svn commit: lorikeet r360 - in trunk/heimdal/kdc: .
abartlet at samba.org
abartlet at samba.org
Wed Jun 29 13:47:35 GMT 2005
Author: abartlet
Date: 2005-06-29 13:47:35 +0000 (Wed, 29 Jun 2005)
New Revision: 360
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=360
Log:
Insert a disgusting hack to enable the Samba-generated PAC to be
placed in the packet.
Andrew Bartlett
Modified:
trunk/heimdal/kdc/kerberos5.c
Changeset:
Modified: trunk/heimdal/kdc/kerberos5.c
===================================================================
--- trunk/heimdal/kdc/kerberos5.c 2005-06-29 13:46:48 UTC (rev 359)
+++ trunk/heimdal/kdc/kerberos5.c 2005-06-29 13:47:35 UTC (rev 360)
@@ -32,6 +32,9 @@
*/
#include "kdc_locl.h"
+#ifdef _SAMBA_BUILD_
+#include "kdc/pac-glue.h"
+#endif
RCSID("$Id: kerberos5.c,v 1.177 2005/06/15 11:34:53 lha Exp $");
@@ -1622,6 +1625,52 @@
et.flags.anonymous = tgt->flags.anonymous;
et.flags.ok_as_delegate = server->flags.ok_as_delegate;
+#ifdef _SAMBA_BUILD_
+
+ {
+
+ unsigned char *buf;
+ size_t buf_size;
+ size_t len;
+
+ krb5_data pac;
+ AD_IF_RELEVANT *if_relevant;
+ ALLOC(if_relevant);
+ if_relevant->len = 1;
+ if_relevant->val = malloc(sizeof(*if_relevant->val));
+ if_relevant->val[0].ad_type = KRB5_AUTHDATA_WIN2K_PAC;
+ if_relevant->val[0].ad_data.data = NULL;
+ if_relevant->val[0].ad_data.length = 0;
+
+ /* Get PAC from Samba */
+ ret = samba_get_pac(context, config,
+ client->principal,
+ ekey,
+ &pac);
+ if (ret) {
+ free_AuthorizationData(if_relevant);
+ goto out;
+ }
+
+ /* pac.data will be freed with this */
+ if_relevant->val[0].ad_data.data = pac.data;
+ if_relevant->val[0].ad_data.length = pac.length;
+
+ ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, if_relevant, &len, ret);
+
+ auth_data = NULL;
+ ALLOC(auth_data);
+ auth_data->len = 1;
+ auth_data->val = malloc(sizeof(*auth_data->val));
+ auth_data->val[0].ad_type = KRB5_AUTHDATA_IF_RELEVANT;
+ auth_data->val[0].ad_data.length = len;
+ auth_data->val[0].ad_data.data = buf;
+ if (ret) {
+ goto out;
+ }
+ }
+
+#endif
/* XXX Check enc-authorization-data */
et.authorization_data = auth_data;
More information about the samba-cvs
mailing list