summaryrefslogtreecommitdiff
path: root/source4/libcli/auth/gensec_krb5.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-12-24 09:54:23 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:07:37 -0500
commit44113c4de1ae06a78a940782dc762b6576310d0d (patch)
tree7d6e30dc5a56b11edcd2def2304aa78071b1405e /source4/libcli/auth/gensec_krb5.c
parentbebe512a57c6aabe6cd539750834297a17b5c4f5 (diff)
downloadsamba-44113c4de1ae06a78a940782dc762b6576310d0d.tar.gz
samba-44113c4de1ae06a78a940782dc762b6576310d0d.tar.bz2
samba-44113c4de1ae06a78a940782dc762b6576310d0d.zip
r4355: More work from the elves on Christmas eve:
- Update Samba4's kerberos code to match the 'salting' changes in Samba3 (and many other cleanups by jra). - Move GENSEC into the modern era of talloc destructors. This avoids many of the memory leaks in this code, as we now can't somehow 'forget' to call the end routine. - This required fixing some of the talloc hierarchies. - The new krb5 seems more sensitive to getting the service name right, so start actually setting the service name on the krb5 context. Andrew Bartlett (This used to be commit 278bf1a61a6da6ef955a12c13d7b1a0357cebf1f)
Diffstat (limited to 'source4/libcli/auth/gensec_krb5.c')
-rw-r--r--source4/libcli/auth/gensec_krb5.c29
1 files changed, 15 insertions, 14 deletions
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c
index 9323580e92..9d4a2f6b0e 100644
--- a/source4/libcli/auth/gensec_krb5.c
+++ b/source4/libcli/auth/gensec_krb5.c
@@ -229,9 +229,9 @@ static NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx,
return status;
}
-static void gensec_krb5_end(struct gensec_security *gensec_security)
+static int gensec_krb5_destory(void *ptr)
{
- struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data;
+ struct gensec_krb5_state *gensec_krb5_state = ptr;
if (gensec_krb5_state->ticket.length) {
/* Hmm, early heimdal dooesn't have this - correct call would be krb5_data_free */
@@ -255,12 +255,9 @@ static void gensec_krb5_end(struct gensec_security *gensec_security)
if (gensec_krb5_state->krb5_context) {
krb5_free_context(gensec_krb5_state->krb5_context);
}
-
- talloc_free(gensec_krb5_state);
- gensec_security->private_data = NULL;
+ return 0;
}
-
static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
{
struct gensec_krb5_state *gensec_krb5_state;
@@ -282,6 +279,8 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
gensec_krb5_state->session_key = data_blob(NULL, 0);
gensec_krb5_state->pac = data_blob(NULL, 0);
+ talloc_set_destructor(gensec_krb5_state, gensec_krb5_destory);
+
ret = krb5_init_context(&gensec_krb5_state->krb5_context);
if (ret) {
DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n", error_message(ret)));
@@ -401,8 +400,8 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
}
ret = kerberos_kinit_password_cc(gensec_krb5_state->krb5_context, gensec_krb5_state->krb5_ccache,
- gensec_get_client_principal(gensec_security, gensec_security),
- password, NULL, &kdc_time);
+ gensec_get_client_principal(gensec_security, gensec_security),
+ password, NULL, &kdc_time);
/* cope with ticket being in the future due to clock skew */
if ((unsigned)kdc_time > time(NULL)) {
@@ -439,8 +438,9 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
* or NT_STATUS_OK if the user is authenticated.
*/
-static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
- const DATA_BLOB in, DATA_BLOB *out)
+static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
+ TALLOC_CTX *out_mem_ctx,
+ const DATA_BLOB in, DATA_BLOB *out)
{
struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data;
krb5_error_code ret = 0;
@@ -524,7 +524,8 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, TALL
nt_status = ads_verify_ticket(out_mem_ctx,
gensec_krb5_state->krb5_context,
gensec_krb5_state->krb5_auth_context,
- lp_realm(), &in,
+ lp_realm(),
+ gensec_get_target_service(gensec_security), &in,
&principal, &pac, &unwrapped_out,
&gensec_krb5_state->krb5_keyblock);
} else {
@@ -532,7 +533,9 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, TALL
nt_status = ads_verify_ticket(out_mem_ctx,
gensec_krb5_state->krb5_context,
gensec_krb5_state->krb5_auth_context,
- lp_realm(), &unwrapped_in,
+ lp_realm(),
+ gensec_get_target_service(gensec_security),
+ &unwrapped_in,
&principal, &pac, &unwrapped_out,
&gensec_krb5_state->krb5_keyblock);
}
@@ -683,7 +686,6 @@ static const struct gensec_security_ops gensec_krb5_security_ops = {
.update = gensec_krb5_update,
.session_key = gensec_krb5_session_key,
.session_info = gensec_krb5_session_info,
- .end = gensec_krb5_end
};
static const struct gensec_security_ops gensec_ms_krb5_security_ops = {
@@ -695,7 +697,6 @@ static const struct gensec_security_ops gensec_ms_krb5_security_ops = {
.update = gensec_krb5_update,
.session_key = gensec_krb5_session_key,
.session_info = gensec_krb5_session_info,
- .end = gensec_krb5_end
};
generated by cgit (git 2.34.1) at 2024-09-10 02:39:21 +0000