diff options
Diffstat (limited to 'auth/kerberos')
-rw-r--r-- | auth/kerberos/kerberos_pac.c | 37 | ||||
-rw-r--r-- | auth/kerberos/pac_utils.h | 10 |
2 files changed, 47 insertions, 0 deletions
diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c index eacf39d321..80f31d869f 100644 --- a/auth/kerberos/kerberos_pac.c +++ b/auth/kerberos/kerberos_pac.c @@ -402,4 +402,41 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, + DATA_BLOB blob, + krb5_context context, + const krb5_keyblock *krbtgt_keyblock, + const krb5_keyblock *service_keyblock, + krb5_const_principal client_principal, + time_t tgs_authtime, + struct PAC_LOGON_INFO **logon_info) +{ + NTSTATUS nt_status; + struct PAC_DATA *pac_data; + int i; + nt_status = kerberos_decode_pac(mem_ctx, + blob, + context, + krbtgt_keyblock, + service_keyblock, + client_principal, + tgs_authtime, + &pac_data); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + *logon_info = NULL; + for (i=0; i < pac_data->num_buffers; i++) { + if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) { + continue; + } + *logon_info = pac_data->buffers[i].info->logon_info.info; + } + if (!*logon_info) { + return NT_STATUS_INVALID_PARAMETER; + } + return NT_STATUS_OK; +} + #endif diff --git a/auth/kerberos/pac_utils.h b/auth/kerberos/pac_utils.h index d654bec208..b9b66649ee 100644 --- a/auth/kerberos/pac_utils.h +++ b/auth/kerberos/pac_utils.h @@ -26,6 +26,7 @@ struct PAC_SIGNATURE_DATA; struct PAC_DATA; +struct PAC_LOGON_INFO; krb5_error_code check_pac_checksum(DATA_BLOB pac_data, struct PAC_SIGNATURE_DATA *sig, @@ -41,6 +42,15 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, time_t tgs_authtime, struct PAC_DATA **pac_data_out); +NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, + DATA_BLOB blob, + krb5_context context, + const krb5_keyblock *krbtgt_keyblock, + const krb5_keyblock *service_keyblock, + krb5_const_principal client_principal, + time_t tgs_authtime, + struct PAC_LOGON_INFO **logon_info); + NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx, gss_ctx_id_t gssapi_context, gss_name_t gss_client_name, |