diff options
Diffstat (limited to 'auth')
-rw-r--r-- | auth/credentials/credentials_krb5.c | 1 | ||||
-rw-r--r-- | auth/kerberos/gssapi_pac.c | 49 | ||||
-rw-r--r-- | auth/kerberos/pac_utils.h | 8 | ||||
-rwxr-xr-x | auth/kerberos/wscript_build | 2 |
4 files changed, 56 insertions, 4 deletions
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index c8b685ea79..480d7c5951 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -30,6 +30,7 @@ #include "auth/kerberos/kerberos_credentials.h" #include "auth/kerberos/kerberos_srv_keytab.h" #include "auth/kerberos/kerberos_util.h" +#include "auth/kerberos/pac_utils.h" #include "param/param.h" static void cli_credentials_invalidate_client_gss_creds( diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c index 05065b2725..d1a79501cc 100644 --- a/auth/kerberos/gssapi_pac.c +++ b/auth/kerberos/gssapi_pac.c @@ -21,7 +21,7 @@ #include "includes.h" #ifdef HAVE_KRB5 -#include "libcli/auth/krb5_wrap.h" +#include "lib/krb5_wrap/krb5_samba.h" #include "auth/kerberos/pac_utils.h" #if 0 @@ -271,4 +271,49 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -#endif + +char *gssapi_error_string(TALLOC_CTX *mem_ctx, + OM_uint32 maj_stat, OM_uint32 min_stat, + const gss_OID mech) +{ + OM_uint32 disp_min_stat, disp_maj_stat; + gss_buffer_desc maj_error_message; + gss_buffer_desc min_error_message; + char *maj_error_string, *min_error_string; + OM_uint32 msg_ctx = 0; + + char *ret; + + maj_error_message.value = NULL; + min_error_message.value = NULL; + maj_error_message.length = 0; + min_error_message.length = 0; + + disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat, + GSS_C_GSS_CODE, mech, + &msg_ctx, &maj_error_message); + disp_maj_stat = gss_display_status(&disp_min_stat, min_stat, + GSS_C_MECH_CODE, mech, + &msg_ctx, &min_error_message); + + maj_error_string = talloc_strndup(mem_ctx, + (char *)maj_error_message.value, + maj_error_message.length); + + min_error_string = talloc_strndup(mem_ctx, + (char *)min_error_message.value, + min_error_message.length); + + ret = talloc_asprintf(mem_ctx, "%s: %s", + maj_error_string, min_error_string); + + talloc_free(maj_error_string); + talloc_free(min_error_string); + + gss_release_buffer(&disp_min_stat, &maj_error_message); + gss_release_buffer(&disp_min_stat, &min_error_message); + + return ret; +} + +#endif /* HAVE_KRB5 */ diff --git a/auth/kerberos/pac_utils.h b/auth/kerberos/pac_utils.h index 9fe08de834..bb954597f5 100644 --- a/auth/kerberos/pac_utils.h +++ b/auth/kerberos/pac_utils.h @@ -21,7 +21,7 @@ #ifndef _PAC_UTILS_H #define _PAC_UTILS_H -#include "libcli/auth/krb5_wrap.h" +#include "lib/krb5_wrap/krb5_samba.h" struct PAC_SIGNATURE_DATA; struct PAC_DATA; @@ -47,4 +47,10 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx, gss_ctx_id_t gssapi_context, DATA_BLOB *session_key, uint32_t *keytype); + +/* not the best place here, need to move to a more generic gssapi + * wrapper later */ +char *gssapi_error_string(TALLOC_CTX *mem_ctx, + OM_uint32 maj_stat, OM_uint32 min_stat, + const gss_OID mech); #endif /* _PAC_UTILS_H */ diff --git a/auth/kerberos/wscript_build b/auth/kerberos/wscript_build index f49cc517ba..97b8879c8e 100755 --- a/auth/kerberos/wscript_build +++ b/auth/kerberos/wscript_build @@ -1,4 +1,4 @@ #!/usr/bin/env python bld.SAMBA_SUBSYSTEM('KRB5_PAC', source='gssapi_pac.c kerberos_pac.c', - deps='gssapi_krb5 krb5 ndr-krb5pac com_err') + deps='gssapi_krb5 ndr-krb5pac krb5samba') |