diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-04-16 15:41:50 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-04-27 11:56:48 +1000 |
commit | 6ec4306f8c3fed7ec5b5bd164c5829b2661589b7 (patch) | |
tree | 5384aed4fe934eb82f7487cfc12f9c220ba5184d /libcli/auth/krb5_wrap.h | |
parent | e130dec97bb4e08b11f39c1c1382f0c8ad36ef67 (diff) | |
download | samba-6ec4306f8c3fed7ec5b5bd164c5829b2661589b7.tar.gz samba-6ec4306f8c3fed7ec5b5bd164c5829b2661589b7.tar.bz2 samba-6ec4306f8c3fed7ec5b5bd164c5829b2661589b7.zip |
auth/kerberos: Create common helper to get the verified PAC from GSSAPI
This only works for Heimdal and MIT Krb5 1.8, other versions will get
an ACCESS_DEINED error.
We no longer manually verify any details of the PAC in Samba for
GSSAPI logins, as we never had the information to do it properly, and
it is better to have the GSSAPI library handle it.
Andrew Bartlett
Diffstat (limited to 'libcli/auth/krb5_wrap.h')
-rw-r--r-- | libcli/auth/krb5_wrap.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libcli/auth/krb5_wrap.h b/libcli/auth/krb5_wrap.h index 31bee352ab..82769aede9 100644 --- a/libcli/auth/krb5_wrap.h +++ b/libcli/auth/krb5_wrap.h @@ -72,3 +72,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, krb5_const_principal client_principal, time_t tgs_authtime, struct PAC_DATA **pac_data_out); + +NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx, + gss_ctx_id_t gssapi_context, + gss_name_t gss_client_name, + DATA_BLOB *pac_data); |