char *smb_krb5_principal_get_realm(krb5_context context,
krb5_principal principal);
+char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
+ const char *service,
+ const char *remote_name);
#endif /* HAVE_KRB5 */
return salt;
}
-/************************************************************************
- Routine to get the default realm from the kerberos credentials cache.
- Caller must free if the return value is not NULL.
-************************************************************************/
-
-char *kerberos_get_default_realm_from_ccache(TALLOC_CTX *mem_ctx)
-{
- char *realm = NULL;
- krb5_context ctx = NULL;
- krb5_ccache cc = NULL;
- krb5_principal princ = NULL;
-
- initialize_krb5_error_table();
- if (krb5_init_context(&ctx)) {
- return NULL;
- }
-
- DEBUG(5,("kerberos_get_default_realm_from_ccache: "
- "Trying to read krb5 cache: %s\n",
- krb5_cc_default_name(ctx)));
- if (krb5_cc_default(ctx, &cc)) {
- DEBUG(0,("kerberos_get_default_realm_from_ccache: "
- "failed to read default cache\n"));
- goto out;
- }
- if (krb5_cc_get_principal(ctx, cc, &princ)) {
- DEBUG(0,("kerberos_get_default_realm_from_ccache: "
- "failed to get default principal\n"));
- goto out;
- }
-
-#if defined(HAVE_KRB5_PRINCIPAL_GET_REALM)
- realm = talloc_strdup(mem_ctx, krb5_principal_get_realm(ctx, princ));
-#elif defined(HAVE_KRB5_PRINC_REALM)
- {
- krb5_data *realm_data = krb5_princ_realm(ctx, princ);
- realm = talloc_strndup(mem_ctx, realm_data->data, realm_data->length);
- }
-#endif
-
- out:
-
- if (ctx) {
- if (princ) {
- krb5_free_principal(ctx, princ);
- }
- if (cc) {
- krb5_cc_close(ctx, cc);
- }
- krb5_free_context(ctx);
- }
-
- return realm;
-}
-
-/************************************************************************
- Routine to get the realm from a given DNS name.
-************************************************************************/
-
-char *kerberos_get_realm_from_hostname(TALLOC_CTX *mem_ctx, const char *hostname)
-{
-#if defined(HAVE_KRB5_REALM_TYPE)
- /* Heimdal. */
- krb5_realm *realm_list = NULL;
-#else
- /* MIT */
- char **realm_list = NULL;
-#endif
- char *realm = NULL;
- krb5_error_code kerr;
- krb5_context ctx = NULL;
-
- initialize_krb5_error_table();
- if (krb5_init_context(&ctx)) {
- return NULL;
- }
-
- kerr = krb5_get_host_realm(ctx, hostname, &realm_list);
- if (kerr != 0) {
- DEBUG(3,("kerberos_get_realm_from_hostname %s: "
- "failed %s\n",
- hostname ? hostname : "(NULL)",
- error_message(kerr) ));
- goto out;
- }
-
- if (realm_list && realm_list[0]) {
- realm = talloc_strdup(mem_ctx, realm_list[0]);
- }
-
- out:
-
- if (ctx) {
- if (realm_list) {
- krb5_free_host_realm(ctx, realm_list);
- realm_list = NULL;
- }
- krb5_free_context(ctx);
- ctx = NULL;
- }
- return realm;
-}
-
-char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
- const char *service,
- const char *remote_name)
-{
- char *realm = NULL;
- char *host = NULL;
- char *principal;
- host = strchr_m(remote_name, '.');
- if (host) {
- /* DNS name. */
- realm = kerberos_get_realm_from_hostname(talloc_tos(), remote_name);
- } else {
- /* NetBIOS name - use our realm. */
- realm = kerberos_get_default_realm_from_ccache(talloc_tos());
- }
-
- if (realm == NULL || *realm == '\0') {
- realm = talloc_strdup(talloc_tos(), lp_realm());
- if (!realm) {
- return NULL;
- }
- DEBUG(3,("kerberos_get_principal_from_service_hostname: "
- "cannot get realm from, "
- "desthost %s or default ccache. Using default "
- "smb.conf realm %s\n",
- remote_name,
- realm));
- }
-
- principal = talloc_asprintf(mem_ctx,
- "%s/%s@%s",
- service, remote_name,
- realm);
- TALLOC_FREE(realm);
- return principal;
-}
-
/************************************************************************
Routine to get the salting principal for this service. This is
maintained for backwards compatibilty with releases prior to 3.0.24.
char* kerberos_secrets_fetch_des_salt( void );
char *kerberos_get_default_realm_from_ccache(TALLOC_CTX *mem_ctx);
char *kerberos_get_realm_from_hostname(TALLOC_CTX *mem_ctx, const char *hostname);
-char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
- const char *service,
- const char *remote_name);
bool kerberos_secrets_store_salting_principal(const char *service,
int enctype,
#endif
}
+/************************************************************************
+ Routine to get the default realm from the kerberos credentials cache.
+ Caller must free if the return value is not NULL.
+************************************************************************/
+
+static char *smb_krb5_get_default_realm_from_ccache(TALLOC_CTX *mem_ctx)
+{
+ char *realm = NULL;
+ krb5_context ctx = NULL;
+ krb5_ccache cc = NULL;
+ krb5_principal princ = NULL;
+
+ initialize_krb5_error_table();
+ if (krb5_init_context(&ctx)) {
+ return NULL;
+ }
+
+ DEBUG(5,("kerberos_get_default_realm_from_ccache: "
+ "Trying to read krb5 cache: %s\n",
+ krb5_cc_default_name(ctx)));
+ if (krb5_cc_default(ctx, &cc)) {
+ DEBUG(0,("kerberos_get_default_realm_from_ccache: "
+ "failed to read default cache\n"));
+ goto out;
+ }
+ if (krb5_cc_get_principal(ctx, cc, &princ)) {
+ DEBUG(0,("kerberos_get_default_realm_from_ccache: "
+ "failed to get default principal\n"));
+ goto out;
+ }
+
+#if defined(HAVE_KRB5_PRINCIPAL_GET_REALM)
+ realm = talloc_strdup(mem_ctx, krb5_principal_get_realm(ctx, princ));
+#elif defined(HAVE_KRB5_PRINC_REALM)
+ {
+ krb5_data *realm_data = krb5_princ_realm(ctx, princ);
+ realm = talloc_strndup(mem_ctx, realm_data->data, realm_data->length);
+ }
+#endif
+
+ out:
+
+ if (ctx) {
+ if (princ) {
+ krb5_free_principal(ctx, princ);
+ }
+ if (cc) {
+ krb5_cc_close(ctx, cc);
+ }
+ krb5_free_context(ctx);
+ }
+
+ return realm;
+}
+
+/************************************************************************
+ Routine to get the realm from a given DNS name.
+************************************************************************/
+
+static char *smb_krb5_get_realm_from_hostname(TALLOC_CTX *mem_ctx,
+ const char *hostname)
+{
+#if defined(HAVE_KRB5_REALM_TYPE)
+ /* Heimdal. */
+ krb5_realm *realm_list = NULL;
+#else
+ /* MIT */
+ char **realm_list = NULL;
+#endif
+ char *realm = NULL;
+ krb5_error_code kerr;
+ krb5_context ctx = NULL;
+
+ initialize_krb5_error_table();
+ if (krb5_init_context(&ctx)) {
+ return NULL;
+ }
+
+ kerr = krb5_get_host_realm(ctx, hostname, &realm_list);
+ if (kerr != 0) {
+ DEBUG(3,("kerberos_get_realm_from_hostname %s: "
+ "failed %s\n",
+ hostname ? hostname : "(NULL)",
+ error_message(kerr) ));
+ goto out;
+ }
+
+ if (realm_list && realm_list[0]) {
+ realm = talloc_strdup(mem_ctx, realm_list[0]);
+ }
+
+ out:
+
+ if (ctx) {
+ if (realm_list) {
+ krb5_free_host_realm(ctx, realm_list);
+ realm_list = NULL;
+ }
+ krb5_free_context(ctx);
+ ctx = NULL;
+ }
+ return realm;
+}
+
+char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
+ const char *service,
+ const char *remote_name)
+{
+ char *realm = NULL;
+ char *host = NULL;
+ char *principal;
+ host = strchr_m(remote_name, '.');
+ if (host) {
+ /* DNS name. */
+ realm = smb_krb5_get_realm_from_hostname(talloc_tos(),
+ remote_name);
+ } else {
+ /* NetBIOS name - use our realm. */
+ realm = smb_krb5_get_default_realm_from_ccache(talloc_tos());
+ }
+
+ if (realm == NULL || *realm == '\0') {
+ realm = talloc_strdup(talloc_tos(), lp_realm());
+ if (!realm) {
+ return NULL;
+ }
+ DEBUG(3,("kerberos_get_principal_from_service_hostname: "
+ "cannot get realm from, "
+ "desthost %s or default ccache. Using default "
+ "smb.conf realm %s\n",
+ remote_name,
+ realm));
+ }
+
+ principal = talloc_asprintf(mem_ctx,
+ "%s/%s@%s",
+ service, remote_name,
+ realm);
+ TALLOC_FREE(realm);
+ return principal;
+}
+
#else /* HAVE_KRB5 */
/* this saves a few linking headaches */
int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,