From a41efe6802da4e81a4af72aa231daa00f5012ab8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 22 Apr 2011 11:22:50 +0200 Subject: s4:auth/credentials: pass 'self_service' to cli_credentials_set_impersonate_principal() This also adds a cli_credentials_get_self_service() helper function. In order to support S4U2Proxy we need to be able to set the service principal for the S4U2Self step independent of the target principal. metze --- source4/auth/kerberos/kerberos_util.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'source4/auth/kerberos/kerberos_util.c') diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 45b0b07e13..f05016b873 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -338,7 +338,9 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx, const char **error_string) { krb5_error_code ret; - const char *password, *target_service; + const char *password; + const char *self_service; + const char *target_service; time_t kdc_time = 0; krb5_principal princ; krb5_principal impersonate_principal; @@ -363,6 +365,7 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx, return ret; } + self_service = cli_credentials_get_self_service(credentials); target_service = cli_credentials_get_target_service(credentials); password = cli_credentials_get_password(credentials); @@ -403,7 +406,8 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx, if (password) { ret = kerberos_kinit_password_cc(smb_krb5_context->krb5_context, ccache, princ, password, - impersonate_principal, target_service, + impersonate_principal, + self_service, krb_options, NULL, &kdc_time); } else if (impersonate_principal) { -- cgit From c017cbfaa47f6cb7da38a7021427412fe2e62a8d Mon Sep 17 00:00:00 2001 From: Brad Hards Date: Fri, 17 Jun 2011 19:53:11 +1000 Subject: s4/auth: Trivial spelling fixes. Signed-off-by: Andrew Tridgell --- source4/auth/kerberos/kerberos_util.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/auth/kerberos/kerberos_util.c') diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index f05016b873..9cef977306 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -173,7 +173,7 @@ static krb5_error_code principals_from_msg(TALLOC_CTX *parent_ctx, return ret; } - /* This song-and-dance effectivly puts the principal + /* This song-and-dance effectively puts the principal * into talloc, so we can't loose it. */ talloc_set_destructor(principals[i], free_principal); i++; @@ -262,7 +262,7 @@ static krb5_error_code salt_principal_from_msg(TALLOC_CTX *parent_ctx, upper_realm, "host", salt_body, NULL); if (ret == 0) { - /* This song-and-dance effectivly puts the principal + /* This song-and-dance effectively puts the principal * into talloc, so we can't loose it. */ mem_ctx->smb_krb5_context = talloc_reference(mem_ctx, smb_krb5_context); mem_ctx->principal = *salt_princ; @@ -737,7 +737,7 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx, /* Release the enumeration. We are going to * have to start this from the top again, * because deletes during enumeration may not - * always be consistant. + * always be consistent. * * Also, the enumeration locks a FILE: keytab */ -- cgit From b9e095fdfb684005f9bb5c1d943b2a0705308500 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 20 Jun 2011 20:28:44 +0200 Subject: s4:auth/kerberos: add S4U2Proxy support to kerberos_kinit_password_cc() For S4U2Proxy we need to use the ticket from the S4U2Self stage and ask the kdc for the delegated ticket for the target service. metze --- source4/auth/kerberos/kerberos_util.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/auth/kerberos/kerberos_util.c') diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 9cef977306..9a48e95c6d 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -408,6 +408,7 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx, princ, password, impersonate_principal, self_service, + target_service, krb_options, NULL, &kdc_time); } else if (impersonate_principal) { -- cgit