Changeset 740 for vendor/current/source3/libads/kerberos.c
- Timestamp:
- Nov 14, 2012, 12:59:34 PM (13 years ago)
- File:
-
- 1 edited
-
vendor/current/source3/libads/kerberos.c (modified) (10 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/libads/kerberos.c
r478 r740 12 12 the Free Software Foundation; either version 3 of the License, or 13 13 (at your option) any later version. 14 14 15 15 This program is distributed in the hope that it will be useful, 16 16 but WITHOUT ANY WARRANTY; without even the implied warranty of 17 17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 18 GNU General Public License for more details. 19 19 20 20 You should have received a copy of the GNU General Public License 21 21 along with this program. If not, see <http://www.gnu.org/licenses/>. … … 23 23 24 24 #include "includes.h" 25 #include "system/filesys.h" 25 26 #include "smb_krb5.h" 27 #include "../librpc/gen_ndr/ndr_misc.h" 28 #include "libads/kerberos_proto.h" 29 #include "secrets.h" 26 30 27 31 #ifdef HAVE_KRB5 … … 91 95 data_blob_free(&edata); 92 96 93 ndr_err = ndr_pull_struct_blob_all(&unwrapped_edata, mem_ctx, NULL, 94 &parsed_edata, 95 (ndr_pull_flags_fn_t)ndr_pull_KRB5_EDATA_NTSTATUS); 97 ndr_err = ndr_pull_struct_blob_all(&unwrapped_edata, mem_ctx, 98 &parsed_edata, (ndr_pull_flags_fn_t)ndr_pull_KRB5_EDATA_NTSTATUS); 96 99 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 97 100 data_blob_free(&unwrapped_edata); … … 191 194 goto out; 192 195 } 193 196 194 197 if ((code = smb_krb5_parse_name(ctx, principal, &me))) { 195 198 goto out; … … 230 233 goto out; 231 234 } 232 235 233 236 if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) { 234 237 goto out; … … 283 286 } 284 287 return code; 285 }286 287 288 289 /* run kinit to setup our ccache */290 int ads_kinit_password(ADS_STRUCT *ads)291 {292 char *s;293 int ret;294 const char *account_name;295 fstring acct_name;296 297 if (ads->auth.flags & ADS_AUTH_USER_CREDS) {298 account_name = ads->auth.user_name;299 goto got_accountname;300 }301 302 if ( IS_DC ) {303 /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */304 account_name = lp_workgroup();305 } else {306 /* always use the sAMAccountName for security = domain */307 /* global_myname()$@REA.LM */308 if ( lp_security() == SEC_DOMAIN ) {309 fstr_sprintf( acct_name, "%s$", global_myname() );310 account_name = acct_name;311 }312 else313 /* This looks like host/global_myname()@REA.LM */314 account_name = ads->auth.user_name;315 }316 317 got_accountname:318 if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {319 return KRB5_CC_NOMEM;320 }321 322 if (!ads->auth.password) {323 SAFE_FREE(s);324 return KRB5_LIBOS_CANTREADPWD;325 }326 327 ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset,328 &ads->auth.tgt_expire, NULL, NULL, False, False, ads->auth.renewable,329 NULL);330 331 if (ret) {332 DEBUG(0,("kerberos_kinit_password %s failed: %s\n",333 s, error_message(ret)));334 }335 SAFE_FREE(s);336 return ret;337 288 } 338 289 … … 349 300 return code; 350 301 } 351 302 352 303 if (!cc_name) { 353 304 if ((code = krb5_cc_default(ctx, &cc))) { … … 592 543 char *unparsed_name = NULL, *salt_princ_s = NULL; 593 544 krb5_principal ret_princ = NULL; 594 545 595 546 /* lookup new key first */ 596 547 597 548 if ( (salt_princ_s = kerberos_secrets_fetch_des_salt()) == NULL ) { 598 549 599 550 /* look under the old key. If this fails, just use the standard key */ 600 551 … … 611 562 ret_princ = NULL; 612 563 } 613 564 614 565 TALLOC_FREE(unparsed_name); 615 566 SAFE_FREE(salt_princ_s); 616 567 617 568 return ret_princ; 618 569 } … … 655 606 if (smb_krb5_parse_name(context, princ_s, &princ) != 0) { 656 607 goto out; 657 658 608 } 659 609 if (smb_krb5_unparse_name(talloc_tos(), context, princ, &unparsed_name) != 0) {
Note:
See TracChangeset
for help on using the changeset viewer.
