*
* @param[in] password The password of the keytab entry.
*
- * @param[in] already_hashed The password is a key, not a password
- *
* @retval 0 on Success
*
* @return A corresponding KRB5 error code.
*
* @see smb_krb5_kt_open()
*/
-krb5_error_code smb_krb5_kt_add_entry(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- const char *salt_principal,
- krb5_enctype enctype,
- krb5_data *password,
- bool already_hashed)
+krb5_error_code smb_krb5_kt_add_password(krb5_context context,
+ krb5_keytab keytab,
+ krb5_kvno kvno,
+ const char *princ_s,
+ const char *salt_principal,
+ krb5_enctype enctype,
+ krb5_data *password)
{
krb5_error_code ret;
krb5_keytab_entry kt_entry;
krb5_principal princ = NULL;
krb5_keyblock *keyp;
+ krb5_principal salt_princ = NULL;
ZERO_STRUCT(kt_entry);
keyp = KRB5_KT_KEY(&kt_entry);
- if (already_hashed) {
- KRB5_KEY_DATA(keyp) = (KRB5_KEY_DATA_CAST *)SMB_MALLOC(password->length);
- if (KRB5_KEY_DATA(keyp) == NULL) {
- ret = ENOMEM;
- goto out;
- }
- memcpy(KRB5_KEY_DATA(keyp), password->data, password->length);
- KRB5_KEY_LENGTH(keyp) = password->length;
- KRB5_KEY_TYPE(keyp) = enctype;
- } else {
- krb5_principal salt_princ = NULL;
-
- /* Now add keytab entries for all encryption types */
- ret = smb_krb5_parse_name(context, salt_principal, &salt_princ);
- if (ret) {
- DBG_WARNING("krb5_parse_name(%s) failed (%s)\n",
- salt_principal, error_message(ret));
- goto out;
- }
+ /* Now add keytab entries for all encryption types */
+ ret = smb_krb5_parse_name(context, salt_principal, &salt_princ);
+ if (ret) {
+ DBG_WARNING("krb5_parse_name(%s) failed (%s)\n",
+ salt_principal, error_message(ret));
+ goto out;
+ }
- ret = smb_krb5_create_key_from_string(context,
- salt_princ,
- NULL,
- password,
- enctype,
- keyp);
- krb5_free_principal(context, salt_princ);
- if (ret != 0) {
- goto out;
- }
+ ret = smb_krb5_create_key_from_string(context,
+ salt_princ,
+ NULL,
+ password,
+ enctype,
+ keyp);
+ krb5_free_principal(context, salt_princ);
+ if (ret != 0) {
+ goto out;
}
kt_entry.principal = princ;
const char *princ_s,
krb5_principal princ,
bool flush);
-krb5_error_code smb_krb5_kt_add_entry(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- const char *salt_principal,
- krb5_enctype enctype,
- krb5_data *password,
- bool already_hashed);
+krb5_error_code smb_krb5_kt_add_password(krb5_context context,
+ krb5_keytab keytab,
+ krb5_kvno kvno,
+ const char *princ_s,
+ const char *salt_principal,
+ krb5_enctype enctype,
+ krb5_data *password);
krb5_error_code smb_krb5_get_credentials(krb5_context context,
krb5_ccache ccache,
for (i = 0; enctypes[i]; i++) {
/* add the fqdn principal to the keytab */
- ret = smb_krb5_kt_add_entry(context,
- keytab,
- kvno,
- princ_s,
- salt_princ_s,
- enctypes[i],
- password,
- false); /* needs string2key (hashing) */
+ ret = smb_krb5_kt_add_password(context,
+ keytab,
+ kvno,
+ princ_s,
+ salt_princ_s,
+ enctypes[i],
+ password);
if (ret) {
DBG_WARNING("Failed to add entry to keytab\n");
goto out;
/* add the short principal name if we have one */
if (short_princ_s) {
- ret = smb_krb5_kt_add_entry(context,
- keytab,
- kvno,
- short_princ_s,
- salt_princ_s,
- enctypes[i],
- password,
- false); /* needs string2key (hashing) */
+ ret = smb_krb5_kt_add_password(context,
+ keytab,
+ kvno,
+ short_princ_s,
+ salt_princ_s,
+ enctypes[i],
+ password);
if (ret) {
DBG_WARNING("Failed to add short entry to keytab\n");
goto out;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *entry_principal = NULL;
bool copy_one_principal = (principal != NULL);
- krb5_data password;
bool keys_exported = false;
krb5_context context = smb_krb5_context->krb5_context;
TALLOC_CTX *tmp_ctx = NULL;
goto done;
}
} else {
+ krb5_keytab_entry kt_entry;
+ ZERO_STRUCT(kt_entry);
+ kt_entry.principal = sentry.principal;
+ kt_entry.vno = sentry.kvno;
+
for (i = 0; i < sentry.keys.len; i++) {
struct sdb_key *s = &(sentry.keys.val[i]);
- krb5_enctype enctype;
-
- enctype = KRB5_KEY_TYPE(&(s->key));
- password.length = KRB5_KEY_LENGTH(&s->key);
- password.data = (char *)KRB5_KEY_DATA(&s->key);
-
- DBG_INFO("smb_krb5_kt_add_entry for enctype=0x%04x\n",
- (int)enctype);
- code = smb_krb5_kt_add_entry(context,
- keytab,
- sentry.kvno,
- entry_principal,
- NULL,
- enctype,
- &password,
- true); /* no_salt */
+ krb5_keyblock *keyp;
+
+ keyp = KRB5_KT_KEY(&kt_entry);
+
+ *keyp = s->key;
+
+ code = krb5_kt_add_entry(context, keytab, &kt_entry);
if (code != 0) {
status = NT_STATUS_UNSUCCESSFUL;
*error_string = smb_get_krb5_error_message(context,