summaryrefslogtreecommitdiff
path: root/source4/auth/credentials/credentials_krb5.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/credentials/credentials_krb5.c')
-rw-r--r--source4/auth/credentials/credentials_krb5.c61
1 files changed, 57 insertions, 4 deletions
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index fb3239494e..b20d9ee750 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -26,6 +26,22 @@
#include "system/kerberos.h"
#include "auth/kerberos/kerberos.h"
+int cli_credentials_get_krb5_context(struct cli_credentials *cred,
+ struct smb_krb5_context **smb_krb5_context)
+{
+ int ret;
+ if (cred->smb_krb5_context) {
+ *smb_krb5_context = cred->smb_krb5_context;
+ return 0;
+ }
+
+ ret = smb_krb5_init_context(cred, &cred->smb_krb5_context);
+ if (ret) {
+ return ret;
+ }
+ *smb_krb5_context = cred->smb_krb5_context;
+ return 0;
+}
int cli_credentials_set_from_ccache(struct cli_credentials *cred,
enum credentials_obtained obtained)
@@ -95,11 +111,13 @@ int cli_credentials_set_ccache(struct cli_credentials *cred,
return ENOMEM;
}
- ret = smb_krb5_init_context(ccc, &ccc->smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, &ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
return ret;
}
+ talloc_reference(ccc, ccc->smb_krb5_context);
+
if (name) {
ret = krb5_cc_resolve(ccc->smb_krb5_context->krb5_context, name, &ccc->ccache);
if (ret) {
@@ -162,7 +180,7 @@ int cli_credentials_new_ccache(struct cli_credentials *cred)
}
ccache_name = talloc_asprintf(ccc, "MEMORY:%s",
- rand_string);
+ rand_string);
talloc_free(rand_string);
if (!ccache_name) {
@@ -170,12 +188,12 @@ int cli_credentials_new_ccache(struct cli_credentials *cred)
return ENOMEM;
}
- ret = smb_krb5_init_context(ccc, &ccc->smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, &ccc->smb_krb5_context);
if (ret) {
- talloc_free(ccache_name);
talloc_free(ccc);
return ret;
}
+ talloc_reference(ccc, ccc->smb_krb5_context);
ret = krb5_cc_resolve(ccc->smb_krb5_context->krb5_context, ccache_name, &ccc->ccache);
if (ret) {
@@ -227,6 +245,41 @@ int cli_credentials_get_ccache(struct cli_credentials *cred,
return ret;
}
+int cli_credentials_get_keytab(struct cli_credentials *cred,
+ struct keytab_container **_ktc)
+{
+ krb5_error_code ret;
+ struct keytab_container *ktc;
+ struct smb_krb5_context *smb_krb5_context;
+
+ if (cred->keytab_obtained >= (MAX(cred->principal_obtained,
+ cred->username_obtained))) {
+ *_ktc = cred->keytab;
+ return 0;
+ }
+
+ if (cli_credentials_is_anonymous(cred)) {
+ return EINVAL;
+ }
+
+ ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context);
+ if (ret) {
+ return ret;
+ }
+
+ ret = create_memory_keytab(cred, cred, smb_krb5_context, &ktc);
+ if (ret) {
+ return ret;
+ }
+
+ cred->keytab_obtained = (MAX(cred->principal_obtained,
+ cred->username_obtained));
+
+ cred->keytab = ktc;
+ *_ktc = cred->keytab;
+ return ret;
+}
+
/**
* Set Kerberos KVNO
*/
generated by cgit (git 2.34.1) at 2024-07-07 12:02:09 +0000