diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-10-20 10:28:16 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:04 -0500 |
commit | b0c7c175b1c1ed45a31a710e4fbe18bbffdd6d38 (patch) | |
tree | 27e92188d9370e57600e9454727d85aa7fc7829f /source4/auth/kerberos/kerberos_util.c | |
parent | 2817ef9f53e30c509ccf972beab617a897bd6724 (diff) | |
download | samba-b0c7c175b1c1ed45a31a710e4fbe18bbffdd6d38.tar.gz samba-b0c7c175b1c1ed45a31a710e4fbe18bbffdd6d38.tar.xz samba-b0c7c175b1c1ed45a31a710e4fbe18bbffdd6d38.zip |
r11220: Add the ability to handle the salt prinicpal as part of the
credentials. This works with the setup/secrets.ldif change from the
previous patch, and pretty much just re-invents the keytab.
Needed for kpasswdd work.
Andrew Bartlett
(This used to be commit cc9d167bab280eaeb793a5e7dfdf1f31be47fbf5)
Diffstat (limited to 'source4/auth/kerberos/kerberos_util.c')
-rw-r--r-- | source4/auth/kerberos/kerberos_util.c | 56 |
1 files changed, 31 insertions, 25 deletions
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 3d7084aa0d..6a09562dca 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -50,37 +50,43 @@ krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, char *machine_username; char *salt_body; char *lower_realm; + char *salt_principal; struct principal_container *mem_ctx = talloc(parent_ctx, struct principal_container); if (!mem_ctx) { return ENOMEM; } - - machine_username = talloc_strdup(mem_ctx, cli_credentials_get_username(machine_account)); - if (!machine_username) { - talloc_free(mem_ctx); - return ENOMEM; - } - - if (machine_username[strlen(machine_username)-1] == '$') { - machine_username[strlen(machine_username)-1] = '\0'; - } - lower_realm = strlower_talloc(mem_ctx, cli_credentials_get_realm(machine_account)); - if (!lower_realm) { - talloc_free(mem_ctx); - return ENOMEM; - } - - salt_body = talloc_asprintf(mem_ctx, "%s.%s", machine_username, - lower_realm); - if (!salt_body) { - talloc_free(mem_ctx); + salt_principal = cli_credentials_get_salt_principal(machine_account); + if (salt_principal) { + ret = krb5_parse_name(smb_krb5_context->krb5_context, salt_principal, salt_princ); + } else { + machine_username = talloc_strdup(mem_ctx, cli_credentials_get_username(machine_account)); + + if (!machine_username) { + talloc_free(mem_ctx); + return ENOMEM; + } + + if (machine_username[strlen(machine_username)-1] == '$') { + machine_username[strlen(machine_username)-1] = '\0'; + } + lower_realm = strlower_talloc(mem_ctx, cli_credentials_get_realm(machine_account)); + if (!lower_realm) { + talloc_free(mem_ctx); + return ENOMEM; + } + + salt_body = talloc_asprintf(mem_ctx, "%s.%s", machine_username, + lower_realm); + if (!salt_body) { + talloc_free(mem_ctx); return ENOMEM; - } - - ret = krb5_make_principal(smb_krb5_context->krb5_context, salt_princ, - cli_credentials_get_realm(machine_account), - "host", salt_body, NULL); + } + + ret = krb5_make_principal(smb_krb5_context->krb5_context, salt_princ, + cli_credentials_get_realm(machine_account), + "host", salt_body, NULL); + } if (ret == 0) { mem_ctx->smb_krb5_context = talloc_reference(mem_ctx, smb_krb5_context); |