#include "nsswitch/libwbclient/wbclient.h"
#endif
#include "librpc/crypto/gse.h"
+#include "librpc/crypto/gse_krb5.h"
#include "auth/credentials/credentials.h"
+#include "../source4/auth/kerberos/krb5_init_context.h"
#include "lib/param/loadparm.h"
#include "librpc/gen_ndr/dcerpc.h"
server_credentials = cli_credentials_init_anon(tmp_ctx);
if (!server_credentials) {
DEBUG(0, ("auth_generic_prepare: Failed to init server credentials\n"));
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
cli_credentials_set_conf(server_credentials, lp_ctx);
if (lp_security() == SEC_ADS || USE_KERBEROS_KEYTAB) {
+ struct smb_krb5_context *smb_k5ctx = NULL;
+ char *keytab_name = NULL;
+ krb5_error_code k5ret;
+ krb5_keytab k5keytab = NULL;
+
+ keytab_name = talloc_asprintf(server_credentials,
+ "MEMORY:auth_generic_prepare_%u_%p",
+ (unsigned int)getpid(),
+ server_credentials);
+ if (keytab_name == NULL) {
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ k5ret = cli_credentials_get_krb5_context(server_credentials,
+ lp_ctx,
+ &smb_k5ctx);
+ nt_status = krb5_to_nt_status(k5ret);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(tmp_ctx);
+ return nt_status;
+ }
+
+ k5ret = gse_krb5_create_server_keytab(smb_k5ctx->krb5_context,
+ keytab_name,
+ &k5keytab);
+ nt_status = krb5_to_nt_status(k5ret);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(tmp_ctx);
+ return nt_status;
+ }
+
+ k5ret = cli_credentials_set_keytab_name(server_credentials,
+ lp_ctx,
+ keytab_name,
+ CRED_SPECIFIED);
+ krb5_kt_close(smb_k5ctx->krb5_context, k5keytab);
+ nt_status = krb5_to_nt_status(k5ret);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(tmp_ctx);
+ return nt_status;
+ }
+
cli_credentials_set_kerberos_state(server_credentials, CRED_AUTO_USE_KERBEROS);
} else {
cli_credentials_set_kerberos_state(server_credentials, CRED_DONT_USE_KERBEROS);