svn commit: lorikeet r360 - in trunk/heimdal/kdc: .

Wed Jun 29 13:47:35 GMT 2005

Author: abartlet
Date: 2005-06-29 13:47:35 +0000 (Wed, 29 Jun 2005)
New Revision: 360

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=360

Log:
Insert a disgusting hack to enable the Samba-generated PAC to be
placed in the packet.

Andrew Bartlett

Modified:
   trunk/heimdal/kdc/kerberos5.c


Changeset:
Modified: trunk/heimdal/kdc/kerberos5.c
===================================================================

--- trunk/heimdal/kdc/kerberos5.c	2005-06-29 13:46:48 UTC (rev 359)
+++ trunk/heimdal/kdc/kerberos5.c	2005-06-29 13:47:35 UTC (rev 360)
@@ -32,6 +32,9 @@
  */
 
 #include "kdc_locl.h"
+#ifdef _SAMBA_BUILD_
+#include "kdc/pac-glue.h"
+#endif
 
 RCSID("$Id: kerberos5.c,v 1.177 2005/06/15 11:34:53 lha Exp $");
 
@@ -1622,6 +1625,52 @@
     et.flags.anonymous   = tgt->flags.anonymous;
     et.flags.ok_as_delegate = server->flags.ok_as_delegate;
 	    
+#ifdef _SAMBA_BUILD_
+ 
+    {
+
+	    unsigned char *buf;
+	    size_t buf_size;
+	    size_t len;
+
+	    krb5_data pac;
+	    AD_IF_RELEVANT *if_relevant;
+	    ALLOC(if_relevant);
+	    if_relevant->len = 1;
+	    if_relevant->val = malloc(sizeof(*if_relevant->val));
+	    if_relevant->val[0].ad_type = KRB5_AUTHDATA_WIN2K_PAC;
+	    if_relevant->val[0].ad_data.data = NULL;
+	    if_relevant->val[0].ad_data.length = 0;
+
+	    /* Get PAC from Samba */
+	    ret = samba_get_pac(context, config, 
+				client->principal,
+				ekey,
+				&pac);
+	    if (ret) {
+		    free_AuthorizationData(if_relevant);
+		    goto out;
+	    }
+
+	    /* pac.data will be freed with this */
+	    if_relevant->val[0].ad_data.data = pac.data;
+	    if_relevant->val[0].ad_data.length = pac.length;
+
+	    ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, if_relevant, &len, ret);
+	    
+	    auth_data = NULL;
+	    ALLOC(auth_data);
+	    auth_data->len = 1;
+	    auth_data->val = malloc(sizeof(*auth_data->val));
+	    auth_data->val[0].ad_type = KRB5_AUTHDATA_IF_RELEVANT;
+	    auth_data->val[0].ad_data.length = len;
+	    auth_data->val[0].ad_data.data = buf;
+	    if (ret) {
+		    goto out;
+	    }
+    }
+
+#endif
     /* XXX Check enc-authorization-data */
     et.authorization_data = auth_data;
 

