diff options
| author | Andreas Schneider <asn@samba.org> | 2012-05-03 17:10:53 +0200 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2012-05-08 06:42:56 +0200 |
| commit | 7f9e4d70b9a2db7400791fbfef284dd63e79f078 (patch) | |
| tree | 87ac8fd1849837bc1f4a2e0e9147783238f00d34 /source4/auth | |
| parent | 3ef95a0b59fa2a9ec5d01398d702bd107f290422 (diff) | |
| download | samba-7f9e4d70b9a2db7400791fbfef284dd63e79f078.tar.gz samba-7f9e4d70b9a2db7400791fbfef284dd63e79f078.tar.bz2 samba-7f9e4d70b9a2db7400791fbfef284dd63e79f078.zip | |
s4-auth: Use smb_krb5_make_pac_checksum.
Signed-off-by: Simo Sorce <idra@samba.org>
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/kerberos/kerberos_pac.c | 78 |
1 files changed, 24 insertions, 54 deletions
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c index d3f54d9b24..85b62632ba 100644 --- a/source4/auth/kerberos/kerberos_pac.c +++ b/source4/auth/kerberos/kerberos_pac.c @@ -70,51 +70,6 @@ _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, - DATA_BLOB *pac_data, - struct PAC_SIGNATURE_DATA *sig, - krb5_context context, - const krb5_keyblock *keyblock) -{ - krb5_error_code ret; - krb5_crypto crypto; - Checksum cksum; - - - ret = krb5_crypto_init(context, - keyblock, - 0, - &crypto); - if (ret) { - DEBUG(0,("krb5_crypto_init() failed: %s\n", - smb_get_krb5_error_message(context, ret, mem_ctx))); - return ret; - } - ret = krb5_create_checksum(context, - crypto, - KRB5_KU_OTHER_CKSUM, - 0, - pac_data->data, - pac_data->length, - &cksum); - if (ret) { - DEBUG(2, ("PAC Verification failed: %s\n", - smb_get_krb5_error_message(context, ret, mem_ctx))); - } - - krb5_crypto_destroy(context, crypto); - - if (ret) { - return ret; - } - - sig->type = cksum.cksumtype; - sig->signature = data_blob_talloc(mem_ctx, cksum.checksum.data, cksum.checksum.length); - free_Checksum(&cksum); - - return 0; -} - krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx, struct PAC_DATA *pac_data, krb5_context context, @@ -137,9 +92,12 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, continue; } kdc_checksum = &pac_data->buffers[i].info->kdc_cksum, - ret = make_pac_checksum(mem_ctx, &zero_blob, - kdc_checksum, - context, krbtgt_keyblock); + ret = smb_krb5_make_pac_checksum(mem_ctx, + &zero_blob, + context, + krbtgt_keyblock, + &kdc_checksum->type, + &kdc_checksum->signature); if (ret) { DEBUG(2, ("making krbtgt PAC checksum failed: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); @@ -153,9 +111,12 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, continue; } srv_checksum = &pac_data->buffers[i].info->srv_cksum; - ret = make_pac_checksum(mem_ctx, &zero_blob, - srv_checksum, - context, service_keyblock); + ret = smb_krb5_make_pac_checksum(mem_ctx, + &zero_blob, + context, + service_keyblock, + &srv_checksum->type, + &srv_checksum->signature); if (ret) { DEBUG(2, ("making service PAC checksum failed: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); @@ -188,11 +149,20 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, } /* Then sign the result of the previous push, where the sig was zero'ed out */ - ret = make_pac_checksum(mem_ctx, &tmp_blob, srv_checksum, - context, service_keyblock); + ret = smb_krb5_make_pac_checksum(mem_ctx, + &tmp_blob, + context, + service_keyblock, + &srv_checksum->type, + &srv_checksum->signature); /* Then sign Server checksum */ - ret = make_pac_checksum(mem_ctx, &srv_checksum->signature, kdc_checksum, context, krbtgt_keyblock); + ret = smb_krb5_make_pac_checksum(mem_ctx, + &srv_checksum->signature, + context, + krbtgt_keyblock, + &kdc_checksum->type, + &kdc_checksum->signature); if (ret) { DEBUG(2, ("making krbtgt PAC checksum failed: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); |