int create_kerberos_key_from_string(krb5_context context,
krb5_principal host_princ,
krb5_data *password,
krb5_keyblock *key,
krb5_enctype enctype)
{
krb5_principal salt_princ = NULL;
int ret;
/*
* Check if we've determined that the KDC is salting keys for this
* principal/enctype in a non-obvious way. If it is, try to match
* its behavior.
*/
salt_princ = kerberos_fetch_salt_princ_for_host_princ(context, host_princ, enctype);
ret = create_kerberos_key_from_string_direct(context, salt_princ ? salt_princ : host_princ, password, key, enctype);
if (salt_princ) {
krb5_free_principal(context, salt_princ);
}
return ret;
}
static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx,
krb5_principal *principals,
krb5_principal salt_princ,
int kvno,
const char *password_s,
krb5_context context,
krb5_enctype *enctypes,
krb5_keytab keytab,
const char **error_string)
{
unsigned int i, p;
krb5_error_code ret;
krb5_data password;
char *unparsed;
password.data = discard_const_p(char *, password_s);
password.length = strlen(password_s);
for (i = 0; enctypes[i]; i++) {
krb5_keytab_entry entry;
ZERO_STRUCT(entry);
ret = create_kerberos_key_from_string_direct(context,
salt_princ, &password,
&entry.keyblock, enctypes[i]);
if (ret != 0) {
return ret;
}
entry.vno = kvno;
for (p = 0; principals[p]; p++) {
unparsed = NULL;
entry.principal = principals[p];
ret = krb5_kt_add_entry(context, keytab, &entry);
if (ret != 0) {
char *k5_error_string =
smb_get_krb5_error_message(context,
ret, NULL);
krb5_unparse_name(context,
principals[p], &unparsed);
*error_string = talloc_asprintf(parent_ctx,
"Failed to add enctype %d entry for "
"%s(kvno %d) to keytab: %s\n",
(int)enctypes[i], unparsed,
kvno, k5_error_string);
free(unparsed);
talloc_free(k5_error_string);
krb5_free_keyblock_contents(context,
&entry.keyblock);
return ret;
}
DEBUG(5, ("Added key (kvno %d) to keytab (enctype %d)\n",
kvno, (int)enctypes[i]));
}
krb5_free_keyblock_contents(context, &entry.keyblock);
}
return 0;
}
