{
DATA_BLOB blob2, negTokenTarg;
+ d_printf("Doing kerberos session setup\n");
+
/* generate the encapsulated kerberos5 ticket */
negTokenTarg = spnego_gen_negTokenTarg(cli, principle);
int i;
BOOL got_kerberos_mechanism = False;
+ d_printf("Doing spnego session setup\n");
+
/* the server might not even do spnego */
if (cli->secblob.length == 16) {
DEBUG(3,("server didn't supply a full spnego negprot\n"));
static krb5_error_code krb5_mk_req2(krb5_context context,
krb5_auth_context *auth_context,
const krb5_flags ap_req_options,
- const char *service,
- const char *realm,
+ const char *principle,
krb5_ccache ccache,
krb5_data *outbuf)
{
krb5_creds creds;
krb5_data in_data;
- retval = krb5_build_principal(context, &server, strlen(realm),
- realm, service, NULL);
+ retval = krb5_parse_name(context, principle, &server);
if (retval) {
- DEBUG(1,("Failed to build principle for %s@%s\n", service, realm));
+ DEBUG(1,("Failed to parse principle %s\n", principle));
return retval;
}
/*
get a kerberos5 ticket for the given service
*/
-DATA_BLOB krb5_get_ticket(char *service, char *realm)
+DATA_BLOB krb5_get_ticket(char *principle)
{
krb5_error_code retval;
krb5_data packet;
if ((retval = krb5_mk_req2(context,
&auth_context,
0,
- service, realm,
+ principle,
ccdef, &packet))) {
goto failed;
}
*/
DATA_BLOB spnego_gen_negTokenTarg(struct cli_state *cli, char *principle)
{
- char *p;
- fstring service;
- char *realm;
DATA_BLOB tkt, tkt_wrapped, targ;
const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_NTLMSSP, NULL};
- fstrcpy(service, principle);
- p = strchr_m(service, '@');
- if (!p) {
- DEBUG(1,("Malformed principle [%s] in spnego_gen_negTokenTarg\n",
- principle));
- return data_blob(NULL, 0);
- }
- *p = 0;
- realm = p+1;
-
/* get a kerberos ticket for the service */
- tkt = krb5_get_ticket(service, realm);
+ tkt = krb5_get_ticket(principle);
/* wrap that up in a nice GSS-API wrapping */
tkt_wrapped = spnego_gen_krb5_wrap(tkt);
git.samba.org / samba.git / commitdiff