krb5_keytab.c revision 41f13bb048dbc4241dcfc024cdc3ec535510ba6b
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering Kerberos 5 Backend Module -- keytab related utilities
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering Sumit Bose <sbose@redhat.com>
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering Copyright (C) 2014 Red Hat
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering This program is free software; you can redistribute it and/or modify
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering it under the terms of the GNU General Public License as published by
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering the Free Software Foundation; either version 3 of the License, or
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering (at your option) any later version.
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering This program is distributed in the hope that it will be useful,
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering but WITHOUT ANY WARRANTY; without even the implied warranty of
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering GNU General Public License for more details.
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering You should have received a copy of the GNU General Public License
91a031725396faebf51ea7b5475532453b8d6df3Lennart Poettering along with this program. If not, see <http://www.gnu.org/licenses/>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek#include "providers/krb5/krb5_common.h"
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekstatic krb5_error_code do_keytab_copy(krb5_context kctx, krb5_keytab s_keytab,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek memset(&cursor, 0, sizeof(cursor));
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kerr = krb5_kt_start_seq_get(kctx, s_keytab, &cursor);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_CRIT_FAILURE, "error reading keytab.\n");
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek memset(&entry, 0, sizeof(entry));
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek while ((kt_err = krb5_kt_next_entry(kctx, s_keytab, &entry,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kerr = krb5_kt_add_entry(kctx, d_keytab, &entry);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_OP_FAILURE, "krb5_kt_add_entry failed.\n");
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kt_err = krb5_kt_end_seq_get(kctx, s_keytab, &cursor);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek "krb5_kt_end_seq_get failed with [%d], ignored.\n",
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kerr = sss_krb5_free_keytab_entry_contents(kctx, &entry);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_MINOR_FAILURE, "Failed to free keytab entry.\n");
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kt_err = krb5_kt_end_seq_get(kctx, s_keytab, &cursor);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek "krb5_kt_end_seq_get failed with [%d], ignored.\n",
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek memset(&entry, 0, sizeof(entry));
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kerr = krb5_kt_end_seq_get(kctx, s_keytab, &cursor);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_CRIT_FAILURE, "krb5_kt_end_seq_get failed.\n");
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek /* check if we got any errors from krb5_kt_next_entry */
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (kt_err != 0 && kt_err != KRB5_KT_END) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_CRIT_FAILURE, "error reading keytab.\n");
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmekkrb5_error_code copy_keytab_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek krb5_keytab tmp_mem_keytab = NULL;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek char keytab_name[MAX_KEYTAB_NAME_LEN];
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek char default_keytab_name[MAX_KEYTAB_NAME_LEN];
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kerr = krb5_kt_default_name(kctx, default_keytab_name,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_CRIT_FAILURE, "krb5_kt_default_name failed.\n");
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek keytab_file = default_keytab_name;
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kerr = krb5_kt_resolve(kctx, keytab_file, &keytab);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_CRIT_FAILURE, "error resolving keytab [%s].\n",
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kerr = sss_krb5_kt_have_content(kctx, keytab);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_CRIT_FAILURE, "keytab [%s] has not entries.\n",
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kerr = krb5_kt_get_name(kctx, keytab, keytab_name, sizeof(keytab_name));
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_CRIT_FAILURE, "Failed to read name for keytab [%s].\n",
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (sep == NULL || sep[1] == '\0') {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek "Keytab name [%s] does not have delimiter[:] .\n", keytab_name);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (strncmp(keytab_name, "MEMORY:", sizeof("MEMORY:") -1) == 0) {
39c155ea0d8b24895017fd5cf48508924ce2016dLennart Poettering DEBUG(SSSDBG_TRACE_FUNC, "Keytab [%s] is already memory keytab.\n",
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek *_mem_name = talloc_strdup(mem_ctx, keytab_name);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek mem_name = talloc_asprintf(mem_ctx, "MEMORY:%s", sep + 1);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek tmp_mem_name = talloc_asprintf(mem_ctx, "MEMORY:%s.tmp", sep + 1);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kerr = krb5_kt_resolve(kctx, mem_name, &mem_keytab);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_CRIT_FAILURE, "error resolving keytab [%s].\n",
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kerr = krb5_kt_resolve(kctx, tmp_mem_name, &tmp_mem_keytab);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_CRIT_FAILURE, "error resolving keytab [%s].\n",
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kerr = do_keytab_copy(kctx, keytab, tmp_mem_keytab);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_CRIT_FAILURE, "Failed to copy keytab [%s] into [%s].\n",
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek /* krb5_kt_add_entry() adds new entries into MEMORY keytabs at the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek * beginning and not at the end as for FILE keytabs. Since we want to keep
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek * the processing order we have to copy the MEMORY keytab again to retain
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek * the order from the FILE keytab. */
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek kerr = do_keytab_copy(kctx, tmp_mem_keytab, mem_keytab);
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_CRIT_FAILURE, "Failed to copy keytab [%s] into [%s].\n",
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (tmp_mem_keytab != NULL && krb5_kt_close(kctx, tmp_mem_keytab) != 0) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_MINOR_FAILURE, "krb5_kt_close failed.\n");
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek if (keytab != NULL && krb5_kt_close(kctx, keytab) != 0) {
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DEBUG(SSSDBG_MINOR_FAILURE, "krb5_kt_close failed.\n");