[SCM] Samba Shared Repository - branch v3-5-test updated
Günther Deschner
gd at samba.org
Fri Nov 6 04:58:24 MST 2009
The branch, v3-5-test has been updated
via a1d21fc... s3-net: better use memory credential cache in net_ads_kerberos_pac().
via 05a8ece... s3-net: allow to call "net ads kerberos pac <impersonation principal> -P".
via 5368034... s3-kerberos: add impersonate_principal for kerberos_return_pac_X calls.
via be4ad69... s3-kerberos: add smb_krb5_get_tkt_from_creds().
via 99639fa... s3-kerberos: fix some build warnings when building against heimdal.
via 16ba0e8... s3-kerberos: add smb_krb5_get_{creds,credentials} incl. support for S4U2SELF impersonation.
via 33cc857... s3-kerberos: remove duplicate prototype.
via 158d9e3... s3-kerberos: add smb_krb5_parse_name_flags().
via 4fb1aa8... s3-kerberos: add configure checks for krb5_get_creds_X api.
via fc69d5a... s3-netlogon: make sure we protect some function codes in _netr_LogonControl2Ex().
via 8d9744c... s3-netlogon: let s3 pass against RPC-NETLOGON-S3 again.
via 8122dad... s3-netlogon: implement _netr_NETLOGON_INFO_4 in netr_LogonControl2Ex() and friends as well.
via dc95859... s3-netlogon: implement remote trust account changing in netr_LogonControl2Ex() and friends.
from 2245694... Got the logic simplification worked out so we still pass BASE-DELAYWRITE and also RAW-CLOSE. Jeremy. (cherry picked from commit c99dd5c23e25f4c1cc34f223f563915c0aa4bb6f)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit a1d21fcfc5f7efed93b79155efe8d2a666da773e
Author: Günther Deschner <gd at samba.org>
Date: Fri Nov 6 12:51:29 2009 +0100
s3-net: better use memory credential cache in net_ads_kerberos_pac().
Guenther
(cherry picked from commit 6ca8a40976f86f66713ba9a7b957f97a1c271016)
commit 05a8ecea99d2e056d20d31d8e15d016220a3d405
Author: Günther Deschner <gd at samba.org>
Date: Mon Oct 13 17:28:39 2008 +0200
s3-net: allow to call "net ads kerberos pac <impersonation principal> -P".
Guenther
(cherry picked from commit 58184b5fd4e95bc7ad2179237808126411509eea)
commit 53680341f44babf0c1e87874feaa0cb2a0d6a615
Author: Günther Deschner <gd at samba.org>
Date: Mon Oct 13 17:27:21 2008 +0200
s3-kerberos: add impersonate_principal for kerberos_return_pac_X calls.
Guenther
(cherry picked from commit 5e266225108aa3335476cbe1214cc0f484c4fd02)
commit be4ad69eb9cd835ef9e97654793e60403c296b3a
Author: Günther Deschner <gd at samba.org>
Date: Mon Oct 13 17:25:35 2008 +0200
s3-kerberos: add smb_krb5_get_tkt_from_creds().
Guenther
(cherry picked from commit 4ffbfc4475c92b9190811bd189802ff265aa6846)
commit 99639fab2ae3da2edc4f51e8c6e8f3314bf4f31f
Author: Günther Deschner <gd at samba.org>
Date: Fri Nov 6 10:25:53 2009 +0100
s3-kerberos: fix some build warnings when building against heimdal.
Guenther
(cherry picked from commit bb75f713d628073c503b06a3d217195aa95d72b2)
commit 16ba0e8649c441834da97f9584e5a64b670a083f
Author: Günther Deschner <gd at samba.org>
Date: Mon Oct 13 17:22:37 2008 +0200
s3-kerberos: add smb_krb5_get_{creds,credentials} incl. support for S4U2SELF impersonation.
Guenther
(cherry picked from commit 35dcc133c9c26d10186fe59ea096a2a5c87958e6)
commit 33cc8575474b5de48c2cb65b1b0da07ba861277d
Author: Günther Deschner <gd at samba.org>
Date: Mon Oct 13 17:27:43 2008 +0200
s3-kerberos: remove duplicate prototype.
Guenther
(cherry picked from commit 0729df3661fefeffc5154c9b01ae027b3ede4b92)
commit 158d9e3c654e52e641d0485ccfaff2b7c0659576
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 5 19:02:55 2009 +0100
s3-kerberos: add smb_krb5_parse_name_flags().
Guenther
(cherry picked from commit 17ef153b68795fec681f9ce17c198236aba2b1c2)
commit 4fb1aa8f679891e95db5fa5cd7b8a74697dc0003
Author: Günther Deschner <gd at samba.org>
Date: Mon Oct 13 17:21:22 2008 +0200
s3-kerberos: add configure checks for krb5_get_creds_X api.
Guenther
(cherry picked from commit 2cd507fe144c58a4c856c73ec56b80365dad9f23)
commit fc69d5a2bba292da070945d8c9d228ac38d486d8
Author: Günther Deschner <gd at samba.org>
Date: Wed Nov 4 00:34:29 2009 +0100
s3-netlogon: make sure we protect some function codes in _netr_LogonControl2Ex().
Guenther
(cherry picked from commit ccdd1462cc8d7e5e067b5f3d6122ee8765921b4f)
commit 8d9744cf9c234c7db74e9026b217a4b3139e7da4
Author: Günther Deschner <gd at samba.org>
Date: Mon Oct 19 11:28:00 2009 +0200
s3-netlogon: let s3 pass against RPC-NETLOGON-S3 again.
Guenther
(cherry picked from commit bb2e1ff6315f070b67d45600dd763011f8aba136)
commit 8122dad79fef3ec3795ed11739ce87eced99d82f
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 8 00:58:02 2009 +0200
s3-netlogon: implement _netr_NETLOGON_INFO_4 in netr_LogonControl2Ex() and friends as well.
Guenther
(cherry picked from commit 40f3f456bcea3d37537e807dbcd3a09b08dbc870)
commit dc95859e468c22d9ee370d53cdd66b7038665a9a
Author: Günther Deschner <gd at samba.org>
Date: Thu Oct 8 00:38:53 2009 +0200
s3-netlogon: implement remote trust account changing in netr_LogonControl2Ex() and friends.
Guenther
(cherry picked from commit b3a21474971d3ffd6135011daa5f2fe521f535d1)
-----------------------------------------------------------------------
Summary of changes:
source3/configure.in | 6 +
source3/include/includes.h | 17 ++-
source3/include/proto.h | 6 +-
source3/libads/authdata.c | 66 ++++++++-
source3/libads/kerberos.c | 4 +-
source3/libsmb/clikrb5.c | 289 +++++++++++++++++++++++++++++++++++-
source3/rpc_server/srv_netlog_nt.c | 136 +++++++++++++++++
source3/utils/net_ads.c | 6 +
source3/winbindd/winbindd_pam.c | 1 +
9 files changed, 521 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/configure.in b/source3/configure.in
index 819af5c..567e692 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3388,6 +3388,12 @@ if test x"$with_ads_support" != x"no"; then
AC_CHECK_FUNC_EXT(krb5_enctype_to_string, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_fwd_tgt_creds, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_auth_con_set_req_cksumtype, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_get_creds_opt_alloc, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_get_creds_opt_set_impersonate, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_get_creds, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_get_credentials_for_user, $KRB5_LIBS)
+ # MIT krb5 1.8 does not expose this call (yet)
+ AC_CHECK_DECLS(krb5_get_credentials_for_user, [], [], [#include <krb5.h>])
# MIT krb5 1.7beta3 (in Ubuntu Karmic) does not have this declaration
# but does have the symbol
diff --git a/source3/include/includes.h b/source3/include/includes.h
index b3446cb..559bc3d 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -952,7 +952,10 @@ char *talloc_asprintf_strupper_m(TALLOC_CTX *t, const char *fmt, ...) PRINTF_ATT
krb5_error_code smb_krb5_parse_name(krb5_context context,
const char *name, /* in unix charset */
krb5_principal *principal);
-
+krb5_error_code smb_krb5_parse_name_flags(krb5_context context,
+ const char *name, /* in unix charset */
+ int flags,
+ krb5_principal *principal);
krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
krb5_context context,
krb5_const_principal principal,
@@ -1072,7 +1075,17 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
krb5_data password,
bool no_salt,
bool keep_old_entries);
-
+krb5_error_code smb_krb5_get_credentials(krb5_context context,
+ krb5_ccache ccache,
+ krb5_principal me,
+ krb5_principal server,
+ krb5_principal impersonate_princ,
+ krb5_creds **out_creds);
+krb5_error_code smb_krb5_get_creds(const char *server_s,
+ time_t time_offset,
+ const char *cc,
+ const char *impersonate_princ_s,
+ krb5_creds **creds_p);
#endif /* HAVE_KRB5 */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 8586430..cd96035 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1707,6 +1707,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
bool request_pac,
bool add_netbios_addr,
time_t renewable_time,
+ const char *impersonate_princ_s,
struct PAC_DATA **pac_ret);
NTSTATUS kerberos_return_info3_from_pac(TALLOC_CTX *mem_ctx,
const char *name,
@@ -1718,6 +1719,7 @@ NTSTATUS kerberos_return_info3_from_pac(TALLOC_CTX *mem_ctx,
bool request_pac,
bool add_netbios_addr,
time_t renewable_time,
+ const char *impersonate_princ_s,
struct netr_SamInfo3 **info3);
/* The following definitions come from libads/cldap.c */
@@ -2718,10 +2720,6 @@ bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx,
DATA_BLOB *edata,
DATA_BLOB *edata_out);
bool unwrap_pac(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, DATA_BLOB *unwrapped_pac_data);
-int cli_krb5_get_ticket(const char *principal, time_t time_offset,
- DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
- uint32 extra_ap_opts, const char *ccname,
- time_t *tgs_expire);
/* The following definitions come from libsmb/clilist.c */
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 0032e9e..8a6a351 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -335,6 +335,46 @@ struct PAC_LOGON_INFO *get_logon_info_from_pac(struct PAC_DATA *pac_data)
return NULL;
}
+static krb5_error_code smb_krb5_get_tkt_from_creds(krb5_creds *creds,
+ DATA_BLOB *tkt)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_auth_context auth_context = NULL;
+ krb5_data inbuf, outbuf;
+
+ ret = krb5_init_context(&context);
+ if (ret) {
+ return ret;
+ }
+
+ ret = krb5_auth_con_init(context, &auth_context);
+ if (ret) {
+ goto done;
+ }
+
+ ZERO_STRUCT(inbuf);
+
+ ret = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY,
+ &inbuf, creds, &outbuf);
+ if (ret) {
+ goto done;
+ }
+
+ *tkt = data_blob(outbuf.data, outbuf.length);
+ done:
+ if (!context) {
+ return ret;
+ }
+ krb5_free_data_contents(context, &outbuf);
+ if (auth_context) {
+ krb5_auth_con_free(context, auth_context);
+ }
+ krb5_free_context(context);
+
+ return ret;
+}
+
/****************************************************************
****************************************************************/
@@ -348,6 +388,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
bool request_pac,
bool add_netbios_addr,
time_t renewable_time,
+ const char *impersonate_princ_s,
struct PAC_DATA **pac_ret)
{
krb5_error_code ret;
@@ -358,6 +399,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
const char *auth_princ = NULL;
const char *local_service = NULL;
const char *cc = "MEMORY:kerberos_return_pac";
+ krb5_creds *creds = NULL;
ZERO_STRUCT(tkt);
ZERO_STRUCT(ap_rep);
@@ -420,8 +462,26 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
(*expire_time == 0) && (*renew_till_time == 0)) {
return NT_STATUS_INVALID_LOGON_TYPE;
}
+#if 1
+ ret = smb_krb5_get_creds(local_service,
+ time_offset,
+ cc,
+ impersonate_princ_s,
+ &creds);
+ if (ret) {
+ DEBUG(1,("failed to get credentials for %s: %s\n",
+ local_service, error_message(ret)));
+ status = krb5_to_nt_status(ret);
+ goto out;
+ }
+ ret = smb_krb5_get_tkt_from_creds(creds, &tkt);
+ if (ret) {
+ status = krb5_to_nt_status(ret);
+ goto out;
+ }
+#else
ret = cli_krb5_get_ticket(local_service,
time_offset,
&tkt,
@@ -435,7 +495,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
status = krb5_to_nt_status(ret);
goto out;
}
-
+#endif
status = ads_verify_ticket(mem_ctx,
lp_realm(),
time_offset,
@@ -487,6 +547,7 @@ static NTSTATUS kerberos_return_pac_logon_info(TALLOC_CTX *mem_ctx,
bool request_pac,
bool add_netbios_addr,
time_t renewable_time,
+ const char *impersonate_princ_s,
struct PAC_LOGON_INFO **logon_info)
{
NTSTATUS status;
@@ -503,6 +564,7 @@ static NTSTATUS kerberos_return_pac_logon_info(TALLOC_CTX *mem_ctx,
request_pac,
add_netbios_addr,
renewable_time,
+ impersonate_princ_s,
&pac_data);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -537,6 +599,7 @@ NTSTATUS kerberos_return_info3_from_pac(TALLOC_CTX *mem_ctx,
bool request_pac,
bool add_netbios_addr,
time_t renewable_time,
+ const char *impersonate_princ_s,
struct netr_SamInfo3 **info3)
{
NTSTATUS status;
@@ -552,6 +615,7 @@ NTSTATUS kerberos_return_info3_from_pac(TALLOC_CTX *mem_ctx,
request_pac,
add_netbios_addr,
renewable_time,
+ impersonate_princ_s,
&logon_info);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index c1e6c4a..89357b0 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -46,9 +46,9 @@ kerb_prompter(krb5_context ctx, void *data,
memset(prompts[0].reply->data, '\0', prompts[0].reply->length);
if (prompts[0].reply->length > 0) {
if (data) {
- strncpy(prompts[0].reply->data, (const char *)data,
+ strncpy((char *)prompts[0].reply->data, (const char *)data,
prompts[0].reply->length-1);
- prompts[0].reply->length = strlen(prompts[0].reply->data);
+ prompts[0].reply->length = strlen((const char *)prompts[0].reply->data);
} else {
prompts[0].reply->length = 0;
}
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 145e30b..1778853 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -4,7 +4,7 @@
Copyright (C) Andrew Tridgell 2001
Copyright (C) Luke Howard 2002-2003
Copyright (C) Andrew Bartlett <abartlet at samba.org> 2005
- Copyright (C) Guenther Deschner 2005-2007
+ Copyright (C) Guenther Deschner 2005-2009
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -65,6 +65,24 @@ static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context,
return ret;
}
+krb5_error_code smb_krb5_parse_name_flags(krb5_context context,
+ const char *name, /* in unix charset */
+ int flags,
+ krb5_principal *principal)
+{
+ krb5_error_code ret;
+ char *utf8_name;
+ size_t converted_size;
+
+ if (!push_utf8_talloc(talloc_tos(), &utf8_name, name, &converted_size)) {
+ return ENOMEM;
+ }
+
+ ret = krb5_parse_name_flags(context, utf8_name, flags, principal);
+ TALLOC_FREE(utf8_name);
+ return ret;
+}
+
#ifdef HAVE_KRB5_PARSE_NAME_NOREALM
/**************************************************************
krb5_parse_name_norealm that takes a UNIX charset.
@@ -1946,6 +1964,275 @@ krb5_error_code krb5_auth_con_set_req_cksumtype(
}
#endif
+#if defined(HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE) && \
+ defined(HAVE_KRB5_GET_CREDS_OPT_ALLOC) && \
+ defined(HAVE_KRB5_GET_CREDS)
+static krb5_error_code smb_krb5_get_credentials_for_user_opt(krb5_context context,
+ krb5_ccache ccache,
+ krb5_principal me,
+ krb5_principal server,
+ krb5_principal impersonate_princ,
+ krb5_creds **out_creds)
+{
+ krb5_error_code ret;
+ krb5_get_creds_opt opt;
+
+ ret = krb5_get_creds_opt_alloc(context, &opt);
+ if (ret) {
+ goto done;
+ }
+ krb5_get_creds_opt_add_options(context, opt, KRB5_GC_FORWARDABLE);
+
+ if (impersonate_princ) {
+ ret = krb5_get_creds_opt_set_impersonate(context, opt,
+ impersonate_princ);
+ if (ret) {
+ goto done;
+ }
+ }
+
+ ret = krb5_get_creds(context, opt, ccache, server, out_creds);
+ if (ret) {
+ goto done;
+ }
+
+ done:
+ if (opt) {
+ krb5_get_creds_opt_free(context, opt);
+ }
+ return ret;
+}
+#endif /* HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE */
+
+#ifdef HAVE_KRB5_GET_CREDENTIALS_FOR_USER
+static krb5_error_code smb_krb5_get_credentials_for_user(krb5_context context,
+ krb5_ccache ccache,
+ krb5_principal me,
+ krb5_principal server,
+ krb5_principal impersonate_princ,
+ krb5_creds **out_creds)
+{
+ krb5_error_code ret;
+ krb5_creds in_creds;
+
+#if !HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
+ krb5_ccache ccache, krb5_creds *in_creds,
+ krb5_data *subject_cert,
+ krb5_creds **out_creds);
+#endif /* !HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER */
+
+ ZERO_STRUCT(in_creds);
+
+ if (impersonate_princ) {
+
+ in_creds.server = me;
+ in_creds.client = impersonate_princ;
+
+ ret = krb5_get_credentials_for_user(context,
+ 0, /* krb5_flags options */
+ ccache,
+ &in_creds,
+ NULL, /* krb5_data *subject_cert */
+ out_creds);
+ } else {
+ in_creds.client = me;
+ in_creds.server = server;
+
+ ret = krb5_get_credentials(context, 0, ccache,
+ &in_creds, out_creds);
+ }
+
+ return ret;
+}
+#endif /* HAVE_KRB5_GET_CREDENTIALS_FOR_USER */
+
+/*
+ * smb_krb5_get_credentials
+ *
+ * @brief Get krb5 credentials for a server
+ *
+ * @param[in] context An initialized krb5_context
+ * @param[in] ccache An initialized krb5_ccache
+ * @param[in] me The krb5_principal of the caller
+ * @param[in] server The krb5_principal of the requested service
+ * @param[in] impersonate_princ The krb5_principal of a user to impersonate as (optional)
+ * @param[out] out_creds The returned krb5_creds structure
+ * @return krb5_error_code
+ *
+ */
+krb5_error_code smb_krb5_get_credentials(krb5_context context,
+ krb5_ccache ccache,
+ krb5_principal me,
+ krb5_principal server,
+ krb5_principal impersonate_princ,
+ krb5_creds **out_creds)
+{
+ krb5_error_code ret;
+ krb5_creds *creds = NULL;
+
+ *out_creds = NULL;
+
+ if (impersonate_princ) {
+#ifdef HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE /* Heimdal */
+ ret = smb_krb5_get_credentials_for_user_opt(context, ccache, me, server, impersonate_princ, &creds);
+#elif defined(HAVE_KRB5_GET_CREDENTIALS_FOR_USER) /* MIT */
+ ret = smb_krb5_get_credentials_for_user(context, ccache, me, server, impersonate_princ, &creds);
+#else
+ ret = ENOTSUP;
+#endif
+ } else {
+ krb5_creds in_creds;
+
+ ZERO_STRUCT(in_creds);
+
+ in_creds.client = me;
+ in_creds.server = server;
+
+ ret = krb5_get_credentials(context, 0, ccache,
+ &in_creds, &creds);
+ }
+ if (ret) {
+ goto done;
+ }
+
+ ret = krb5_cc_store_cred(context, ccache, creds);
+ if (ret) {
+ goto done;
+ }
+
+ if (out_creds) {
+ *out_creds = creds;
+ }
+
+ done:
+ if (creds && ret) {
+ krb5_free_creds(context, creds);
+ }
+
+ return ret;
+}
+
+/*
+ * smb_krb5_get_creds
+ *
+ * @brief Get krb5 credentials for a server
+ *
+ * @param[in] server_s The string name of the service
+ * @param[in] time_offset The offset to the KDCs time in seconds (optional)
+ * @param[in] cc The krb5 credential cache string name (optional)
+ * @param[in] impersonate_princ_s The string principal name to impersonate (optional)
+ * @param[out] creds_p The returned krb5_creds structure
+ * @return krb5_error_code
+ *
+ */
+krb5_error_code smb_krb5_get_creds(const char *server_s,
+ time_t time_offset,
+ const char *cc,
+ const char *impersonate_princ_s,
+ krb5_creds **creds_p)
+{
+ krb5_error_code ret;
+ krb5_context context = NULL;
+ krb5_principal me = NULL;
+ krb5_principal server = NULL;
+ krb5_principal impersonate_princ = NULL;
+ krb5_creds *creds = NULL;
+ krb5_ccache ccache = NULL;
+
+ *creds_p = NULL;
+
+ initialize_krb5_error_table();
+ ret = krb5_init_context(&context);
+ if (ret) {
+ goto done;
+ }
+
+ if (time_offset != 0) {
+ krb5_set_real_time(context, time(NULL) + time_offset, 0);
+ }
+
+ ret = krb5_cc_resolve(context, cc ? cc :
+ krb5_cc_default_name(context), &ccache);
+ if (ret) {
+ goto done;
+ }
+
+ ret = krb5_cc_get_principal(context, ccache, &me);
+ if (ret) {
+ goto done;
+ }
+
+ ret = smb_krb5_parse_name(context, server_s, &server);
+ if (ret) {
+ goto done;
+ }
+
+ if (impersonate_princ_s) {
+ ret = smb_krb5_parse_name(context, impersonate_princ_s,
+ &impersonate_princ);
+ if (ret) {
+ goto done;
+ }
+ }
+
+ ret = smb_krb5_get_credentials(context, ccache,
+ me, server, impersonate_princ,
+ &creds);
+ if (ret) {
+ goto done;
+ }
+
+ ret = krb5_cc_store_cred(context, ccache, creds);
+ if (ret) {
+ goto done;
+ }
--
Samba Shared Repository
More information about the samba-cvs
mailing list