diff options
| author | Christof Schmitt <christof.schmitt@us.ibm.com> | 2012-07-05 13:17:00 -0700 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-07-06 20:45:51 +1000 |
| commit | 7285ed586f129d45843f98c359003d9ac88cf5cb (patch) | |
| tree | 4ca176f1284f9f43930be940b0173bae209fc0ab /auth/kerberos | |
| parent | a49eb60e041a55122ce04ed6f576c2ba09c11fe3 (diff) | |
| download | samba-7285ed586f129d45843f98c359003d9ac88cf5cb.tar.gz | |
auth: Common function for retrieving PAC_LOGIN_INFO from PAC
Several functions use the same logic as kerberos_pac_logon_info. Move
kerberos_pac_logon_info to common code and reuse it to remove the code
duplication.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth/kerberos')
| -rw-r--r-- | auth/kerberos/kerberos_pac.c | 37 | ||||
| -rw-r--r-- | auth/kerberos/pac_utils.h | 10 |
2 files changed, 47 insertions, 0 deletions
diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c index eacf39d321e..80f31d869f1 100644 --- a/auth/kerberos/kerberos_pac.c +++ b/auth/kerberos/kerberos_pac.c @@ -402,4 +402,41 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, + DATA_BLOB blob, + krb5_context context, + const krb5_keyblock *krbtgt_keyblock, + const krb5_keyblock *service_keyblock, + krb5_const_principal client_principal, + time_t tgs_authtime, + struct PAC_LOGON_INFO **logon_info) +{ + NTSTATUS nt_status; + struct PAC_DATA *pac_data; + int i; + nt_status = kerberos_decode_pac(mem_ctx, + blob, + context, + krbtgt_keyblock, + service_keyblock, + client_principal, + tgs_authtime, + &pac_data); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + *logon_info = NULL; + for (i=0; i < pac_data->num_buffers; i++) { + if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) { + continue; + } + *logon_info = pac_data->buffers[i].info->logon_info.info; + } + if (!*logon_info) { + return NT_STATUS_INVALID_PARAMETER; + } + return NT_STATUS_OK; +} + #endif diff --git a/auth/kerberos/pac_utils.h b/auth/kerberos/pac_utils.h index d654bec208b..b9b66649eef 100644 --- a/auth/kerberos/pac_utils.h +++ b/auth/kerberos/pac_utils.h @@ -26,6 +26,7 @@ struct PAC_SIGNATURE_DATA; struct PAC_DATA; +struct PAC_LOGON_INFO; krb5_error_code check_pac_checksum(DATA_BLOB pac_data, struct PAC_SIGNATURE_DATA *sig, @@ -41,6 +42,15 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, time_t tgs_authtime, struct PAC_DATA **pac_data_out); +NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, + DATA_BLOB blob, + krb5_context context, + const krb5_keyblock *krbtgt_keyblock, + const krb5_keyblock *service_keyblock, + krb5_const_principal client_principal, + time_t tgs_authtime, + struct PAC_LOGON_INFO **logon_info); + NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx, gss_ctx_id_t gssapi_context, gss_name_t gss_client_name, |