s4-auth-krb: Remove dependency on credentials too.
[kai/samba-autobuild/.git] / auth / credentials / credentials_krb5.c
index 1e5600c2b1549307544d5263ab8d07a7a66da75b..74dbb0a5d8c8f44c6b59e5c1248562e9fd585217 100644 (file)
 #include "auth/credentials/credentials_proto.h"
 #include "auth/credentials/credentials_krb5.h"
 #include "auth/kerberos/kerberos_credentials.h"
+#include "auth/kerberos/kerberos_srv_keytab.h"
 #include "auth/kerberos/kerberos_util.h"
 #include "param/param.h"
 
+static void cli_credentials_invalidate_client_gss_creds(
+                                       struct cli_credentials *cred,
+                                       enum credentials_obtained obtained);
+
 _PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred, 
                                     struct loadparm_context *lp_ctx,
                                     struct smb_krb5_context **smb_krb5_context) 
@@ -483,9 +488,9 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
                                         &ccache, error_string);
        if (ret) {
                if (cli_credentials_get_kerberos_state(cred) == CRED_MUST_USE_KERBEROS) {
-                       DEBUG(1, ("Failed to get kerberos credentials (kerberos required): %s\n", error_message(ret)));
+                       DEBUG(1, ("Failed to get kerberos credentials (kerberos required): %s\n", *error_string));
                } else {
-                       DEBUG(4, ("Failed to get kerberos credentials: %s\n", error_message(ret)));
+                       DEBUG(4, ("Failed to get kerberos credentials: %s\n", *error_string));
                }
                return ret;
        }
@@ -660,6 +665,8 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
        krb5_error_code ret;
        struct keytab_container *ktc;
        struct smb_krb5_context *smb_krb5_context;
+       const char *keytab_name;
+       krb5_keytab keytab;
        TALLOC_CTX *mem_ctx;
 
        if (cred->keytab_obtained >= (MAX(cred->principal_obtained, 
@@ -683,8 +690,19 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
                return ENOMEM;
        }
 
-       ret = smb_krb5_create_memory_keytab(mem_ctx, cred, 
-                                           smb_krb5_context, &ktc);
+       ret = smb_krb5_create_memory_keytab(mem_ctx, smb_krb5_context,
+                                       cli_credentials_get_password(cred),
+                                       cli_credentials_get_username(cred),
+                                       cli_credentials_get_realm(cred),
+                                       cli_credentials_get_kvno(cred),
+                                       &keytab, &keytab_name);
+       if (ret) {
+               talloc_free(mem_ctx);
+               return ret;
+       }
+
+       ret = smb_krb5_get_keytab_container(mem_ctx, smb_krb5_context,
+                                           keytab, keytab_name, &ktc);
        if (ret) {
                talloc_free(mem_ctx);
                return ret;
@@ -728,7 +746,7 @@ _PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
        }
 
        ret = smb_krb5_get_keytab_container(mem_ctx, smb_krb5_context,
-                                           keytab_name, &ktc);
+                                           NULL, keytab_name, &ktc);
        if (ret) {
                return ret;
        }