diff options
author | Andreas Schneider <asn@samba.org> | 2016-08-11 15:04:42 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2016-08-30 11:34:15 +0200 |
commit | 7f9a075d9c8d777fd04c1dcec6693e1e27efc3ae (patch) | |
tree | be77a2098600fb3f635c6306b97feb60bd62f372 | |
parent | 739a7adaef29d24611ee2d709e01e1cb7ffb31be (diff) | |
download | samba-7f9a075d9c8d777fd04c1dcec6693e1e27efc3ae.tar.gz |
gensec_krb5: Use implementation idependent krb5_mk_req_extended()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 45 |
1 files changed, 39 insertions, 6 deletions
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index b7189103c50..a7da76d0f2f 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -331,12 +331,45 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal, &target_principal); if (ret == 0) { - ret = krb5_mk_req_exact(gensec_krb5_state->smb_krb5_context->krb5_context, - &gensec_krb5_state->auth_context, - gensec_krb5_state->ap_req_options, - target_principal, - in_data_p, ccache_container->ccache, - &gensec_krb5_state->enc_ticket); + krb5_creds this_cred; + krb5_creds *cred; + + ZERO_STRUCT(this_cred); + ret = krb5_cc_get_principal(gensec_krb5_state->smb_krb5_context->krb5_context, + ccache_container->ccache, + &this_cred.client); + if (ret != 0) { + return NT_STATUS_UNSUCCESSFUL; + } + + ret = krb5_copy_principal(gensec_krb5_state->smb_krb5_context->krb5_context, + target_principal, + &this_cred.server); + if (ret != 0) { + krb5_free_cred_contents(gensec_krb5_state->smb_krb5_context->krb5_context, + &this_cred); + return NT_STATUS_UNSUCCESSFUL; + } + this_cred.times.endtime = 0; + + ret = krb5_get_credentials(gensec_krb5_state->smb_krb5_context->krb5_context, + 0, + ccache_container->ccache, + &this_cred, + &cred); + krb5_free_cred_contents(gensec_krb5_state->smb_krb5_context->krb5_context, + &this_cred); + if (ret != 0) { + return NT_STATUS_UNSUCCESSFUL; + } + + ret = krb5_mk_req_extended(gensec_krb5_state->smb_krb5_context->krb5_context, + &gensec_krb5_state->auth_context, + gensec_krb5_state->ap_req_options, + in_data_p, + cred, + &gensec_krb5_state->enc_ticket); + krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context, target_principal); } |