summaryrefslogtreecommitdiff
path: root/auth/kerberos
diff options
context:
space:
mode:
Diffstat (limited to 'auth/kerberos')
-rw-r--r--auth/kerberos/kerberos_pac.c37
-rw-r--r--auth/kerberos/pac_utils.h10
2 files changed, 47 insertions, 0 deletions
diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c
index eacf39d321..80f31d869f 100644
--- a/auth/kerberos/kerberos_pac.c
+++ b/auth/kerberos/kerberos_pac.c
@@ -402,4 +402,41 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
+ DATA_BLOB blob,
+ krb5_context context,
+ const krb5_keyblock *krbtgt_keyblock,
+ const krb5_keyblock *service_keyblock,
+ krb5_const_principal client_principal,
+ time_t tgs_authtime,
+ struct PAC_LOGON_INFO **logon_info)
+{
+ NTSTATUS nt_status;
+ struct PAC_DATA *pac_data;
+ int i;
+ nt_status = kerberos_decode_pac(mem_ctx,
+ blob,
+ context,
+ krbtgt_keyblock,
+ service_keyblock,
+ client_principal,
+ tgs_authtime,
+ &pac_data);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ *logon_info = NULL;
+ for (i=0; i < pac_data->num_buffers; i++) {
+ if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
+ continue;
+ }
+ *logon_info = pac_data->buffers[i].info->logon_info.info;
+ }
+ if (!*logon_info) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ return NT_STATUS_OK;
+}
+
#endif
diff --git a/auth/kerberos/pac_utils.h b/auth/kerberos/pac_utils.h
index d654bec208..b9b66649ee 100644
--- a/auth/kerberos/pac_utils.h
+++ b/auth/kerberos/pac_utils.h
@@ -26,6 +26,7 @@
struct PAC_SIGNATURE_DATA;
struct PAC_DATA;
+struct PAC_LOGON_INFO;
krb5_error_code check_pac_checksum(DATA_BLOB pac_data,
struct PAC_SIGNATURE_DATA *sig,
@@ -41,6 +42,15 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
time_t tgs_authtime,
struct PAC_DATA **pac_data_out);
+NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
+ DATA_BLOB blob,
+ krb5_context context,
+ const krb5_keyblock *krbtgt_keyblock,
+ const krb5_keyblock *service_keyblock,
+ krb5_const_principal client_principal,
+ time_t tgs_authtime,
+ struct PAC_LOGON_INFO **logon_info);
+
NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
gss_ctx_id_t gssapi_context,
gss_name_t gss_client_name,