diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2011-04-16 15:41:50 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2011-04-27 11:56:48 +1000 |
| commit | 6ec4306f8c3fed7ec5b5bd164c5829b2661589b7 (patch) | |
| tree | 5384aed4fe934eb82f7487cfc12f9c220ba5184d /libcli/auth | |
| parent | e130dec97bb4e08b11f39c1c1382f0c8ad36ef67 (diff) | |
| download | samba-6ec4306f8c3fed7ec5b5bd164c5829b2661589b7.tar.gz samba-6ec4306f8c3fed7ec5b5bd164c5829b2661589b7.tar.bz2 samba-6ec4306f8c3fed7ec5b5bd164c5829b2661589b7.zip | |
auth/kerberos: Create common helper to get the verified PAC from GSSAPI
This only works for Heimdal and MIT Krb5 1.8, other versions will get
an ACCESS_DEINED error.
We no longer manually verify any details of the PAC in Samba for
GSSAPI logins, as we never had the information to do it properly, and
it is better to have the GSSAPI library handle it.
Andrew Bartlett
Diffstat (limited to 'libcli/auth')
| -rw-r--r-- | libcli/auth/krb5_wrap.h | 5 | ||||
| -rw-r--r-- | libcli/auth/wscript_build | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/libcli/auth/krb5_wrap.h b/libcli/auth/krb5_wrap.h index 31bee352ab..82769aede9 100644 --- a/libcli/auth/krb5_wrap.h +++ b/libcli/auth/krb5_wrap.h @@ -72,3 +72,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, krb5_const_principal client_principal, time_t tgs_authtime, struct PAC_DATA **pac_data_out); + +NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx, + gss_ctx_id_t gssapi_context, + gss_name_t gss_client_name, + DATA_BLOB *pac_data); diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build index 541eaf0434..262d483e06 100644 --- a/libcli/auth/wscript_build +++ b/libcli/auth/wscript_build @@ -41,4 +41,4 @@ bld.SAMBA_SUBSYSTEM('SPNEGO_PARSE', bld.SAMBA_SUBSYSTEM('KRB5_WRAP', source='krb5_wrap.c kerberos_pac.c', - deps='gssapi krb5 ndr-krb5pac com_err') + deps='gssapi_krb5 krb5 ndr-krb5pac com_err KRB5_PAC') |