summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2010-07-20 20:00:12 -0400
committerSimo Sorce <idra@samba.org>2010-07-20 20:02:09 -0400
commit26f1218a3678e648c73db3b34732703396ad48b2 (patch)
tree624bb38c1a620cd3e87af9a80b0a64556ff2d39c /source3/libsmb
parent8137f2d7e7e69db66a5191c1a80e0bda52506528 (diff)
downloadsamba-26f1218a3678e648c73db3b34732703396ad48b2.tar.gz
samba-26f1218a3678e648c73db3b34732703396ad48b2.tar.bz2
samba-26f1218a3678e648c73db3b34732703396ad48b2.zip
s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keys
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/clikrb5.c27
-rw-r--r--source3/libsmb/clispnego.c11
2 files changed, 23 insertions, 15 deletions
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index adec435728..68b45d8908 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -828,9 +828,10 @@ cleanup_princ:
/*
get a kerberos5 ticket for the given service
*/
-int cli_krb5_get_ticket(const char *principal, time_t time_offset,
+int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
+ const char *principal, time_t time_offset,
DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
- uint32 extra_ap_opts, const char *ccname,
+ uint32_t extra_ap_opts, const char *ccname,
time_t *tgs_expire,
const char *impersonate_princ_s)
@@ -881,10 +882,10 @@ int cli_krb5_get_ticket(const char *principal, time_t time_offset,
goto failed;
}
- get_krb5_smb_session_key(context, auth_context,
- session_key_krb5, False);
+ get_krb5_smb_session_key(mem_ctx, context, auth_context,
+ session_key_krb5, false);
- *ticket = data_blob(packet.data, packet.length);
+ *ticket = data_blob_talloc(mem_ctx, packet.data, packet.length);
kerberos_free_data_contents(context, &packet);
@@ -901,7 +902,8 @@ failed:
return retval;
}
-bool get_krb5_smb_session_key(krb5_context context,
+bool get_krb5_smb_session_key(TALLOC_CTX *mem_ctx,
+ krb5_context context,
krb5_auth_context auth_context,
DATA_BLOB *session_key, bool remote)
{
@@ -925,9 +927,12 @@ bool get_krb5_smb_session_key(krb5_context context,
DEBUG(10, ("Got KRB5 session key of length %d\n",
(int)KRB5_KEY_LENGTH(skey)));
- *session_key = data_blob(KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey));
+ *session_key = data_blob_talloc(mem_ctx,
+ KRB5_KEY_DATA(skey),
+ KRB5_KEY_LENGTH(skey));
dump_data_pw("KRB5 Session Key:\n",
- session_key->data, session_key->length);
+ session_key->data,
+ session_key->length);
ret = true;
@@ -2277,8 +2282,10 @@ char *smb_krb5_principal_get_realm(krb5_context context,
#else /* HAVE_KRB5 */
/* this saves a few linking headaches */
- int cli_krb5_get_ticket(const char *principal, time_t time_offset,
- DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts,
+ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
+ const char *principal, time_t time_offset,
+ DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
+ uint32_t extra_ap_opts,
const char *ccname, time_t *tgs_expire,
const char *impersonate_princ_s)
{
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 66e023a91d..539b411056 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -301,12 +301,13 @@ int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx,
const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5, OID_NTLMSSP, NULL};
/* get a kerberos ticket for the service and extract the session key */
- retval = cli_krb5_get_ticket(principal, time_offset,
- &tkt, session_key_krb5, extra_ap_opts, NULL,
- expire_time, NULL);
-
- if (retval)
+ retval = cli_krb5_get_ticket(ctx, principal, time_offset,
+ &tkt, session_key_krb5,
+ extra_ap_opts, NULL,
+ expire_time, NULL);
+ if (retval) {
return retval;
+ }
/* wrap that up in a nice GSS-API wrapping */
tkt_wrapped = spnego_gen_krb5_wrap(ctx, tkt, TOK_ID_KRB_AP_REQ);