1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-24 02:04:21 +03:00

lib/krb5_wrap: add explicit keep_old_kvno/enctype_only args to smb_krb5_kt_seek_and_delete_old_entries()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Stefan Metzmacher 2022-10-26 11:03:34 +02:00 committed by Jeremy Allison
parent 3881a440ee
commit 956c6562eb
3 changed files with 25 additions and 3 deletions

View File

@ -1630,8 +1630,12 @@ krb5_error_code smb_krb5_kt_get_name(TALLOC_CTX *mem_ctx,
* *
* @param[in] keytab The keytab to operate on. * @param[in] keytab The keytab to operate on.
* *
* @param[in] keep_old_kvno Keep the entries with the previous kvno.
*
* @param[in] kvno The kvnco to use. * @param[in] kvno The kvnco to use.
* *
* @param[in] enctype_only Only evaluate the enctype argument if true
*
* @param[in] enctype Only search for entries with the specified enctype * @param[in] enctype Only search for entries with the specified enctype
* *
* @param[in] princ_s The principal as a string to search for. * @param[in] princ_s The principal as a string to search for.
@ -1646,7 +1650,9 @@ krb5_error_code smb_krb5_kt_get_name(TALLOC_CTX *mem_ctx,
*/ */
krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context, krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
krb5_keytab keytab, krb5_keytab keytab,
bool keep_old_kvno,
krb5_kvno kvno, krb5_kvno kvno,
bool enctype_only,
krb5_enctype enctype, krb5_enctype enctype,
const char *princ_s, const char *princ_s,
krb5_principal princ, krb5_principal princ,
@ -1659,6 +1665,16 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
krb5_kvno old_kvno = kvno - 1; krb5_kvno old_kvno = kvno - 1;
TALLOC_CTX *tmp_ctx; TALLOC_CTX *tmp_ctx;
if (flush) {
SMB_ASSERT(!keep_old_kvno);
SMB_ASSERT(!enctype_only);
SMB_ASSERT(princ_s == NULL);
SMB_ASSERT(princ == NULL);
} else {
SMB_ASSERT(princ_s != NULL);
SMB_ASSERT(princ != NULL);
}
ZERO_STRUCT(cursor); ZERO_STRUCT(cursor);
ZERO_STRUCT(kt_entry); ZERO_STRUCT(kt_entry);
@ -1679,7 +1695,7 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
krb5_enctype kt_entry_enctype = krb5_enctype kt_entry_enctype =
smb_krb5_kt_get_enctype_from_entry(&kt_entry); smb_krb5_kt_get_enctype_from_entry(&kt_entry);
if (!flush && (princ_s != NULL)) { if (princ_s != NULL) {
ret = smb_krb5_unparse_name(tmp_ctx, context, ret = smb_krb5_unparse_name(tmp_ctx, context,
kt_entry.principal, kt_entry.principal,
&ktprinc); &ktprinc);
@ -1733,14 +1749,14 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
* the compare accordingly. * the compare accordingly.
*/ */
if (!flush && ((kt_entry.vno & 0xff) == (old_kvno & 0xff))) { if (keep_old_kvno && ((kt_entry.vno & 0xff) == (old_kvno & 0xff))) {
DEBUG(5, (__location__ ": Saving previous (kvno %d) " DEBUG(5, (__location__ ": Saving previous (kvno %d) "
"entry for principal: %s.\n", "entry for principal: %s.\n",
old_kvno, princ_s)); old_kvno, princ_s));
continue; continue;
} }
if (!flush && if (enctype_only &&
((kt_entry.vno & 0xff) == (kvno & 0xff)) && ((kt_entry.vno & 0xff) == (kvno & 0xff)) &&
(kt_entry_enctype != enctype)) (kt_entry_enctype != enctype))
{ {
@ -1853,7 +1869,9 @@ krb5_error_code smb_krb5_kt_add_entry(krb5_context context,
/* Seek and delete old keytab entries */ /* Seek and delete old keytab entries */
ret = smb_krb5_kt_seek_and_delete_old_entries(context, ret = smb_krb5_kt_seek_and_delete_old_entries(context,
keytab, keytab,
true, /* keep_old_kvno */
kvno, kvno,
true, /* enctype_only */
enctype, enctype,
princ_s, princ_s,
princ, princ,

View File

@ -213,7 +213,9 @@ krb5_error_code smb_krb5_kt_get_name(TALLOC_CTX *mem_ctx,
const char **keytab_name); const char **keytab_name);
krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context, krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
krb5_keytab keytab, krb5_keytab keytab,
bool keep_old_kvno,
krb5_kvno kvno, krb5_kvno kvno,
bool enctype_only,
krb5_enctype enctype, krb5_enctype enctype,
const char *princ_s, const char *princ_s,
krb5_principal princ, krb5_principal princ,

View File

@ -483,7 +483,9 @@ int ads_keytab_flush(ADS_STRUCT *ads)
/* Seek and delete all old keytab entries */ /* Seek and delete all old keytab entries */
ret = smb_krb5_kt_seek_and_delete_old_entries(context, ret = smb_krb5_kt_seek_and_delete_old_entries(context,
keytab, keytab,
false, /* keep_old_kvno */
-1, -1,
false, /* enctype_only */
ENCTYPE_NULL, ENCTYPE_NULL,
NULL, NULL,
NULL, NULL,