3 #include "system/kerberos.h"
4 #include "auth/kerberos/kerberos.h"
5 #include "gensec_krb5.h"
7 static krb5_error_code
smb_krb5_get_longterm_key(krb5_context context
,
8 krb5_const_principal server
,
12 krb5_keyblock
**keyblock_out
)
14 krb5_error_code code
= EINVAL
;
16 krb5_keytab_entry kt_entry
;
18 code
= krb5_kt_get_entry(context
,
28 code
= krb5_copy_keyblock(context
,
31 krb5_free_keytab_entry_contents(context
, &kt_entry
);
36 krb5_error_code
smb_krb5_rd_req_decoded(krb5_context context
,
37 krb5_auth_context
*auth_context
,
38 const krb5_data
*request
,
40 krb5_principal acceptor_principal
,
42 krb5_ticket
**pticket
,
43 krb5_keyblock
**pkeyblock
)
46 krb5_flags ap_req_options
= 0;
47 krb5_ticket
*ticket
= NULL
;
48 krb5_keyblock
*keyblock
= NULL
;
55 code
= krb5_rd_req(context
,
63 DBG_ERR("krb5_rd_req failed: %s\n",
69 * Get the long term key from the keytab to be able to verify the PAC
72 * FIXME: Use ticket->enc_part.kvno ???
73 * Getting the latest kvno with passing 0 fixes:
74 * make -j test TESTS="samba4.winbind.pac.ad_member"
76 code
= smb_krb5_get_longterm_key(context
,
79 ticket
->enc_part
.enctype
,
83 DBG_ERR("smb_krb5_get_longterm_key failed: %s\n",
85 krb5_free_ticket(context
, ticket
);
90 code
= krb5_mk_rep(context
, *auth_context
, reply
);
92 DBG_ERR("krb5_mk_rep failed: %s\n",
94 krb5_free_ticket(context
, ticket
);
95 krb5_free_keyblock(context
, keyblock
);
99 *pkeyblock
= keyblock
;