int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype) { krb5_principal salt_princ = NULL; int ret; /* * Check if we've determined that the KDC is salting keys for this * principal/enctype in a non-obvious way. If it is, try to match * its behavior. */ salt_princ = kerberos_fetch_salt_princ_for_host_princ(context, host_princ, enctype); ret = create_kerberos_key_from_string_direct(context, salt_princ ? salt_princ : host_princ, password, key, enctype); if (salt_princ) { krb5_free_principal(context, salt_princ); } return ret; }
static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx, krb5_principal *principals, krb5_principal salt_princ, int kvno, const char *password_s, krb5_context context, krb5_enctype *enctypes, krb5_keytab keytab, const char **error_string) { unsigned int i, p; krb5_error_code ret; krb5_data password; char *unparsed; password.data = discard_const_p(char *, password_s); password.length = strlen(password_s); for (i = 0; enctypes[i]; i++) { krb5_keytab_entry entry; ZERO_STRUCT(entry); ret = create_kerberos_key_from_string_direct(context, salt_princ, &password, &entry.keyblock, enctypes[i]); if (ret != 0) { return ret; } entry.vno = kvno; for (p = 0; principals[p]; p++) { unparsed = NULL; entry.principal = principals[p]; ret = krb5_kt_add_entry(context, keytab, &entry); if (ret != 0) { char *k5_error_string = smb_get_krb5_error_message(context, ret, NULL); krb5_unparse_name(context, principals[p], &unparsed); *error_string = talloc_asprintf(parent_ctx, "Failed to add enctype %d entry for " "%s(kvno %d) to keytab: %s\n", (int)enctypes[i], unparsed, kvno, k5_error_string); free(unparsed); talloc_free(k5_error_string); krb5_free_keyblock_contents(context, &entry.keyblock); return ret; } DEBUG(5, ("Added key (kvno %d) to keytab (enctype %d)\n", kvno, (int)enctypes[i])); } krb5_free_keyblock_contents(context, &entry.keyblock); } return 0; }