diff options
author | Jeremy Allison <jra@samba.org> | 2003-07-25 23:15:30 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2003-07-25 23:15:30 +0000 |
commit | 4632786cfb193dd80ce04206912297186e871814 (patch) | |
tree | b38cc3953923988443fd2ea76664677c24033366 /source3/libsmb/clispnego.c | |
parent | 37d77e3d6cf85eae9f45d18b756101fc1f50460b (diff) | |
download | samba-4632786cfb193dd80ce04206912297186e871814.tar.gz samba-4632786cfb193dd80ce04206912297186e871814.tar.bz2 samba-4632786cfb193dd80ce04206912297186e871814.zip |
W00t! Client smb signing is now working correctly with krb5 and w2k server.
Server code *should* also work (I'll check shortly). May be the odd memory
leak. Problem was we (a) weren't setting signing on in the client krb5 sessionsetup
code (b) we need to ask for a subkey... (c). The client and server need to
ask for local and remote subkeys respectively.
Thanks to Paul Nelson @ Thursby for some sage advice on this :-).
Jeremy.
(This used to be commit 3f9e3b60709df5ab755045a093e642510d4cde00)
Diffstat (limited to 'source3/libsmb/clispnego.c')
-rw-r--r-- | source3/libsmb/clispnego.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index bb48f57915..fbf8323679 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -323,13 +323,13 @@ BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]) generate a SPNEGO negTokenTarg packet, ready for a EXTENDED_SECURITY kerberos session setup */ -DATA_BLOB spnego_gen_negTokenTarg(const char *principal, int time_offset) +DATA_BLOB spnego_gen_negTokenTarg(const char *principal, int time_offset, unsigned char session_key_krb5[16]) { DATA_BLOB tkt, tkt_wrapped, targ; const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_NTLMSSP, NULL}; - /* get a kerberos ticket for the service */ - tkt = cli_krb5_get_ticket(principal, time_offset); + /* get a kerberos ticket for the service and extract the session key */ + tkt = cli_krb5_get_ticket(principal, time_offset, session_key_krb5); /* wrap that up in a nice GSS-API wrapping */ tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ); |