return 0;
}
+int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
+ krb5_context context,
+ krb5_db_entry *client,
+ krb5_keyblock *client_key,
+ krb5_pac *pac)
+{
+ TALLOC_CTX *tmp_ctx;
+ DATA_BLOB *logon_info_blob = NULL;
+ DATA_BLOB *upn_dns_info_blob = NULL;
+ DATA_BLOB *cred_ndr = NULL;
+ DATA_BLOB **cred_ndr_ptr = NULL;
+ DATA_BLOB cred_blob = data_blob_null;
+ DATA_BLOB *pcred_blob = NULL;
+ NTSTATUS nt_status;
+ krb5_error_code code;
+ struct samba_kdc_entry *skdc_entry;
+
+ skdc_entry = talloc_get_type_abort(client->e_data,
+ struct samba_kdc_entry);
+
+ tmp_ctx = talloc_named(smb_ctx,
+ 0,
+ "mit_samba_get_pac_data_blobs context");
+ if (tmp_ctx == NULL) {
+ return ENOMEM;
+ }
+
+#if 0 /* TODO Find out if this is a pkinit_reply key */
+ /* Check if we have a PREAUTH key */
+ if (client_key != NULL) {
+ cred_ndr_ptr = &cred_ndr;
+ }
+#endif
+
+ nt_status = samba_kdc_get_pac_blobs(tmp_ctx,
+ skdc_entry,
+ &logon_info_blob,
+ cred_ndr_ptr,
+ &upn_dns_info_blob);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(tmp_ctx);
+ return EINVAL;
+ }
+
+ if (cred_ndr != NULL) {
+ code = samba_kdc_encrypt_pac_credentials(context,
+ client_key,
+ cred_ndr,
+ tmp_ctx,
+ &cred_blob);
+ if (code != 0) {
+ talloc_free(tmp_ctx);
+ return code;
+ }
+ pcred_blob = &cred_blob;
+ }
+
+ code = samba_make_krb5_pac(context,
+ logon_info_blob,
+ pcred_blob,
+ upn_dns_info_blob,
+ NULL,
+ pac);
+
+ talloc_free(tmp_ctx);
+ return code;
+}
+
int mit_samba_update_pac_data(struct mit_samba_context *ctx,
krb5_db_entry *client,
DATA_BLOB *pac_data,