diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-06-29 03:01:35 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:18:56 -0500 |
| commit | f4607c6e55f6aaa8fe774c7e739fab0556e7bfc0 (patch) | |
| tree | 19f6d8ef036c58c6544f7ee1e06fcce0c45c1377 /source4/auth/kerberos/kerberos.c | |
| parent | f62a70fe54c1b1f6172d1d3fbc8b34c03dd96b86 (diff) | |
| download | samba-f4607c6e55f6aaa8fe774c7e739fab0556e7bfc0.tar.gz samba-f4607c6e55f6aaa8fe774c7e739fab0556e7bfc0.tar.xz samba-f4607c6e55f6aaa8fe774c7e739fab0556e7bfc0.zip | |
r7989: Allow the use of hashed passwords in the kerberos client and server,
and create the in-memory keytab with the correct kvno, if available.
Andrew Bartlett
(This used to be commit 7b7b2b038e25f3d767b5db7d6e41dd947fdde091)
Diffstat (limited to 'source4/auth/kerberos/kerberos.c')
| -rw-r--r-- | source4/auth/kerberos/kerberos.c | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c index 4b3750658ff..8c82ae780e2 100644 --- a/source4/auth/kerberos/kerberos.c +++ b/source4/auth/kerberos/kerberos.c @@ -64,6 +64,60 @@ kerb_prompter(krb5_context ctx, void *data, /* simulate a kinit, putting the tgt in the given credentials cache. Orignally by remus@snapserver.com + + This version is built to use a keyblock, rather than needing the + original password. +*/ + int kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, + const char *principal, krb5_keyblock *keyblock, + time_t *expire_time, time_t *kdc_time) +{ + krb5_error_code code = 0; + krb5_principal me; + krb5_creds my_creds; + krb5_get_init_creds_opt options; + + if ((code = krb5_parse_name(ctx, principal, &me))) { + return code; + } + + krb5_get_init_creds_opt_init(&options); + + if ((code = krb5_get_init_creds_keyblock(ctx, &my_creds, me, keyblock, + 0, NULL, &options))) { + krb5_free_principal(ctx, me); + return code; + } + + if ((code = krb5_cc_initialize(ctx, cc, me))) { + krb5_free_cred_contents(ctx, &my_creds); + krb5_free_principal(ctx, me); + return code; + } + + if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) { + krb5_free_cred_contents(ctx, &my_creds); + krb5_free_principal(ctx, me); + return code; + } + + if (expire_time) { + *expire_time = (time_t) my_creds.times.endtime; + } + + if (kdc_time) { + *kdc_time = (time_t) my_creds.times.starttime; + } + + krb5_free_cred_contents(ctx, &my_creds); + krb5_free_principal(ctx, me); + + return 0; +} + +/* + simulate a kinit, putting the tgt in the given credentials cache. + Orignally by remus@snapserver.com */ int kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, const char *principal, const char *password, |