/*
perform a LDAP/SASL/SPNEGO/KRB5 bind
*/
static ADS_STATUS ads_sasl_spnego_rawkrb5_bind(ADS_STRUCT *ads, const char *principal)
{
DATA_BLOB blob = data_blob_null;
struct berval cred, *scred = NULL;
DATA_BLOB session_key = data_blob_null;
int rc;
if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
}
rc = spnego_gen_krb5_negTokenInit(talloc_tos(), principal,
ads->auth.time_offset, &blob, &session_key, 0,
ads->auth.ccache_name,
&ads->auth.tgs_expire);
if (rc) {
return ADS_ERROR_KRB5(rc);
}
/* now send the auth packet and we should be done */
cred.bv_val = (char *)blob.data;
cred.bv_len = blob.length;
rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
data_blob_free(&blob);
data_blob_free(&session_key);
if(scred)
ber_bvfree(scred);
return ADS_ERROR(rc);
}
/*
* @Description: send kerberos token.
* @Param: principal
* @return:
* */
void cli_session_setup_kerberos_send(){
/*generate kerberos spnego token*/
spnego_gen_krb5_negTokenInit();
/*send data blob*/
// cli_sesssetup_blob_send();
//
// /* */
// cli_session_setup_kerberos_done();
}
