2 #include "system/kerberos.h"
3 #include "auth/kerberos/kerberos.h"
5 #include "kdc/samba_kdc.h"
6 #include "libnet/libnet.h"
8 NTSTATUS
libnet_export_keytab(struct libnet_context
*ctx
, TALLOC_CTX
*mem_ctx
, struct libnet_export_keytab
*r
)
11 struct smb_krb5_context
*smb_krb5_context
;
12 const char *from_keytab
;
14 /* Register hdb-samba4 hooks for use as a keytab */
16 struct samba_kdc_base_context
*base_ctx
= talloc_zero(mem_ctx
, struct samba_kdc_base_context
);
18 return NT_STATUS_NO_MEMORY
;
21 base_ctx
->ev_ctx
= ctx
->event_ctx
;
22 base_ctx
->lp_ctx
= ctx
->lp_ctx
;
24 from_keytab
= talloc_asprintf(base_ctx
, "HDB:samba4&%p", base_ctx
);
26 return NT_STATUS_NO_MEMORY
;
29 ret
= smb_krb5_init_context(ctx
, ctx
->event_ctx
, ctx
->lp_ctx
, &smb_krb5_context
);
31 return NT_STATUS_NO_MEMORY
;
34 ret
= krb5_plugin_register(smb_krb5_context
->krb5_context
,
35 PLUGIN_TYPE_DATA
, "hdb",
36 &hdb_samba4_interface
);
38 return NT_STATUS_NO_MEMORY
;
41 ret
= krb5_kt_register(smb_krb5_context
->krb5_context
, &hdb_kt_ops
);
43 return NT_STATUS_NO_MEMORY
;
46 if (r
->in
.principal
) {
47 /* TODO: Find a way not to have to use a fixed list */
48 krb5_enctype enctypes
[] = {
49 KRB5_ENCTYPE_DES_CBC_CRC
,
50 KRB5_ENCTYPE_DES_CBC_MD5
,
51 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96
,
52 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96
,
53 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5
55 ret
= kt_copy_one_principal(smb_krb5_context
->krb5_context
, from_keytab
, r
->in
.keytab_name
, r
->in
.principal
, 0, enctypes
);
57 unlink(r
->in
.keytab_name
);
58 ret
= kt_copy(smb_krb5_context
->krb5_context
, from_keytab
, r
->in
.keytab_name
);
62 r
->out
.error_string
= smb_get_krb5_error_message(smb_krb5_context
->krb5_context
,
64 if (ret
== KRB5_KT_NOTFOUND
) {
65 return NT_STATUS_NO_SUCH_USER
;
67 return NT_STATUS_UNSUCCESSFUL
;