diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-09-05 10:53:14 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:36:31 -0500 |
| commit | 6b14ffe2713efe2e16a988d920d2dbd7c088601d (patch) | |
| tree | a5b65d3ac673fee94037f026769ffe781a29f301 /source4/auth/kerberos/kerberos.c | |
| parent | a5148773417adcc343b194693168fb4817bc3a65 (diff) | |
| download | samba-6b14ffe2713efe2e16a988d920d2dbd7c088601d.tar.gz samba-6b14ffe2713efe2e16a988d920d2dbd7c088601d.tar.bz2 samba-6b14ffe2713efe2e16a988d920d2dbd7c088601d.zip | |
r10035: This patch removes the need for the special case hack
'MEMORY_WILDCARD' keytab type. (part of this checking is in effect a
merge from lorikeet-heimdal, where I removed this)
This is achieved by correctly using the GSSAPI gsskrb5_acquire_cred()
function, as this allows us to specify the target principal, regardless
of which alias the client may use.
This patch also tries to simplify some principal handling and fixes some
error cases.
Posted to samba-technical, reviewed by metze, and looked over by lha on IRC.
Andrew Bartlett
(This used to be commit 506a7b67aee949b102d8bf0d6ee9cd12def10d00)
Diffstat (limited to 'source4/auth/kerberos/kerberos.c')
| -rw-r--r-- | source4/auth/kerberos/kerberos.c | 32 |
1 files changed, 7 insertions, 25 deletions
diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c index 31e0c71c55..3935bfaf92 100644 --- a/source4/auth/kerberos/kerberos.c +++ b/source4/auth/kerberos/kerberos.c @@ -69,35 +69,27 @@ kerb_prompter(krb5_context ctx, void *data, original password. */ int kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, - const char *principal, krb5_keyblock *keyblock, + krb5_principal principal, krb5_keyblock *keyblock, time_t *expire_time, time_t *kdc_time) { krb5_error_code code = 0; - krb5_principal me; krb5_creds my_creds; krb5_get_init_creds_opt options; - if ((code = krb5_parse_name(ctx, principal, &me))) { - return code; - } - krb5_get_init_creds_opt_init(&options); - if ((code = krb5_get_init_creds_keyblock(ctx, &my_creds, me, keyblock, + if ((code = krb5_get_init_creds_keyblock(ctx, &my_creds, principal, keyblock, 0, NULL, &options))) { - krb5_free_principal(ctx, me); return code; } - if ((code = krb5_cc_initialize(ctx, cc, me))) { + if ((code = krb5_cc_initialize(ctx, cc, principal))) { krb5_free_cred_contents(ctx, &my_creds); - krb5_free_principal(ctx, me); return code; } if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) { krb5_free_cred_contents(ctx, &my_creds); - krb5_free_principal(ctx, me); return code; } @@ -110,7 +102,6 @@ kerb_prompter(krb5_context ctx, void *data, } krb5_free_cred_contents(ctx, &my_creds); - krb5_free_principal(ctx, me); return 0; } @@ -120,36 +111,28 @@ kerb_prompter(krb5_context ctx, void *data, Orignally by remus@snapserver.com */ int kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, - const char *principal, const char *password, - time_t *expire_time, time_t *kdc_time) + krb5_principal principal, const char *password, + time_t *expire_time, time_t *kdc_time) { krb5_error_code code = 0; - krb5_principal me; krb5_creds my_creds; krb5_get_init_creds_opt options; - if ((code = krb5_parse_name(ctx, principal, &me))) { - return code; - } - krb5_get_init_creds_opt_init(&options); - if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, password, + if ((code = krb5_get_init_creds_password(ctx, &my_creds, principal, password, kerb_prompter, NULL, 0, NULL, &options))) { - krb5_free_principal(ctx, me); return code; } - if ((code = krb5_cc_initialize(ctx, cc, me))) { + if ((code = krb5_cc_initialize(ctx, cc, principal))) { krb5_free_cred_contents(ctx, &my_creds); - krb5_free_principal(ctx, me); return code; } if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) { krb5_free_cred_contents(ctx, &my_creds); - krb5_free_principal(ctx, me); return code; } @@ -162,7 +145,6 @@ kerb_prompter(krb5_context ctx, void *data, } krb5_free_cred_contents(ctx, &my_creds); - krb5_free_principal(ctx, me); return 0; } |