[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-3048-g6194244
Günther Deschner
gd at samba.org
Mon Jun 30 10:39:14 GMT 2008
The branch, v3-3-test has been updated
via 6194244bd9fcc1fb736f3d91433f107270cac1c9 (commit)
via 48600a0019d70d22574cf08e8fe19d44cc332a0f (commit)
from 9fe09398b79ae7c5e78182112a8cd2c9b5f99ad3 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 6194244bd9fcc1fb736f3d91433f107270cac1c9
Author: Günther Deschner <gd at samba.org>
Date: Mon Jun 30 10:32:15 2008 +0200
kerberos: allow to keep entries with old kvno's while creating keytab.
Guenther
commit 48600a0019d70d22574cf08e8fe19d44cc332a0f
Author: Günther Deschner <gd at samba.org>
Date: Mon Jun 30 10:29:15 2008 +0200
kerberos: rename smb_krb5_kt_add_entry to smb_krb5_kt_add_entry_ext.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/include/includes.h | 16 +++++----
source/libads/kerberos_keytab.c | 68 ++++++++++++++++++++++++---------------
source/libnet/libnet_keytab.c | 15 ++++----
3 files changed, 59 insertions(+), 40 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/includes.h b/source/include/includes.h
index d3e8b33..aa99dc0 100644
--- a/source/include/includes.h
+++ b/source/include/includes.h
@@ -1225,13 +1225,15 @@ krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx,
krb5_context context,
krb5_keytab keytab,
const char **keytab_name);
-int smb_krb5_kt_add_entry(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- krb5_enctype *enctypes,
- krb5_data password,
- bool no_salt);
+int smb_krb5_kt_add_entry_ext(krb5_context context,
+ krb5_keytab keytab,
+ krb5_kvno kvno,
+ const char *princ_s,
+ krb5_enctype *enctypes,
+ krb5_data password,
+ bool no_salt,
+ bool keep_old_entries);
+
#endif /* HAVE_KRB5 */
diff --git a/source/libads/kerberos_keytab.c b/source/libads/kerberos_keytab.c
index c8ffd73..b905cb4 100644
--- a/source/libads/kerberos_keytab.c
+++ b/source/libads/kerberos_keytab.c
@@ -32,13 +32,14 @@
/**********************************************************************
**********************************************************************/
-int smb_krb5_kt_add_entry(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- krb5_enctype *enctypes,
- krb5_data password,
- bool no_salt)
+int smb_krb5_kt_add_entry_ext(krb5_context context,
+ krb5_keytab keytab,
+ krb5_kvno kvno,
+ const char *princ_s,
+ krb5_enctype *enctypes,
+ krb5_data password,
+ bool no_salt,
+ bool keep_old_entries)
{
krb5_error_code ret = 0;
krb5_kt_cursor cursor;
@@ -52,20 +53,20 @@ int smb_krb5_kt_add_entry(krb5_context context,
ret = smb_krb5_parse_name(context, princ_s, &princ);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry: smb_krb5_parse_name(%s) failed (%s)\n", princ_s, error_message(ret)));
+ DEBUG(1,("smb_krb5_kt_add_entry_ext: smb_krb5_parse_name(%s) failed (%s)\n", princ_s, error_message(ret)));
goto out;
}
/* Seek and delete old keytab entries */
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if (ret != KRB5_KT_END && ret != ENOENT ) {
- DEBUG(3,("smb_krb5_kt_add_entry: Will try to delete old keytab entries\n"));
+ DEBUG(3,("smb_krb5_kt_add_entry_ext: Will try to delete old keytab entries\n"));
while(!krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) {
bool compare_name_ok = False;
ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry: smb_krb5_unparse_name failed (%s)\n",
+ DEBUG(1,("smb_krb5_kt_add_entry_ext: smb_krb5_unparse_name failed (%s)\n",
error_message(ret)));
goto out;
}
@@ -86,7 +87,7 @@ int smb_krb5_kt_add_entry(krb5_context context,
#endif
if (!compare_name_ok) {
- DEBUG(10,("smb_krb5_kt_add_entry: ignoring keytab entry principal %s, kvno = %d\n",
+ DEBUG(10,("smb_krb5_kt_add_entry_ext: ignoring keytab entry principal %s, kvno = %d\n",
ktprinc, kt_entry.vno));
}
@@ -94,39 +95,38 @@ int smb_krb5_kt_add_entry(krb5_context context,
if (compare_name_ok) {
if (kt_entry.vno == kvno - 1) {
- DEBUG(5,("smb_krb5_kt_add_entry: Saving previous (kvno %d) entry for principal: %s.\n",
+ DEBUG(5,("smb_krb5_kt_add_entry_ext: Saving previous (kvno %d) entry for principal: %s.\n",
kvno - 1, princ_s));
- } else {
-
- DEBUG(5,("smb_krb5_kt_add_entry: Found old entry for principal: %s (kvno %d) - trying to remove it.\n",
+ } else if (!keep_old_entries) {
+ DEBUG(5,("smb_krb5_kt_add_entry_ext: Found old entry for principal: %s (kvno %d) - trying to remove it.\n",
princ_s, kt_entry.vno));
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
ZERO_STRUCT(cursor);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry: krb5_kt_end_seq_get() failed (%s)\n",
+ DEBUG(1,("smb_krb5_kt_add_entry_ext: krb5_kt_end_seq_get() failed (%s)\n",
error_message(ret)));
goto out;
}
ret = krb5_kt_remove_entry(context, keytab, &kt_entry);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry: krb5_kt_remove_entry failed (%s)\n",
+ DEBUG(1,("smb_krb5_kt_add_entry_ext: krb5_kt_remove_entry failed (%s)\n",
error_message(ret)));
goto out;
}
- DEBUG(5,("smb_krb5_kt_add_entry: removed old entry for principal: %s (kvno %d).\n",
+ DEBUG(5,("smb_krb5_kt_add_entry_ext: removed old entry for principal: %s (kvno %d).\n",
princ_s, kt_entry.vno));
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry: krb5_kt_start_seq failed (%s)\n",
+ DEBUG(1,("smb_krb5_kt_add_entry_ext: krb5_kt_start_seq failed (%s)\n",
error_message(ret)));
goto out;
}
ret = smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry: krb5_kt_remove_entry failed (%s)\n",
+ DEBUG(1,("smb_krb5_kt_add_entry_ext: krb5_kt_remove_entry failed (%s)\n",
error_message(ret)));
goto out;
}
@@ -138,7 +138,7 @@ int smb_krb5_kt_add_entry(krb5_context context,
ret = smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry: smb_krb5_kt_free_entry failed (%s)\n", error_message(ret)));
+ DEBUG(1,("smb_krb5_kt_add_entry_ext: smb_krb5_kt_free_entry failed (%s)\n", error_message(ret)));
goto out;
}
}
@@ -146,7 +146,7 @@ int smb_krb5_kt_add_entry(krb5_context context,
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
ZERO_STRUCT(cursor);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry: krb5_kt_end_seq_get failed (%s)\n",error_message(ret)));
+ DEBUG(1,("smb_krb5_kt_add_entry_ext: krb5_kt_end_seq_get failed (%s)\n",error_message(ret)));
goto out;
}
}
@@ -177,13 +177,13 @@ int smb_krb5_kt_add_entry(krb5_context context,
kt_entry.principal = princ;
kt_entry.vno = kvno;
- DEBUG(3,("smb_krb5_kt_add_entry: adding keytab entry for (%s) with encryption type (%d) and version (%d)\n",
+ DEBUG(3,("smb_krb5_kt_add_entry_ext: adding keytab entry for (%s) with encryption type (%d) and version (%d)\n",
princ_s, enctypes[i], kt_entry.vno));
ret = krb5_kt_add_entry(context, keytab, &kt_entry);
krb5_free_keyblock_contents(context, keyp);
ZERO_STRUCT(kt_entry);
if (ret) {
- DEBUG(1,("smb_krb5_kt_add_entry: adding entry to keytab failed (%s)\n", error_message(ret)));
+ DEBUG(1,("smb_krb5_kt_add_entry_ext: adding entry to keytab failed (%s)\n", error_message(ret)));
goto out;
}
}
@@ -212,6 +212,22 @@ out:
return (int)ret;
}
+int smb_krb5_kt_add_entry(krb5_context context,
+ krb5_keytab keytab,
+ krb5_kvno kvno,
+ const char *princ_s,
+ krb5_enctype *enctypes,
+ krb5_data password)
+{
+ return smb_krb5_kt_add_entry_ext(context,
+ keytab,
+ kvno,
+ princ_s,
+ enctypes,
+ password,
+ false,
+ false);
+}
/**********************************************************************
Adds a single service principal, i.e. 'host' to the system keytab
@@ -325,7 +341,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
/* add the fqdn principal to the keytab */
- ret = smb_krb5_kt_add_entry( context, keytab, kvno, princ_s, enctypes, password, false );
+ ret = smb_krb5_kt_add_entry( context, keytab, kvno, princ_s, enctypes, password );
if ( ret ) {
DEBUG(1,("ads_keytab_add_entry: Failed to add entry to keytab file\n"));
goto out;
@@ -334,7 +350,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
/* add the short principal name if we have one */
if ( short_princ_s ) {
- ret = smb_krb5_kt_add_entry( context, keytab, kvno, short_princ_s, enctypes, password, false );
+ ret = smb_krb5_kt_add_entry( context, keytab, kvno, short_princ_s, enctypes, password );
if ( ret ) {
DEBUG(1,("ads_keytab_add_entry: Failed to add short entry to keytab file\n"));
goto out;
diff --git a/source/libnet/libnet_keytab.c b/source/libnet/libnet_keytab.c
index 90595e7..02c2b6f 100644
--- a/source/libnet/libnet_keytab.c
+++ b/source/libnet/libnet_keytab.c
@@ -120,13 +120,14 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx)
password.data = (char *)entry->password.data;
password.length = entry->password.length;
- ret = smb_krb5_kt_add_entry(ctx->context,
- ctx->keytab,
- entry->kvno,
- entry->principal,
- enctypes,
- password,
- true);
+ ret = smb_krb5_kt_add_entry_ext(ctx->context,
+ ctx->keytab,
+ entry->kvno,
+ entry->principal,
+ enctypes,
+ password,
+ true,
+ true);
if (ret) {
DEBUG(1,("libnet_keytab_add: "
"Failed to add entry to keytab file\n"));
--
Samba Shared Repository
More information about the samba-cvs
mailing list