[Samba] samba-3.2.8 - KRB5_KT_UNKNOWN_TYPE;

[Glenn Machin]

When "use kerberos keytab = yes" in smb.conf is set with samba-3.2.8 and 
the environment variable KRB5_KTNAME is not set with the value using 
prefix "FILE:" or the default_keytab in /etc/krb5.conf is set without 
the prefix i.e.
   default_keytab_name = /etc/v5srvtab
then the function smb_krb5_open_keytab() returns KRB5_KT_UNKNOWN_TYPE.

If smb_krb5_open_keytab with a filename "/etc/v5srvtab" it would work 
fine, however if the "default" keytab is used the expectation is that it 
must have a prefix "FILE:" or "WRFILE:". 

Is this the correct logic?   It appears that the loop
while (next_token_talloc(mem_ctx, &tmp, &kt_str, ",")) {

Should have the test

   if (tmp[0] == '/')
      found_valid_name = True;



Glenn







kerberos_keytab.c
ads_keytab_add_entry()
ret = smb_krb5_open_keytab(context, NULL, True, &keytab);
       if (ret) {
               DEBUG(1,("ads_keytab_add_entry: smb_krb5_open_keytab 
failed (%s)\n", error_message(ret)));
               goto out;
       }



libsmb/clikrb5.c
smb_krb5_open_keytab(krb5_context context,
                                     const char *keytab_name_req,
                                     bool write_access,
                                     krb5_keytab *keytab)
)
   
      /* we need to handle more complex keytab_strings, like:
        * "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab" */

       ret = krb5_kt_default_name(context, &keytab_string[0], 
MAX_KEYTAB_NAME_LEN - 2);
       if (ret) {
               goto out;
       }

       DEBUG(10,("smb_krb5_open_keytab: krb5_kt_default_name returned 
%s\n", keytab_string));

       tmp = talloc_strdup(mem_ctx, keytab_string);
       if (!tmp) {
               ret = ENOMEM;
               goto out;
       }

       if (strncmp(tmp, "ANY:", 4) == 0) {
               tmp += 4;
       }

       memset(&keytab_string, '\0', sizeof(keytab_string));

       while (next_token_talloc(mem_ctx, &tmp, &kt_str, ",")) {
               if (strncmp(kt_str, "WRFILE:", 7) == 0) {
                       found_valid_name = True;
                       tmp = kt_str;
                       tmp += 7;
               }

               if (strncmp(kt_str, "FILE:", 5) == 0) {
                       found_valid_name = True;
                       tmp = kt_str;
                       tmp += 5;
               }

               if (found_valid_name) {
                       if (tmp[0] != '/') {
                               ret = KRB5_KT_BADNAME;
                               goto out;
                      }

                       tmp = talloc_asprintf(mem_ctx, "%s:%s", pragma, 
tmp);
                       if (!tmp) {
                               ret = ENOMEM;
                               goto out;
                       }
                       break;
               }
       }

       if (!found_valid_name) {
               ret = KRB5_KT_UNKNOWN_TYPE;
               goto out;
       }

                                          

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba