[linux-cifs-client] Kerberos5 support in cifs pathset [PATCH: 4/4] userspace utility for creating security blob and getting session key

simo idra at samba.org
Wed Oct 24 20:23:10 GMT 2007


On Mon, 2007-10-22 at 21:10 +0400, Q (Igor Mammedov) wrote:
> As Jra mentioned it would be better to integrate request utility into 
> samba package. In fact it uses several calls from libsmb which has
> been 
> saved to spnego.c file to avoid dependence on samba source tree for a
> while.

Igor, this is a very nice start.
Lots to do but Jeff already got something working using a modified copy
of this stuff :-)

Some comments in line.

> +int handle_krb5_mech(const char* principal, DATA_BLOB* mechtoken,
> +                                               DATA_BLOB* sess_key)

...

> +       ret = krb5_cc_default(context,
> &ccache);                                
> +       if (ret) 

Have you already thought how to find the right credentials here ?

> +       /* pack all we got into out params */
> +       *mechtoken = data_blob( apreq_pkt.data, apreq_pkt.length);
> +       *sess_key = data_blob( tokb->contents, tokb->length);
> +
> +        krb5_free_creds(context, out_creds);            
> +        krb5_free_principal(context, me);         
> +        krb5_cc_close(context, ccache);
> +        krb5_free_context(context); 
> +
> +       if (!(mechtoken->data && sess_key->data)) {
> +               free_data_blob(mechtoken);
> +               free_data_blob(sess_key);
> +               return 1;
> +       }
> +       return 0;


Do you know if the sesskey is always guaranteed to be a fixed length ?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>



More information about the linux-cifs-client mailing list