diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-12-24 09:54:23 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:07:37 -0500 |
| commit | 44113c4de1ae06a78a940782dc762b6576310d0d (patch) | |
| tree | 7d6e30dc5a56b11edcd2def2304aa78071b1405e /source4/libcli/auth/kerberos.h | |
| parent | bebe512a57c6aabe6cd539750834297a17b5c4f5 (diff) | |
| download | samba-44113c4de1ae06a78a940782dc762b6576310d0d.tar.gz samba-44113c4de1ae06a78a940782dc762b6576310d0d.tar.bz2 samba-44113c4de1ae06a78a940782dc762b6576310d0d.zip | |
r4355: More work from the elves on Christmas eve:
- Update Samba4's kerberos code to match the 'salting' changes in
Samba3 (and many other cleanups by jra).
- Move GENSEC into the modern era of talloc destructors. This avoids
many of the memory leaks in this code, as we now can't somehow
'forget' to call the end routine.
- This required fixing some of the talloc hierarchies.
- The new krb5 seems more sensitive to getting the service name
right, so start actually setting the service name on the krb5 context.
Andrew Bartlett
(This used to be commit 278bf1a61a6da6ef955a12c13d7b1a0357cebf1f)
Diffstat (limited to 'source4/libcli/auth/kerberos.h')
| -rw-r--r-- | source4/libcli/auth/kerberos.h | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/source4/libcli/auth/kerberos.h b/source4/libcli/auth/kerberos.h index 3ab71f7875..9bb6d22eb6 100644 --- a/source4/libcli/auth/kerberos.h +++ b/source4/libcli/auth/kerberos.h @@ -61,6 +61,7 @@ const krb5_data *krb5_princ_component(krb5_context context, krb5_principal princ /* Samba wrapper function for krb5 functionality. */ void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr); int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype); +int create_kerberos_key_from_string_direct(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype); krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt); krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes); @@ -74,13 +75,23 @@ krb5_error_code ads_krb5_mk_req(krb5_context context, krb5_data *outbuf); DATA_BLOB get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, krb5_ticket *tkt); + NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx, krb5_context context, krb5_auth_context auth_context, - const char *realm, const DATA_BLOB *ticket, + const char *realm, const char *service, + const DATA_BLOB *ticket, char **principal, DATA_BLOB *auth_data, DATA_BLOB *ap_rep, krb5_keyblock *keyblock); -int kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, const char *principal, const char *password, time_t *expire_time, time_t *kdc_time); +int kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, + const char *principal, const char *password, + time_t *expire_time, time_t *kdc_time); +krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, + krb5_principal host_princ, + int enctype); +void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype); +BOOL kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2); +void kerberos_free_data_contents(krb5_context context, krb5_data *pdata); #endif /* HAVE_KRB5 */ |