diff options
author | Michael Adam <obnox@samba.org> | 2008-07-22 11:39:01 +0200 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2008-08-01 16:04:42 +0200 |
commit | 7205dd5d12476c265bb8cec26df78a531d750db6 (patch) | |
tree | babd5dba067e493211190c9c4581a964c77d77aa | |
parent | 3fa9e5fdd45f4554e24f90f316dba55b7a787e0f (diff) | |
download | samba-7205dd5d12476c265bb8cec26df78a531d750db6.tar.gz samba-7205dd5d12476c265bb8cec26df78a531d750db6.tar.xz samba-7205dd5d12476c265bb8cec26df78a531d750db6.zip |
libnet keytab: add function libnet_keytab_remove_entries().
This can be used to remove entries of given principal, kvno and enctype.
Michael
(This used to be commit a6f61c05b270c82f4bfce8a6850f81a09ad29087)
-rw-r--r-- | source3/libnet/libnet_keytab.c | 90 | ||||
-rw-r--r-- | source3/libnet/libnet_proto.h | 5 |
2 files changed, 95 insertions, 0 deletions
diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 175d243705d..a748599c782 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -223,4 +223,94 @@ cont: return entry; } +/** + * Remove all entries that have the given principal, kvno and enctype. + */ +krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx, + const char *principal, + int kvno, + const krb5_enctype enctype) +{ + krb5_error_code ret; + krb5_kt_cursor cursor; + krb5_keytab_entry kt_entry; + + ZERO_STRUCT(kt_entry); + ZERO_STRUCT(cursor); + + ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); + if (ret) { + return 0; + } + + while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) + { + char *princ_s = NULL; + + if (kt_entry.vno != kvno) { + goto cont; + } + + if (kt_entry.key.enctype != enctype) { + goto cont; + } + + ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, + &princ_s); + if (ret) { + DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n", + error_message(ret))); + goto cont; + } + + if (strcmp(principal, princ_s) != 0) { + goto cont; + } + + /* match found - remove */ + + DEBUG(10, ("found entry for principal %s, kvno %d, " + "enctype %d - trying to remove it\n", + princ_s, kt_entry.vno, kt_entry.key.enctype)); + + ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); + ZERO_STRUCT(cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + + ret = krb5_kt_remove_entry(ctx->context, ctx->keytab, + &kt_entry); + if (ret) { + DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n", + error_message(ret))); + goto cont; + } + DEBUG(10, ("removed entry for principal %s, kvno %d, " + "enctype %d\n", princ_s, kt_entry.vno, + kt_entry.key.enctype)); + + ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + +cont: + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + } + + ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + } + + return ret; +} + #endif /* HAVE_KRB5 */ diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 43046a44c0c..26ffbfce8c6 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -55,6 +55,11 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c const char *principal, int kvno, const const krb5_enctype enctype, TALLOC_CTX *mem_ctx); + +krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx, + const char *principal, + int kvno, + const krb5_enctype enctype); #endif /* The following definitions come from libnet/libnet_samsync.c */ |