a0ab15ceb80290db80c2052520830a95390de385Sumit Bose Kerberos 5 Backend Module -- keytab related utilities
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose Sumit Bose <sbose@redhat.com>
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose Copyright (C) 2014 Red Hat
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose This program is free software; you can redistribute it and/or modify
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose it under the terms of the GNU General Public License as published by
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose the Free Software Foundation; either version 3 of the License, or
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose (at your option) any later version.
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose This program is distributed in the hope that it will be useful,
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose GNU General Public License for more details.
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose You should have received a copy of the GNU General Public License
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bosestatic krb5_error_code do_keytab_copy(krb5_context kctx, krb5_keytab s_keytab,
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose kerr = krb5_kt_start_seq_get(kctx, s_keytab, &cursor);
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "error reading keytab.\n");
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose while ((kt_err = krb5_kt_next_entry(kctx, s_keytab, &entry,
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose kerr = krb5_kt_add_entry(kctx, d_keytab, &entry);
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "krb5_kt_add_entry failed.\n");
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose kt_err = krb5_kt_end_seq_get(kctx, s_keytab, &cursor);
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose "krb5_kt_end_seq_get failed with [%d], ignored.\n",
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose kerr = sss_krb5_free_keytab_entry_contents(kctx, &entry);
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose DEBUG(SSSDBG_MINOR_FAILURE, "Failed to free keytab entry.\n");
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose kt_err = krb5_kt_end_seq_get(kctx, s_keytab, &cursor);
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose "krb5_kt_end_seq_get failed with [%d], ignored.\n",
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose kerr = krb5_kt_end_seq_get(kctx, s_keytab, &cursor);
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "krb5_kt_end_seq_get failed.\n");
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose /* check if we got any errors from krb5_kt_next_entry */
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "error reading keytab.\n");
a0ab15ceb80290db80c2052520830a95390de385Sumit Bosekrb5_error_code copy_keytab_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx,
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose kerr = krb5_kt_default_name(kctx, default_keytab_name,
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "krb5_kt_default_name failed.\n");
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose kerr = krb5_kt_resolve(kctx, keytab_file, &keytab);
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "error resolving keytab [%s].\n",
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "keytab [%s] has not entries.\n",
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose kerr = krb5_kt_get_name(kctx, keytab, keytab_name, sizeof(keytab_name));
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Failed to read name for keytab [%s].\n",
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose "Keytab name [%s] does not have delimiter[:] .\n", keytab_name);
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose if (strncmp(keytab_name, "MEMORY:", sizeof("MEMORY:") -1) == 0) {
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, "Keytab [%s] is already memory keytab.\n",
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose *_mem_name = talloc_strdup(mem_ctx, keytab_name);
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose mem_name = talloc_asprintf(mem_ctx, "MEMORY:%s", sep + 1);
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose tmp_mem_name = talloc_asprintf(mem_ctx, "MEMORY:%s.tmp", sep + 1);
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose kerr = krb5_kt_resolve(kctx, mem_name, &mem_keytab);
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "error resolving keytab [%s].\n",
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose kerr = krb5_kt_resolve(kctx, tmp_mem_name, &tmp_mem_keytab);
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "error resolving keytab [%s].\n",
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose kerr = do_keytab_copy(kctx, keytab, tmp_mem_keytab);
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Failed to copy keytab [%s] into [%s].\n",
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose /* krb5_kt_add_entry() adds new entries into MEMORY keytabs at the
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose * beginning and not at the end as for FILE keytabs. Since we want to keep
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose * the processing order we have to copy the MEMORY keytab again to retain
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose * the order from the FILE keytab. */
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose kerr = do_keytab_copy(kctx, tmp_mem_keytab, mem_keytab);
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Failed to copy keytab [%s] into [%s].\n",
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose if (tmp_mem_keytab != NULL && krb5_kt_close(kctx, tmp_mem_keytab) != 0) {
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose DEBUG(SSSDBG_MINOR_FAILURE, "krb5_kt_close failed.\n");
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose if (keytab != NULL && krb5_kt_close(kctx, keytab) != 0) {
576ad637181b80d39a4e136c9afbf34c57f76156Sumit Bose DEBUG(SSSDBG_MINOR_FAILURE, "krb5_kt_close failed.\n");