2025-01-08 21:18:16 +03:00 · 2022-10-26 11:03:34 +02:00 · 2022-10-26 11:03:34 +02:00 · 956c6562eb
commit 956c6562eb
parent 3881a440ee
3 changed files with 25 additions and 3 deletions
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@ -1630,8 +1630,12 @@ krb5_error_code smb_krb5_kt_get_name(TALLOC_CTX *mem_ctx,
 *
 * @param[in]  keytab        The keytab to operate on.
 *
 * @param[in]  keep_old_kvno Keep the entries with the previous kvno.
 *
 * @param[in]  kvno          The kvnco to use.
 *
 * @param[in]  enctype_only  Only evaluate the enctype argument if true
 *
 * @param[in]  enctype       Only search for entries with the specified enctype
 *
 * @param[in]  princ_s       The principal as a string to search for.
@ -1646,7 +1650,9 @@ krb5_error_code smb_krb5_kt_get_name(TALLOC_CTX *mem_ctx,
 */
 krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
 							krb5_keytab keytab,
 							bool keep_old_kvno,
 							krb5_kvno kvno,
 							bool enctype_only,
 							krb5_enctype enctype,
 							const char *princ_s,
 							krb5_principal princ,
@ -1659,6 +1665,16 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
 	krb5_kvno old_kvno = kvno - 1;
 	TALLOC_CTX *tmp_ctx;
 	if (flush) {
 		SMB_ASSERT(!keep_old_kvno);
 		SMB_ASSERT(!enctype_only);
 		SMB_ASSERT(princ_s == NULL);
 		SMB_ASSERT(princ == NULL);
 	} else {
 		SMB_ASSERT(princ_s != NULL);
 		SMB_ASSERT(princ != NULL);
 	}
 	ZERO_STRUCT(cursor);
 	ZERO_STRUCT(kt_entry);
@ -1679,7 +1695,7 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
 		krb5_enctype kt_entry_enctype =
 			smb_krb5_kt_get_enctype_from_entry(&kt_entry);
-		if (!flush && (princ_s != NULL)) {
+		if (princ_s != NULL) {
 			ret = smb_krb5_unparse_name(tmp_ctx, context,
 						    kt_entry.principal,
 						    &ktprinc);
@ -1733,14 +1749,14 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
 		 * the compare accordingly.
 		 */
-		if (!flush && ((kt_entry.vno & 0xff) == (old_kvno & 0xff))) {
+		if (keep_old_kvno && ((kt_entry.vno & 0xff) == (old_kvno & 0xff))) {
 			DEBUG(5, (__location__ ": Saving previous (kvno %d) "
 				  "entry for principal: %s.\n",
 				  old_kvno, princ_s));
 			continue;
 		}
-		if (!flush &&
+		if (enctype_only &&
 		    ((kt_entry.vno & 0xff) == (kvno & 0xff)) &&
 		    (kt_entry_enctype != enctype))
 		{
@ -1853,7 +1869,9 @@ krb5_error_code smb_krb5_kt_add_entry(krb5_context context,
 	/* Seek and delete old keytab entries */
 	ret = smb_krb5_kt_seek_and_delete_old_entries(context,
 						      keytab,
 						      true, /* keep_old_kvno */
 						      kvno,
 						      true, /* enctype_only */
 						      enctype,
 						      princ_s,
 						      princ,
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@ -213,7 +213,9 @@ krb5_error_code smb_krb5_kt_get_name(TALLOC_CTX *mem_ctx,
 				     const char **keytab_name);
 krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
 							krb5_keytab keytab,
 							bool keep_old_kvno,
 							krb5_kvno kvno,
 							bool enctype_only,
 							krb5_enctype enctype,
 							const char *princ_s,
 							krb5_principal princ,
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@ -483,7 +483,9 @@ int ads_keytab_flush(ADS_STRUCT *ads)
 	/* Seek and delete all old keytab entries */
 	ret = smb_krb5_kt_seek_and_delete_old_entries(context,
 						      keytab,
 						      false, /* keep_old_kvno */
 						      -1,
 						      false, /* enctype_only */
 						      ENCTYPE_NULL,
 						      NULL,
 						      NULL,