summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2008-10-13 17:29:22 +0200
committerGünther Deschner <gd@samba.org>2009-11-06 13:31:17 +0100
commit60bf0eb60788a5d4dc5de24997c5efda64f2bd73 (patch)
treea2143d72bc4dbac43d8476a4b3c0ab0a78af3309
parent6ca8a40976f86f66713ba9a7b957f97a1c271016 (diff)
downloadsamba-60bf0eb60788a5d4dc5de24997c5efda64f2bd73.tar.gz
samba-60bf0eb60788a5d4dc5de24997c5efda64f2bd73.tar.bz2
samba-60bf0eb60788a5d4dc5de24997c5efda64f2bd73.zip
s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.
Guenther
-rw-r--r--client/cifs.upcall.c2
-rw-r--r--source3/include/includes.h7
-rw-r--r--source3/libsmb/clikrb5.c6
-rw-r--r--source3/libsmb/clispnego.c2
-rw-r--r--source3/rpc_client/cli_pipe.c2
-rw-r--r--source3/utils/ntlm_auth.c4
6 files changed, 14 insertions, 9 deletions
diff --git a/client/cifs.upcall.c b/client/cifs.upcall.c
index bf6a861544..97c6ae022d 100644
--- a/client/cifs.upcall.c
+++ b/client/cifs.upcall.c
@@ -221,7 +221,7 @@ handle_krb5_mech(const char *oid, const char *principal, DATA_BLOB *secblob,
/* get a kerberos ticket for the service and extract the session key */
retval = cli_krb5_get_ticket(principal, 0, &tkt, sess_key, 0, ccname,
- NULL);
+ NULL, NULL);
if (retval) {
syslog(LOG_DEBUG, "%s: failed to obtain service ticket (%d)",
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 559bc3dc18..4ffad61c07 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -1035,8 +1035,11 @@ krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
bool smb_krb5_principal_compare_any_realm(krb5_context context,
krb5_const_principal princ1,
krb5_const_principal princ2);
-int cli_krb5_get_ticket(const char *principal, time_t time_offset,
- DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, const char *ccname, time_t *tgs_expire);
+int cli_krb5_get_ticket(const char *principal, time_t time_offset,
+ DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
+ uint32 extra_ap_opts, const char *ccname,
+ time_t *tgs_expire,
+ const char *impersonate_princ_s);
krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time);
krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code);
krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr);
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 1778853ca9..a37690c552 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -826,7 +826,8 @@ cleanup_princ:
int cli_krb5_get_ticket(const char *principal, time_t time_offset,
DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
uint32 extra_ap_opts, const char *ccname,
- time_t *tgs_expire)
+ time_t *tgs_expire,
+ const char *impersonate_princ_s)
{
krb5_error_code retval;
@@ -2237,7 +2238,8 @@ krb5_error_code smb_krb5_get_creds(const char *server_s,
/* this saves a few linking headaches */
int cli_krb5_get_ticket(const char *principal, time_t time_offset,
DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts,
- const char *ccname, time_t *tgs_expire)
+ const char *ccname, time_t *tgs_expire,
+ const char *impersonate_princ_s)
{
DEBUG(0,("NO KERBEROS SUPPORT\n"));
return 1;
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index e20749b3e8..3789fbf6b8 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -389,7 +389,7 @@ int spnego_gen_negTokenTarg(const char *principal, int time_offset,
/* get a kerberos ticket for the service and extract the session key */
retval = cli_krb5_get_ticket(principal, time_offset,
&tkt, session_key_krb5, extra_ap_opts, NULL,
- expire_time);
+ expire_time, NULL);
if (retval)
return retval;
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index e150059bcc..c6498701eb 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1502,7 +1502,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
/* Create the ticket for the service principal and return it in a gss-api wrapped blob. */
ret = cli_krb5_get_ticket(a->service_principal, 0, &tkt,
- &a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL, NULL);
+ &a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, NULL);
if (ret) {
DEBUG(1,("create_krb5_auth_bind_req: cli_krb5_get_ticket for principal %s "
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 3bdc45a6ef..2a7e18cfac 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1572,7 +1572,7 @@ static bool manage_client_krb5_init(struct spnego_data spnego)
spnego.negTokenInit.mechListMIC.length);
principal[spnego.negTokenInit.mechListMIC.length] = '\0';
- retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL);
+ retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL, NULL);
if (retval) {
char *user = NULL;
@@ -1596,7 +1596,7 @@ static bool manage_client_krb5_init(struct spnego_data spnego)
return False;
}
- retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL);
+ retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL, NULL);
if (retval) {
DEBUG(10, ("Kinit suceeded, but getting a ticket failed: %s\n", error_message(retval)));