From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 19 May 2017 14:28:42 +0000 (+0200)
Subject: s3:gse_krb5: simplify fill_keytab_from_password() by using kerberos_fetch_salt_princ()
X-Git-Tag: samba-4.5.13~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0aa6bfdec2334beaf17a3c818f183015f9141f1f;p=thirdparty%2Fsamba.git

s3:gse_krb5: simplify fill_keytab_from_password() by using kerberos_fetch_salt_princ()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1d1cf9792f9227e65857c85ff66a961331e3c16e)
---

diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
index 16679161d18..c5317aa5a7d 100644
--- a/source3/librpc/crypto/gse_krb5.c
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -122,6 +122,8 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
 	krb5_enctype *enctypes;
 	krb5_keytab_entry kt_entry;
 	unsigned int i;
+	krb5_principal salt_princ = NULL;
+	char *salt_princ_s = NULL;
 
 	ret = get_kerberos_allowed_etypes(krbctx, &enctypes);
 	if (ret) {
@@ -130,11 +132,19 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
 		return ret;
 	}
 
+	salt_princ_s = kerberos_secrets_fetch_salt_princ();
+	if (salt_princ_s == NULL) {
+		ret = ENOMEM;
+		goto out;
+	}
+	ret = krb5_parse_name(krbctx, salt_princ_s, &salt_princ);
+	SAFE_FREE(salt_princ_s);
+	if (ret != 0) {
+		goto out;
+	}
+
 	for (i = 0; enctypes[i]; i++) {
 		krb5_keyblock *key = NULL;
-		krb5_principal salt_princ = NULL;
-		char *salt_princ_s;
-		char *princ_s;
 		int rc;
 
 		if (!(key = SMB_MALLOC_P(krb5_keyblock))) {
@@ -142,28 +152,6 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
 			goto out;
 		}
 
-		ret = krb5_unparse_name(krbctx, princ, &princ_s);
-		if (ret != 0) {
-			SAFE_FREE(key);
-			continue;
-		}
-
-		salt_princ_s = kerberos_fetch_salt_princ_for_host_princ(krbctx,
-									princ_s,
-									enctypes[i]);
-		SAFE_FREE(princ_s);
-		if (salt_princ_s == NULL) {
-			SAFE_FREE(key);
-			continue;
-		}
-
-		ret = krb5_parse_name(krbctx, salt_princ_s, &salt_princ);
-		SAFE_FREE(salt_princ_s);
-		if (ret != 0) {
-			SAFE_FREE(key);
-			continue;
-		}
-
 		rc = create_kerberos_key_from_string(krbctx,
 						     princ,
 						     salt_princ,
@@ -171,7 +159,6 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
 						     key,
 						     enctypes[i],
 						     false);
-		krb5_free_principal(krbctx, salt_princ);
 		if (rc != 0) {
 			DEBUG(10, ("Failed to create key for enctype %d "
 				   "(error: %s)\n",
@@ -199,6 +186,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
 	ret = 0;
 
 out:
+	krb5_free_principal(krbctx, salt_princ);
 	SAFE_FREE(enctypes);
 	return ret;
 }