summaryrefslogtreecommitdiff
path: root/auth
diff options
context:
space:
mode:
Diffstat (limited to 'auth')
-rw-r--r--auth/credentials/credentials_krb5.c1
-rw-r--r--auth/kerberos/gssapi_pac.c49
-rw-r--r--auth/kerberos/pac_utils.h8
-rwxr-xr-xauth/kerberos/wscript_build2
4 files changed, 56 insertions, 4 deletions
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index c8b685ea79..480d7c5951 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -30,6 +30,7 @@
#include "auth/kerberos/kerberos_credentials.h"
#include "auth/kerberos/kerberos_srv_keytab.h"
#include "auth/kerberos/kerberos_util.h"
+#include "auth/kerberos/pac_utils.h"
#include "param/param.h"
static void cli_credentials_invalidate_client_gss_creds(
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
index 05065b2725..d1a79501cc 100644
--- a/auth/kerberos/gssapi_pac.c
+++ b/auth/kerberos/gssapi_pac.c
@@ -21,7 +21,7 @@
#include "includes.h"
#ifdef HAVE_KRB5
-#include "libcli/auth/krb5_wrap.h"
+#include "lib/krb5_wrap/krb5_samba.h"
#include "auth/kerberos/pac_utils.h"
#if 0
@@ -271,4 +271,49 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-#endif
+
+char *gssapi_error_string(TALLOC_CTX *mem_ctx,
+ OM_uint32 maj_stat, OM_uint32 min_stat,
+ const gss_OID mech)
+{
+ OM_uint32 disp_min_stat, disp_maj_stat;
+ gss_buffer_desc maj_error_message;
+ gss_buffer_desc min_error_message;
+ char *maj_error_string, *min_error_string;
+ OM_uint32 msg_ctx = 0;
+
+ char *ret;
+
+ maj_error_message.value = NULL;
+ min_error_message.value = NULL;
+ maj_error_message.length = 0;
+ min_error_message.length = 0;
+
+ disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat,
+ GSS_C_GSS_CODE, mech,
+ &msg_ctx, &maj_error_message);
+ disp_maj_stat = gss_display_status(&disp_min_stat, min_stat,
+ GSS_C_MECH_CODE, mech,
+ &msg_ctx, &min_error_message);
+
+ maj_error_string = talloc_strndup(mem_ctx,
+ (char *)maj_error_message.value,
+ maj_error_message.length);
+
+ min_error_string = talloc_strndup(mem_ctx,
+ (char *)min_error_message.value,
+ min_error_message.length);
+
+ ret = talloc_asprintf(mem_ctx, "%s: %s",
+ maj_error_string, min_error_string);
+
+ talloc_free(maj_error_string);
+ talloc_free(min_error_string);
+
+ gss_release_buffer(&disp_min_stat, &maj_error_message);
+ gss_release_buffer(&disp_min_stat, &min_error_message);
+
+ return ret;
+}
+
+#endif /* HAVE_KRB5 */
diff --git a/auth/kerberos/pac_utils.h b/auth/kerberos/pac_utils.h
index 9fe08de834..bb954597f5 100644
--- a/auth/kerberos/pac_utils.h
+++ b/auth/kerberos/pac_utils.h
@@ -21,7 +21,7 @@
#ifndef _PAC_UTILS_H
#define _PAC_UTILS_H
-#include "libcli/auth/krb5_wrap.h"
+#include "lib/krb5_wrap/krb5_samba.h"
struct PAC_SIGNATURE_DATA;
struct PAC_DATA;
@@ -47,4 +47,10 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
gss_ctx_id_t gssapi_context,
DATA_BLOB *session_key,
uint32_t *keytype);
+
+/* not the best place here, need to move to a more generic gssapi
+ * wrapper later */
+char *gssapi_error_string(TALLOC_CTX *mem_ctx,
+ OM_uint32 maj_stat, OM_uint32 min_stat,
+ const gss_OID mech);
#endif /* _PAC_UTILS_H */
diff --git a/auth/kerberos/wscript_build b/auth/kerberos/wscript_build
index f49cc517ba..97b8879c8e 100755
--- a/auth/kerberos/wscript_build
+++ b/auth/kerberos/wscript_build
@@ -1,4 +1,4 @@
#!/usr/bin/env python
bld.SAMBA_SUBSYSTEM('KRB5_PAC',
source='gssapi_pac.c kerberos_pac.c',
- deps='gssapi_krb5 krb5 ndr-krb5pac com_err')
+ deps='gssapi_krb5 ndr-krb5pac krb5samba')