diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-10-23 22:20:42 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:11 -0500 |
commit | db4b95827e4e6d13577513946bff4f956c849756 (patch) | |
tree | d87779f6511101d981bf958a90bdaddca92f8744 /source4/auth/gensec | |
parent | 28a3bc645b49ea6e997b3576ba7a8ba55e7caa9c (diff) | |
download | samba-db4b95827e4e6d13577513946bff4f956c849756.tar.gz samba-db4b95827e4e6d13577513946bff4f956c849756.tar.bz2 samba-db4b95827e4e6d13577513946bff4f956c849756.zip |
r11270: Move the core CrackNames code from rpc_server/drsuapi to dsdb/samdb.
I'm sure this will not be the final resting place, but it will do for
now.
Use the cracknames code in auth/ for creating a server_info given a
principal name only (should avoid assumtions about spliting a
user@realm principal).
Andrew Bartlett
(This used to be commit c9d5d8e45dd7b7c99b6cf35b087bc18012f31222)
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 41 | ||||
-rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 19 |
2 files changed, 12 insertions, 48 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 42141e4df2..8fcada2352 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -879,6 +879,10 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } } + /* IF we have the PAC - otherwise we need to get this + * data from elsewere - local ldb, or (TODO) lookup of some + * kind... + */ if (maj_stat == 0) { krb5_error_code ret; @@ -912,42 +916,9 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } if (maj_stat) { - krb5_error_code ret; - DATA_BLOB user_sess_key = data_blob(NULL, 0); - DATA_BLOB lm_sess_key = data_blob(NULL, 0); - /* IF we have the PAC - otherwise we need to get this - * data from elsewere - local ldb, or (TODO) lookup of some - * kind... - * - * when heimdal can generate the PAC, we should fail if there's - * no PAC present - */ - - char *account_name; - const char *realm; - ret = krb5_parse_name(gensec_gssapi_state->smb_krb5_context->krb5_context, - principal_string, &principal); - if (ret) { - talloc_free(mem_ctx); - return NT_STATUS_INVALID_PARAMETER; - } - - realm = krb5_principal_get_realm(gensec_gssapi_state->smb_krb5_context->krb5_context, - principal); - ret = krb5_unparse_name_norealm(gensec_gssapi_state->smb_krb5_context->krb5_context, - principal, &account_name); - if (ret) { - krb5_free_principal(gensec_gssapi_state->smb_krb5_context->krb5_context, principal); - talloc_free(mem_ctx); - return NT_STATUS_NO_MEMORY; - } - DEBUG(1, ("Unable to use PAC, resorting to local user lookup!\n")); - nt_status = sam_get_server_info(mem_ctx, account_name, realm, - user_sess_key, lm_sess_key, - &server_info); - free(account_name); - krb5_free_principal(gensec_gssapi_state->smb_krb5_context->krb5_context, principal); + nt_status = sam_get_server_info_principal(mem_ctx, principal_string, + &server_info); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 64de8211dd..3ed38a435c 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -518,23 +518,16 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security if (!NT_STATUS_IS_OK(nt_status)) { /* NO pac, or can't parse or verify it */ krb5_error_code ret; - DATA_BLOB user_sess_key = data_blob(NULL, 0); - DATA_BLOB lm_sess_key = data_blob(NULL, 0); - - char *account_name; - const char *realm = krb5_principal_get_realm(gensec_krb5_state->smb_krb5_context->krb5_context, - get_principal_from_tkt(gensec_krb5_state->ticket)); - ret = krb5_unparse_name_norealm(gensec_krb5_state->smb_krb5_context->krb5_context, - get_principal_from_tkt(gensec_krb5_state->ticket), &account_name); + char *principal_string; + ret = krb5_unparse_name(gensec_krb5_state->smb_krb5_context->krb5_context, + get_principal_from_tkt(gensec_krb5_state->ticket), &principal_string); if (ret) { return NT_STATUS_NO_MEMORY; } - /* TODO: should we pass the krb5 session key in here? */ - nt_status = sam_get_server_info(mem_ctx, account_name, realm, - user_sess_key, lm_sess_key, - &server_info); - free(account_name); + nt_status = sam_get_server_info_principal(mem_ctx, principal_string, + &server_info); + free(principal_string); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); |