From f4607c6e55f6aaa8fe774c7e739fab0556e7bfc0 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 29 Jun 2005 03:01:35 +0000
Subject: r7989: Allow the use of hashed passwords in the kerberos client and
 server, and create the in-memory keytab with the correct kvno, if available.

Andrew Bartlett
(This used to be commit 7b7b2b038e25f3d767b5db7d6e41dd947fdde091)
---
 source4/auth/kerberos/kerberos.c | 54 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

(limited to 'source4/auth/kerberos/kerberos.c')

diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c
index 4b3750658f..8c82ae780e 100644
--- a/source4/auth/kerberos/kerberos.c
+++ b/source4/auth/kerberos/kerberos.c
@@ -61,6 +61,60 @@ kerb_prompter(krb5_context ctx, void *data,
 	return 0;
 }
 
+/*
+  simulate a kinit, putting the tgt in the given credentials cache. 
+  Orignally by remus@snapserver.com
+ 
+  This version is built to use a keyblock, rather than needing the
+  original password.
+*/
+ int kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, 
+				const char *principal, krb5_keyblock *keyblock,
+				time_t *expire_time, time_t *kdc_time)
+{
+	krb5_error_code code = 0;
+	krb5_principal me;
+	krb5_creds my_creds;
+	krb5_get_init_creds_opt options;
+
+	if ((code = krb5_parse_name(ctx, principal, &me))) {
+		return code;
+	}
+
+	krb5_get_init_creds_opt_init(&options);
+
+	if ((code = krb5_get_init_creds_keyblock(ctx, &my_creds, me, keyblock,
+						 0, NULL, &options))) {
+		krb5_free_principal(ctx, me);
+		return code;
+	}
+	
+	if ((code = krb5_cc_initialize(ctx, cc, me))) {
+		krb5_free_cred_contents(ctx, &my_creds);
+		krb5_free_principal(ctx, me);
+		return code;
+	}
+	
+	if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
+		krb5_free_cred_contents(ctx, &my_creds);
+		krb5_free_principal(ctx, me);
+		return code;
+	}
+	
+	if (expire_time) {
+		*expire_time = (time_t) my_creds.times.endtime;
+	}
+
+	if (kdc_time) {
+		*kdc_time = (time_t) my_creds.times.starttime;
+	}
+
+	krb5_free_cred_contents(ctx, &my_creds);
+	krb5_free_principal(ctx, me);
+	
+	return 0;
+}
+
 /*
   simulate a kinit, putting the tgt in the given credentials cache. 
   Orignally by remus@snapserver.com
-- 
cgit