r9084: 'resign' the sample PAC for the validation of the signature algorithms.

If we ever get problems with the kerberos code, it should show up as a
different signature in this PAC.

This involved returning more data from the pac functions, so changed
some callers and split up some functions.

Andrew Bartlett
(This used to be commit d514a7491208afa0533bf9e99601147eb69e08c9)

2 files changed, 6 insertions, 6 deletions

diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 0a98b69f82..b6fda0402f 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -795,9 +795,9 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
 		gss_release_buffer(&min_stat, &pac);
 		
 		/* decode and verify the pac */
-		nt_status = kerberos_decode_pac(mem_ctx, &logon_info, pac_blob,
-						gensec_gssapi_state->smb_krb5_context,
-						NULL, keyblock);
+		nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info, pac_blob,
+						    gensec_gssapi_state->smb_krb5_context,
+						    NULL, keyblock);
 
 		if (NT_STATUS_IS_OK(nt_status)) {
 			union netr_Validation validation;
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 76f9171713..2568f11006 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -449,9 +449,9 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 	account_name = principal;
 
 	/* decode and verify the pac */
-	nt_status = kerberos_decode_pac(gensec_krb5_state, &logon_info, gensec_krb5_state->pac,
-					gensec_krb5_state->smb_krb5_context,
-					NULL, gensec_krb5_state->keyblock);
+	nt_status = kerberos_pac_logon_info(gensec_krb5_state, &logon_info, gensec_krb5_state->pac,
+					    gensec_krb5_state->smb_krb5_context,
+					    NULL, gensec_krb5_state->keyblock);
 
 	/* IF we have the PAC - otherwise we need to get this
 	 * data from elsewere - local ldb, or (TODO) lookup of some