summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-11-12 15:42:03 +0100
committerGünther Deschner <gd@samba.org>2009-11-12 15:50:38 +0100
commit61f0b247633501d6bf4103ca8345048e537c043d (patch)
tree074066e0492b43626b96d6c033d672b6f2000735
parent0f8bf47d949fbdf47bdb388ad584652202ce185b (diff)
downloadsamba-61f0b247633501d6bf4103ca8345048e537c043d.tar.gz
samba-61f0b247633501d6bf4103ca8345048e537c043d.tar.bz2
samba-61f0b247633501d6bf4103ca8345048e537c043d.zip
s3-kerberos: remove smb_krb5_get_tkt_from_creds().
Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove smb_krb5_get_tkt_from_creds() which is not required anymore. Guenther
-rw-r--r--source3/libads/authdata.c64
1 files changed, 4 insertions, 60 deletions
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index f287b16b9d..93f4091b6e 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -335,46 +335,6 @@ struct PAC_LOGON_INFO *get_logon_info_from_pac(struct PAC_DATA *pac_data)
return NULL;
}
-static krb5_error_code smb_krb5_get_tkt_from_creds(krb5_creds *creds,
- DATA_BLOB *tkt)
-{
- krb5_error_code ret;
- krb5_context context;
- krb5_auth_context auth_context = NULL;
- krb5_data inbuf, outbuf;
-
- ret = krb5_init_context(&context);
- if (ret) {
- return ret;
- }
-
- ret = krb5_auth_con_init(context, &auth_context);
- if (ret) {
- goto done;
- }
-
- ZERO_STRUCT(inbuf);
-
- ret = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY,
- &inbuf, creds, &outbuf);
- if (ret) {
- goto done;
- }
-
- *tkt = data_blob(outbuf.data, outbuf.length);
- done:
- if (!context) {
- return ret;
- }
- kerberos_free_data_contents(context, &outbuf);
- if (auth_context) {
- krb5_auth_con_free(context, auth_context);
- }
- krb5_free_context(context);
-
- return ret;
-}
-
/****************************************************************
****************************************************************/
@@ -462,26 +422,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
(*expire_time == 0) && (*renew_till_time == 0)) {
return NT_STATUS_INVALID_LOGON_TYPE;
}
-#if 1
- ret = smb_krb5_get_creds(local_service,
- time_offset,
- cc,
- impersonate_princ_s,
- &creds);
- if (ret) {
- DEBUG(1,("failed to get credentials for %s: %s\n",
- local_service, error_message(ret)));
- status = krb5_to_nt_status(ret);
- goto out;
- }
- ret = smb_krb5_get_tkt_from_creds(creds, &tkt);
- if (ret) {
- status = krb5_to_nt_status(ret);
- goto out;
- }
-
-#else
ret = cli_krb5_get_ticket(local_service,
time_offset,
&tkt,
@@ -493,10 +434,13 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
if (ret) {
DEBUG(1,("failed to get ticket for %s: %s\n",
local_service, error_message(ret)));
+ if (impersonate_princ_s) {
+ DEBUGADD(1,("tried S4U2SELF impersonation as: %s\n",
+ impersonate_princ_s));
+ }
status = krb5_to_nt_status(ret);
goto out;
}
-#endif
status = ads_verify_ticket(mem_ctx,
lp_realm(),
time_offset,