From 3109a3de1f362e9dc42bceb81a393e2dbf80b7b2 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 26 Apr 2012 12:06:24 -0400 Subject: Split normal kinit from s4u2 flavored kinit This makes it simpler to slowly integrate MIT support and also amkes it somewhat clearer what operation is really requested. The 24u2 part is really only used by the cifs proxy code so we can temporarily disable it in the MIT build w/o major consequences. --- source4/auth/kerberos/kerberos_util.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) (limited to 'source4/auth') diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 9933ca84c7..31a8405a7f 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -232,13 +232,27 @@ static krb5_error_code impersonate_principal_from_credentials( } #endif if (password) { - ret = kerberos_kinit_password_cc(smb_krb5_context->krb5_context, ccache, - princ, password, - impersonate_principal, - self_service, - target_service, - krb_options, - NULL, &kdc_time); + if (impersonate_principal) { +#ifdef SAMBA4_USES_HEIMDAL + ret = kerberos_kinit_s4u2_cc( + smb_krb5_context->krb5_context, + ccache, princ, password, + impersonate_principal, + self_service, target_service, + krb_options, NULL, &kdc_time); +#else + talloc_free(mem_ctx); + (*error_string) = "INTERNAL error: s4u2 ops " + "are not supported with MIT build yet"; + return EINVAL; +#endif + } else { + ret = kerberos_kinit_password_cc( + smb_krb5_context->krb5_context, + ccache, princ, password, + target_service, + krb_options, NULL, &kdc_time); + } } else if (impersonate_principal) { talloc_free(mem_ctx); (*error_string) = "INTERNAL error: Cannot impersonate principal with just a keyblock. A password must be specified in the credentials"; -- cgit