diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2009-07-27 22:04:26 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2009-07-28 08:52:43 +1000 |
| commit | 47a7a2e442c7e006eca8188c6a01707d85c4e61c (patch) | |
| tree | 9f2b209c59230b1a6a84b0ac93fdf4defb71cd27 /source4/kdc/pac-glue.c | |
| parent | 9297b975f58a6c8a8609e05d0bed7b4846a2be32 (diff) | |
| download | samba-47a7a2e442c7e006eca8188c6a01707d85c4e61c.tar.gz samba-47a7a2e442c7e006eca8188c6a01707d85c4e61c.tar.bz2 samba-47a7a2e442c7e006eca8188c6a01707d85c4e61c.zip | |
s4:kerberos Add 'net export keytab' command for wireshark decryption
It is much easier to do decryption with wireshark when the keytab is
available for every host in the domain. Running 'net export keytab
<keytab name>' will export the current (as pointed to by the supplied
smb.conf) local Samba4 doamin.
(This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4,
and so has a good chance of keeping working in the long term).
Andrew Bartlett
Diffstat (limited to 'source4/kdc/pac-glue.c')
| -rw-r--r-- | source4/kdc/pac-glue.c | 43 |
1 files changed, 26 insertions, 17 deletions
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 3dcdd4d439..3d542d9a94 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -34,13 +34,13 @@ struct krb5_dh_moduli; struct _krb5_krb_auth_data; -krb5_error_code samba_kdc_plugin_init(krb5_context context, void **ptr) +static krb5_error_code samba_kdc_plugin_init(krb5_context context, void **ptr) { *ptr = NULL; return 0; } -void samba_kdc_plugin_fini(void *ptr) +static void samba_kdc_plugin_fini(void *ptr) { return; } @@ -104,10 +104,10 @@ static krb5_error_code make_pac(krb5_context context, } /* Given the right private pointer from hdb_samba4, get a PAC from the attached ldb messages */ -krb5_error_code samba_kdc_get_pac(void *priv, - krb5_context context, - struct hdb_entry_ex *client, - krb5_pac *pac) +static krb5_error_code samba_kdc_get_pac(void *priv, + krb5_context context, + struct hdb_entry_ex *client, + krb5_pac *pac) { krb5_error_code ret; NTSTATUS nt_status; @@ -149,10 +149,10 @@ krb5_error_code samba_kdc_get_pac(void *priv, /* Resign (and reform, including possibly new groups) a PAC */ -krb5_error_code samba_kdc_reget_pac(void *priv, krb5_context context, - const krb5_principal client_principal, - struct hdb_entry_ex *client, - struct hdb_entry_ex *server, krb5_pac *pac) +static krb5_error_code samba_kdc_reget_pac(void *priv, krb5_context context, + const krb5_principal client_principal, + struct hdb_entry_ex *client, + struct hdb_entry_ex *server, krb5_pac *pac) { krb5_error_code ret; @@ -230,13 +230,13 @@ static void samba_kdc_build_edata_reply(TALLOC_CTX *tmp_ctx, krb5_data *e_data, * the account_ok routine in auth/auth_sam.c for consistancy */ -krb5_error_code samba_kdc_check_client_access(void *priv, - krb5_context context, - krb5_kdc_configuration *config, - hdb_entry_ex *client_ex, const char *client_name, - hdb_entry_ex *server_ex, const char *server_name, - KDC_REQ *req, - krb5_data *e_data) +static krb5_error_code samba_kdc_check_client_access(void *priv, + krb5_context context, + krb5_kdc_configuration *config, + hdb_entry_ex *client_ex, const char *client_name, + hdb_entry_ex *server_ex, const char *server_name, + KDC_REQ *req, + krb5_data *e_data) { krb5_error_code ret; NTSTATUS nt_status; @@ -314,3 +314,12 @@ krb5_error_code samba_kdc_check_client_access(void *priv, return ret; } +struct krb5plugin_windc_ftable windc_plugin_table = { + .minor_version = KRB5_WINDC_PLUGING_MINOR, + .init = samba_kdc_plugin_init, + .fini = samba_kdc_plugin_fini, + .pac_generate = samba_kdc_get_pac, + .pac_verify = samba_kdc_reget_pac, + .client_access = samba_kdc_check_client_access, +}; + |