diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-11-07 02:29:37 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:52 -0500 |
commit | 918c7634c21deb0aa89388bb3d9e147bfc8576c8 (patch) | |
tree | 4c56c62cda7f8f72f3eb808e26029c87f8479ef0 /source4/torture/auth | |
parent | f7ca7308490c5bb41c6e42e7fe52f6b2586d3d5d (diff) | |
download | samba-918c7634c21deb0aa89388bb3d9e147bfc8576c8.tar.gz samba-918c7634c21deb0aa89388bb3d9e147bfc8576c8.tar.bz2 samba-918c7634c21deb0aa89388bb3d9e147bfc8576c8.zip |
r11543: A major upgrade to our KDC and PAC handling.
We now put the PAC in the AS-REP, so that the client has it in the
TGT. We then validate it (and re-sign it) on a TGS-REQ, ie when the
client wants a ticket.
This should also allow us to interop with windows KDCs.
If we get an invalid PAC at the TGS stage, we just drop it.
I'm slowly trying to move the application logic out of hdb-ldb.c, and
back in with the rest of Samba's auth system, for consistancy. This
continues that trend.
Andrew Bartlett
(This used to be commit 36973b1eef7db5983cce76ba241e54d5f925c69c)
Diffstat (limited to 'source4/torture/auth')
-rw-r--r-- | source4/torture/auth/pac.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c index 221454280e..0674d55574 100644 --- a/source4/torture/auth/pac.c +++ b/source4/torture/auth/pac.c @@ -147,7 +147,7 @@ static BOOL torture_pac_self_check(void) &krbtgt_keyblock, &server_keyblock, client_principal, - logon_time); + logon_time, NULL); if (!NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, @@ -170,7 +170,8 @@ static BOOL torture_pac_self_check(void) &krbtgt_keyblock, &server_keyblock, client_principal, - logon_time); + logon_time, + NULL); if (!NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, @@ -398,7 +399,7 @@ static BOOL torture_pac_saved_check(void) smb_krb5_context->krb5_context, &krbtgt_keyblock, &server_keyblock, - client_principal, authtime); + client_principal, authtime, NULL); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("(saved test) PAC decoding failed: %s\n", nt_errstr(nt_status))); @@ -419,7 +420,7 @@ static BOOL torture_pac_saved_check(void) smb_krb5_context->krb5_context, &krbtgt_keyblock, &server_keyblock, - client_principal, authtime); + client_principal, authtime, NULL); if (!NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, @@ -612,7 +613,7 @@ static BOOL torture_pac_saved_check(void) &krbtgt_keyblock, &server_keyblock, client_principal, - authtime + 1); + authtime + 1, NULL); if (NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("(saved test) PAC decoding DID NOT fail on broken auth time (time + 1)\n")); @@ -648,7 +649,7 @@ static BOOL torture_pac_saved_check(void) &krbtgt_keyblock, &server_keyblock, client_principal, - authtime); + authtime, NULL); if (NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("(saved test) PAC decoding DID NOT fail on modified principal\n")); @@ -669,7 +670,7 @@ static BOOL torture_pac_saved_check(void) &krbtgt_keyblock, &server_keyblock, client_principal, - authtime); + authtime, NULL); if (NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("(saved test) PAC decoding DID NOT fail on broken checksum\n")); |