From: Günther Deschner <gd@samba.org>
Date: Mon, 13 Oct 2008 15:29:22 +0000 (+0200)
Subject: s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.
X-Git-Tag: tdb-1.2.0~309
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=60bf0eb60788a5d4dc5de24997c5efda64f2bd73;p=samba.git

s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.

Guenther
---

diff --git a/client/cifs.upcall.c b/client/cifs.upcall.c
index bf6a861544c..97c6ae022d4 100644
--- a/client/cifs.upcall.c
+++ b/client/cifs.upcall.c
@@ -221,7 +221,7 @@ handle_krb5_mech(const char *oid, const char *principal, DATA_BLOB *secblob,
 
 	/* get a kerberos ticket for the service and extract the session key */
 	retval = cli_krb5_get_ticket(principal, 0, &tkt, sess_key, 0, ccname,
-				     NULL);
+				     NULL, NULL);
 
 	if (retval) {
 		syslog(LOG_DEBUG, "%s: failed to obtain service ticket (%d)",
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 559bc3dc184..4ffad61c07a 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -1035,8 +1035,11 @@ krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
 bool smb_krb5_principal_compare_any_realm(krb5_context context, 
 					  krb5_const_principal princ1, 
 					  krb5_const_principal princ2);
-int cli_krb5_get_ticket(const char *principal, time_t time_offset, 
-			DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, const char *ccname, time_t *tgs_expire);
+int cli_krb5_get_ticket(const char *principal, time_t time_offset,
+			DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
+			uint32 extra_ap_opts, const char *ccname,
+			time_t *tgs_expire,
+			const char *impersonate_princ_s);
 krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time);
 krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code);
 krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr);
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 1778853ca92..a37690c5523 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -826,7 +826,8 @@ cleanup_princ:
 int cli_krb5_get_ticket(const char *principal, time_t time_offset, 
 			DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, 
 			uint32 extra_ap_opts, const char *ccname, 
-			time_t *tgs_expire)
+			time_t *tgs_expire,
+			const char *impersonate_princ_s)
 
 {
 	krb5_error_code retval;
@@ -2237,7 +2238,8 @@ krb5_error_code smb_krb5_get_creds(const char *server_s,
  /* this saves a few linking headaches */
  int cli_krb5_get_ticket(const char *principal, time_t time_offset, 
 			DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts,
-			const char *ccname, time_t *tgs_expire) 
+			const char *ccname, time_t *tgs_expire,
+			const char *impersonate_princ_s)
 {
 	 DEBUG(0,("NO KERBEROS SUPPORT\n"));
 	 return 1;
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index e20749b3e8a..3789fbf6b8e 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -389,7 +389,7 @@ int spnego_gen_negTokenTarg(const char *principal, int time_offset,
 	/* get a kerberos ticket for the service and extract the session key */
 	retval = cli_krb5_get_ticket(principal, time_offset,
 					&tkt, session_key_krb5, extra_ap_opts, NULL, 
-					expire_time);
+					expire_time, NULL);
 
 	if (retval)
 		return retval;
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index e150059bcc3..c6498701eb2 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1502,7 +1502,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
 	/* Create the ticket for the service principal and return it in a gss-api wrapped blob. */
 
 	ret = cli_krb5_get_ticket(a->service_principal, 0, &tkt,
-			&a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL, NULL);
+			&a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, NULL);
 
 	if (ret) {
 		DEBUG(1,("create_krb5_auth_bind_req: cli_krb5_get_ticket for principal %s "
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 3bdc45a6ef7..2a7e18cfac2 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1572,7 +1572,7 @@ static bool manage_client_krb5_init(struct spnego_data spnego)
 	       spnego.negTokenInit.mechListMIC.length);
 	principal[spnego.negTokenInit.mechListMIC.length] = '\0';
 
-	retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL);
+	retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL, NULL);
 
 	if (retval) {
 		char *user = NULL;
@@ -1596,7 +1596,7 @@ static bool manage_client_krb5_init(struct spnego_data spnego)
 			return False;
 		}
 
-		retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL);
+		retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL, NULL);
 
 		if (retval) {
 			DEBUG(10, ("Kinit suceeded, but getting a ticket failed: %s\n", error_message(retval)));