From 918c7634c21deb0aa89388bb3d9e147bfc8576c8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 7 Nov 2005 02:29:37 +0000 Subject: r11543: A major upgrade to our KDC and PAC handling. We now put the PAC in the AS-REP, so that the client has it in the TGT. We then validate it (and re-sign it) on a TGS-REQ, ie when the client wants a ticket. This should also allow us to interop with windows KDCs. If we get an invalid PAC at the TGS stage, we just drop it. I'm slowly trying to move the application logic out of hdb-ldb.c, and back in with the rest of Samba's auth system, for consistancy. This continues that trend. Andrew Bartlett (This used to be commit 36973b1eef7db5983cce76ba241e54d5f925c69c) --- source4/auth/gensec/gensec_gssapi.c | 2 +- source4/auth/gensec/gensec_krb5.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/auth/gensec') diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 08e2298c1a..c8a57234e3 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -891,7 +891,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi /* decode and verify the pac */ nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info, pac_blob, gensec_gssapi_state->smb_krb5_context->krb5_context, - NULL, keyblock, principal, authtime); + NULL, keyblock, principal, authtime, NULL); krb5_free_principal(gensec_gssapi_state->smb_krb5_context->krb5_context, principal); if (NT_STATUS_IS_OK(nt_status)) { diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index d5a2fd9a8f..c8640dde8c 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -521,7 +521,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security gensec_krb5_state->smb_krb5_context->krb5_context, NULL, gensec_krb5_state->keyblock, client_principal, - gensec_krb5_state->ticket->ticket.authtime); + gensec_krb5_state->ticket->ticket.authtime, NULL); krb5_free_principal(context, client_principal); if (NT_STATUS_IS_OK(nt_status)) { -- cgit