krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx, struct cli_credentials *credentials, struct smb_krb5_context *smb_krb5_context, krb5_principal *princ, enum credentials_obtained *obtained, const char **error_string) { krb5_error_code ret; const char *princ_string; TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); *obtained = CRED_UNINITIALISED; if (!mem_ctx) { (*error_string) = error_message(ENOMEM); return ENOMEM; } princ_string = cli_credentials_get_principal_and_obtained(credentials, mem_ctx, obtained); if (!princ_string) { *princ = NULL; return 0; } ret = parse_principal(parent_ctx, princ_string, smb_krb5_context, princ, error_string); talloc_free(mem_ctx); return ret; }
static krb5_error_code impersonate_principal_from_credentials( TALLOC_CTX *parent_ctx, struct cli_credentials *credentials, struct smb_krb5_context *smb_krb5_context, krb5_principal *princ, const char **error_string) { return parse_principal(parent_ctx, cli_credentials_get_impersonate_principal(credentials), smb_krb5_context, princ, error_string); }
static krb5_error_code salt_principal_from_msg(TALLOC_CTX *parent_ctx, struct ldb_message *msg, struct smb_krb5_context *smb_krb5_context, krb5_principal *salt_princ, const char **error_string) { const char *salt_principal = ldb_msg_find_attr_as_string(msg, "saltPrincipal", NULL); const char *samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL); const char *realm = ldb_msg_find_attr_as_string(msg, "realm", NULL); if (salt_principal) { return parse_principal(parent_ctx, salt_principal, smb_krb5_context, salt_princ, error_string); } else if (samAccountName) { krb5_error_code ret; char *machine_username; char *salt_body; char *lower_realm; char *upper_realm; TALLOC_CTX *tmp_ctx; struct principal_container *mem_ctx = talloc(parent_ctx, struct principal_container); if (!mem_ctx) { *error_string = "Cannot allocate mem_ctx"; return ENOMEM; } tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { talloc_free(mem_ctx); *error_string = "Cannot allocate tmp_ctx"; return ENOMEM; } if (!realm) { *error_string = "Cannot have a kerberos secret in secrets.ldb without a realm"; return EINVAL; } machine_username = talloc_strdup(tmp_ctx, samAccountName); if (!machine_username) { talloc_free(mem_ctx); *error_string = "Cannot duplicate samAccountName"; return ENOMEM; } if (machine_username[strlen(machine_username)-1] == '$') { machine_username[strlen(machine_username)-1] = '\0'; } lower_realm = strlower_talloc(tmp_ctx, realm); if (!lower_realm) { talloc_free(mem_ctx); *error_string = "Cannot allocate to lower case realm"; return ENOMEM; } upper_realm = strupper_talloc(tmp_ctx, realm); if (!upper_realm) { talloc_free(mem_ctx); *error_string = "Cannot allocate to upper case realm"; return ENOMEM; } salt_body = talloc_asprintf(tmp_ctx, "%s.%s", machine_username, lower_realm); talloc_free(lower_realm); talloc_free(machine_username); if (!salt_body) { talloc_free(mem_ctx); *error_string = "Cannot form salt principal body"; return ENOMEM; } ret = krb5_make_principal(smb_krb5_context->krb5_context, salt_princ, upper_realm, "host", salt_body, NULL); if (ret == 0) { /* This song-and-dance effectivly puts the principal * into talloc, so we can't loose it. */ mem_ctx->smb_krb5_context = talloc_reference(mem_ctx, smb_krb5_context); mem_ctx->principal = *salt_princ; talloc_set_destructor(mem_ctx, free_principal); } else { (*error_string) = smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, parent_ctx); } talloc_free(tmp_ctx); return ret; } else {