Пример #1
0
/* 
   perform a LDAP/SASL/SPNEGO/KRB5 bind
*/
static ADS_STATUS ads_sasl_spnego_rawkrb5_bind(ADS_STRUCT *ads, const char *principal)
{
	DATA_BLOB blob = data_blob_null;
	struct berval cred, *scred = NULL;
	DATA_BLOB session_key = data_blob_null;
	int rc;

	if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
		return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
	}

	rc = spnego_gen_krb5_negTokenInit(talloc_tos(), principal,
				     ads->auth.time_offset, &blob, &session_key, 0,
				     ads->auth.ccache_name,
				     &ads->auth.tgs_expire);

	if (rc) {
		return ADS_ERROR_KRB5(rc);
	}

	/* now send the auth packet and we should be done */
	cred.bv_val = (char *)blob.data;
	cred.bv_len = blob.length;

	rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);

	data_blob_free(&blob);
	data_blob_free(&session_key);
	if(scred)
		ber_bvfree(scred);

	return ADS_ERROR(rc);
}
Пример #2
0
/*
 * @Description: send kerberos token.
 * @Param: principal
 * @return:
 * */
void cli_session_setup_kerberos_send(){

	/*generate kerberos spnego token*/
	spnego_gen_krb5_negTokenInit();

	/*send data blob*/
//	cli_sesssetup_blob_send();
//
//	/* */
//	cli_session_setup_kerberos_done();
}