/* perform a LDAP/SASL/SPNEGO/KRB5 bind */ static ADS_STATUS ads_sasl_spnego_rawkrb5_bind(ADS_STRUCT *ads, const char *principal) { DATA_BLOB blob = data_blob_null; struct berval cred, *scred = NULL; DATA_BLOB session_key = data_blob_null; int rc; if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) { return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED); } rc = spnego_gen_krb5_negTokenInit(talloc_tos(), principal, ads->auth.time_offset, &blob, &session_key, 0, ads->auth.ccache_name, &ads->auth.tgs_expire); if (rc) { return ADS_ERROR_KRB5(rc); } /* now send the auth packet and we should be done */ cred.bv_val = (char *)blob.data; cred.bv_len = blob.length; rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred); data_blob_free(&blob); data_blob_free(&session_key); if(scred) ber_bvfree(scred); return ADS_ERROR(rc); }
/* * @Description: send kerberos token. * @Param: principal * @return: * */ void cli_session_setup_kerberos_send(){ /*generate kerberos spnego token*/ spnego_gen_krb5_negTokenInit(); /*send data blob*/ // cli_sesssetup_blob_send(); // // /* */ // cli_session_setup_kerberos_done(); }