s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.

Guenther

diff --git a/client/cifs.upcall.c b/client/cifs.upcall.c
index bf6a861544c80b01c8c1ac904bfe54ff3f3d70c2..97c6ae022d4abad912dc56fcdadf27702032abc2 100644 (file)
--- a/client/cifs.upcall.c
+++ b/client/cifs.upcall.c
@@ -221,7 +221,7 @@ handle_krb5_mech(const char *oid, const char *principal, DATA_BLOB *secblob,
 
        /* get a kerberos ticket for the service and extract the session key */
        retval = cli_krb5_get_ticket(principal, 0, &tkt, sess_key, 0, ccname,
-                                    NULL);
+                                    NULL, NULL);
 
        if (retval) {
                syslog(LOG_DEBUG, "%s: failed to obtain service ticket (%d)",

diff --git a/source3/include/includes.h b/source3/include/includes.h
index 559bc3dc184241c2ce87c1c226df598e9aed488a..4ffad61c07a41e9259f5a80215ad9206986b9ace 100644 (file)
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -1035,8 +1035,11 @@ krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
 bool smb_krb5_principal_compare_any_realm(krb5_context context, 
                                          krb5_const_principal princ1, 
                                          krb5_const_principal princ2);
-int cli_krb5_get_ticket(const char *principal, time_t time_offset, 
-                       DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, const char *ccname, time_t *tgs_expire);
+int cli_krb5_get_ticket(const char *principal, time_t time_offset,
+                       DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
+                       uint32 extra_ap_opts, const char *ccname,
+                       time_t *tgs_expire,
+                       const char *impersonate_princ_s);
 krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time);
 krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code);
 krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr);

diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 1778853ca92c52ed7bdef8ef39eeb3d8e8118003..a37690c5523431374ce16e19ced6e147695c8de2 100644 (file)
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -826,7 +826,8 @@ cleanup_princ:
 int cli_krb5_get_ticket(const char *principal, time_t time_offset, 
                        DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, 
                        uint32 extra_ap_opts, const char *ccname, 
-                       time_t *tgs_expire)
+                       time_t *tgs_expire,
+                       const char *impersonate_princ_s)
 
 {
        krb5_error_code retval;
@@ -2237,7 +2238,8 @@ krb5_error_code smb_krb5_get_creds(const char *server_s,
  /* this saves a few linking headaches */
  int cli_krb5_get_ticket(const char *principal, time_t time_offset, 
                        DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts,
-                       const char *ccname, time_t *tgs_expire) 
+                       const char *ccname, time_t *tgs_expire,
+                       const char *impersonate_princ_s)
 {
         DEBUG(0,("NO KERBEROS SUPPORT\n"));
         return 1;

diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index e20749b3e8af57e4263409f67120d20b68bd6197..3789fbf6b8e0d6fd5c870f2ac24609622d349534 100644 (file)
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -389,7 +389,7 @@ int spnego_gen_negTokenTarg(const char *principal, int time_offset,
        /* get a kerberos ticket for the service and extract the session key */
        retval = cli_krb5_get_ticket(principal, time_offset,
                                        &tkt, session_key_krb5, extra_ap_opts, NULL, 
-                                       expire_time);
+                                       expire_time, NULL);
 
        if (retval)
                return retval;

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index e150059bcc36bce1464b20d724fd2ecdf90afd8f..c6498701eb28cffcf7e671b09bc55a3f329ed514 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1502,7 +1502,7 @@ static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
        /* Create the ticket for the service principal and return it in a gss-api wrapped blob. */
 
        ret = cli_krb5_get_ticket(a->service_principal, 0, &tkt,
-                       &a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL, NULL);
+                       &a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, NULL);
 
        if (ret) {
                DEBUG(1,("create_krb5_auth_bind_req: cli_krb5_get_ticket for principal %s "

diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 3bdc45a6ef7f092c85173414715d5fe1d952f3ab..2a7e18cfac2f8efb781dc24ce40e48953223835e 100644 (file)
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1572,7 +1572,7 @@ static bool manage_client_krb5_init(struct spnego_data spnego)
               spnego.negTokenInit.mechListMIC.length);
        principal[spnego.negTokenInit.mechListMIC.length] = '\0';
 
-       retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL);
+       retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL, NULL);
 
        if (retval) {
                char *user = NULL;
@@ -1596,7 +1596,7 @@ static bool manage_client_krb5_init(struct spnego_data spnego)
                        return False;
                }
 
-               retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL);
+               retval = cli_krb5_get_ticket(principal, 0, &tkt, &session_key_krb5, 0, NULL, NULL, NULL);
 
                if (retval) {
                        DEBUG(10, ("Kinit suceeded, but getting a ticket failed: %s\n", error_message(retval)));