The Samba-Bugzilla – Attachment 161 Details for
Bug 492
Samba 3.0 doesn't handle kvno's in Heimdal or MIT - W2K3 uses them.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch.
samba3-rd_req.diff (text/plain), 3.89 KB, created by
Jeremy Allison
on 2003-09-22 14:09:39 UTC
(
hide
)
Description:
Proposed patch.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2003-09-22 14:09:39 UTC
Size:
3.89 KB
patch
obsolete
>Index: source/libads/kerberos_verify.c >=================================================================== >RCS file: /cvsroot/samba/source/libads/kerberos_verify.c,v >retrieving revision 1.1.2.28 >diff -u -r1.1.2.28 kerberos_verify.c >--- source/libads/kerberos_verify.c 3 Sep 2003 00:45:15 -0000 1.1.2.28 >+++ source/libads/kerberos_verify.c 19 Sep 2003 08:29:15 -0000 >@@ -26,7 +26,59 @@ > > #ifdef HAVE_KRB5 > >-static void free_keytab(krb5_context context, krb5_keytab keytab) >+static krb5_error_code kerberos_rd_req( >+ krb5_context context, >+ krb5_auth_context *auth_context, >+ const krb5_data *packet, >+ krb5_const_principal server, >+ krb5_keytab keytab, >+ krb5_flags *ap_req_options, >+ krb5_ticket **tkt, >+ krb5_keyblock *key) { >+ >+#ifndef HAVE_PRINCIPALNAME2KRB5_PRINCIPAL >+ >+ /* MIT */ >+ return krb5_rd_req(context, auth_context, packet, NULL, keytab, NULL, tkt); >+ >+#else >+ >+ /* HEIMDAL */ >+ /* do not query the keytab for any keys ! */ >+ >+ krb5_error_code ret; >+ krb5_ap_req ap_req; >+ krb5_principal service = NULL; >+ >+ if (*auth_context == NULL) { >+ ret = krb5_auth_con_init(context, auth_context); >+ if (ret) >+ return ret; >+ } >+ >+ ret = krb5_decode_ap_req(context, packet, &ap_req); >+ if (ret) >+ return ret; >+ >+ if (server == NULL) { >+ principalname2krb5_principal(&service, >+ ap_req.ticket.sname, >+ ap_req.ticket.realm); >+ server = service; >+ } >+ >+ ret = krb5_verify_ap_req(context, auth_context, &ap_req, server, >+ key, 0, ap_req_options, tkt); >+ >+ free_AP_REQ(&ap_req); >+ if (service) >+ krb5_free_principal(context, service); >+ >+ return ret; >+#endif >+} >+ >+ void free_keytab(krb5_context context, krb5_keytab keytab) > { > int ret=0; > >@@ -267,19 +319,22 @@ > goto out; > } > >+#if 0 > if (!setup_keytab(context, host_princ, host_princ_s, password, > enctypes, &keytab)) { > DEBUG(3,("ads_verify_ticket: unable to setup keytab\n")); > sret = NT_STATUS_LOGON_FAILURE; > goto out; > } >+#endif > >+ if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) { >+ sret = NT_STATUS_NO_MEMORY; >+ goto out; >+ } >+ > /* We need to setup a auth context with each possible encoding type in turn. */ > for (i=0;enctypes[i];i++) { >- if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) { >- sret = NT_STATUS_NO_MEMORY; >- goto out; >- } > > if (create_kerberos_key_from_string(context, host_princ, &password, key, enctypes[i])) { > continue; >@@ -287,18 +342,11 @@ > > krb5_auth_con_setuseruserkey(context, auth_context, key); > >- krb5_free_keyblock(context, key); >- > packet.length = ticket->length; > packet.data = (krb5_pointer)ticket->data; > >- if (!(ret = krb5_rd_req(context, &auth_context, &packet, >-#ifdef HAVE_MEMORY_KEYTAB >- host_princ, >-#else >- NULL, >-#endif >- keytab, NULL, &tkt))) { >+ if (!(ret = kerberos_rd_req(context, &auth_context, &packet, >+ NULL, keytab, NULL, &tkt, key))) { > DEBUG(10,("ads_verify_ticket: enc type [%u] decrypted message !\n", > (unsigned int)enctypes[i] )); > auth_ok = True; >@@ -310,10 +358,12 @@ > (unsigned int)enctypes[i], error_message(ret))); > } > >+ krb5_free_keyblock(context, key); >+ > release_server_mutex(); > > if (!auth_ok) { >- DEBUG(3,("ads_verify_ticket: krb5_rd_req with auth failed (%s)\n", >+ DEBUG(3,("ads_verify_ticket: kerberos_rd_req with auth failed (%s)\n", > error_message(ret))); > sret = NT_STATUS_LOGON_FAILURE; > goto out; >Index: source/configure.in >=================================================================== >RCS file: /cvsroot/samba/source/configure.in,v >retrieving revision 1.300.2.165 >diff -u -r1.300.2.165 configure.in >--- source/configure.in 10 Sep 2003 15:39:21 -0000 1.300.2.165 >+++ source/configure.in 19 Sep 2003 08:30:47 -0000 >@@ -2505,6 +2505,7 @@ > AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS) > AC_CHECK_FUNC_EXT(krb5_free_ktypes, $KRB5_LIBS) > AC_CHECK_FUNC_EXT(krb5_principal_get_comp_string, $KRB5_LIBS) >+ AC_CHECK_FUNC_EXT(principalname2krb5_principal, $KRB5_LIBS) > > LIBS="$LIBS $KRB5_LIBS" >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=161">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 492
: 161