LCOV - code coverage report
Current view: top level - source4/auth/gensec - gensec_krb5_mit.c (source / functions) Hit Total Coverage
Test: coverage report for abartlet/fix-coverage dd10fb34 Lines: 26 35 74.3 %
Date: 2021-09-23 10:06:22 Functions: 2 2 100.0 %

          Line data    Source code
       1             : 
       2             : #include "includes.h"
       3             : #include "system/kerberos.h"
       4             : #include "auth/kerberos/kerberos.h"
       5             : #include "gensec_krb5.h"
       6             : 
       7          12 : static krb5_error_code smb_krb5_get_longterm_key(krb5_context context,
       8             :                                                  krb5_const_principal server,
       9             :                                                  krb5_kvno kvno,
      10             :                                                  krb5_enctype etype,
      11             :                                                  krb5_keytab keytab,
      12             :                                                  krb5_keyblock **keyblock_out)
      13             : {
      14          12 :         krb5_error_code code = EINVAL;
      15             : 
      16             :         krb5_keytab_entry kt_entry;
      17             : 
      18          12 :         code = krb5_kt_get_entry(context,
      19             :                                  keytab,
      20             :                                  server,
      21             :                                  kvno,
      22             :                                  etype,
      23             :                                  &kt_entry);
      24          12 :         if (code != 0) {
      25           0 :                 return code;
      26             :         }
      27             : 
      28          12 :         code = krb5_copy_keyblock(context,
      29             :                                   &kt_entry.key,
      30             :                                   keyblock_out);
      31          12 :         krb5_free_keytab_entry_contents(context, &kt_entry);
      32             : 
      33          12 :         return code;
      34             : }
      35             : 
      36          12 : krb5_error_code smb_krb5_rd_req_decoded(krb5_context context,
      37             :                                         krb5_auth_context *auth_context,
      38             :                                         const krb5_data *request,
      39             :                                         krb5_keytab keytab,
      40             :                                         krb5_principal acceptor_principal,
      41             :                                         krb5_data *reply,
      42             :                                         krb5_ticket **pticket,
      43             :                                         krb5_keyblock **pkeyblock)
      44             : {
      45             :         krb5_error_code code;
      46          12 :         krb5_flags ap_req_options = 0;
      47          12 :         krb5_ticket *ticket = NULL;
      48          12 :         krb5_keyblock *keyblock = NULL;
      49             : 
      50          12 :         *pticket = NULL;
      51          12 :         *pkeyblock = NULL;
      52          12 :         reply->length = 0;
      53          12 :         reply->data = NULL;
      54             : 
      55          12 :         code = krb5_rd_req(context,
      56             :                            auth_context,
      57             :                            request,
      58             :                            acceptor_principal,
      59             :                            keytab,
      60             :                            &ap_req_options,
      61             :                            &ticket);
      62          12 :         if (code != 0) {
      63           0 :                 DBG_ERR("krb5_rd_req failed: %s\n",
      64             :                         error_message(code));
      65           0 :                 return code;
      66             :         }
      67             : 
      68             :         /*
      69             :          * Get the long term key from the keytab to be able to verify the PAC
      70             :          * signature.
      71             :          *
      72             :          * FIXME: Use ticket->enc_part.kvno ???
      73             :          * Getting the latest kvno with passing 0 fixes:
      74             :          * make -j test TESTS="samba4.winbind.pac.ad_member"
      75             :          */
      76          12 :         code = smb_krb5_get_longterm_key(context,
      77          12 :                                          ticket->server,
      78             :                                          0, /* kvno */
      79          12 :                                          ticket->enc_part.enctype,
      80             :                                          keytab,
      81             :                                          &keyblock);
      82          12 :         if (code != 0) {
      83           0 :                 DBG_ERR("smb_krb5_get_longterm_key failed: %s\n",
      84             :                         error_message(code));
      85           0 :                 krb5_free_ticket(context, ticket);
      86             : 
      87           0 :                 return code;
      88             :         }
      89             : 
      90          12 :         code = krb5_mk_rep(context, *auth_context, reply);
      91          12 :         if (code != 0) {
      92           0 :                 DBG_ERR("krb5_mk_rep failed: %s\n",
      93             :                         error_message(code));
      94           0 :                 krb5_free_ticket(context, ticket);
      95           0 :                 krb5_free_keyblock(context, keyblock);
      96             :         }
      97             : 
      98          12 :         *pticket = ticket;
      99          12 :         *pkeyblock = keyblock;
     100             : 
     101          12 :         return code;
     102             : }

Generated by: LCOV version 1.13