#ifdef HAVE_KRB5
-#ifdef HAVE_ADS
-
/* This MAX_NAME_LEN is a constant defined in krb5.h */
#ifndef MAX_KEYTAB_NAME_LEN
#define MAX_KEYTAB_NAME_LEN 1100
#endif
+#ifdef HAVE_ADS
+
enum spn_spec_type {
SPN_SPEC_ACCOUNT_NAME,
SPN_SPEC_SYNC_ACCOUNT_NAME,
TALLOC_FREE(frame);
return NT_STATUS_OK;
}
-
-static krb5_error_code ads_keytab_open(krb5_context context,
- krb5_keytab *keytab)
-{
- char keytab_str[MAX_KEYTAB_NAME_LEN] = {0};
- const char *keytab_name = NULL;
- krb5_error_code ret = 0;
-
- switch (lp_kerberos_method()) {
- case KERBEROS_VERIFY_SYSTEM_KEYTAB:
- case KERBEROS_VERIFY_SECRETS_AND_KEYTAB:
- ret = krb5_kt_default_name(context,
- keytab_str,
- sizeof(keytab_str) - 2);
- if (ret != 0) {
- DBG_WARNING("Failed to get default keytab name\n");
- goto out;
- }
- keytab_name = keytab_str;
- break;
- case KERBEROS_VERIFY_DEDICATED_KEYTAB:
- keytab_name = lp_dedicated_keytab_file();
- break;
- default:
- DBG_ERR("Invalid kerberos method set (%d)\n",
- lp_kerberos_method());
- ret = KRB5_KT_BADNAME;
- goto out;
- }
-
- if (keytab_name == NULL || keytab_name[0] == '\0') {
- DBG_ERR("Invalid keytab name\n");
- ret = KRB5_KT_BADNAME;
- goto out;
- }
-
- ret = smb_krb5_kt_open(context, keytab_name, true, keytab);
- if (ret != 0) {
- DBG_WARNING("smb_krb5_kt_open failed (%s)\n",
- error_message(ret));
- goto out;
- }
-
-out:
- return ret;
-}
#endif /* HAVE_ADS */
/**********************************************************************
krb5_keytab keytab = NULL;
krb5_kt_cursor cursor;
krb5_keytab_entry kt_entry;
+ char default_keytab[MAX_KEYTAB_NAME_LEN] = {0};
ZERO_STRUCT(kt_entry);
ZERO_STRUCT(cursor);
}
if (keytab_name == NULL) {
-#ifdef HAVE_ADS
- ret = ads_keytab_open(context, &keytab);
-#else
- ret = ENOENT;
-#endif
- } else {
- ret = smb_krb5_kt_open(context, keytab_name, False, &keytab);
+ /*
+ * If you don't specify a keytab, assume we want the default
+ * keytab.
+ */
+ ret = krb5_kt_default_name(context,
+ default_keytab,
+ sizeof(default_keytab) - 2);
+ if (ret != 0) {
+ DBG_WARNING("Failed to get default keytab name\n");
+ goto out;
+ }
+
+ keytab_name = default_keytab;
}
+
+ ret = smb_krb5_kt_open(context, keytab_name, false, &keytab);
if (ret) {
DEBUG(1, ("smb_krb5_kt_open failed (%s)\n",
error_message(ret)));
fi
if [ -f $dedicated_keytab_file ]; then
- testit "keytab list (dedicated keytab)" $VALGRIND $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=$(expr $failed + 1)
testit "keytab list keytab specified on cmdline" $VALGRIND $net_tool ads keytab list $dedicated_keytab_file || failed=$(expr $failed + 1)
fi
testit "dns alias create_keytab" $VALGRIND $net_tool ads keytab create --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=$(expr $failed + 1)
-testit_grep "dns alias1 check keytab" "HOST/${dns_alias1}@$REALM" $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=$(expr $failed + 1)
-testit_grep "dns alias2 check keytab" "HOST/${dns_alias2}@$REALM" $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=$(expr $failed + 1)
+testit_grep "dns alias1 check keytab" \
+ "HOST/${dns_alias1}@$REALM" \
+ $net_tool ads keytab list "${dedicated_keytab_file}" || \
+ failed=$(expr $failed + 1)
+testit_grep "dns alias2 check keytab" \
+ "HOST/${dns_alias2}@$REALM" \
+ $net_tool ads keytab list "${dedicated_keytab_file}" || \
+ failed=$(expr $failed + 1)
rm -f $dedicated_keytab_file
projects / thirdparty / samba.git / commitdiff
