mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s4-kdc: Use mit_samba_reget_pac() in ks_verify_pac()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
648388ad00
commit
0668c460b4
@ -182,6 +182,8 @@ static krb5_error_code ks_verify_pac(krb5_context context,
|
|||||||
unsigned int flags,
|
unsigned int flags,
|
||||||
krb5_const_principal client_princ,
|
krb5_const_principal client_princ,
|
||||||
krb5_db_entry *client,
|
krb5_db_entry *client,
|
||||||
|
krb5_db_entry *server,
|
||||||
|
krb5_db_entry *krbtgt,
|
||||||
krb5_keyblock *server_key,
|
krb5_keyblock *server_key,
|
||||||
krb5_keyblock *krbtgt_key,
|
krb5_keyblock *krbtgt_key,
|
||||||
krb5_timestamp authtime,
|
krb5_timestamp authtime,
|
||||||
@ -191,9 +193,7 @@ static krb5_error_code ks_verify_pac(krb5_context context,
|
|||||||
struct mit_samba_context *mit_ctx;
|
struct mit_samba_context *mit_ctx;
|
||||||
krb5_authdata **authdata = NULL;
|
krb5_authdata **authdata = NULL;
|
||||||
krb5_pac ipac = NULL;
|
krb5_pac ipac = NULL;
|
||||||
DATA_BLOB pac_data = { NULL, 0 };
|
|
||||||
DATA_BLOB logon_data = { NULL, 0 };
|
DATA_BLOB logon_data = { NULL, 0 };
|
||||||
krb5_data data;
|
|
||||||
krb5_error_code code;
|
krb5_error_code code;
|
||||||
|
|
||||||
mit_ctx = ks_get_context(context);
|
mit_ctx = ks_get_context(context);
|
||||||
@ -257,28 +257,23 @@ static krb5_error_code ks_verify_pac(krb5_context context,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* check and update PAC */
|
/* check and update PAC */
|
||||||
pac_data.data = authdata[0]->contents;
|
code = krb5_pac_parse(context,
|
||||||
pac_data.length = authdata[0]->length;
|
authdata[0]->contents,
|
||||||
|
authdata[0]->length,
|
||||||
code = mit_samba_update_pac_data(mit_ctx,
|
pac);
|
||||||
client,
|
|
||||||
&pac_data,
|
|
||||||
&logon_data);
|
|
||||||
if (code != 0) {
|
if (code != 0) {
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
code = krb5_pac_init(context, pac);
|
code = mit_samba_reget_pac(mit_ctx,
|
||||||
if (code != 0) {
|
context,
|
||||||
goto done;
|
flags,
|
||||||
}
|
client_princ,
|
||||||
|
client,
|
||||||
data = ks_make_data(logon_data.data, logon_data.length);
|
server,
|
||||||
|
krbtgt,
|
||||||
code = krb5_pac_add_buffer(context, *pac, PAC_LOGON_INFO, &data);
|
krbtgt_key,
|
||||||
if (code != 0) {
|
pac);
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
done:
|
done:
|
||||||
krb5_free_authdata(context, authdata);
|
krb5_free_authdata(context, authdata);
|
||||||
@ -326,9 +321,17 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!is_as_req) {
|
if (!is_as_req) {
|
||||||
code = ks_verify_pac(context, flags, ks_client_princ, client,
|
code = ks_verify_pac(context,
|
||||||
server_key, krbtgt_key, authtime,
|
flags,
|
||||||
tgt_auth_data, &pac);
|
ks_client_princ,
|
||||||
|
client,
|
||||||
|
server,
|
||||||
|
krbtgt,
|
||||||
|
server_key,
|
||||||
|
krbtgt_key,
|
||||||
|
authtime,
|
||||||
|
tgt_auth_data,
|
||||||
|
&pac);
|
||||||
if (code != 0) {
|
if (code != 0) {
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@ -350,6 +353,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
|
|||||||
code = krb5_pac_sign(context, pac, authtime, ks_client_princ,
|
code = krb5_pac_sign(context, pac, authtime, ks_client_princ,
|
||||||
server_key, krbtgt_key, &pac_data);
|
server_key, krbtgt_key, &pac_data);
|
||||||
if (code != 0) {
|
if (code != 0) {
|
||||||
|
DBG_ERR("krb5_pac_sign failed: %d\n", code);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user