[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Thu Nov 12 07:51:09 MST 2009
The branch, master has been updated
via 61f0b24... s3-kerberos: remove smb_krb5_get_tkt_from_creds().
via 0f8bf47... s3-kerberos: avoid using ERROR_TABLE_BASE_krb5 without checking.
from 0d6c305... s4:dsdb Make callbacks in extended_dn_out clearer to follow
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 61f0b247633501d6bf4103ca8345048e537c043d
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 12 15:42:03 2009 +0100
s3-kerberos: remove smb_krb5_get_tkt_from_creds().
Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove
smb_krb5_get_tkt_from_creds() which is not required anymore.
Guenther
commit 0f8bf47d949fbdf47bdb388ad584652202ce185b
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 12 15:40:42 2009 +0100
s3-kerberos: avoid using ERROR_TABLE_BASE_krb5 without checking.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/libads/authdata.c | 64 +++------------------------------------------
source3/libsmb/clikrb5.c | 4 +++
2 files changed, 8 insertions(+), 60 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index f287b16..93f4091 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -335,46 +335,6 @@ struct PAC_LOGON_INFO *get_logon_info_from_pac(struct PAC_DATA *pac_data)
return NULL;
}
-static krb5_error_code smb_krb5_get_tkt_from_creds(krb5_creds *creds,
- DATA_BLOB *tkt)
-{
- krb5_error_code ret;
- krb5_context context;
- krb5_auth_context auth_context = NULL;
- krb5_data inbuf, outbuf;
-
- ret = krb5_init_context(&context);
- if (ret) {
- return ret;
- }
-
- ret = krb5_auth_con_init(context, &auth_context);
- if (ret) {
- goto done;
- }
-
- ZERO_STRUCT(inbuf);
-
- ret = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY,
- &inbuf, creds, &outbuf);
- if (ret) {
- goto done;
- }
-
- *tkt = data_blob(outbuf.data, outbuf.length);
- done:
- if (!context) {
- return ret;
- }
- kerberos_free_data_contents(context, &outbuf);
- if (auth_context) {
- krb5_auth_con_free(context, auth_context);
- }
- krb5_free_context(context);
-
- return ret;
-}
-
/****************************************************************
****************************************************************/
@@ -462,26 +422,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
(*expire_time == 0) && (*renew_till_time == 0)) {
return NT_STATUS_INVALID_LOGON_TYPE;
}
-#if 1
- ret = smb_krb5_get_creds(local_service,
- time_offset,
- cc,
- impersonate_princ_s,
- &creds);
- if (ret) {
- DEBUG(1,("failed to get credentials for %s: %s\n",
- local_service, error_message(ret)));
- status = krb5_to_nt_status(ret);
- goto out;
- }
- ret = smb_krb5_get_tkt_from_creds(creds, &tkt);
- if (ret) {
- status = krb5_to_nt_status(ret);
- goto out;
- }
-
-#else
ret = cli_krb5_get_ticket(local_service,
time_offset,
&tkt,
@@ -493,10 +434,13 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
if (ret) {
DEBUG(1,("failed to get ticket for %s: %s\n",
local_service, error_message(ret)));
+ if (impersonate_princ_s) {
+ DEBUGADD(1,("tried S4U2SELF impersonation as: %s\n",
+ impersonate_princ_s));
+ }
status = krb5_to_nt_status(ret);
goto out;
}
-#endif
status = ads_verify_ticket(mem_ctx,
lp_realm(),
time_offset,
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index e86c6c4..3da64d6 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -1559,7 +1559,11 @@ done:
}
if (krberror->e_data.data == NULL) {
+#if defined(ERROR_TABLE_BASE_krb5)
ret = ERROR_TABLE_BASE_krb5 + (krb5_error_code) krberror->error;
+#else
+ ret = (krb5_error_code)krberror->error;
+#endif
got_error_code = True;
}
smb_krb5_free_error(context, krberror);
--
Samba Shared Repository
More information about the samba-cvs
mailing list