summaryrefslogtreecommitdiff
path: root/source/libads/kerberos_verify.c
diff options
context:
space:
mode:
Diffstat (limited to 'source/libads/kerberos_verify.c')
-rw-r--r--source/libads/kerberos_verify.c27
1 files changed, 15 insertions, 12 deletions
diff --git a/source/libads/kerberos_verify.c b/source/libads/kerberos_verify.c
index 934c1131eb0..525a9cfa27c 100644
--- a/source/libads/kerberos_verify.c
+++ b/source/libads/kerberos_verify.c
@@ -90,9 +90,10 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut
if (ret != KRB5_KT_END && ret != ENOENT ) {
while (!auth_ok && (krb5_kt_next_entry(context, keytab, &kt_entry, &kt_cursor) == 0)) {
- ret = krb5_unparse_name(context, kt_entry.principal, &entry_princ_s);
+ ret = smb_krb5_unparse_name(context, kt_entry.principal, &entry_princ_s);
if (ret) {
- DEBUG(1, ("ads_keytab_verify_ticket: krb5_unparse_name failed (%s)\n", error_message(ret)));
+ DEBUG(1, ("ads_keytab_verify_ticket: smb_krb5_unparse_name failed (%s)\n",
+ error_message(ret)));
goto out;
}
@@ -138,8 +139,7 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut
}
/* Free the name we parsed. */
- krb5_free_unparsed_name(context, entry_princ_s);
- entry_princ_s = NULL;
+ SAFE_FREE(entry_princ_s);
/* Free the entry we just read. */
smb_krb5_kt_free_entry(context, &kt_entry);
@@ -165,9 +165,7 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut
}
}
- if (entry_princ_s) {
- krb5_free_unparsed_name(context, entry_princ_s);
- }
+ SAFE_FREE(entry_princ_s);
{
krb5_keytab_entry zero_kt_entry;
@@ -288,7 +286,8 @@ static BOOL ads_secrets_verify_ticket(krb5_context context, krb5_auth_context au
***********************************************************************************/
NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
- const char *realm, const DATA_BLOB *ticket,
+ const char *realm, time_t time_offset,
+ const DATA_BLOB *ticket,
char **principal, PAC_DATA **pac_data,
DATA_BLOB *ap_rep,
DATA_BLOB *session_key)
@@ -325,6 +324,10 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
return NT_STATUS_LOGON_FAILURE;
}
+ if (time_offset != 0) {
+ krb5_set_real_time(context, time(NULL) + time_offset, 0);
+ }
+
ret = krb5_set_default_realm(context, realm);
if (ret) {
DEBUG(1,("ads_verify_ticket: krb5_set_default_realm failed (%s)\n", error_message(ret)));
@@ -343,9 +346,9 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
asprintf(&host_princ_s, "%s$", global_myname());
strlower_m(host_princ_s);
- ret = krb5_parse_name(context, host_princ_s, &host_princ);
+ ret = smb_krb5_parse_name(context, host_princ_s, &host_princ);
if (ret) {
- DEBUG(1,("ads_verify_ticket: krb5_parse_name(%s) failed (%s)\n",
+ DEBUG(1,("ads_verify_ticket: smb_krb5_parse_name(%s) failed (%s)\n",
host_princ_s, error_message(ret)));
goto out;
}
@@ -459,8 +462,8 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
#endif
#endif
- if ((ret = krb5_unparse_name(context, client_principal, principal))) {
- DEBUG(3,("ads_verify_ticket: krb5_unparse_name failed (%s)\n",
+ if ((ret = smb_krb5_unparse_name(context, client_principal, principal))) {
+ DEBUG(3,("ads_verify_ticket: smb_krb5_unparse_name failed (%s)\n",
error_message(ret)));
sret = NT_STATUS_LOGON_FAILURE;
goto out;
View Lorry Controller Status