diff options
author | Günther Deschner <gd@samba.org> | 2008-10-13 17:29:22 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-11-06 13:31:17 +0100 |
commit | 60bf0eb60788a5d4dc5de24997c5efda64f2bd73 (patch) | |
tree | a2143d72bc4dbac43d8476a4b3c0ab0a78af3309 | |
parent | 6ca8a40976f86f66713ba9a7b957f97a1c271016 (diff) | |
download | samba-60bf0eb60788a5d4dc5de24997c5efda64f2bd73.tar.gz samba-60bf0eb60788a5d4dc5de24997c5efda64f2bd73.tar.bz2 samba-60bf0eb60788a5d4dc5de24997c5efda64f2bd73.zip |
s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.
Guenther
-rw-r--r-- | client/cifs.upcall.c | 2 | ||||
-rw-r--r-- | source3/include/includes.h | 7 | ||||
-rw-r--r-- | source3/libsmb/clikrb5.c | 6 | ||||
-rw-r--r-- | source3/libsmb/clispnego.c | 2 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 2 | ||||
-rw-r--r-- | source3/utils/ntlm_auth.c | 4 |
6 files changed, 14 insertions, 9 deletions
diff --git a/client/cifs.upcall.c b/client/cifs.upcall.c index bf6a861544..97c6ae022d 100644 --- a/client/cifs.upcall.c +++ b/client/cifs.upcall.c @@ -221,7 +221,7 @@ handle_krb5_mech(const char *oid, const char *principal, DATA_BLOB *secblob, /* get a kerberos ticket for the service and extract the session key */ retval = cli_krb5_get_ticket(principal, 0, &tkt, sess_key, 0, ccname, - NULL); + NULL, NULL); if (retval) { syslog(LOG_DEBUG, "%s: failed to obtain service ticket (%d)", diff --git a/source3/include/includes.h b/source3/include/includes.h index 559bc3dc18..4ffad61c07 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -1035,8 +1035,11 @@ krb5_error_code smb_krb5_parse_name_norealm(krb5_context context, bool smb_krb5_principal_compare_any_realm(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2); -int cli_krb5_get_ticket(const char *principal, time_t time_offset, - DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, const char *ccname, time_t *tgs_expire); +int cli_krb5_get_ticket(const char *principal, time_t time_offset, + DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, + uint32 extra_ap_opts, const char *ccname, + time_t *tgs_expire, + const char *impersonate_princ_s); krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time); krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code); krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr); diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 1778853ca9..a37690c552 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -826,7 +826,8 @@ cleanup_princ: int cli_krb5_get_ticket(const char *principal, time_t time_offset, DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, const char *ccname, - time_t *tgs_expire) + time_t *tgs_expire, + const char *impersonate_princ_s) { krb5_error_code retval; @@ -2237,7 +2238,8 @@ krb5_error_code smb_krb5_get_creds(const char *server_s, /* this saves a few linking headaches */ int cli_krb5_get_ticket(const char *principal, time_t time_offset, DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, - const char *ccname, time_t *tgs_expire) + const char *ccname, time_t *tgs_expire, + const char *impersonate_princ_s) { DEBUG(0,("NO KERBEROS SUPPORT\n")); return 1; diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index e20749b3e8..3789fbf6b8 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -389,7 +389,7 @@ int spnego_gen_negTokenTarg(const char *principal, int time_offset, /* get a kerberos ticket for the service and extract the session key */ retval = cli_krb5_get_ticket(principal, time_offset, &tkt, session_key_krb5, extra_ap_opts, NULL, - expire_time); + expire_time, NULL); if (retval) return retval; diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index e150059bcc..c6498701eb 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1502,7 +1502,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli, /* Create the ticket for the service principal and return it in a gss-api wrapped blob. */ ret = cli_krb5_get_ticket(a->service_principal, 0, &tkt, - &a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL, NULL); + &a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, NULL); if (ret) { DEBUG(1,("create_krb5_auth_bind_req: cli_krb5_get_ticket for principal %s " diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 3bdc45a6ef..2a7e18cfac 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1572,7 +1572,7 @@ static bool manage_client_krb5_init(struct spnego_data spnego) spnego.negTokenInit.mechListMIC.length); principal[spnego.negTokenInit.mechListMIC.length] = '\0'; - retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL); + retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL, NULL); if (retval) { char *user = NULL; @@ -1596,7 +1596,7 @@ static bool manage_client_krb5_init(struct spnego_data spnego) return False; } - retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL); + retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL, NULL); if (retval) { DEBUG(10, ("Kinit suceeded, but getting a ticket failed: %s\n", error_message(retval))); |