s3:libads: use smb_krb5_cc_new_unique_memory() in kerberos_return_pac()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index f9ddd630c3397a430fb16b25ca318b55a5fbacc4..6673b2ff75206b55a02b484aa83d2d64d1810ad4 100644 (file)
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -110,7 +110,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
        DATA_BLOB ap_rep = data_blob_null;
        DATA_BLOB sesskey1 = data_blob_null;
        const char *auth_princ = NULL;
-       const char *cc = "MEMORY:kerberos_return_pac";
+       const char *cc = NULL;
        struct auth_session_info *session_info;
        struct gensec_security *gensec_server_context;
        const struct gensec_security_ops **backends;
@@ -121,6 +121,8 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
        struct PAC_DATA_CTR *pac_data_ctr = NULL;
        char *canon_principal = NULL;
        char *canon_realm = NULL;
+       krb5_context ctx = NULL;
+       krb5_ccache ccid = NULL;
 
        TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
        NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
@@ -144,6 +146,24 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
 
        if (cache_name) {
                cc = cache_name;
+       } else {
+               char *ccname = NULL;
+
+               ret = smb_krb5_init_context_common(&ctx);
+               if (ret != 0) {
+                       status = krb5_to_nt_status(ret);
+                       goto out;
+               }
+
+               ret = smb_krb5_cc_new_unique_memory(ctx,
+                                                   tmp_ctx,
+                                                   &ccname,
+                                                   &ccid);
+               if (ret != 0) {
+                       status = krb5_to_nt_status(ret);
+                       goto out;
+               }
+               cc = ccname;
        }
 
        if (!strchr_m(name, '@')) {
@@ -307,10 +327,15 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
        }
 
 out:
-       talloc_free(tmp_ctx);
-       if (cc != cache_name) {
-               ads_kdestroy(cc);
+       if (ccid != NULL) {
+               krb5_cc_destroy(ctx, ccid);
+               ccid = NULL;
        }
+       if (ctx != NULL) {
+               krb5_free_context(ctx);
+               ctx = NULL;
+       }
+       talloc_free(tmp_ctx);
 
        data_blob_free(&tkt);
        data_blob_free(&ap_rep);