diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-05-01 10:33:08 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-05-02 06:54:23 +1000 |
| commit | 44e7ea692708c1c956fc9bd20ed9a6d5de9479a4 (patch) | |
| tree | c2677201a5cdab1772371611242f0fcdac6826a7 /source4/auth/gensec | |
| parent | 485def3b5dae7c77fb0c01ed99b6865b7c5ceeb8 (diff) | |
| download | samba-44e7ea692708c1c956fc9bd20ed9a6d5de9479a4.tar.gz samba-44e7ea692708c1c956fc9bd20ed9a6d5de9479a4.tar.bz2 samba-44e7ea692708c1c956fc9bd20ed9a6d5de9479a4.zip | |
s4:credentials Make the CCACHE in credentials depend on the things that built it
This means that we consider the ccache only as reliable as the least
specified of the inputs we used.
This means that we will regenerate the ccache if any of the inputs change.
Andrew Bartlett
Diffstat (limited to 'source4/auth/gensec')
| -rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 4 | ||||
| -rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 9 |
2 files changed, 12 insertions, 1 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 9e974cb941..c6901a7b5e 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -379,6 +379,10 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi case KRB5_KDC_UNREACH: DEBUG(3, ("Cannot reach a KDC we require to contact %s : %s\n", principal, error_string)); return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */ + case KRB5_CC_NOTFOUND: + case KRB5_CC_END: + DEBUG(3, ("Error preparing credentials we require to contact %s : %s\n", principal, error_string)); + return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */ default: DEBUG(1, ("Aquiring initiator credentials failed: %s\n", error_string)); return NT_STATUS_UNSUCCESSFUL; diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index bb9ace70b1..c2f96d7b7f 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -31,6 +31,8 @@ #include "lib/tsocket/tsocket.h" #include "librpc/rpc/dcerpc.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_krb5.h" +#include "auth/kerberos/kerberos_credentials.h" #include "auth/gensec/gensec.h" #include "auth/gensec/gensec_proto.h" #include "param/param.h" @@ -287,6 +289,10 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s case KRB5_KDC_UNREACH: DEBUG(3, ("Cannot reach a KDC we require to contact %s: %s\n", principal, error_string)); return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */ + case KRB5_CC_NOTFOUND: + case KRB5_CC_END: + DEBUG(3, ("Error preparing credentials we require to contact %s : %s\n", principal, error_string)); + return NT_STATUS_INVALID_PARAMETER; /* Make SPNEGO ignore us, we can't go any further here */ default: DEBUG(1, ("gensec_krb5_start: Aquiring initiator credentials failed: %s\n", error_string)); return NT_STATUS_UNSUCCESSFUL; @@ -474,6 +480,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, struct keytab_container *keytab; krb5_principal server_in_keytab; const char *error_string; + enum credentials_obtained obtained; if (!in.data) { return NT_STATUS_INVALID_PARAMETER; @@ -490,7 +497,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, /* This ensures we lookup the correct entry in that keytab */ ret = principal_from_credentials(out_mem_ctx, gensec_get_credentials(gensec_security), gensec_krb5_state->smb_krb5_context, - &server_in_keytab, &error_string); + &server_in_keytab, &obtained, &error_string); if (ret) { DEBUG(2,("Failed to make credentials from principal: %s\n", error_string)); |