1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00

s3-kerberos: remove smb_krb5_get_tkt_from_creds().

Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove
smb_krb5_get_tkt_from_creds() which is not required anymore.

Guenther
This commit is contained in:
Günther Deschner 2009-11-12 15:42:03 +01:00
parent 0f8bf47d94
commit 61f0b24763

View File

@ -335,46 +335,6 @@ struct PAC_LOGON_INFO *get_logon_info_from_pac(struct PAC_DATA *pac_data)
return NULL;
}
static krb5_error_code smb_krb5_get_tkt_from_creds(krb5_creds *creds,
DATA_BLOB *tkt)
{
krb5_error_code ret;
krb5_context context;
krb5_auth_context auth_context = NULL;
krb5_data inbuf, outbuf;
ret = krb5_init_context(&context);
if (ret) {
return ret;
}
ret = krb5_auth_con_init(context, &auth_context);
if (ret) {
goto done;
}
ZERO_STRUCT(inbuf);
ret = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY,
&inbuf, creds, &outbuf);
if (ret) {
goto done;
}
*tkt = data_blob(outbuf.data, outbuf.length);
done:
if (!context) {
return ret;
}
kerberos_free_data_contents(context, &outbuf);
if (auth_context) {
krb5_auth_con_free(context, auth_context);
}
krb5_free_context(context);
return ret;
}
/****************************************************************
****************************************************************/
@ -462,26 +422,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
(*expire_time == 0) && (*renew_till_time == 0)) {
return NT_STATUS_INVALID_LOGON_TYPE;
}
#if 1
ret = smb_krb5_get_creds(local_service,
time_offset,
cc,
impersonate_princ_s,
&creds);
if (ret) {
DEBUG(1,("failed to get credentials for %s: %s\n",
local_service, error_message(ret)));
status = krb5_to_nt_status(ret);
goto out;
}
ret = smb_krb5_get_tkt_from_creds(creds, &tkt);
if (ret) {
status = krb5_to_nt_status(ret);
goto out;
}
#else
ret = cli_krb5_get_ticket(local_service,
time_offset,
&tkt,
@ -493,10 +434,13 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
if (ret) {
DEBUG(1,("failed to get ticket for %s: %s\n",
local_service, error_message(ret)));
if (impersonate_princ_s) {
DEBUGADD(1,("tried S4U2SELF impersonation as: %s\n",
impersonate_princ_s));
}
status = krb5_to_nt_status(ret);
goto out;
}
#endif
status = ads_verify_ticket(mem_ctx,
lp_realm(),
time_offset,