summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-10-23 22:20:42 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:45:11 -0500
commitdb4b95827e4e6d13577513946bff4f956c849756 (patch)
treed87779f6511101d981bf958a90bdaddca92f8744 /source4/auth/gensec
parent28a3bc645b49ea6e997b3576ba7a8ba55e7caa9c (diff)
downloadsamba-db4b95827e4e6d13577513946bff4f956c849756.tar.gz
samba-db4b95827e4e6d13577513946bff4f956c849756.tar.bz2
samba-db4b95827e4e6d13577513946bff4f956c849756.zip
r11270: Move the core CrackNames code from rpc_server/drsuapi to dsdb/samdb.
I'm sure this will not be the final resting place, but it will do for now. Use the cracknames code in auth/ for creating a server_info given a principal name only (should avoid assumtions about spliting a user@realm principal). Andrew Bartlett (This used to be commit c9d5d8e45dd7b7c99b6cf35b087bc18012f31222)
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c41
-rw-r--r--source4/auth/gensec/gensec_krb5.c19
2 files changed, 12 insertions, 48 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 42141e4df2..8fcada2352 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -879,6 +879,10 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
}
}
+ /* IF we have the PAC - otherwise we need to get this
+ * data from elsewere - local ldb, or (TODO) lookup of some
+ * kind...
+ */
if (maj_stat == 0) {
krb5_error_code ret;
@@ -912,42 +916,9 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
}
if (maj_stat) {
- krb5_error_code ret;
- DATA_BLOB user_sess_key = data_blob(NULL, 0);
- DATA_BLOB lm_sess_key = data_blob(NULL, 0);
- /* IF we have the PAC - otherwise we need to get this
- * data from elsewere - local ldb, or (TODO) lookup of some
- * kind...
- *
- * when heimdal can generate the PAC, we should fail if there's
- * no PAC present
- */
-
- char *account_name;
- const char *realm;
- ret = krb5_parse_name(gensec_gssapi_state->smb_krb5_context->krb5_context,
- principal_string, &principal);
- if (ret) {
- talloc_free(mem_ctx);
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- realm = krb5_principal_get_realm(gensec_gssapi_state->smb_krb5_context->krb5_context,
- principal);
- ret = krb5_unparse_name_norealm(gensec_gssapi_state->smb_krb5_context->krb5_context,
- principal, &account_name);
- if (ret) {
- krb5_free_principal(gensec_gssapi_state->smb_krb5_context->krb5_context, principal);
- talloc_free(mem_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
DEBUG(1, ("Unable to use PAC, resorting to local user lookup!\n"));
- nt_status = sam_get_server_info(mem_ctx, account_name, realm,
- user_sess_key, lm_sess_key,
- &server_info);
- free(account_name);
- krb5_free_principal(gensec_gssapi_state->smb_krb5_context->krb5_context, principal);
+ nt_status = sam_get_server_info_principal(mem_ctx, principal_string,
+ &server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 64de8211dd..3ed38a435c 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -518,23 +518,16 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
if (!NT_STATUS_IS_OK(nt_status)) {
/* NO pac, or can't parse or verify it */
krb5_error_code ret;
- DATA_BLOB user_sess_key = data_blob(NULL, 0);
- DATA_BLOB lm_sess_key = data_blob(NULL, 0);
-
- char *account_name;
- const char *realm = krb5_principal_get_realm(gensec_krb5_state->smb_krb5_context->krb5_context,
- get_principal_from_tkt(gensec_krb5_state->ticket));
- ret = krb5_unparse_name_norealm(gensec_krb5_state->smb_krb5_context->krb5_context,
- get_principal_from_tkt(gensec_krb5_state->ticket), &account_name);
+ char *principal_string;
+ ret = krb5_unparse_name(gensec_krb5_state->smb_krb5_context->krb5_context,
+ get_principal_from_tkt(gensec_krb5_state->ticket), &principal_string);
if (ret) {
return NT_STATUS_NO_MEMORY;
}
- /* TODO: should we pass the krb5 session key in here? */
- nt_status = sam_get_server_info(mem_ctx, account_name, realm,
- user_sess_key, lm_sess_key,
- &server_info);
- free(account_name);
+ nt_status = sam_get_server_info_principal(mem_ctx, principal_string,
+ &server_info);
+ free(principal_string);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);