summaryrefslogtreecommitdiff
path: root/source4/torture/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-04-20 12:05:27 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-04-20 04:31:07 +0200
commitf28f5db15a4bcf4c838ee6e4c6ef82c6b9dbd938 (patch)
treec1f44a3613f01021cfa41be9e9cd44889b5241cb /source4/torture/auth
parent0e5482c791b9d99a44ca62323aa4dedbbf8d188e (diff)
downloadsamba-f28f5db15a4bcf4c838ee6e4c6ef82c6b9dbd938.tar.gz
samba-f28f5db15a4bcf4c838ee6e4c6ef82c6b9dbd938.tar.bz2
samba-f28f5db15a4bcf4c838ee6e4c6ef82c6b9dbd938.zip
libcli/auth Move PAC parsing and verification in common.
This uses the source3 PAC code (originally from Samba4) with some small changes to restore functionality needed by the torture tests, and to have a common API. Andrew Bartlett
Diffstat (limited to 'source4/torture/auth')
-rw-r--r--source4/torture/auth/pac.c23
1 files changed, 9 insertions, 14 deletions
diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c
index 4a306131cc..f09e039964 100644
--- a/source4/torture/auth/pac.c
+++ b/source4/torture/auth/pac.c
@@ -142,13 +142,13 @@ static bool torture_pac_self_check(struct torture_context *tctx)
/* Now check that we can read it back (using full decode and validate) */
nt_status = kerberos_decode_pac(mem_ctx,
- &pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
&server_keyblock,
client_principal,
- logon_time, NULL);
+ logon_time,
+ &pac_data);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
@@ -189,14 +189,13 @@ static bool torture_pac_self_check(struct torture_context *tctx)
/* Now check that we can read it back (yet again) */
nt_status = kerberos_pac_logon_info(mem_ctx,
- &logon_info,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
&server_keyblock,
client_principal,
logon_time,
- NULL);
+ &logon_info);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
@@ -408,12 +407,11 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
/* Decode and verify the signaure on the PAC */
nt_status = kerberos_decode_pac(mem_ctx,
- &pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
- client_principal, authtime, NULL);
+ client_principal, authtime, &pac_data);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
@@ -466,12 +464,11 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
/* Parse the PAC again, for the logon info this time (using Samba4's parsing) */
nt_status = kerberos_pac_logon_info(mem_ctx,
- &logon_info,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
- client_principal, authtime, NULL);
+ client_principal, authtime, &logon_info);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
@@ -654,13 +651,12 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
/* Break the auth time, to ensure we check this vital detail (not setting this caused all the pain in the first place... */
nt_status = kerberos_decode_pac(mem_ctx,
- &pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal,
- authtime + 1, NULL);
+ authtime + 1, &pac_data);
if (NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
@@ -691,13 +687,12 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
}
nt_status = kerberos_decode_pac(mem_ctx,
- &pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal,
- authtime, NULL);
+ authtime, &pac_data);
if (NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
@@ -710,13 +705,13 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
tmp_blob.data[tmp_blob.length - 2]++;
nt_status = kerberos_decode_pac(mem_ctx,
- &pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal,
- authtime, NULL);
+ authtime,
+ &pac_data);
if (NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);