search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[GLUE] Rsync SAMBA_3_0 SVN r25598 in order to create the v3-0-test branch.
[Samba.git] / source / libads / kerberos.c
blobc74c98dd977bc60c5514b729ad4620978f1fef58
1 /*
2 Unix SMB/CIFS implementation.
3 kerberos utility library
4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Remus Koos 2001
6 Copyright (C) Nalin Dahyabhai <nalin@redhat.com> 2004.
7 Copyright (C) Jeremy Allison 2004.
8 Copyright (C) Gerald Carter 2006.
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26
27 #ifdef HAVE_KRB5
28
29 #define LIBADS_CCACHE_NAME "MEMORY:libads"
30
31 /*
32 we use a prompter to avoid a crash bug in the kerberos libs when
33 dealing with empty passwords
34 this prompter is just a string copy ...
35 */
36 static krb5_error_code
37 kerb_prompter(krb5_context ctx, void *data,
38 const char *name,
39 const char *banner,
40 int num_prompts,
41 krb5_prompt prompts[])
42 {
43 if (num_prompts == 0) return 0;
44
45 memset(prompts[0].reply->data, '\0', prompts[0].reply->length);
46 if (prompts[0].reply->length > 0) {
47 if (data) {
48 strncpy(prompts[0].reply->data, (const char *)data,
49 prompts[0].reply->length-1);
50 prompts[0].reply->length = strlen(prompts[0].reply->data);
51 } else {
52 prompts[0].reply->length = 0;
53 }
54 }
55 return 0;
56 }
57
58 /*
59 simulate a kinit, putting the tgt in the given cache location. If cache_name == NULL
60 place in default cache location.
61 remus@snapserver.com
62 */
63 int kerberos_kinit_password_ext(const char *principal,
64 const char *password,
65 int time_offset,
66 time_t *expire_time,
67 time_t *renew_till_time,
68 const char *cache_name,
69 BOOL request_pac,
70 BOOL add_netbios_addr,
71 time_t renewable_time)
72 {
73 krb5_context ctx = NULL;
74 krb5_error_code code = 0;
75 krb5_ccache cc = NULL;
76 krb5_principal me;
77 krb5_creds my_creds;
78 krb5_get_init_creds_opt *opt = NULL;
79 smb_krb5_addresses *addr = NULL;
80
81 initialize_krb5_error_table();
82 if ((code = krb5_init_context(&ctx)))
83 return code;
84
85 if (time_offset != 0) {
86 krb5_set_real_time(ctx, time(NULL) + time_offset, 0);
87 }
88
89 DEBUG(10,("kerberos_kinit_password: using [%s] as ccache and config [%s]\n",
90 cache_name ? cache_name: krb5_cc_default_name(ctx),
91 getenv("KRB5_CONFIG")));
92
93 if ((code = krb5_cc_resolve(ctx, cache_name ? cache_name : krb5_cc_default_name(ctx), &cc))) {
94 krb5_free_context(ctx);
95 return code;
96 }
97
98 if ((code = smb_krb5_parse_name(ctx, principal, &me))) {
99 krb5_cc_close(ctx, cc);
100 krb5_free_context(ctx);
101 return code;
102 }
103
104 code = smb_krb5_get_init_creds_opt_alloc(ctx, &opt);
105 if (code) {
106 krb5_cc_close(ctx, cc);
107 krb5_free_context(ctx);
108 return code;
109 }
110
111 krb5_get_init_creds_opt_set_renew_life(opt, renewable_time);
112 krb5_get_init_creds_opt_set_forwardable(opt, True);
113 #if 0
114 /* insane testing */
115 krb5_get_init_creds_opt_set_tkt_life(opt, 60);
116 #endif
117
118 #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST
119 if (request_pac) {
120 code = krb5_get_init_creds_opt_set_pac_request(ctx, opt, (krb5_boolean)request_pac);
121 if (code) {
122 krb5_cc_close(ctx, cc);
123 krb5_free_principal(ctx, me);
124 krb5_free_context(ctx);
125 return code;
126 }
127 }
128 #endif
129 if (add_netbios_addr) {
130 code = smb_krb5_gen_netbios_krb5_address(&addr);
131 if (code) {
132 krb5_cc_close(ctx, cc);
133 krb5_free_principal(ctx, me);
134 krb5_free_context(ctx);
135 return code;
136 }
137 krb5_get_init_creds_opt_set_address_list(opt, addr->addrs);
138 }
139
140 if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, CONST_DISCARD(char *,password),
141 kerb_prompter, CONST_DISCARD(char *,password),
142 0, NULL, opt)))
143 {
144 smb_krb5_get_init_creds_opt_free(ctx, opt);
145 smb_krb5_free_addresses(ctx, addr);
146 krb5_cc_close(ctx, cc);
147 krb5_free_principal(ctx, me);
148 krb5_free_context(ctx);
149 return code;
150 }
151
152 smb_krb5_get_init_creds_opt_free(ctx, opt);
153
154 if ((code = krb5_cc_initialize(ctx, cc, me))) {
155 smb_krb5_free_addresses(ctx, addr);
156 krb5_free_cred_contents(ctx, &my_creds);
157 krb5_cc_close(ctx, cc);
158 krb5_free_principal(ctx, me);
159 krb5_free_context(ctx);
160 return code;
161 }
162
163 if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
164 krb5_cc_close(ctx, cc);
165 smb_krb5_free_addresses(ctx, addr);
166 krb5_free_cred_contents(ctx, &my_creds);
167 krb5_free_principal(ctx, me);
168 krb5_free_context(ctx);
169 return code;
170 }
171
172 if (expire_time) {
173 *expire_time = (time_t) my_creds.times.endtime;
174 }
175
176 if (renew_till_time) {
177 *renew_till_time = (time_t) my_creds.times.renew_till;
178 }
179
180 krb5_cc_close(ctx, cc);
181 smb_krb5_free_addresses(ctx, addr);
182 krb5_free_cred_contents(ctx, &my_creds);
183 krb5_free_principal(ctx, me);
184 krb5_free_context(ctx);
185
186 return 0;
187 }
188
189
190
191 /* run kinit to setup our ccache */
192 int ads_kinit_password(ADS_STRUCT *ads)
193 {
194 char *s;
195 int ret;
196 const char *account_name;
197 fstring acct_name;
198
199 if ( IS_DC ) {
200 /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */
201 account_name = lp_workgroup();
202 } else {
203 /* always use the sAMAccountName for security = domain */
204 /* global_myname()$@REA.LM */
205 if ( lp_security() == SEC_DOMAIN ) {
206 fstr_sprintf( acct_name, "%s$", global_myname() );
207 account_name = acct_name;
208 }
209 else
210 /* This looks like host/global_myname()@REA.LM */
211 account_name = ads->auth.user_name;
212 }
213
214 if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
215 return KRB5_CC_NOMEM;
216 }
217
218 if (!ads->auth.password) {
219 SAFE_FREE(s);
220 return KRB5_LIBOS_CANTREADPWD;
221 }
222
223 ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset,
224 &ads->auth.tgt_expire, NULL, NULL, False, False, ads->auth.renewable);
225
226 if (ret) {
227 DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
228 s, error_message(ret)));
229 }
230 SAFE_FREE(s);
231 return ret;
232 }
233
234 int ads_kdestroy(const char *cc_name)
235 {
236 krb5_error_code code;
237 krb5_context ctx = NULL;
238 krb5_ccache cc = NULL;
239
240 initialize_krb5_error_table();
241 if ((code = krb5_init_context (&ctx))) {
242 DEBUG(3, ("ads_kdestroy: kdb5_init_context failed: %s\n",
243 error_message(code)));
244 return code;
245 }
246
247 if (!cc_name) {
248 if ((code = krb5_cc_default(ctx, &cc))) {
249 krb5_free_context(ctx);
250 return code;
251 }
252 } else {
253 if ((code = krb5_cc_resolve(ctx, cc_name, &cc))) {
254 DEBUG(3, ("ads_kdestroy: krb5_cc_resolve failed: %s\n",
255 error_message(code)));
256 krb5_free_context(ctx);
257 return code;
258 }
259 }
260
261 if ((code = krb5_cc_destroy (ctx, cc))) {
262 DEBUG(3, ("ads_kdestroy: krb5_cc_destroy failed: %s\n",
263 error_message(code)));
264 }
265
266 krb5_free_context (ctx);
267 return code;
268 }
269
270 /************************************************************************
271 Routine to fetch the salting principal for a service. Active
272 Directory may use a non-obvious principal name to generate the salt
273 when it determines the key to use for encrypting tickets for a service,
274 and hopefully we detected that when we joined the domain.
275 ************************************************************************/
276
277 static char *kerberos_secrets_fetch_salting_principal(const char *service, int enctype)
278 {
279 char *key = NULL;
280 char *ret = NULL;
281
282 asprintf(&key, "%s/%s/enctype=%d", SECRETS_SALTING_PRINCIPAL, service, enctype);
283 if (!key) {
284 return NULL;
285 }
286 ret = (char *)secrets_fetch(key, NULL);
287 SAFE_FREE(key);
288 return ret;
289 }
290
291 /************************************************************************
292 Return the standard DES salt key
293 ************************************************************************/
294
295 char* kerberos_standard_des_salt( void )
296 {
297 fstring salt;
298
299 fstr_sprintf( salt, "host/%s.%s@", global_myname(), lp_realm() );
300 strlower_m( salt );
301 fstrcat( salt, lp_realm() );
302
303 return SMB_STRDUP( salt );
304 }
305
306 /************************************************************************
307 ************************************************************************/
308
309 static char* des_salt_key( void )
310 {
311 char *key;
312
313 asprintf(&key, "%s/DES/%s", SECRETS_SALTING_PRINCIPAL, lp_realm());
314
315 return key;
316 }
317
318 /************************************************************************
319 ************************************************************************/
320
321 BOOL kerberos_secrets_store_des_salt( const char* salt )
322 {
323 char* key;
324 BOOL ret;
325
326 if ( (key = des_salt_key()) == NULL ) {
327 DEBUG(0,("kerberos_secrets_store_des_salt: failed to generate key!\n"));
328 return False;
329 }
330
331 if ( !salt ) {
332 DEBUG(8,("kerberos_secrets_store_des_salt: deleting salt\n"));
333 secrets_delete( key );
334 return True;
335 }
336
337 DEBUG(3,("kerberos_secrets_store_des_salt: Storing salt \"%s\"\n", salt));
338
339 ret = secrets_store( key, salt, strlen(salt)+1 );
340
341 SAFE_FREE( key );
342
343 return ret;
344 }
345
346 /************************************************************************
347 ************************************************************************/
348
349 char* kerberos_secrets_fetch_des_salt( void )
350 {
351 char *salt, *key;
352
353 if ( (key = des_salt_key()) == NULL ) {
354 DEBUG(0,("kerberos_secrets_fetch_des_salt: failed to generate key!\n"));
355 return False;
356 }
357
358 salt = (char*)secrets_fetch( key, NULL );
359
360 SAFE_FREE( key );
361
362 return salt;
363 }
364
365
366 /************************************************************************
367 Routine to get the salting principal for this service. This is
368 maintained for backwards compatibilty with releases prior to 3.0.24.
369 Since we store the salting principal string only at join, we may have
370 to look for the older tdb keys. Caller must free if return is not null.
371 ************************************************************************/
372
373 krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context,
374 krb5_principal host_princ,
375 int enctype)
376 {
377 char *unparsed_name = NULL, *salt_princ_s = NULL;
378 krb5_principal ret_princ = NULL;
379
380 /* lookup new key first */
381
382 if ( (salt_princ_s = kerberos_secrets_fetch_des_salt()) == NULL ) {
383
384 /* look under the old key. If this fails, just use the standard key */
385
386 if (smb_krb5_unparse_name(context, host_princ, &unparsed_name) != 0) {
387 return (krb5_principal)NULL;
388 }
389 if ((salt_princ_s = kerberos_secrets_fetch_salting_principal(unparsed_name, enctype)) == NULL) {
390 /* fall back to host/machine.realm@REALM */
391 salt_princ_s = kerberos_standard_des_salt();
392 }
393 }
394
395 if (smb_krb5_parse_name(context, salt_princ_s, &ret_princ) != 0) {
396 ret_princ = NULL;
397 }
398
399 SAFE_FREE(unparsed_name);
400 SAFE_FREE(salt_princ_s);
401
402 return ret_princ;
403 }
404
405 /************************************************************************
406 Routine to set the salting principal for this service. Active
407 Directory may use a non-obvious principal name to generate the salt
408 when it determines the key to use for encrypting tickets for a service,
409 and hopefully we detected that when we joined the domain.
410 Setting principal to NULL deletes this entry.
411 ************************************************************************/
412
413 BOOL kerberos_secrets_store_salting_principal(const char *service,
414 int enctype,
415 const char *principal)
416 {
417 char *key = NULL;
418 BOOL ret = False;
419 krb5_context context = NULL;
420 krb5_principal princ = NULL;
421 char *princ_s = NULL;
422 char *unparsed_name = NULL;
423
424 krb5_init_context(&context);
425 if (!context) {
426 return False;
427 }
428 if (strchr_m(service, '@')) {
429 asprintf(&princ_s, "%s", service);
430 } else {
431 asprintf(&princ_s, "%s@%s", service, lp_realm());
432 }
433
434 if (smb_krb5_parse_name(context, princ_s, &princ) != 0) {
435 goto out;
436
437 }
438 if (smb_krb5_unparse_name(context, princ, &unparsed_name) != 0) {
439 goto out;
440 }
441
442 asprintf(&key, "%s/%s/enctype=%d", SECRETS_SALTING_PRINCIPAL, unparsed_name, enctype);
443 if (!key) {
444 goto out;
445 }
446
447 if ((principal != NULL) && (strlen(principal) > 0)) {
448 ret = secrets_store(key, principal, strlen(principal) + 1);
449 } else {
450 ret = secrets_delete(key);
451 }
452
453 out:
454
455 SAFE_FREE(key);
456 SAFE_FREE(princ_s);
457 SAFE_FREE(unparsed_name);
458
459 if (context) {
460 krb5_free_context(context);
461 }
462
463 return ret;
464 }
465
466
467 /************************************************************************
468 ************************************************************************/
469
470 int kerberos_kinit_password(const char *principal,
471 const char *password,
472 int time_offset,
473 const char *cache_name)
474 {
475 return kerberos_kinit_password_ext(principal,
476 password,
477 time_offset,
478 0,
479 0,
480 cache_name,
481 False,
482 False,
483 0);
484 }
485
486 /************************************************************************
487 Create a string list of available kdc's, possibly searching by sitename.
488 Does DNS queries.
489 ************************************************************************/
490
491 static char *get_kdc_ip_string(char *mem_ctx, const char *realm, const char *sitename, struct in_addr primary_ip)
492 {
493 int i;
494 struct ip_service *ip_srv_site = NULL;
495 struct ip_service *ip_srv_nonsite;
496 int count_site = 0;
497 int count_nonsite;
498 char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n",
499 inet_ntoa(primary_ip));
500
501 if (kdc_str == NULL) {
502 return NULL;
503 }
504
505 /* Get the KDC's only in this site. */
506
507 if (sitename) {
508
509 get_kdc_list(realm, sitename, &ip_srv_site, &count_site);
510
511 for (i = 0; i < count_site; i++) {
512 if (ip_equal(ip_srv_site[i].ip, primary_ip)) {
513 continue;
514 }
515 /* Append to the string - inefficient but not done often. */
516 kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
517 kdc_str, inet_ntoa(ip_srv_site[i].ip));
518 if (!kdc_str) {
519 SAFE_FREE(ip_srv_site);
520 return NULL;
521 }
522 }
523 }
524
525 /* Get all KDC's. */
526
527 get_kdc_list(realm, NULL, &ip_srv_nonsite, &count_nonsite);
528
529 for (i = 0; i < count_nonsite; i++) {
530 int j;
531
532 if (ip_equal(ip_srv_nonsite[i].ip, primary_ip)) {
533 continue;
534 }
535
536 /* Ensure this isn't an IP already seen (YUK! this is n*n....) */
537 for (j = 0; j < count_site; j++) {
538 if (ip_equal(ip_srv_nonsite[i].ip, ip_srv_site[j].ip)) {
539 break;
540 }
541 /* As the lists are sorted we can break early if nonsite > site. */
542 if (ip_service_compare(&ip_srv_nonsite[i], &ip_srv_site[j]) > 0) {
543 break;
544 }
545 }
546 if (j != i) {
547 continue;
548 }
549
550 /* Append to the string - inefficient but not done often. */
551 kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
552 kdc_str, inet_ntoa(ip_srv_nonsite[i].ip));
553 if (!kdc_str) {
554 SAFE_FREE(ip_srv_site);
555 SAFE_FREE(ip_srv_nonsite);
556 return NULL;
557 }
558 }
559
560
561 SAFE_FREE(ip_srv_site);
562 SAFE_FREE(ip_srv_nonsite);
563
564 DEBUG(10,("get_kdc_ip_string: Returning %s\n",
565 kdc_str ));
566
567 return kdc_str;
568 }
569
570 /************************************************************************
571 Create a specific krb5.conf file in the private directory pointing
572 at a specific kdc for a realm. Keyed off domain name. Sets
573 KRB5_CONFIG environment variable to point to this file. Must be
574 run as root or will fail (which is a good thing :-).
575 ************************************************************************/
576
577 BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *domain,
578 const char *sitename, struct in_addr ip)
579 {
580 char *dname = talloc_asprintf(NULL, "%s/smb_krb5", lp_lockdir());
581 char *tmpname = NULL;
582 char *fname = NULL;
583 char *file_contents = NULL;
584 char *kdc_ip_string = NULL;
585 size_t flen = 0;
586 ssize_t ret;
587 int fd;
588 char *realm_upper = NULL;
589
590 if (!dname) {
591 return False;
592 }
593 if ((mkdir(dname, 0755)==-1) && (errno != EEXIST)) {
594 DEBUG(0,("create_local_private_krb5_conf_for_domain: "
595 "failed to create directory %s. Error was %s\n",
596 dname, strerror(errno) ));
597 TALLOC_FREE(dname);
598 return False;
599 }
600
601 tmpname = talloc_asprintf(dname, "%s/smb_tmp_krb5.XXXXXX", lp_lockdir());
602 if (!tmpname) {
603 TALLOC_FREE(dname);
604 return False;
605 }
606
607 fname = talloc_asprintf(dname, "%s/krb5.conf.%s", dname, domain);
608 if (!fname) {
609 TALLOC_FREE(dname);
610 return False;
611 }
612
613 DEBUG(10,("create_local_private_krb5_conf_for_domain: fname = %s, realm = %s, domain = %s\n",
614 fname, realm, domain ));
615
616 realm_upper = talloc_strdup(fname, realm);
617 strupper_m(realm_upper);
618
619 kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, ip);
620 if (!kdc_ip_string) {
621 TALLOC_FREE(dname);
622 return False;
623 }
624
625 file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n\n"
626 "[realms]\n\t%s = {\n"
627 "\t%s\t}\n",
628 realm_upper, realm_upper, kdc_ip_string);
629
630 if (!file_contents) {
631 TALLOC_FREE(dname);
632 return False;
633 }
634
635 flen = strlen(file_contents);
636
637 fd = smb_mkstemp(tmpname);
638 if (fd == -1) {
639 DEBUG(0,("create_local_private_krb5_conf_for_domain: smb_mkstemp failed,"
640 " for file %s. Errno %s\n",
641 tmpname, strerror(errno) ));
642 }
643
644 if (fchmod(fd, 0644)==-1) {
645 DEBUG(0,("create_local_private_krb5_conf_for_domain: fchmod failed for %s."
646 " Errno %s\n",
647 tmpname, strerror(errno) ));
648 unlink(tmpname);
649 close(fd);
650 TALLOC_FREE(dname);
651 return False;
652 }
653
654 ret = write(fd, file_contents, flen);
655 if (flen != ret) {
656 DEBUG(0,("create_local_private_krb5_conf_for_domain: write failed,"
657 " returned %d (should be %u). Errno %s\n",
658 (int)ret, (unsigned int)flen, strerror(errno) ));
659 unlink(tmpname);
660 close(fd);
661 TALLOC_FREE(dname);
662 return False;
663 }
664 if (close(fd)==-1) {
665 DEBUG(0,("create_local_private_krb5_conf_for_domain: close failed."
666 " Errno %s\n", strerror(errno) ));
667 unlink(tmpname);
668 TALLOC_FREE(dname);
669 return False;
670 }
671
672 if (rename(tmpname, fname) == -1) {
673 DEBUG(0,("create_local_private_krb5_conf_for_domain: rename "
674 "of %s to %s failed. Errno %s\n",
675 tmpname, fname, strerror(errno) ));
676 unlink(tmpname);
677 TALLOC_FREE(dname);
678 return False;
679 }
680
681 DEBUG(5,("create_local_private_krb5_conf_for_domain: wrote "
682 "file %s with realm %s KDC = %s\n",
683 fname, realm_upper, inet_ntoa(ip) ));
684
685 /* Set the environment variable to this file. */
686 setenv("KRB5_CONFIG", fname, 1);
687
688 #if defined(OVERWRITE_SYSTEM_KRB5_CONF)
689
690 #define SYSTEM_KRB5_CONF_PATH "/etc/krb5.conf"
691 /* Insanity, sheer insanity..... */
692
693 if (strequal(realm, lp_realm())) {
694 pstring linkpath;
695 int lret;
696
697 lret = readlink(SYSTEM_KRB5_CONF_PATH, linkpath, sizeof(linkpath)-1);
698 linkpath[sizeof(pstring)-1] = '\0';
699
700 if (lret == 0 || strcmp(linkpath, fname) == 0) {
701 /* Symlink already exists. */
702 TALLOC_FREE(dname);
703 return True;
704 }
705
706 /* Try and replace with a symlink. */
707 if (symlink(fname, SYSTEM_KRB5_CONF_PATH) == -1) {
708 if (errno != EEXIST) {
709 DEBUG(0,("create_local_private_krb5_conf_for_domain: symlink "
710 "of %s to %s failed. Errno %s\n",
711 fname, SYSTEM_KRB5_CONF_PATH, strerror(errno) ));
712 TALLOC_FREE(dname);
713 return True; /* Not a fatal error. */
714 }
715
716 pstrcpy(linkpath, SYSTEM_KRB5_CONF_PATH);
717 pstrcat(linkpath, ".saved");
718
719 /* Yes, this is a race conditon... too bad. */
720 if (rename(SYSTEM_KRB5_CONF_PATH, linkpath) == -1) {
721 DEBUG(0,("create_local_private_krb5_conf_for_domain: rename "
722 "of %s to %s failed. Errno %s\n",
723 SYSTEM_KRB5_CONF_PATH, linkpath,
724 strerror(errno) ));
725 TALLOC_FREE(dname);
726 return True; /* Not a fatal error. */
727 }
728
729 if (symlink(fname, "/etc/krb5.conf") == -1) {
730 DEBUG(0,("create_local_private_krb5_conf_for_domain: "
731 "forced symlink of %s to /etc/krb5.conf failed. Errno %s\n",
732 fname, strerror(errno) ));
733 TALLOC_FREE(dname);
734 return True; /* Not a fatal error. */
735 }
736 }
737 }
738 #endif
739
740 TALLOC_FREE(dname);
741
742 return True;
743 }
744 #endif
Samba GIT mirror