summaryrefslogtreecommitdiff
path: root/source4/libcli/auth/kerberos.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli/auth/kerberos.c')
-rw-r--r--source4/libcli/auth/kerberos.c64
1 files changed, 40 insertions, 24 deletions
diff --git a/source4/libcli/auth/kerberos.c b/source4/libcli/auth/kerberos.c
index 97b895a241..b08c7f505c 100644
--- a/source4/libcli/auth/kerberos.c
+++ b/source4/libcli/auth/kerberos.c
@@ -54,28 +54,13 @@ kerb_prompter(krb5_context ctx, void *data,
simulate a kinit, putting the tgt in the default cache location
remus@snapserver.com
*/
-int kerberos_kinit_password(const char *principal, const char *password, int time_offset, time_t *expire_time)
+ int kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, const char *principal, const char *password, time_t *expire_time, time_t *kdc_time)
{
- krb5_context ctx = NULL;
krb5_error_code code = 0;
- krb5_ccache cc = NULL;
krb5_principal me;
krb5_creds my_creds;
- if ((code = krb5_init_context(&ctx)))
- return code;
-
- if (time_offset != 0) {
- krb5_set_real_time(ctx, time(NULL) + time_offset, 0);
- }
-
- if ((code = krb5_cc_default(ctx, &cc))) {
- krb5_free_context(ctx);
- return code;
- }
-
if ((code = krb5_parse_name(ctx, principal, &me))) {
- krb5_free_context(ctx);
return code;
}
@@ -83,32 +68,63 @@ int kerberos_kinit_password(const char *principal, const char *password, int tim
kerb_prompter,
NULL, 0, NULL, NULL))) {
krb5_free_principal(ctx, me);
- krb5_free_context(ctx);
return code;
}
if ((code = krb5_cc_initialize(ctx, cc, me))) {
krb5_free_cred_contents(ctx, &my_creds);
krb5_free_principal(ctx, me);
- krb5_free_context(ctx);
return code;
}
if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
- krb5_cc_close(ctx, cc);
krb5_free_cred_contents(ctx, &my_creds);
krb5_free_principal(ctx, me);
- krb5_free_context(ctx);
return code;
}
- if (expire_time)
+ if (expire_time) {
*expire_time = (time_t) my_creds.times.endtime;
+ }
+
+ if (kdc_time) {
+ *kdc_time = (time_t) my_creds.times.starttime;
+ }
- krb5_cc_close(ctx, cc);
krb5_free_cred_contents(ctx, &my_creds);
krb5_free_principal(ctx, me);
- krb5_free_context(ctx);
+
+ return 0;
+}
+
+
+/*
+ simulate a kinit, putting the tgt in the default cache location
+ remus@snapserver.com
+*/
+int kerberos_kinit_password(const char *principal, const char *password, int time_offset, time_t *expire_time, time_t *kdc_time)
+{
+ krb5_context ctx = NULL;
+ krb5_error_code code = 0;
+ krb5_ccache cc = NULL;
+
+ if ((code = krb5_init_context(&ctx)))
+ return code;
+
+ if (time_offset != 0) {
+ krb5_set_real_time(ctx, time(NULL) + time_offset, 0);
+ }
+
+ if ((code = krb5_cc_default(ctx, &cc))) {
+ krb5_free_context(ctx);
+ return code;
+ }
+
+ if ((code = kerberos_kinit_password_cc(ctx, cc, principal, password, expire_time, kdc_time))) {
+ krb5_cc_close(ctx, cc);
+ krb5_free_context(ctx);
+ return code;
+ }
return 0;
}
@@ -129,7 +145,7 @@ int ads_kinit_password(ADS_STRUCT *ads)
return KRB5_LIBOS_CANTREADPWD;
}
- ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset, &ads->auth.expire);
+ ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset, &ads->auth.expire, NULL);
if (ret) {
DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
generated by cgit (git 2.34.1) at 2024-08-08 06:46:49 +0000