[Samba] samba-3.2.8 - KRB5_KT_UNKNOWN_TYPE;

Glenn Machin gmachin at sandia.gov
Mon Feb 16 15:33:47 GMT 2009


When "use kerberos keytab = yes" in smb.conf is set with samba-3.2.8 and 
the environment variable KRB5_KTNAME is not set with the value using 
prefix "FILE:" or the default_keytab in /etc/krb5.conf is set without 
the prefix i.e.
    default_keytab_name = /etc/v5srvtab

then the function smb_krb5_open_keytab() returns KRB5_KT_UNKNOWN_TYPE.

If smb_krb5_open_keytab with a filename "/etc/v5srvtab" it would work 
fine, however if the "default" keytab is used the expectation is that it 
must have a prefix "FILE:" or "WRFILE:". 

Is this the correct logic?   It appears that the loop
while (next_token_talloc(mem_ctx, &tmp, &kt_str, ",")) {

Should have the test

    if (tmp[0] == '/')
       found_valid_name = True;



Glenn







kerberos_keytab.c
ads_keytab_add_entry()
ret = smb_krb5_open_keytab(context, NULL, True, &keytab);
        if (ret) {
                DEBUG(1,("ads_keytab_add_entry: smb_krb5_open_keytab 
failed (%s)\n", error_message(ret)));
                goto out;
        }



libsmb/clikrb5.c
smb_krb5_open_keytab(krb5_context context,
                                      const char *keytab_name_req,
                                      bool write_access,
                                      krb5_keytab *keytab)
)
    
       /* we need to handle more complex keytab_strings, like:
         * "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab" */

        ret = krb5_kt_default_name(context, &keytab_string[0], 
MAX_KEYTAB_NAME_LEN - 2);
        if (ret) {
                goto out;
        }

        DEBUG(10,("smb_krb5_open_keytab: krb5_kt_default_name returned 
%s\n", keytab_string));

        tmp = talloc_strdup(mem_ctx, keytab_string);
        if (!tmp) {
                ret = ENOMEM;
                goto out;
        }

        if (strncmp(tmp, "ANY:", 4) == 0) {
                tmp += 4;
        }

        memset(&keytab_string, '\0', sizeof(keytab_string));

        while (next_token_talloc(mem_ctx, &tmp, &kt_str, ",")) {
                if (strncmp(kt_str, "WRFILE:", 7) == 0) {
                        found_valid_name = True;
                        tmp = kt_str;
                        tmp += 7;
                }

                if (strncmp(kt_str, "FILE:", 5) == 0) {
                        found_valid_name = True;
                        tmp = kt_str;
                        tmp += 5;
                }

                if (found_valid_name) {
                        if (tmp[0] != '/') {
                                ret = KRB5_KT_BADNAME;
                                goto out;
                       }

                        tmp = talloc_asprintf(mem_ctx, "%s:%s", pragma, 
tmp);
                        if (!tmp) {
                                ret = ENOMEM;
                                goto out;
                        }
                        break;
                }
        }

        if (!found_valid_name) {
                ret = KRB5_KT_UNKNOWN_TYPE;
                goto out;
        }

                                           



More information about the samba mailing list