r7827: Add in-memory keytab to Samba4, using the new MEMORY_WILDCARD keytab

support in Heimdal.

This removes the 'ext_keytab' step from my Samba4/WinXP client howto.

In doing this work, I realised that the replay cache in Heimdal is
currently a no-op, so I have removed the calls to it, and therefore
the mutex calls from passdb/secrets.c.

This patch also includes a replacement 'magic' mechanism detection,
that does not issue extra error messages from deep inside the GSSAPI
code.

Andrew Bartlett
(This used to be commit c19d5706f4fa760415b727b970bc99e7f1abd064)

1 files changed, 9 insertions, 1 deletions

diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index a3aff73c87..0f8fd28155 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -91,7 +91,7 @@ DATA_BLOB get_auth_data_from_tkt(TALLOC_CTX *mem_ctx,
 				 krb5_ticket *tkt);
 
 NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx, 
-			   krb5_context context,
+			   struct smb_krb5_context *smb_krb5_context,
 			   krb5_auth_context auth_context,
 			   const char *realm, const char *service, 
 			   const DATA_BLOB *ticket, 
@@ -116,5 +116,13 @@ NTSTATUS kinit_to_ccache(TALLOC_CTX *parent_ctx,
 			  const char **ccache_name);
 krb5_error_code smb_krb5_init_context(TALLOC_CTX *parent_ctx, 
 				      struct smb_krb5_context **smb_krb5_context); 
+krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, 
+						struct cli_credentials *machine_account, 
+						struct smb_krb5_context *smb_krb5_context,
+						krb5_principal *salt_princ);
+NTSTATUS create_memory_keytab(TALLOC_CTX *parent_ctx,
+			      struct cli_credentials *machine_account,
+			      struct smb_krb5_context *smb_krb5_context,
+			      krb5_keytab *keytab);
 #endif /* HAVE_KRB5 */