULL;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry kt_entry;
+ char keytab_name[MAX_KEYTAB_NAME_LEN];
+
+ ZERO_STRUCT(kt_entry);
+ ZERO_STRUCT(cursor);
+
+ initialize_krb5_error_table();
+ ret = krb5_init_context(&context);
+ if (ret) {
+ DEBUG(1,("ads_keytab_list: could not krb5_init_context: %s\n",error_message(ret)));
+ return ret;
+ }
+#if 0 /* HAVE_WRFILE_KEYTAB */
+ keytab_name[0] = 'W';
+ keytab_name[1] = 'R';
+ ret = krb5_kt_default_name(context, (char *) &keytab_name[2], MAX_KEYTAB_NAME_LEN - 4);
+#else
+ ret = krb5_kt_default_name(context, (char *) &keytab_name[0], MAX_KEYTAB_NAME_LEN - 2);
+#endif
+ if (ret) {
+ DEBUG(1,("ads_keytab_list: krb5_kt_default failed (%s)\n", error_message(ret)));
+ goto out;
+ }
+ DEBUG(3,("ads_keytab_list: Using default keytab: %s\n", (char *) &keytab_name));
+ ret = krb5_kt_resolve(context, (char *) &keytab_name, &keytab);
+ if (ret) {
+ DEBUG(1,("ads_keytab_list: krb5_kt_resolve failed (%s)\n", error_message(ret)));
+ goto out;
+ }
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if (ret) {
+ goto out;
+ }
+
+ printf("Vno Type Principal\n");
+
+ while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0) {
+
+ char *princ_s = NULL;
+ char *etype_s = NULL;
+ krb5_enctype enctype = 0;
+
+ ret = smb_krb5_unparse_name(context, kt_entry.principal, &princ_s);
+ if (ret) {
+ goto out;
+ }
+
+ enctype = smb_get_enctype_from_kt_entry(&kt_entry);
+
+ ret = smb_krb5_enctype_to_string(context, enctype, &etype_s);
+ if (ret) {
+ SAFE_FREE(princ_s);
+ goto out;
+ }
+
+ printf("%3d %s\t\t %s\n", kt_entry.vno, etype_s, princ_s);
+
+ SAFE_FREE(princ_s);
+ SAFE_FREE(etype_s);
+
+ ret = smb_krb5_kt_free_entry(context, &kt_entry);
+ if (ret) {
+ goto out;
+ }
+ }
+
+ ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+ if (ret) {
+ goto out;
+ }
+
+ /* Ensure we don't double free. */
+ ZERO_STRUCT(kt_entry);
+ ZERO_STRUCT(cursor);
+out:
+
+ {
+ krb5_keytab_entry zero_kt_entry;
+ ZERO_STRUCT(zero_kt_entry);
+ if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
+ smb_krb5_kt_free_entry(context, &kt_entry);
+ }
+ }
+ {
+ krb5_kt_cursor zero_csr;
+ ZERO_STRUCT(zero_csr);
+ if ((memcmp(&cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) && keytab) {
+ krb5_kt_end_seq_get(context, keytab, &cursor);
+ }
+ }
+
+ if (keytab) {
+ krb5_kt_close(context, keytab);
+ }
+ if (context) {
+ krb5_free_context(context);
+ }
+ return ret;
+}
+
#endif /* HAVE_KRB5 */
Modified: branches/SAMBA_3_0_26/source/libsmb/clikrb5.c
===================================================================
--- branches/SAMBA_3_0_26/source/libsmb/clikrb5.c 2007-05-14 15:12:14 UTC (rev 22856)
+++ branches/SAMBA_3_0_26/source/libsmb/clikrb5.c 2007-05-14 16:04:24 UTC (rev 22857)
@@ -28,11 +28,11 @@
#ifdef HAVE_KRB5
-#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE
-#define KRB5_KEY_TYPE(k) ((k)->keytype)
+#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
+#define KRB5_KEY_TYPE(k) ((k)->keytype)
#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
-#else
+#else /* MIT */
#define KRB5_KEY_TYPE(k) ((k)->enctype)
#define KRB5_KEY_LENGTH(k) ((k)->length)
#define KRB5_KEY_DATA(k) ((k)->contents)
@@ -1255,7 +1255,7 @@
krb5_free_creds(context, creds);
}
#else
-#error No suitable krb5 ticket renew function available
+#error NO_SUITABKE_KRB5_TICKET_RENEW_FUNCTION_AVAILABLE
#endif
@@ -1467,12 +1467,12 @@
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE
#ifdef KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT
- /* Modern MIT version */
+ /* Modern MIT or Heimdal version */
krb5_get_init_creds_opt_free(context, opt);
#else
/* Heimdal version */
krb5_get_init_creds_opt_free(opt);
-#endif
+#endif /* KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT */
#else /* HAVE_KRB5_GET_INIT_CREDS_OPT_FREE */
/* Historical MIT version */
@@ -1481,6 +1481,41 @@
#endif /* HAVE_KRB5_GET_INIT_CREDS_OPT_FREE */
}
+ krb5_enctype smb_get_enctype_from_kt_entry(const krb5_keytab_entry *kt_entry)
+{
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */
+ return kt_entry->key.enctype;
+#elif defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) /* Heimdal */
+ return kt_entry->keyblock.keytype;
+#else
+#error UNKNOWN_KRB5_KEYTAB_ENTRY_KEYBLOCK_FORMAT
+#endif
+}
+
+
+/* caller needs to free etype_s */
+ krb5_error_code smb_krb5_enctype_to_string(krb5_context context,
+ krb5_enctype enctype,
+ char **etype_s)
+{
+#ifdef HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG
+ return krb5_enctype_to_string(context, enctype, etype_s); /* Heimdal */
+#elif defined(HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG)
+ char buf[256];
+ krb5_error_code ret = krb5_enctype_to_string(enctype, buf, 256); /* MIT */
+ if (ret) {
+ return ret;
+ }
+ *etype_s = SMB_STRDUP(buf);
+ if (!*etype_s) {
+ return ENOMEM;
+ }
+ return ret;
+#else
+#error UNKNOWN_KRB5_ENCTYPE_TO_STRING_FUNCTION
+#endif
+}
+
krb5_error_code smb_krb5_mk_error(krb5_context context,
krb5_error_code error_code,
const krb5_principal server,
Modified: branches/SAMBA_3_0_26/source/utils/net_ads.c
===================================================================
--- branches/SAMBA_3_0_26/source/utils/net_ads.c 2007-05-14 15:12:14 UTC (rev 22856)
+++ branches/SAMBA_3_0_26/source/utils/net_ads.c 2007-05-14 16:04:24 UTC (rev 22857)
@@ -2424,10 +2424,11 @@
d_printf(
"net ads keytab <COMMAND>\n"\
"<COMMAND> can be either:\n"\
+" ADD Adds new service principal\n"\
" CREATE Creates a fresh keytab\n"\
-" ADD Adds new service principal\n"\
" FLUSH Flushes out all keytab entries\n"\
" HELP Prints this help message\n"\
+" LIST List the keytab\n"\
"The ADD command will take arguments, the other commands\n"\
"will not take any arguments. The arguments given to ADD\n"\
"should be a list of principals to add. For example, \n"\
@@ -2482,6 +2483,12 @@
return ret;
}
+static int net_ads_keytab_list(int argc, const char **argv)
+{
+ return ads_keytab_list();
+}
+
+
int net_ads_keytab(int argc, const char **argv)
{
struct functable func[] = {
@@ -2489,6 +2496,7 @@
{"ADD", net_ads_keytab_add},
{"FLUSH", net_ads_keytab_flush},
{"HELP", net_ads_keytab_usage},
+ {"LIST", net_ads_keytab_list},
{NULL, NULL}
};
More information about the samba-cvs
mailing list