setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
}
-/****************************************************************************
- Do a spnego/kerberos encrypted session setup.
-****************************************************************************/
-#if 0
-struct cli_session_setup_kerberos_state {
- struct cli_state *cli;
- DATA_BLOB negTokenTarg;
- DATA_BLOB session_key_krb5;
- ADS_STATUS ads_status;
-};
-
-static void cli_session_setup_kerberos_done(struct tevent_req *subreq);
-
-static struct tevent_req *cli_session_setup_kerberos_send(
- TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
- const char *principal)
-{
- struct tevent_req *req, *subreq;
- struct cli_session_setup_kerberos_state *state;
- int rc;
-
- DEBUG(2,("Doing kerberos session setup\n"));
-
- req = tevent_req_create(mem_ctx, &state,
- struct cli_session_setup_kerberos_state);
- if (req == NULL) {
- return NULL;
- }
- state->cli = cli;
- state->ads_status = ADS_SUCCESS;
-
- /*
- * Ok, this is cheating: spnego_gen_krb5_negTokenInit can block if
- * we have to acquire a ticket. To be fixed later :-)
- */
- rc = spnego_gen_krb5_negTokenInit(state, principal, 0, &state->negTokenTarg,
- &state->session_key_krb5, 0, NULL, NULL);
- if (rc) {
- NTSTATUS status;
-
- state->ads_status = ADS_ERROR_KRB5(rc);
- status = ads_ntstatus(state->ads_status);
- if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) {
- status = NT_STATUS_LOGON_FAILURE;
- state->ads_status = ADS_ERROR_NT(status);
- }
- DEBUG(1, ("cli_session_setup_kerberos: "
- "spnego_gen_krb5_negTokenInit failed: %s - %s\n",
- error_message(rc), nt_errstr(status)));
- tevent_req_nterror(req, status);
- return tevent_req_post(req, ev);
- }
-
-#if 0
- file_save("negTokenTarg.dat", state->negTokenTarg.data,
- state->negTokenTarg.length);
-#endif
-
- if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
- state->cli->smb2.session = smbXcli_session_create(cli,
- cli->conn);
- if (tevent_req_nomem(state->cli->smb2.session, req)) {
- return tevent_req_post(req, ev);
- }
- }
-
- subreq = cli_sesssetup_blob_send(state, ev, cli, state->negTokenTarg);
- if (tevent_req_nomem(subreq, req)) {
- return tevent_req_post(req, ev);
- }
- tevent_req_set_callback(subreq, cli_session_setup_kerberos_done, req);
- return req;
-}
-
-static void cli_session_setup_kerberos_done(struct tevent_req *subreq)
-{
- struct tevent_req *req = tevent_req_callback_data(
- subreq, struct tevent_req);
- struct cli_session_setup_kerberos_state *state = tevent_req_data(
- req, struct cli_session_setup_kerberos_state);
- uint8_t *inbuf = NULL;
- struct iovec *recv_iov = NULL;
- NTSTATUS status;
-
- status = cli_sesssetup_blob_recv(subreq, state,
- NULL, &inbuf, &recv_iov);
- TALLOC_FREE(subreq);
- if (!NT_STATUS_IS_OK(status)) {
- tevent_req_nterror(req, status);
- return;
- }
-
- if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
- struct smbXcli_session *session = state->cli->smb2.session;
- status = smb2cli_session_set_session_key(session,
- state->session_key_krb5,
- recv_iov);
- if (tevent_req_nterror(req, status)) {
- return;
- }
- } else {
- struct smbXcli_session *session = state->cli->smb1.session;
-
- status = smb1cli_session_set_session_key(session,
- state->session_key_krb5);
- if (tevent_req_nterror(req, status)) {
- return;
- }
-
- if (smb1cli_conn_activate_signing(state->cli->conn, state->session_key_krb5,
- data_blob_null)
- && !smb1cli_conn_check_signing(state->cli->conn, inbuf, 1)) {
- tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
- return;
- }
- }
-
- tevent_req_done(req);
-}
-
-static ADS_STATUS cli_session_setup_kerberos_recv(struct tevent_req *req)
-{
- struct cli_session_setup_kerberos_state *state = tevent_req_data(
- req, struct cli_session_setup_kerberos_state);
- NTSTATUS status;
-
- if (tevent_req_is_nterror(req, &status)) {
- ADS_STATUS ads = state->ads_status;
-
- if (!ADS_ERR_OK(state->ads_status)) {
- ads = state->ads_status;
- } else {
- ads = ADS_ERROR_NT(status);
- }
- tevent_req_received(req);
- return ads;
- }
- tevent_req_received(req);
- return ADS_SUCCESS;
-}
-#endif
#endif /* HAVE_KRB5 */
/****************************************************************************
git.samba.org / kai / samba-autobuild / .git / commitdiff