mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s3:librpc: Improve calling of krb5_kt_end_seq_get()
Remove indentation with early return, best reviewed with git show -b Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Nov 3 08:36:00 UTC 2021 on sn-devel-184
This commit is contained in:
parent
5199eb1412
commit
a8a0667263
@ -37,9 +37,8 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
|
||||
ZERO_STRUCT(kt_entry);
|
||||
|
||||
ret = krb5_kt_start_seq_get(krbctx, keytab, &kt_cursor);
|
||||
if (ret == KRB5_KT_END || ret == ENOENT ) {
|
||||
/* no entries */
|
||||
return 0;
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = krb5_kt_next_entry(krbctx, keytab, &kt_entry, &kt_cursor);
|
||||
@ -48,7 +47,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
|
||||
/* we need to close and reopen enumeration because we modify
|
||||
* the keytab */
|
||||
ret = krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
|
||||
if (ret) {
|
||||
if (ret != 0) {
|
||||
DEBUG(1, (__location__ ": krb5_kt_end_seq_get() "
|
||||
"failed (%s)\n", error_message(ret)));
|
||||
goto out;
|
||||
@ -56,7 +55,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
|
||||
|
||||
/* remove the entry */
|
||||
ret = krb5_kt_remove_entry(krbctx, keytab, &kt_entry);
|
||||
if (ret) {
|
||||
if (ret != 0) {
|
||||
DEBUG(1, (__location__ ": krb5_kt_remove_entry() "
|
||||
"failed (%s)\n", error_message(ret)));
|
||||
goto out;
|
||||
@ -66,7 +65,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
|
||||
|
||||
/* now reopen */
|
||||
ret = krb5_kt_start_seq_get(krbctx, keytab, &kt_cursor);
|
||||
if (ret) {
|
||||
if (ret != 0) {
|
||||
DEBUG(1, (__location__ ": krb5_kt_start_seq() failed "
|
||||
"(%s)\n", error_message(ret)));
|
||||
goto out;
|
||||
@ -81,6 +80,12 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
|
||||
error_message(ret)));
|
||||
}
|
||||
|
||||
ret = krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
|
||||
if (ret != 0) {
|
||||
DEBUG(1, (__location__ ": krb5_kt_end_seq_get() "
|
||||
"failed (%s)\n", error_message(ret)));
|
||||
goto out;
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
out:
|
||||
@ -156,7 +161,7 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx,
|
||||
krb5_keytab *keytab)
|
||||
{
|
||||
TALLOC_CTX *frame = talloc_stackframe();
|
||||
krb5_error_code ret;
|
||||
krb5_error_code ret, ret2;
|
||||
const char *domain = lp_workgroup();
|
||||
struct secrets_domain_info1 *info = NULL;
|
||||
const char *realm = NULL;
|
||||
@ -198,57 +203,63 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx,
|
||||
|
||||
/* check if the keytab already has any entry */
|
||||
ret = krb5_kt_start_seq_get(krbctx, *keytab, &kt_cursor);
|
||||
if (ret != KRB5_KT_END && ret != ENOENT ) {
|
||||
/* check if we have our special enctype used to hold
|
||||
* the clear text password. If so, check it out so that
|
||||
* we can verify if the keytab needs to be upgraded */
|
||||
while ((ret = krb5_kt_next_entry(krbctx, *keytab,
|
||||
&kt_entry, &kt_cursor)) == 0) {
|
||||
if (smb_krb5_kt_get_enctype_from_entry(&kt_entry) ==
|
||||
CLEARTEXT_PRIV_ENCTYPE) {
|
||||
break;
|
||||
}
|
||||
smb_krb5_kt_free_entry(krbctx, &kt_entry);
|
||||
ZERO_STRUCT(kt_entry);
|
||||
}
|
||||
if (ret != 0) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (ret != 0 && ret != KRB5_KT_END && ret != ENOENT ) {
|
||||
/* Error parsing keytab */
|
||||
DEBUG(1, (__location__ ": Failed to parse memory "
|
||||
"keytab!\n"));
|
||||
/* check if we have our special enctype used to hold
|
||||
* the clear text password. If so, check it out so that
|
||||
* we can verify if the keytab needs to be upgraded */
|
||||
while ((ret = krb5_kt_next_entry(krbctx, *keytab,
|
||||
&kt_entry, &kt_cursor)) == 0) {
|
||||
if (smb_krb5_kt_get_enctype_from_entry(&kt_entry) ==
|
||||
CLEARTEXT_PRIV_ENCTYPE) {
|
||||
break;
|
||||
}
|
||||
smb_krb5_kt_free_entry(krbctx, &kt_entry);
|
||||
ZERO_STRUCT(kt_entry);
|
||||
}
|
||||
|
||||
ret2 = krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
|
||||
if (ret2 != 0) {
|
||||
ret = ret2;
|
||||
DEBUG(1, (__location__ ": krb5_kt_end_seq_get() "
|
||||
"failed (%s)\n", error_message(ret)));
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (ret != 0 && ret != KRB5_KT_END && ret != ENOENT ) {
|
||||
/* Error parsing keytab */
|
||||
DEBUG(1, (__location__ ": Failed to parse memory "
|
||||
"keytab!\n"));
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
/* found private entry,
|
||||
* check if keytab is up to date */
|
||||
|
||||
if ((ct->length == KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) &&
|
||||
(memcmp(KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)),
|
||||
ct->data, ct->length) == 0)) {
|
||||
/* keytab is already up to date, return */
|
||||
smb_krb5_kt_free_entry(krbctx, &kt_entry);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
/* found private entry,
|
||||
* check if keytab is up to date */
|
||||
|
||||
if ((ct->length == KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) &&
|
||||
(memcmp(KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)),
|
||||
ct->data, ct->length) == 0)) {
|
||||
/* keytab is already up to date, return */
|
||||
smb_krb5_kt_free_entry(krbctx, &kt_entry);
|
||||
goto out;
|
||||
}
|
||||
|
||||
smb_krb5_kt_free_entry(krbctx, &kt_entry);
|
||||
ZERO_STRUCT(kt_entry);
|
||||
smb_krb5_kt_free_entry(krbctx, &kt_entry);
|
||||
ZERO_STRUCT(kt_entry);
|
||||
|
||||
|
||||
/* flush keytab, we need to regen it */
|
||||
ret = flush_keytab(krbctx, *keytab);
|
||||
if (ret) {
|
||||
DEBUG(1, (__location__ ": Failed to flush "
|
||||
"memory keytab!\n"));
|
||||
goto out;
|
||||
}
|
||||
/* flush keytab, we need to regen it */
|
||||
ret = flush_keytab(krbctx, *keytab);
|
||||
if (ret) {
|
||||
DEBUG(1, (__location__ ": Failed to flush "
|
||||
"memory keytab!\n"));
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
if (!all_zero((uint8_t *)&kt_cursor, sizeof(kt_cursor)) && *keytab) {
|
||||
krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
|
||||
}
|
||||
|
||||
/* keytab is not up to date, fill it up */
|
||||
|
||||
ret = smb_krb5_make_principal(krbctx, &princ, realm,
|
||||
@ -321,9 +332,6 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx,
|
||||
ret = 0;
|
||||
|
||||
out:
|
||||
if (!all_zero((uint8_t *)&kt_cursor, sizeof(kt_cursor)) && *keytab) {
|
||||
krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
|
||||
}
|
||||
|
||||
if (princ) {
|
||||
krb5_free_principal(krbctx, princ);
|
||||
@ -533,7 +541,7 @@ static krb5_error_code fill_mem_keytab_from_dedicated_keytab(krb5_context krbctx
|
||||
krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
|
||||
|
||||
out:
|
||||
|
||||
|
||||
krb5_kt_close(krbctx, keytab);
|
||||
|
||||
return ret;
|
||||
|
Loading…
Reference in New Issue
Block a user