search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: VFS: default: Remove recursion into the VFS inside the default pread call.
[Samba.git] / source4 / libnet / libnet_export_keytab.c
blob580281a2062405ce2047da1dd7ea6770e1d5b294
1 /*
2 Unix SMB/CIFS implementation.
3
4 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009
5 Copyright (C) Andreas Schneider <asn@samba.org> 2016
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "system/kerberos.h"
23 #include "auth/kerberos/kerberos.h"
24 #include "kdc/samba_kdc.h"
25 #include "libnet/libnet_export_keytab.h"
26
27 #include "kdc/db-glue.h"
28 #include "kdc/sdb.h"
29
30 static NTSTATUS sdb_kt_copy(TALLOC_CTX *mem_ctx,
31 krb5_context context,
32 struct samba_kdc_db_context *db_ctx,
33 const char *keytab_name,
34 const char *principal,
35 const char **error_string)
36 {
37 struct sdb_entry_ex sentry = {
38 .free_entry = NULL,
39 };
40 krb5_keytab keytab;
41 krb5_error_code code = 0;
42 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
43 char *entry_principal = NULL;
44 bool copy_one_principal = (principal != NULL);
45 krb5_data password;
46
47 code = smb_krb5_kt_open_relative(context,
48 keytab_name,
49 true, /* write_access */
50 &keytab);
51 if (code != 0) {
52 *error_string = talloc_asprintf(mem_ctx,
53 "Failed to open keytab: %s",
54 keytab_name);
55 status = NT_STATUS_NO_SUCH_FILE;
56 goto done;
57 }
58
59 if (copy_one_principal) {
60 krb5_principal k5_princ;
61
62 code = smb_krb5_parse_name(context, principal, &k5_princ);
63 if (code != 0) {
64 *error_string = smb_get_krb5_error_message(context,
65 code,
66 mem_ctx);
67 status = NT_STATUS_UNSUCCESSFUL;
68 goto done;
69 }
70
71 code = samba_kdc_fetch(context, db_ctx, k5_princ,
72 SDB_F_GET_ANY, 0, &sentry);
73
74 krb5_free_principal(context, k5_princ);
75 } else {
76 code = samba_kdc_firstkey(context, db_ctx, &sentry);
77 }
78
79 for (; code == 0; code = samba_kdc_nextkey(context, db_ctx, &sentry)) {
80 int i;
81
82 code = krb5_unparse_name(context,
83 sentry.entry.principal,
84 &entry_principal);
85 if (code != 0) {
86 *error_string = smb_get_krb5_error_message(context,
87 code,
88 mem_ctx);
89 status = NT_STATUS_UNSUCCESSFUL;
90 goto done;
91 }
92
93 if (sentry.entry.keys.len == 0) {
94 SAFE_FREE(entry_principal);
95 sdb_free_entry(&sentry);
96 sentry = (struct sdb_entry_ex) {
97 .free_entry = NULL,
98 };
99
100 continue;
101 }
102
103 for (i = 0; i < sentry.entry.keys.len; i++) {
104 struct sdb_key *s = &(sentry.entry.keys.val[i]);
105 krb5_enctype enctype;
106
107 enctype = KRB5_KEY_TYPE(&(s->key));
108 password.length = KRB5_KEY_LENGTH(&s->key);
109 password.data = (char *)KRB5_KEY_DATA(&s->key);
110
111 DBG_INFO("smb_krb5_kt_add_entry for enctype=0x%04x\n",
112 (int)enctype);
113 code = smb_krb5_kt_add_entry(context,
114 keytab,
115 sentry.entry.kvno,
116 entry_principal,
117 NULL,
118 enctype,
119 &password,
120 true, /* no_salt */
121 false); /* keeyp_old_entries */
122 if (code != 0) {
123 status = NT_STATUS_UNSUCCESSFUL;
124 *error_string = smb_get_krb5_error_message(context,
125 code,
126 mem_ctx);
127 DEBUG(0, ("smb_krb5_kt_add_entry failed code=%d, error = %s\n",
128 code, *error_string));
129 goto done;
130 }
131 }
132
133 if (copy_one_principal) {
134 break;
135 }
136
137 SAFE_FREE(entry_principal);
138 sdb_free_entry(&sentry);
139 sentry = (struct sdb_entry_ex) {
140 .free_entry = NULL,
141 };
142 }
143
144 if (code != 0 && code != SDB_ERR_NOENTRY) {
145 *error_string = smb_get_krb5_error_message(context,
146 code,
147 mem_ctx);
148 status = NT_STATUS_NO_SUCH_USER;
149 goto done;
150 }
151
152 status = NT_STATUS_OK;
153 done:
154 SAFE_FREE(entry_principal);
155 sdb_free_entry(&sentry);
156
157 return status;
158 }
159
160 NTSTATUS libnet_export_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_export_keytab *r)
161 {
162 krb5_error_code ret;
163 struct smb_krb5_context *smb_krb5_context;
164 struct samba_kdc_base_context *base_ctx;
165 struct samba_kdc_db_context *db_ctx = NULL;
166 const char *error_string = NULL;
167 NTSTATUS status;
168
169 ret = smb_krb5_init_context(ctx, ctx->lp_ctx, &smb_krb5_context);
170 if (ret) {
171 return NT_STATUS_NO_MEMORY;
172 }
173
174 base_ctx = talloc_zero(mem_ctx, struct samba_kdc_base_context);
175 if (base_ctx == NULL) {
176 return NT_STATUS_NO_MEMORY;
177 }
178
179 base_ctx->ev_ctx = ctx->event_ctx;
180 base_ctx->lp_ctx = ctx->lp_ctx;
181
182 status = samba_kdc_setup_db_ctx(mem_ctx, base_ctx, &db_ctx);
183 if (!NT_STATUS_IS_OK(status)) {
184 return status;
185 }
186
187 if (r->in.principal != NULL) {
188 DEBUG(0, ("Export one principal to %s\n", r->in.keytab_name));
189 status = sdb_kt_copy(mem_ctx,
190 smb_krb5_context->krb5_context,
191 db_ctx,
192 r->in.keytab_name,
193 r->in.principal,
194 &error_string);
195 } else {
196 unlink(r->in.keytab_name);
197 DEBUG(0, ("Export complete keytab to %s\n", r->in.keytab_name));
198 status = sdb_kt_copy(mem_ctx,
199 smb_krb5_context->krb5_context,
200 db_ctx,
201 r->in.keytab_name,
202 NULL,
203 &error_string);
204 }
205
206 talloc_free(db_ctx);
207 talloc_free(base_ctx);
208
209 if (!NT_STATUS_IS_OK(status)) {
210 r->out.error_string = error_string;
211 }
212
213 return status;
214 }
Samba GIT mirror