diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-07-12 09:11:13 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:57:32 -0500 |
commit | 88002b851bd30e3c03a5a9442baf3ced7aa6090f (patch) | |
tree | 8547a06b7e5af9c4cb5e73f6190035aefd7fd75c /source4/libcli/auth/gensec_krb5.c | |
parent | b62e6f1ec13c6cad5a94a2a27dc14d3fdfdd4cfc (diff) | |
download | samba-88002b851bd30e3c03a5a9442baf3ced7aa6090f.tar.gz samba-88002b851bd30e3c03a5a9442baf3ced7aa6090f.tar.bz2 samba-88002b851bd30e3c03a5a9442baf3ced7aa6090f.zip |
r1462: GENSEC Kerberos and SPENGO work:
- Spelling - it's SPNEGO, not SPENGO
- SMB signing - Krb5 logins are now correctly signed
- SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not.
Andrew Bartlett
(This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
Diffstat (limited to 'source4/libcli/auth/gensec_krb5.c')
-rw-r--r-- | source4/libcli/auth/gensec_krb5.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c index dbb2a10659..3a4f995937 100644 --- a/source4/libcli/auth/gensec_krb5.c +++ b/source4/libcli/auth/gensec_krb5.c @@ -42,6 +42,7 @@ struct gensec_krb5_state { enum GENSEC_KRB5_STATE state_position; krb5_context krb5_context; krb5_auth_context krb5_auth_context; + krb5_ccache krb5_ccache; }; static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) @@ -66,7 +67,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) initialize_krb5_error_table(); gensec_krb5_state->krb5_context = NULL; gensec_krb5_state->krb5_auth_context = NULL; - gensec_krb5_state->krb5_ccdef = NULL; + gensec_krb5_state->krb5_ccache = NULL; gensec_krb5_state->session_key = data_blob(NULL, 0); ret = krb5_init_context(&gensec_krb5_state->krb5_context); @@ -111,7 +112,7 @@ static NTSTATUS gensec_krb5_server_start(struct gensec_security *gensec_security static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security) { struct gensec_krb5_state *gensec_krb5_state; - + krb5_error_code ret; NTSTATUS nt_status; nt_status = gensec_krb5_start(gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { @@ -121,7 +122,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security gensec_krb5_state = gensec_security->private_data; gensec_krb5_state->state_position = GENSEC_KRB5_CLIENT_START; - ret = krb5_cc_default(gensec_krb5_state->krb5_context, &gensec_krb5_state->ccdef); + ret = krb5_cc_default(gensec_krb5_state->krb5_context, &gensec_krb5_state->krb5_ccache); if (ret) { DEBUG(1,("krb5_cc_default failed (%s)\n", error_message(ret))); @@ -135,13 +136,13 @@ static void gensec_krb5_end(struct gensec_security *gensec_security) { struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data; - if (gensec_krb5_state->krb5_ccdef) { + if (gensec_krb5_state->krb5_ccache) { /* Removed by jra. They really need to fix their kerberos so we don't leak memory. JERRY -- disabled since it causes heimdal 0.6.1rc3 to die SuSE 9.1 Pro */ #if 0 /* redisabled by gd :) at least until any official heimdal version has it fixed. */ - krb5_cc_close(context, gensec_krb5_state->krb5_ccdef); + krb5_cc_close(context, gensec_krb5_state->krb5_ccache); #endif } @@ -193,7 +194,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, TALL &gensec_krb5_state->krb5_auth_context, AP_OPTS_USE_SUBKEY | AP_OPTS_MUTUAL_REQUIRED, gensec_security->target.principal, - ccdef, &packet); + gensec_krb5_state->krb5_ccache, &packet); if (ret) { DEBUG(1,("ads_krb5_mk_req (request ticket) failed (%s)\n", error_message(ret))); |