1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s4-kdc: Use mit_samba_reget_pac() in ks_verify_pac()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Andreas Schneider 2016-09-30 07:43:47 +02:00 committed by Andreas Schneider
parent 648388ad00
commit 0668c460b4

View File

@ -182,6 +182,8 @@ static krb5_error_code ks_verify_pac(krb5_context context,
unsigned int flags, unsigned int flags,
krb5_const_principal client_princ, krb5_const_principal client_princ,
krb5_db_entry *client, krb5_db_entry *client,
krb5_db_entry *server,
krb5_db_entry *krbtgt,
krb5_keyblock *server_key, krb5_keyblock *server_key,
krb5_keyblock *krbtgt_key, krb5_keyblock *krbtgt_key,
krb5_timestamp authtime, krb5_timestamp authtime,
@ -191,9 +193,7 @@ static krb5_error_code ks_verify_pac(krb5_context context,
struct mit_samba_context *mit_ctx; struct mit_samba_context *mit_ctx;
krb5_authdata **authdata = NULL; krb5_authdata **authdata = NULL;
krb5_pac ipac = NULL; krb5_pac ipac = NULL;
DATA_BLOB pac_data = { NULL, 0 };
DATA_BLOB logon_data = { NULL, 0 }; DATA_BLOB logon_data = { NULL, 0 };
krb5_data data;
krb5_error_code code; krb5_error_code code;
mit_ctx = ks_get_context(context); mit_ctx = ks_get_context(context);
@ -257,28 +257,23 @@ static krb5_error_code ks_verify_pac(krb5_context context,
} }
/* check and update PAC */ /* check and update PAC */
pac_data.data = authdata[0]->contents; code = krb5_pac_parse(context,
pac_data.length = authdata[0]->length; authdata[0]->contents,
authdata[0]->length,
code = mit_samba_update_pac_data(mit_ctx, pac);
client,
&pac_data,
&logon_data);
if (code != 0) { if (code != 0) {
goto done; goto done;
} }
code = krb5_pac_init(context, pac); code = mit_samba_reget_pac(mit_ctx,
if (code != 0) { context,
goto done; flags,
} client_princ,
client,
data = ks_make_data(logon_data.data, logon_data.length); server,
krbtgt,
code = krb5_pac_add_buffer(context, *pac, PAC_LOGON_INFO, &data); krbtgt_key,
if (code != 0) { pac);
goto done;
}
done: done:
krb5_free_authdata(context, authdata); krb5_free_authdata(context, authdata);
@ -326,9 +321,17 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
} }
if (!is_as_req) { if (!is_as_req) {
code = ks_verify_pac(context, flags, ks_client_princ, client, code = ks_verify_pac(context,
server_key, krbtgt_key, authtime, flags,
tgt_auth_data, &pac); ks_client_princ,
client,
server,
krbtgt,
server_key,
krbtgt_key,
authtime,
tgt_auth_data,
&pac);
if (code != 0) { if (code != 0) {
goto done; goto done;
} }
@ -350,6 +353,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
code = krb5_pac_sign(context, pac, authtime, ks_client_princ, code = krb5_pac_sign(context, pac, authtime, ks_client_princ,
server_key, krbtgt_key, &pac_data); server_key, krbtgt_key, &pac_data);
if (code != 0) { if (code != 0) {
DBG_ERR("krb5_pac_sign failed: %d\n", code);
goto done; goto done;
} }