talloc_free(tmp_ctx);
return nt_status;
}
-
-int kdc_check_pac(krb5_context context,
- DATA_BLOB srv_sig,
- struct PAC_SIGNATURE_DATA *kdc_sig,
- hdb_entry_ex *ent)
-{
- krb5_enctype etype;
- int ret;
- krb5_keyblock keyblock;
- Key *key;
- if (kdc_sig->type == CKSUMTYPE_HMAC_MD5) {
- etype = ENCTYPE_ARCFOUR_HMAC;
- } else {
- ret = krb5_cksumtype_to_enctype(context,
- kdc_sig->type,
- &etype);
- if (ret != 0) {
- return ret;
- }
- }
-
-#if HDB_ENCTYPE2KEY_TAKES_KEYSET
- ret = hdb_enctype2key(context, &ent->entry, NULL, etype, &key);
-#else
- ret = hdb_enctype2key(context, &ent->entry, etype, &key);
-#endif
-
- if (ret != 0) {
- return ret;
- }
-
- keyblock = key->key;
-
- return check_pac_checksum(srv_sig, kdc_sig,
- context, &keyblock);
-}
-
-
-