The Samba-Bugzilla – Attachment 5024 Details for
Bug 6929
testing krb5/locate_plugin.h usability fails with heimdal-1.3
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 3.4 (fixed version)
v3-4-test-kerberos.patch (text/plain), 37.82 KB, created by
Guenther Deschner
on 2009-11-30 07:55:05 UTC
(
hide
)
Description:
patch for 3.4 (fixed version)
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2009-11-30 07:55:05 UTC
Size:
37.82 KB
patch
obsolete
>From cadb34964f193e35892877f05e7674bb2bb145c2 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 21 Oct 2009 02:44:44 +0200 >Subject: [PATCH 01/10] nsswitch: fix the build of the winbind krb5 locator plugin. > >Guenther >(cherry picked from commit b9d9353b548d9b2ab684aa171f511174e6414762) >--- > source3/Makefile.in | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/source3/Makefile.in b/source3/Makefile.in >index fb45056..128a2c3 100644 >--- a/source3/Makefile.in >+++ b/source3/Makefile.in >@@ -2390,7 +2390,7 @@ bin/vlp@EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ > > bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ) @LIBWBCLIENT_TARGET@ > @echo "Linking $@" >- @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(LIBWBCLIENT_LIBS) \ >+ @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(LIBWBCLIENT_LIBS) $(KRB5_LIBS) \ > @SONAMEFLAG@`basename $@` > > bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) @LIBTALLOC_TARGET@ @LIBWBCLIENT_TARGET@ >-- >1.6.5.2 > > >From 73c63889686e13cd2b5dd57213aba7af4aceb78c Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 19 Nov 2009 13:44:33 +0100 >Subject: [PATCH 02/10] s3-build: really fix build of winbind_krb5_locator. > >Guenther >(cherry picked from commit fc9f199f2619635f73e8ee7f3b5359521d63f325) >--- > source3/Makefile.in | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/source3/Makefile.in b/source3/Makefile.in >index 128a2c3..f1f8471 100644 >--- a/source3/Makefile.in >+++ b/source3/Makefile.in >@@ -2390,7 +2390,7 @@ bin/vlp@EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ > > bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ) @LIBWBCLIENT_TARGET@ > @echo "Linking $@" >- @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(LIBWBCLIENT_LIBS) $(KRB5_LIBS) \ >+ @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(LIBWBCLIENT_LIBS) $(KRB5LIBS) \ > @SONAMEFLAG@`basename $@` > > bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) @LIBTALLOC_TARGET@ @LIBWBCLIENT_TARGET@ >-- >1.6.5.2 > > >From 59167a57780f334daa64577fa185fed07cede639 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 25 Nov 2009 15:06:19 +0100 >Subject: [PATCH 03/10] cifs.upcall: 2nd part of fix for Bug #6868: support building with Heimdal we well as with MIT. > >Guenther >(cherry picked from commit 660ee2e74523194e5f6b2b6428d76628beb74717) >--- > source3/client/cifs.upcall.c | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > >diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c >index ecd0348..d4010a3 100644 >--- a/source3/client/cifs.upcall.c >+++ b/source3/client/cifs.upcall.c >@@ -104,7 +104,9 @@ err_endseq: > err_ccstart: > krb5_free_principal(context, principal); > err_princ: >+#if defined(KRB5_TC_OPENCLOSE) > krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE); >+#endif > krb5_cc_close(context, ccache); > err_cache: > krb5_free_context(context); >-- >1.6.5.2 > > >From b2bbe05861d13a175f32b3f45ca6aed59f5f9423 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 25 Nov 2009 15:21:54 +0100 >Subject: [PATCH 04/10] nsswitch: fix compile of winbind_krb5_locator with recent Heimdal versions. > >Guenther >(cherry picked from commit 51864219cc12ceb66c281355f3e1191d5e32842d) >--- > nsswitch/winbind_krb5_locator.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > >diff --git a/nsswitch/winbind_krb5_locator.c b/nsswitch/winbind_krb5_locator.c >index b9e35bd..272e7db 100644 >--- a/nsswitch/winbind_krb5_locator.c >+++ b/nsswitch/winbind_krb5_locator.c >@@ -26,6 +26,7 @@ > > #if defined(HAVE_KRB5) && defined(HAVE_KRB5_LOCATE_PLUGIN_H) > >+#include <krb5/krb5.h> > #include <krb5/locate_plugin.h> > > #ifndef KRB5_PLUGIN_NO_HANDLE >-- >1.6.5.2 > > >From 6a7c71237f290c82cbe9a9340439de04ac24fcc5 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 25 Nov 2009 21:33:48 +0100 >Subject: [PATCH 05/10] s3-kerberos: add check for prerequisite krb5/krb5.h header while checking for krb5/locate_plugin.h. > >(Needed for new Heimdal versions). > >Guenther >(cherry picked from commit c438b2b3923db66672ec82e795eef543de5fcb8a) >--- > source3/configure.in | 9 +++++++-- > 1 files changed, 7 insertions(+), 2 deletions(-) > >diff --git a/source3/configure.in b/source3/configure.in >index 70a8fe8..54735c3 100644 >--- a/source3/configure.in >+++ b/source3/configure.in >@@ -3276,7 +3276,7 @@ if test x"$with_ads_support" != x"no"; then > # now check for krb5.h. Some systems have the libraries without the headers! > # note that this check is done here to allow for different kerberos > # include paths >- AC_CHECK_HEADERS(krb5.h) >+ AC_CHECK_HEADERS(krb5.h krb5/krb5.h) > > if test x"$ac_cv_header_krb5_h" = x"no"; then > >@@ -3297,7 +3297,12 @@ if test x"$with_ads_support" != x"no"; then > CPPFLAGS=$ac_save_CPPFLAGS > LDFLAGS=$ac_save_LDFLAGS > fi >- AC_CHECK_HEADERS(krb5/locate_plugin.h) >+ AC_CHECK_HEADERS([krb5/locate_plugin.h], [], [], >+[[#ifdef HAVE_KRB5_KRB5_H >+ #include <krb5/krb5.h> >+ #endif >+]]) >+ > if test x"$ac_cv_header_krb5_locate_plugin_h" = x"yes"; then > WINBIND_KRB5_LOCATOR="bin/winbind_krb5_locator.$SHLIBEXT" > EXTRA_ALL_TARGETS="$EXTRA_ALL_TARGETS $WINBIND_KRB5_LOCATOR" >-- >1.6.5.2 > > >From 420db8471a71edea014868f2db34b62e955deae6 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 26 Nov 2009 10:15:45 +0100 >Subject: [PATCH 06/10] s3-kerberos: next step to resolve Bug #6929: build with recent heimdal. > >Based on patch from Allan <allan@archlinux.org>. > >Also should fix the FreeBSD build on the buildfarm. > >Guenther >(cherry picked from commit 5b3a32be97a37c119e837bdee8f049684565458c) >--- > nsswitch/winbind_krb5_locator.c | 6 +++++- > source3/configure.in | 6 +++--- > 2 files changed, 8 insertions(+), 4 deletions(-) > >diff --git a/nsswitch/winbind_krb5_locator.c b/nsswitch/winbind_krb5_locator.c >index 272e7db..db6e8d0 100644 >--- a/nsswitch/winbind_krb5_locator.c >+++ b/nsswitch/winbind_krb5_locator.c >@@ -26,7 +26,11 @@ > > #if defined(HAVE_KRB5) && defined(HAVE_KRB5_LOCATE_PLUGIN_H) > >-#include <krb5/krb5.h> >+#if HAVE_COM_ERR_H >+#include <com_err.h> >+#endif >+ >+#include <krb5.h> > #include <krb5/locate_plugin.h> > > #ifndef KRB5_PLUGIN_NO_HANDLE >diff --git a/source3/configure.in b/source3/configure.in >index 54735c3..32a0f9f 100644 >--- a/source3/configure.in >+++ b/source3/configure.in >@@ -3276,7 +3276,7 @@ if test x"$with_ads_support" != x"no"; then > # now check for krb5.h. Some systems have the libraries without the headers! > # note that this check is done here to allow for different kerberos > # include paths >- AC_CHECK_HEADERS(krb5.h krb5/krb5.h) >+ AC_CHECK_HEADERS(krb5.h) > > if test x"$ac_cv_header_krb5_h" = x"no"; then > >@@ -3298,8 +3298,8 @@ if test x"$with_ads_support" != x"no"; then > LDFLAGS=$ac_save_LDFLAGS > fi > AC_CHECK_HEADERS([krb5/locate_plugin.h], [], [], >-[[#ifdef HAVE_KRB5_KRB5_H >- #include <krb5/krb5.h> >+[[#ifdef HAVE_KRB5_H >+ #include <krb5.h> > #endif > ]]) > >-- >1.6.5.2 > > >From 5998da89e74d73ffd0275862750322b02645a9f4 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 27 Nov 2009 01:06:36 +0100 >Subject: [PATCH 07/10] s3-kerberos: Fix Bug #6929: build with recent heimdal. > >Heimdal changed the KRB5_DEPRECATED define (which now may not take an identifier >for activation) in new releases (like 1.3.1). > >Guenther >(cherry picked from commit 1a8f8382740e352a83133b8c49aaedd4716210cd) >--- > source3/configure.in | 19 +++++++++++++++++++ > source3/libsmb/clikrb5.c | 2 +- > 2 files changed, 20 insertions(+), 1 deletions(-) > >diff --git a/source3/configure.in b/source3/configure.in >index 32a0f9f..579cc66 100644 >--- a/source3/configure.in >+++ b/source3/configure.in >@@ -3307,6 +3307,25 @@ if test x"$with_ads_support" != x"no"; then > WINBIND_KRB5_LOCATOR="bin/winbind_krb5_locator.$SHLIBEXT" > EXTRA_ALL_TARGETS="$EXTRA_ALL_TARGETS $WINBIND_KRB5_LOCATOR" > fi >+ >+ # check for new heimdal KRB5_DEPRECATED handling >+ >+ AC_CACHE_CHECK([for KRB5_DEPRECATED define taking an identifier], >+ samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER,[ >+ AC_TRY_COMPILE( >+ [#define KRB5_DEPRECATED 1 >+ #include <krb5.h>], >+ [void main(void) {}], >+ samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=yes, >+ samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=no)]) >+ >+ if test x"$samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER" = x"yes"; then >+ AC_DEFINE(KRB5_DEPRECATED, 1, >+ [Whether to use deprecated krb5 interfaces]) >+ else >+ AC_DEFINE(KRB5_DEPRECATED,, >+ [Whether to use deprecated krb5 interfaces]) >+ fi > fi > > # Now we have determined whether we really want ADS support >diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c >index 1ccc7ec..bf39204 100644 >--- a/source3/libsmb/clikrb5.c >+++ b/source3/libsmb/clikrb5.c >@@ -21,7 +21,7 @@ > */ > > #define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */ >-#define KRB5_DEPRECATED 1 /* this file uses DEPRECATED interfaces! */ >+/* this file uses DEPRECATED interfaces! */ > > #include "includes.h" > >-- >1.6.5.2 > > >From 4425013a6d832e72c9de6bfdecaa248177fa0557 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 27 Nov 2009 15:52:57 +0100 >Subject: [PATCH 08/10] s3-kerberos: only use krb5 headers where required. > >This seems to be the only way to deal with mixed heimdal/MIT setups during >merged build. > >Guenther >--- > source3/client/cifs.upcall.c | 1 + > source3/configure.in | 5 +- > source3/include/ads.h | 71 ++++----------- > source3/include/includes.h | 156 +------------------------------- > source3/include/krb5_protos.h | 147 ++++++++++++++++++++++++++++++ > source3/include/proto.h | 4 - > source3/include/smb_krb5.h | 72 +++++++++++++++ > source3/libads/ads_status.c | 1 + > source3/libads/authdata.c | 1 + > source3/libads/kerberos.c | 1 + > source3/libads/kerberos_keytab.c | 1 + > source3/libads/kerberos_verify.c | 1 + > source3/libads/krb5_errs.c | 1 + > source3/libads/krb5_setpw.c | 1 + > source3/libnet/libnet.h | 1 + > source3/libsmb/cliconnect.c | 1 + > source3/libsmb/clikrb5.c | 4 +- > source3/libsmb/clispnego.c | 1 + > source3/rpc_client/cli_pipe.c | 1 + > source3/utils/ntlm_auth.c | 1 + > source3/winbindd/winbindd_cred_cache.c | 2 + > source3/winbindd/winbindd_pam.c | 2 + > 22 files changed, 257 insertions(+), 219 deletions(-) > create mode 100644 source3/include/krb5_protos.h > create mode 100644 source3/include/smb_krb5.h > >diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c >index d4010a3..1617e0e 100644 >--- a/source3/client/cifs.upcall.c >+++ b/source3/client/cifs.upcall.c >@@ -26,6 +26,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k > */ > > #include "includes.h" >+#include "smb_krb5.h" > #include <keyutils.h> > #include <getopt.h> > >diff --git a/source3/configure.in b/source3/configure.in >index 579cc66..4c7c61b 100644 >--- a/source3/configure.in >+++ b/source3/configure.in >@@ -3320,10 +3320,7 @@ if test x"$with_ads_support" != x"no"; then > samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=no)]) > > if test x"$samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER" = x"yes"; then >- AC_DEFINE(KRB5_DEPRECATED, 1, >- [Whether to use deprecated krb5 interfaces]) >- else >- AC_DEFINE(KRB5_DEPRECATED,, >+ AC_DEFINE(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER, 1, > [Whether to use deprecated krb5 interfaces]) > fi > fi >diff --git a/source3/include/ads.h b/source3/include/ads.h >index 0fa19b5..3921c77 100644 >--- a/source3/include/ads.h >+++ b/source3/include/ads.h >@@ -6,6 +6,24 @@ > basically this is a wrapper around ldap > */ > >+/* >+ * This should be under the HAVE_KRB5 flag but since they're used >+ * in lp_kerberos_method(), they ned to be always available >+ */ >+#define KERBEROS_VERIFY_SECRETS 0 >+#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1 >+#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2 >+#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3 >+ >+/* >+ * If you add any entries to the above, please modify the below expressions >+ * so they remain accurate. >+ */ >+#define USE_KERBEROS_KEYTAB (KERBEROS_VERIFY_SECRETS != lp_kerberos_method()) >+#define USE_SYSTEM_KEYTAB \ >+ ((KERBEROS_VERIFY_SECRETS_AND_KEYTAB == lp_kerberos_method()) || \ >+ (KERBEROS_VERIFY_SYSTEM_KEYTAB == lp_kerberos_method())) >+ > enum wb_posix_mapping { > WB_POSIX_MAP_UNKNOWN = -1, > WB_POSIX_MAP_TEMPLATE = 0, >@@ -339,62 +357,9 @@ typedef void **ADS_MODLIST; > /* Kerberos environment variable names */ > #define KRB5_ENV_CCNAME "KRB5CCNAME" > >-/* Heimdal uses a slightly different name */ >-#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5) >-#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5 >-#endif >- >-/* The older versions of heimdal that don't have this >- define don't seem to use it anyway. I'm told they >- always use a subkey */ >-#ifndef HAVE_AP_OPTS_USE_SUBKEY >-#define AP_OPTS_USE_SUBKEY 0 >-#endif >- > #define WELL_KNOWN_GUID_COMPUTERS "AA312825768811D1ADED00C04FD8D5CD" > #define WELL_KNOWN_GUID_USERS "A9D1CA15768811D1ADED00C04FD8D5CD" > >-#ifndef KRB5_ADDR_NETBIOS >-#define KRB5_ADDR_NETBIOS 0x14 >-#endif >- >-#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG >-#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L) >-#endif >- >-#ifdef HAVE_KRB5 >-typedef struct { >-#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */ >- krb5_address **addrs; >-#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */ >- krb5_addresses *addrs; >-#else >-#error UNKNOWN_KRB5_ADDRESS_TYPE >-#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */ >-} smb_krb5_addresses; >- >-#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ >-#define KRB5_KEY_TYPE(k) ((k)->keytype) >-#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) >-#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) >-#define KRB5_KEY_DATA_CAST void >-#else /* MIT */ >-#define KRB5_KEY_TYPE(k) ((k)->enctype) >-#define KRB5_KEY_LENGTH(k) ((k)->length) >-#define KRB5_KEY_DATA(k) ((k)->contents) >-#define KRB5_KEY_DATA_CAST krb5_octet >-#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */ >- >-#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ >-#define KRB5_KT_KEY(k) (&(k)->key) >-#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ >-#define KRB5_KT_KEY(k) (&(k)->keyblock) >-#else >-#error krb5_keytab_entry has no key or keyblock member >-#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */ >- >-#endif /* HAVE_KRB5 */ >- > enum ads_extended_dn_flags { > ADS_EXTENDED_DN_HEX_STRING = 0, > ADS_EXTENDED_DN_STRING = 1 /* not supported on win2k */ >diff --git a/source3/include/includes.h b/source3/include/includes.h >index ea9a159..471b955 100644 >--- a/source3/include/includes.h >+++ b/source3/include/includes.h >@@ -20,11 +20,6 @@ > along with this program. If not, see <http://www.gnu.org/licenses/>. > */ > >-/* work around broken krb5.h on sles9 */ >-#ifdef SIZEOF_LONG >-#undef SIZEOF_LONG >-#endif >- > #include "../replace/replace.h" > > /* make sure we have included the correct config.h */ >@@ -146,9 +141,7 @@ > #endif > #endif /* HAVE_NETGROUP */ > >-#if HAVE_KRB5_H >-#include <krb5.h> >-#else >+#ifndef HAVE_KRB5_H > #undef HAVE_KRB5 > #endif > >@@ -883,153 +876,6 @@ char *talloc_asprintf_strupper_m(TALLOC_CTX *t, const char *fmt, ...) PRINTF_ATT > #define XATTR_REPLACE 0x2 /* set value, fail if attr does not exist */ > #endif > >-/* >- * This should be under the HAVE_KRB5 flag but since they're used >- * in lp_kerberos_method(), they ned to be always available >- */ >-#define KERBEROS_VERIFY_SECRETS 0 >-#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1 >-#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2 >-#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3 >- >-/* >- * If you add any entries to the above, please modify the below expressions >- * so they remain accurate. >- */ >-#define USE_KERBEROS_KEYTAB (KERBEROS_VERIFY_SECRETS != lp_kerberos_method()) >-#define USE_SYSTEM_KEYTAB \ >- ((KERBEROS_VERIFY_SECRETS_AND_KEYTAB == lp_kerberos_method()) || \ >- (KERBEROS_VERIFY_SYSTEM_KEYTAB == lp_kerberos_method())) >- >-#if defined(HAVE_KRB5) >-krb5_error_code smb_krb5_parse_name(krb5_context context, >- const char *name, /* in unix charset */ >- krb5_principal *principal); >- >-krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, >- krb5_context context, >- krb5_const_principal principal, >- char **unix_name); >- >-#ifndef HAVE_KRB5_SET_REAL_TIME >-krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds); >-#endif >- >-krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc); >- >-#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) >-krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock); >-#endif >- >-#ifndef HAVE_KRB5_FREE_UNPARSED_NAME >-void krb5_free_unparsed_name(krb5_context ctx, char *val); >-#endif >- >-/* Stub out initialize_krb5_error_table since it is not present in all >- * Kerberos implementations. If it's not present, it's not necessary to >- * call it. >- */ >-#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE >-#define initialize_krb5_error_table() >-#endif >- >-/* Samba wrapper function for krb5 functionality. */ >-bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr); >-int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt); >-bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt); >-krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt); >-krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); >-#if defined(HAVE_KRB5_LOCATE_KDC) >-krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); >-#endif >-krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes); >-bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote); >-krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry); >-krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype); >-void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype); >-bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2); >-void kerberos_free_data_contents(krb5_context context, krb5_data *pdata); >-NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx, >- DATA_BLOB *pac_data_blob, >- krb5_context context, >- krb5_keyblock *service_keyblock, >- krb5_const_principal client_principal, >- time_t tgs_authtime, >- struct PAC_DATA **pac_data_out); >-void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum, >- struct PAC_SIGNATURE_DATA *sig); >-krb5_error_code smb_krb5_verify_checksum(krb5_context context, >- const krb5_keyblock *keyblock, >- krb5_keyusage usage, >- krb5_checksum *cksum, >- uint8 *data, >- size_t length); >-time_t get_authtime_from_tkt(krb5_ticket *tkt); >-void smb_krb5_free_ap_req(krb5_context context, >- krb5_ap_req *ap_req); >-krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context, >- const krb5_data *inbuf, >- krb5_kvno *kvno, >- krb5_enctype *enctype); >-krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context, >- krb5_auth_context *auth_context, >- const krb5_data *inbuf, >- krb5_const_principal server, >- krb5_keytab keytab, >- krb5_flags *ap_req_options, >- krb5_ticket **ticket, >- krb5_keyblock **keyblock); >-krb5_error_code smb_krb5_parse_name_norealm(krb5_context context, >- const char *name, >- krb5_principal *principal); >-bool smb_krb5_principal_compare_any_realm(krb5_context context, >- krb5_const_principal princ1, >- krb5_const_principal princ2); >-int cli_krb5_get_ticket(const char *principal, time_t time_offset, >- DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, const char *ccname, time_t *tgs_expire); >-krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time); >-krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code); >-krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr); >-krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr); >-NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error); >-krb5_error_code nt_status_to_krb5(NTSTATUS nt_status); >-void smb_krb5_free_error(krb5_context context, krb5_error *krberror); >-krb5_error_code handle_krberror_packet(krb5_context context, >- krb5_data *packet); >- >-void smb_krb5_get_init_creds_opt_free(krb5_context context, >- krb5_get_init_creds_opt *opt); >-krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context, >- krb5_get_init_creds_opt **opt); >-krb5_error_code smb_krb5_mk_error(krb5_context context, >- krb5_error_code error_code, >- const krb5_principal server, >- krb5_data *reply); >-krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry); >-krb5_error_code smb_krb5_enctype_to_string(krb5_context context, >- krb5_enctype enctype, >- char **etype_s); >-krb5_error_code smb_krb5_open_keytab(krb5_context context, >- const char *keytab_name, >- bool write_access, >- krb5_keytab *keytab); >-krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx, >- krb5_context context, >- krb5_keytab keytab, >- const char **keytab_name); >-int smb_krb5_kt_add_entry_ext(krb5_context context, >- krb5_keytab keytab, >- krb5_kvno kvno, >- const char *princ_s, >- krb5_enctype *enctypes, >- krb5_data password, >- bool no_salt, >- bool keep_old_entries); >-char *smb_krb5_principal_get_realm(krb5_context context, >- krb5_principal principal); >-#endif /* HAVE_KRB5 */ >- >- > #ifdef HAVE_LDAP > > /* function declarations not included in proto.h */ >diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h >new file mode 100644 >index 0000000..2a6069a >--- /dev/null >+++ b/source3/include/krb5_protos.h >@@ -0,0 +1,147 @@ >+/* work around broken krb5.h on sles9 */ >+#ifdef SIZEOF_LONG >+#undef SIZEOF_LONG >+#endif >+ >+ >+#if defined(HAVE_KRB5) >+krb5_error_code smb_krb5_parse_name(krb5_context context, >+ const char *name, /* in unix charset */ >+ krb5_principal *principal); >+ >+krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, >+ krb5_context context, >+ krb5_const_principal principal, >+ char **unix_name); >+ >+#ifndef HAVE_KRB5_SET_REAL_TIME >+krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds); >+#endif >+ >+krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc); >+ >+#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) >+krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock); >+#endif >+ >+#ifndef HAVE_KRB5_FREE_UNPARSED_NAME >+void krb5_free_unparsed_name(krb5_context ctx, char *val); >+#endif >+ >+/* Stub out initialize_krb5_error_table since it is not present in all >+ * Kerberos implementations. If it's not present, it's not necessary to >+ * call it. >+ */ >+#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE >+#define initialize_krb5_error_table() >+#endif >+ >+/* Samba wrapper function for krb5 functionality. */ >+bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr); >+int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt); >+bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt); >+krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt); >+krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); >+#if defined(HAVE_KRB5_LOCATE_KDC) >+krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); >+#endif >+krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes); >+bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote); >+krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry); >+krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype); >+void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype); >+bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2); >+void kerberos_free_data_contents(krb5_context context, krb5_data *pdata); >+NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx, >+ DATA_BLOB *pac_data_blob, >+ krb5_context context, >+ krb5_keyblock *service_keyblock, >+ krb5_const_principal client_principal, >+ time_t tgs_authtime, >+ struct PAC_DATA **pac_data_out); >+void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum, >+ struct PAC_SIGNATURE_DATA *sig); >+krb5_error_code smb_krb5_verify_checksum(krb5_context context, >+ const krb5_keyblock *keyblock, >+ krb5_keyusage usage, >+ krb5_checksum *cksum, >+ uint8 *data, >+ size_t length); >+time_t get_authtime_from_tkt(krb5_ticket *tkt); >+void smb_krb5_free_ap_req(krb5_context context, >+ krb5_ap_req *ap_req); >+krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context, >+ const krb5_data *inbuf, >+ krb5_kvno *kvno, >+ krb5_enctype *enctype); >+krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context, >+ krb5_auth_context *auth_context, >+ const krb5_data *inbuf, >+ krb5_const_principal server, >+ krb5_keytab keytab, >+ krb5_flags *ap_req_options, >+ krb5_ticket **ticket, >+ krb5_keyblock **keyblock); >+krb5_error_code smb_krb5_parse_name_norealm(krb5_context context, >+ const char *name, >+ krb5_principal *principal); >+bool smb_krb5_principal_compare_any_realm(krb5_context context, >+ krb5_const_principal princ1, >+ krb5_const_principal princ2); >+int cli_krb5_get_ticket(const char *principal, time_t time_offset, >+ DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, >+ uint32 extra_ap_opts, const char *ccname, >+ time_t *tgs_expire); >+krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time); >+krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code); >+krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr); >+krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr); >+NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error); >+krb5_error_code nt_status_to_krb5(NTSTATUS nt_status); >+void smb_krb5_free_error(krb5_context context, krb5_error *krberror); >+krb5_error_code handle_krberror_packet(krb5_context context, >+ krb5_data *packet); >+ >+void smb_krb5_get_init_creds_opt_free(krb5_context context, >+ krb5_get_init_creds_opt *opt); >+krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context, >+ krb5_get_init_creds_opt **opt); >+krb5_error_code smb_krb5_mk_error(krb5_context context, >+ krb5_error_code error_code, >+ const krb5_principal server, >+ krb5_data *reply); >+krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry); >+krb5_error_code smb_krb5_enctype_to_string(krb5_context context, >+ krb5_enctype enctype, >+ char **etype_s); >+krb5_error_code smb_krb5_open_keytab(krb5_context context, >+ const char *keytab_name, >+ bool write_access, >+ krb5_keytab *keytab); >+krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx, >+ krb5_context context, >+ krb5_keytab keytab, >+ const char **keytab_name); >+int smb_krb5_kt_add_entry_ext(krb5_context context, >+ krb5_keytab keytab, >+ krb5_kvno kvno, >+ const char *princ_s, >+ krb5_enctype *enctypes, >+ krb5_data password, >+ bool no_salt, >+ bool keep_old_entries); >+krb5_error_code smb_krb5_get_credentials(krb5_context context, >+ krb5_ccache ccache, >+ krb5_principal me, >+ krb5_principal server, >+ krb5_principal impersonate_princ, >+ krb5_creds **out_creds); >+krb5_error_code smb_krb5_get_creds(const char *server_s, >+ time_t time_offset, >+ const char *cc, >+ const char *impersonate_princ_s, >+ krb5_creds **creds_p); >+char *smb_krb5_principal_get_realm(krb5_context context, >+ krb5_principal principal); >+#endif /* HAVE_KRB5 */ >+ >diff --git a/source3/include/proto.h b/source3/include/proto.h >index dee8f85..d2ae62c 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -2600,10 +2600,6 @@ bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx, > DATA_BLOB *edata, > DATA_BLOB *edata_out); > bool unwrap_pac(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, DATA_BLOB *unwrapped_pac_data); >-int cli_krb5_get_ticket(const char *principal, time_t time_offset, >- DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, >- uint32 extra_ap_opts, const char *ccname, >- time_t *tgs_expire); > > /* The following definitions come from libsmb/clilist.c */ > >diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h >new file mode 100644 >index 0000000..3e5c862 >--- /dev/null >+++ b/source3/include/smb_krb5.h >@@ -0,0 +1,72 @@ >+#ifndef _HEADER_smb_krb5_h >+#define _HEADER_smb_krb5_h >+ >+#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */ >+/* this file uses DEPRECATED interfaces! */ >+ >+#if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER) >+#define KRB5_DEPRECATED 1 >+#else >+#define KRB5_DEPRECATED >+#endif >+ >+#if HAVE_KRB5_H >+#include <krb5.h> >+#endif >+ >+#ifndef KRB5_ADDR_NETBIOS >+#define KRB5_ADDR_NETBIOS 0x14 >+#endif >+ >+#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG >+#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L) >+#endif >+ >+/* Heimdal uses a slightly different name */ >+#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5) >+#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5 >+#endif >+ >+/* The older versions of heimdal that don't have this >+ define don't seem to use it anyway. I'm told they >+ always use a subkey */ >+#ifndef HAVE_AP_OPTS_USE_SUBKEY >+#define AP_OPTS_USE_SUBKEY 0 >+#endif >+ >+#ifdef HAVE_KRB5 >+typedef struct { >+#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */ >+ krb5_address **addrs; >+#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */ >+ krb5_addresses *addrs; >+#else >+#error UNKNOWN_KRB5_ADDRESS_TYPE >+#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */ >+} smb_krb5_addresses; >+ >+#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ >+#define KRB5_KEY_TYPE(k) ((k)->keytype) >+#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) >+#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) >+#define KRB5_KEY_DATA_CAST void >+#else /* MIT */ >+#define KRB5_KEY_TYPE(k) ((k)->enctype) >+#define KRB5_KEY_LENGTH(k) ((k)->length) >+#define KRB5_KEY_DATA(k) ((k)->contents) >+#define KRB5_KEY_DATA_CAST krb5_octet >+#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */ >+ >+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ >+#define KRB5_KT_KEY(k) (&(k)->key) >+#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ >+#define KRB5_KT_KEY(k) (&(k)->keyblock) >+#else >+#error krb5_keytab_entry has no key or keyblock member >+#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */ >+ >+#endif /* HAVE_KRB5 */ >+ >+#include "krb5_protos.h" >+ >+#endif /* _HEADER_smb_krb5_h */ >diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c >index 29148e8..6680766 100644 >--- a/source3/libads/ads_status.c >+++ b/source3/libads/ads_status.c >@@ -21,6 +21,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > /* > build a ADS_STATUS structure >diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c >index 0032e9e..7d566ab 100644 >--- a/source3/libads/authdata.c >+++ b/source3/libads/authdata.c >@@ -24,6 +24,7 @@ > > #include "includes.h" > #include "librpc/gen_ndr/ndr_krb5pac.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index c476f59..f5f7f3d 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -22,6 +22,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c >index 4fede25..fa2a126 100644 >--- a/source3/libads/kerberos_keytab.c >+++ b/source3/libads/kerberos_keytab.c >@@ -26,6 +26,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c >index 8502902..bf9bca6 100644 >--- a/source3/libads/kerberos_verify.c >+++ b/source3/libads/kerberos_verify.c >@@ -24,6 +24,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source3/libads/krb5_errs.c b/source3/libads/krb5_errs.c >index 0e03ebb..d4ff09a 100644 >--- a/source3/libads/krb5_errs.c >+++ b/source3/libads/krb5_errs.c >@@ -18,6 +18,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c >index 7cdfbc5..ec5cafc 100644 >--- a/source3/libads/krb5_setpw.c >+++ b/source3/libads/krb5_setpw.c >@@ -19,6 +19,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source3/libnet/libnet.h b/source3/libnet/libnet.h >index 570009c..86eb9d0 100644 >--- a/source3/libnet/libnet.h >+++ b/source3/libnet/libnet.h >@@ -20,6 +20,7 @@ > #ifndef __LIBNET_H__ > #define __LIBNET_H__ > >+#include "smb_krb5.h" > #include "libnet/libnet_keytab.h" > #include "libnet/libnet_samsync.h" > #include "libnet/libnet_dssync.h" >diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c >index 8a3667d..1d1195d 100644 >--- a/source3/libsmb/cliconnect.c >+++ b/source3/libsmb/cliconnect.c >@@ -19,6 +19,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > static const struct { > int prot; >diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c >index bf39204..d1d007b 100644 >--- a/source3/libsmb/clikrb5.c >+++ b/source3/libsmb/clikrb5.c >@@ -20,10 +20,8 @@ > along with this program. If not, see <http://www.gnu.org/licenses/>. > */ > >-#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */ >-/* this file uses DEPRECATED interfaces! */ >- > #include "includes.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c >index b531c39..8e51e89 100644 >--- a/source3/libsmb/clispnego.c >+++ b/source3/libsmb/clispnego.c >@@ -20,6 +20,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > /* > generate a negTokenInit packet given a GUID, a list of supported >diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c >index 68e1530..323f861 100644 >--- a/source3/rpc_client/cli_pipe.c >+++ b/source3/rpc_client/cli_pipe.c >@@ -19,6 +19,7 @@ > > #include "includes.h" > #include "librpc/gen_ndr/cli_epmapper.h" >+#include "smb_krb5.h" > > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_RPC_CLI >diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c >index 595d792..70c1d05 100644 >--- a/source3/utils/ntlm_auth.c >+++ b/source3/utils/ntlm_auth.c >@@ -25,6 +25,7 @@ > > #include "includes.h" > #include "utils/ntlm_auth.h" >+#include "smb_krb5.h" > > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_WINBIND >diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c >index ff6d0f3..9488a6f 100644 >--- a/source3/winbindd/winbindd_cred_cache.c >+++ b/source3/winbindd/winbindd_cred_cache.c >@@ -23,6 +23,8 @@ > > #include "includes.h" > #include "winbindd.h" >+#include "smb_krb5.h" >+ > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_WINBIND > >diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c >index d891e30..765fb0d 100644 >--- a/source3/winbindd/winbindd_pam.c >+++ b/source3/winbindd/winbindd_pam.c >@@ -24,6 +24,8 @@ > > #include "includes.h" > #include "winbindd.h" >+#include "smb_krb5.h" >+ > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_WINBIND > >-- >1.6.5.2 > > >From 7ab5bc3a6db73c8d3539d691ba5fd31605ac25c6 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 27 Nov 2009 18:51:56 +0100 >Subject: [PATCH 09/10] s3-kerberos: add a missing reference to authdata headers. > >Guenther >(cherry picked from commit da79cbb0800dd647be864e8bbb5fe1132708174b) >--- > source3/libsmb/clikrb5.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > >diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c >index d1d007b..abf6dbb 100644 >--- a/source3/libsmb/clikrb5.c >+++ b/source3/libsmb/clikrb5.c >@@ -22,6 +22,7 @@ > > #include "includes.h" > #include "smb_krb5.h" >+#include "authdata.h" > > #ifdef HAVE_KRB5 > >-- >1.6.5.2 > > >From 8aaf42996570a30efaae32e25c7f1df91d6e8447 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 27 Nov 2009 20:08:44 +0100 >Subject: [PATCH 10/10] s3-kerberos: fix the build on Mac OS X 10.6.2. > >Guenther >(cherry picked from commit 51328a7056918bc75a7c1c442f47cf0271075542) >--- > source3/configure.in | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/source3/configure.in b/source3/configure.in >index 4c7c61b..705aa9b 100644 >--- a/source3/configure.in >+++ b/source3/configure.in >@@ -3315,7 +3315,7 @@ if test x"$with_ads_support" != x"no"; then > AC_TRY_COMPILE( > [#define KRB5_DEPRECATED 1 > #include <krb5.h>], >- [void main(void) {}], >+ [], > samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=yes, > samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=no)]) > >-- >1.6.5.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 6929
:
5011
|
5016
|
5017
| 5024 |
5038
|
5051