diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-05-01 10:33:08 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-05-02 06:54:23 +1000 |
| commit | 44e7ea692708c1c956fc9bd20ed9a6d5de9479a4 (patch) | |
| tree | c2677201a5cdab1772371611242f0fcdac6826a7 /source4/auth/kerberos/kerberos_util.c | |
| parent | 485def3b5dae7c77fb0c01ed99b6865b7c5ceeb8 (diff) | |
| download | samba-44e7ea692708c1c956fc9bd20ed9a6d5de9479a4.tar.gz samba-44e7ea692708c1c956fc9bd20ed9a6d5de9479a4.tar.bz2 samba-44e7ea692708c1c956fc9bd20ed9a6d5de9479a4.zip | |
s4:credentials Make the CCACHE in credentials depend on the things that built it
This means that we consider the ccache only as reliable as the least
specified of the inputs we used.
This means that we will regenerate the ccache if any of the inputs change.
Andrew Bartlett
Diffstat (limited to 'source4/auth/kerberos/kerberos_util.c')
| -rw-r--r-- | source4/auth/kerberos/kerberos_util.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 44d97b7f08..2b358515f8 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -26,6 +26,7 @@ #include "auth/credentials/credentials.h" #include "auth/credentials/credentials_proto.h" #include "auth/credentials/credentials_krb5.h" +#include "auth/kerberos/kerberos_credentials.h" struct principal_container { struct smb_krb5_context *smb_krb5_context; @@ -143,6 +144,7 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, struct cli_credentials *credentials, struct smb_krb5_context *smb_krb5_context, krb5_principal *princ, + enum credentials_obtained *obtained, const char **error_string) { krb5_error_code ret; @@ -152,7 +154,7 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, (*error_string) = error_message(ENOMEM); return ENOMEM; } - princ_string = cli_credentials_get_principal(credentials, mem_ctx); + princ_string = cli_credentials_get_principal_and_obtained(credentials, mem_ctx, obtained); if (!princ_string) { (*error_string) = error_message(ENOMEM); return ENOMEM; @@ -188,6 +190,7 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, struct cli_credentials *credentials, struct smb_krb5_context *smb_krb5_context, krb5_ccache ccache, + enum credentials_obtained *obtained, const char **error_string) { krb5_error_code ret; @@ -203,7 +206,7 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, return ENOMEM; } - ret = principal_from_credentials(mem_ctx, credentials, smb_krb5_context, &princ, error_string); + ret = principal_from_credentials(mem_ctx, credentials, smb_krb5_context, &princ, obtained, error_string); if (ret) { talloc_free(mem_ctx); return ret; @@ -285,7 +288,8 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, ret = kinit_to_ccache(parent_ctx, credentials, smb_krb5_context, - ccache, error_string); + ccache, obtained, + error_string); } if (ret) { (*error_string) = talloc_asprintf(credentials, "kinit for %s failed (%s)\n", @@ -410,6 +414,7 @@ static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx, krb5_principal princ; const char *princ_string; const char *error_string; + enum credentials_obtained obtained; TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); if (!mem_ctx) { @@ -418,7 +423,7 @@ static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx, princ_string = cli_credentials_get_principal(machine_account, mem_ctx); /* Get the principal we will store the new keytab entries under */ - ret = principal_from_credentials(mem_ctx, machine_account, smb_krb5_context, &princ, &error_string); + ret = principal_from_credentials(mem_ctx, machine_account, smb_krb5_context, &princ, &obtained, &error_string); if (ret) { DEBUG(1,("create_keytab: makeing krb5 principal failed (%s)\n", error_string)); talloc_free(mem_ctx); @@ -549,6 +554,7 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx, TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); const char *princ_string; const char *error_string; + enum credentials_obtained obtained; if (!mem_ctx) { return ENOMEM; @@ -558,7 +564,7 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx, princ_string = cli_credentials_get_principal(machine_account, mem_ctx); /* Get the principal we will store the new keytab entries under */ - ret = principal_from_credentials(mem_ctx, machine_account, smb_krb5_context, &princ, &error_string); + ret = principal_from_credentials(mem_ctx, machine_account, smb_krb5_context, &princ, &obtained, &error_string); if (ret) { DEBUG(1,("update_keytab: makeing krb5 principal failed (%s)\n", error_string)); talloc_free(mem_ctx); |