diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2003-03-17 22:46:12 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2003-03-17 22:46:12 +0000 |
| commit | f06d1b240a0cc15bc50c907198c06fcd826d63b2 (patch) | |
| tree | 0b9e4ac237047258f2d102e24c4d69fd57c0bc1f | |
| parent | ec458fa87e3ee858be39671f575e21a9350674b6 (diff) | |
| download | samba-f06d1b240a0cc15bc50c907198c06fcd826d63b2.tar.gz samba-f06d1b240a0cc15bc50c907198c06fcd826d63b2.tar.bz2 samba-f06d1b240a0cc15bc50c907198c06fcd826d63b2.zip | |
The kerberos_verify compoenent of the SessionSetup sync with HEAD.
Andrew Bartlett
(This used to be commit 64796ed27a3842be1dde52dd4f46698e95961767)
| -rw-r--r-- | source3/libads/kerberos_verify.c | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index 17fecf60c8..4d9a1bf765 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -3,7 +3,7 @@ kerberos utility library Copyright (C) Andrew Tridgell 2001 Copyright (C) Remus Koos 2001 - + Copyright (C) Luke Howard 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -29,7 +29,9 @@ authorization_data if available */ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket, - char **principal, DATA_BLOB *auth_data) + char **principal, DATA_BLOB *auth_data, + DATA_BLOB *ap_rep, + uint8 session_key[16]) { krb5_context context; krb5_auth_context auth_context = NULL; @@ -122,10 +124,24 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket, if (!auth_ok) { DEBUG(3,("krb5_rd_req with auth failed (%s)\n", error_message(ret))); - SAFE_FREE(key); return NT_STATUS_LOGON_FAILURE; } + ret = krb5_mk_rep(context, auth_context, &packet); + if (ret) { + DEBUG(3,("Failed to generate mutual authentication reply (%s)\n", + error_message(ret))); + krb5_auth_con_free(context, auth_context); + return NT_STATUS_LOGON_FAILURE; + } + + *ap_rep = data_blob(packet.data, packet.length); + free(packet.data); + + krb5_get_smb_session_key(context, auth_context, session_key); + DEBUG(0,("SMB session key (from ticket) follows:\n")); + dump_data(0, session_key, 16); + #if 0 file_save("/tmp/ticket.dat", ticket->data, ticket->length); #endif @@ -134,20 +150,24 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket, #if 0 if (tkt->enc_part2) { - file_save("/tmp/authdata.dat", + file_save("/tmp/authdata.dat", tkt->enc_part2->authorization_data[0]->contents, tkt->enc_part2->authorization_data[0]->length); - } #endif if ((ret = krb5_unparse_name(context, get_principal_from_tkt(tkt), principal))) { DEBUG(3,("krb5_unparse_name failed (%s)\n", error_message(ret))); + data_blob_free(auth_data); + data_blob_free(ap_rep); + krb5_auth_con_free(context, auth_context); return NT_STATUS_LOGON_FAILURE; } + krb5_auth_con_free(context, auth_context); + return NT_STATUS_OK; } -#endif +#endif /* HAVE_KRB5 */ |