#if defined(HAVE_KRB5)
+#include "system/kerberos.h"
#include "auth/kerberos/krb5_init_context.h"
#include "librpc/gen_ndr/krb5pac.h"
-#include "libcli/auth/krb5_wrap.h"
+#include "lib/krb5_wrap/krb5_samba.h"
+#include "lib/krb5_wrap/gss_samba.h"
struct auth_user_info_dc;
struct cli_credentials;
struct keytab_container {
struct smb_krb5_context *smb_krb5_context;
krb5_keytab keytab;
-};
-
-struct principal_container {
- struct smb_krb5_context *smb_krb5_context;
- krb5_principal principal;
- const char *string_form; /* Optional */
+ bool password_based;
};
/* not really ASN.1, but RFC 1964 */
#define TOK_ID_GSS_GETMIC ((const uint8_t *)"\x01\x01")
#define TOK_ID_GSS_WRAP ((const uint8_t *)"\x02\x01")
-#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE
-#define KRB5_KEY_TYPE(k) ((k)->keytype)
-#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
-#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
-#else
-#define KRB5_KEY_TYPE(k) ((k)->enctype)
-#define KRB5_KEY_LENGTH(k) ((k)->length)
-#define KRB5_KEY_DATA(k) ((k)->contents)
-#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
-
#define ENC_ALL_TYPES (ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5 | \
ENC_HMAC_SHA1_96_AES128 | ENC_HMAC_SHA1_96_AES256)
#endif
/* Samba wrapper function for krb5 functionality. */
-krb5_error_code kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc,
- krb5_principal principal, const char *password,
- krb5_principal impersonate_principal,
- const char *self_service,
- const char *target_service,
- krb5_get_init_creds_opt *krb_options,
- time_t *expire_time, time_t *kdc_time);
-krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc,
- krb5_principal principal, krb5_keyblock *keyblock,
- const char *target_service,
- krb5_get_init_creds_opt *krb_options,
- time_t *expire_time, time_t *kdc_time);
-NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
- DATA_BLOB blob,
- krb5_context context,
- const krb5_keyblock *krbtgt_keyblock,
- const krb5_keyblock *service_keyblock,
- krb5_const_principal client_principal,
- time_t tgs_authtime,
- struct PAC_LOGON_INFO **logon_info);
krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
struct PAC_DATA *pac_data,
krb5_context context,
krb5_principal client_principal,
time_t tgs_authtime,
DATA_BLOB *pac);
-struct loadparm_context;
-struct ldb_message;
-struct ldb_context;
-uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum);
-krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
- struct smb_krb5_context *smb_krb5_context,
- struct ldb_context *ldb,
- struct ldb_message *msg,
- bool delete_all_kvno,
- const char **error_string);
#include "auth/kerberos/proto.h"