diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-05-06 12:45:14 +1000 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2010-05-11 22:52:37 +0200 |
commit | 454b0b3f20ee8bdf56a12930261391e06567169c (patch) | |
tree | 164d017f86a2d8d4150a7bc69c6ece0ba7d3c145 /source3/utils | |
parent | d0a87f0098073b2b7c8b637eccbb9bd91aaa8a80 (diff) | |
download | samba-454b0b3f20ee8bdf56a12930261391e06567169c.tar.gz samba-454b0b3f20ee8bdf56a12930261391e06567169c.tar.bz2 samba-454b0b3f20ee8bdf56a12930261391e06567169c.zip |
s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA
All the callers just want the PAC_LOGON_INFO, so search for that in
ads_verify_ticket(), and don't bother the callers with the rest of the
PAC.
This change makes sense on it's own (removing boilerplate wrappers
that just confuse the code), but it also makes it much easier to
implement a matching ads_verify_ticket() function in Samba4 for the
s3compat proposal.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/utils')
-rw-r--r-- | source3/utils/net_ads.c | 6 | ||||
-rw-r--r-- | source3/utils/ntlm_auth.c | 4 |
2 files changed, 4 insertions, 6 deletions
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 53cb9ace02..5989fec3ce 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -2379,7 +2379,6 @@ static int net_ads_kerberos_renew(struct net_context *c, int argc, const char ** static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv) { - struct PAC_DATA *pac = NULL; struct PAC_LOGON_INFO *info = NULL; TALLOC_CTX *mem_ctx = NULL; NTSTATUS status; @@ -2409,7 +2408,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar status = kerberos_return_pac(mem_ctx, c->opt_user_name, c->opt_password, - 0, + 0, NULL, NULL, NULL, @@ -2417,14 +2416,13 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar true, 2592000, /* one month */ impersonate_princ_s, - &pac); + &info); if (!NT_STATUS_IS_OK(status)) { d_printf(_("failed to query kerberos PAC: %s\n"), nt_errstr(status)); goto out; } - info = get_logon_info_from_pac(pac); if (info) { const char *s; s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info); diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 9bd7b5af66..2c8dbfc7c8 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1316,7 +1316,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, char *principal; DATA_BLOB ap_rep; DATA_BLOB session_key; - struct PAC_DATA *pac_data = NULL; + struct PAC_LOGON_INFO *logon_info = NULL; if ( request.negTokenInit.mechToken.data == NULL ) { DEBUG(1, ("Client did not provide Kerberos data\n")); @@ -1332,7 +1332,7 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, status = ads_verify_ticket(mem_ctx, lp_realm(), 0, &request.negTokenInit.mechToken, - &principal, &pac_data, &ap_rep, + &principal, &logon_info, &ap_rep, &session_key, True); /* Now in "principal" we have the name we are |