bool request_pac,
bool add_netbios_addr,
time_t renewable_time,
+ const char *impersonate_princ_s,
struct PAC_DATA **pac_ret);
NTSTATUS kerberos_return_info3_from_pac(TALLOC_CTX *mem_ctx,
const char *name,
bool request_pac,
bool add_netbios_addr,
time_t renewable_time,
+ const char *impersonate_princ_s,
struct netr_SamInfo3 **info3);
/* The following definitions come from libads/cldap.c */
bool request_pac,
bool add_netbios_addr,
time_t renewable_time,
+ const char *impersonate_princ_s,
struct PAC_DATA **pac_ret)
{
krb5_error_code ret;
const char *auth_princ = NULL;
const char *local_service = NULL;
const char *cc = "MEMORY:kerberos_return_pac";
+ krb5_creds *creds = NULL;
ZERO_STRUCT(tkt);
ZERO_STRUCT(ap_rep);
(*expire_time == 0) && (*renew_till_time == 0)) {
return NT_STATUS_INVALID_LOGON_TYPE;
}
+#if 1
+ ret = smb_krb5_get_creds(local_service,
+ time_offset,
+ cc,
+ impersonate_princ_s,
+ &creds);
+ if (ret) {
+ DEBUG(1,("failed to get credentials for %s: %s\n",
+ local_service, error_message(ret)));
+ status = krb5_to_nt_status(ret);
+ goto out;
+ }
+ ret = smb_krb5_get_tkt_from_creds(creds, &tkt);
+ if (ret) {
+ status = krb5_to_nt_status(ret);
+ goto out;
+ }
+#else
ret = cli_krb5_get_ticket(local_service,
time_offset,
&tkt,
status = krb5_to_nt_status(ret);
goto out;
}
-
+#endif
status = ads_verify_ticket(mem_ctx,
lp_realm(),
time_offset,
bool request_pac,
bool add_netbios_addr,
time_t renewable_time,
+ const char *impersonate_princ_s,
struct PAC_LOGON_INFO **logon_info)
{
NTSTATUS status;
request_pac,
add_netbios_addr,
renewable_time,
+ impersonate_princ_s,
&pac_data);
if (!NT_STATUS_IS_OK(status)) {
return status;
bool request_pac,
bool add_netbios_addr,
time_t renewable_time,
+ const char *impersonate_princ_s,
struct netr_SamInfo3 **info3)
{
NTSTATUS status;
request_pac,
add_netbios_addr,
renewable_time,
+ impersonate_princ_s,
&logon_info);
if (!NT_STATUS_IS_OK(status)) {
return status;