2005-06-29 17:55:09 +04:00
/*
Unix SMB / CIFS implementation .
PAC Glue between Samba and the KDC
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2005
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
# include "kdc/kdc.h"
2005-06-30 12:26:58 +04:00
# include "kdc/pac-glue.h" /* Ensure we don't get this prototype wrong, as that could be painful */
2005-06-29 17:55:09 +04:00
krb5_error_code samba_get_pac ( krb5_context context ,
2005-08-26 15:52:35 +04:00
struct krb5_kdc_configuration * config ,
krb5_principal client ,
krb5_keyblock * krbtgt_keyblock ,
krb5_keyblock * server_keyblock ,
time_t tgs_authtime ,
krb5_data * pac )
2005-06-29 17:55:09 +04:00
{
krb5_error_code ret ;
NTSTATUS nt_status ;
struct auth_serversupplied_info * server_info ;
char * username , * p ;
const char * realm ;
2005-07-04 06:36:16 +04:00
DATA_BLOB tmp_blob ;
2005-06-29 17:55:09 +04:00
TALLOC_CTX * mem_ctx = talloc_named ( config , 0 , " samba_get_pac context " ) ;
if ( ! mem_ctx ) {
return ENOMEM ;
}
ret = krb5_unparse_name ( context , client , & username ) ;
if ( ret ! = 0 ) {
krb5_set_error_string ( context , " get pac: could not parse principal " ) ;
krb5_warnx ( context , " get pac: could not parse principal " ) ;
talloc_free ( mem_ctx ) ;
return ret ;
}
/* parse the principal name */
realm = krb5_principal_get_realm ( context , client ) ;
username = talloc_strdup ( mem_ctx , username ) ;
p = strchr ( username , ' @ ' ) ;
if ( p ) {
p [ 0 ] = ' \0 ' ;
}
nt_status = sam_get_server_info ( mem_ctx , username , realm ,
data_blob ( NULL , 0 ) , data_blob ( NULL , 0 ) ,
& server_info ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
DEBUG ( 0 , ( " Getting user info for PAC failed: %s \n " ,
nt_errstr ( nt_status ) ) ) ;
return EINVAL ;
}
2005-08-05 04:41:53 +04:00
ret = kerberos_create_pac ( mem_ctx , server_info ,
2005-06-29 17:55:09 +04:00
context ,
2005-06-30 05:04:51 +04:00
krbtgt_keyblock ,
server_keyblock ,
2005-08-26 15:52:35 +04:00
tgs_authtime ,
2005-07-04 06:36:16 +04:00
& tmp_blob ) ;
2005-06-29 17:55:09 +04:00
2005-07-04 06:36:16 +04:00
if ( ret ) {
DEBUG ( 1 , ( " PAC encoding failed: %s \n " ,
smb_get_krb5_error_message ( context , ret , mem_ctx ) ) ) ;
talloc_free ( mem_ctx ) ;
return ret ;
}
ret = krb5_data_copy ( pac , tmp_blob . data , tmp_blob . length ) ;
2005-06-29 17:55:09 +04:00
talloc_free ( mem_ctx ) ;
return ret ;
}