The Samba-Bugzilla – Attachment 5038 Details for
Bug 6929
testing krb5/locate_plugin.h usability fails with heimdal-1.3
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 3.3
patch-v3-3-test (text/plain), 43.25 KB, created by
Guenther Deschner
on 2009-12-01 17:18:27 UTC
(
hide
)
Description:
patch for 3.3
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2009-12-01 17:18:27 UTC
Size:
43.25 KB
patch
obsolete
>From c90322cea70c10f15bd25caf8bfebf101918f8aa Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 9 Oct 2008 11:05:42 +0200 >Subject: [PATCH 01/15] kerberos: fix some heimdal build warnings. > >Guenther >--- > source/libads/krb5_setpw.c | 8 ++++---- > 1 files changed, 4 insertions(+), 4 deletions(-) > >diff --git a/source/libads/krb5_setpw.c b/source/libads/krb5_setpw.c >index be23f41..ad86f0c 100644 >--- a/source/libads/krb5_setpw.c >+++ b/source/libads/krb5_setpw.c >@@ -285,7 +285,7 @@ static krb5_error_code parse_setpw_reply(krb5_context context, > return KRB5KRB_AP_ERR_MODIFIED; > } > >- p = packet->data; >+ p = (char *)packet->data; > /* > ** see if it is an error > */ >@@ -368,7 +368,7 @@ static krb5_error_code parse_setpw_reply(krb5_context context, > return KRB5KRB_AP_ERR_MODIFIED; > } > >- p = clearresult.data; >+ p = (char *)clearresult.data; > > res_code = RSVAL(p, 0); > >@@ -693,10 +693,10 @@ kerb_prompter(krb5_context ctx, void *data, > memset(prompts[0].reply->data, 0, prompts[0].reply->length); > if (prompts[0].reply->length > 0) { > if (data) { >- strncpy(prompts[0].reply->data, >+ strncpy((char *)prompts[0].reply->data, > (const char *)data, > prompts[0].reply->length-1); >- prompts[0].reply->length = strlen(prompts[0].reply->data); >+ prompts[0].reply->length = strlen((const char *)prompts[0].reply->data); > } else { > prompts[0].reply->length = 0; > } >-- >1.6.5.2 > > >From 6dc0126c1fc91d9b9729c1e413dcfe86d0dbd678 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 6 Nov 2009 10:25:53 +0100 >Subject: [PATCH 02/15] s3-kerberos: fix some build warnings when building against heimdal. > >Guenther >--- > source/libads/kerberos.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source/libads/kerberos.c b/source/libads/kerberos.c >index 973647e..1ceed64 100644 >--- a/source/libads/kerberos.c >+++ b/source/libads/kerberos.c >@@ -46,9 +46,9 @@ kerb_prompter(krb5_context ctx, void *data, > memset(prompts[0].reply->data, '\0', prompts[0].reply->length); > if (prompts[0].reply->length > 0) { > if (data) { >- strncpy(prompts[0].reply->data, (const char *)data, >+ strncpy((char *)prompts[0].reply->data, (const char *)data, > prompts[0].reply->length-1); >- prompts[0].reply->length = strlen(prompts[0].reply->data); >+ prompts[0].reply->length = strlen((const char *)prompts[0].reply->data); > } else { > prompts[0].reply->length = 0; > } >-- >1.6.5.2 > > >From 41c9d1be41502f636ac2b7f82faf0409016c80f5 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 12 Nov 2009 00:51:46 +0100 >Subject: [PATCH 03/15] s3-kerberos: add smb_krb5_principal_get_realm(). > >Guenther >--- > source/include/includes.h | 3 ++- > source/libsmb/clikrb5.c | 25 +++++++++++++++++++++++++ > 2 files changed, 27 insertions(+), 1 deletions(-) > >diff --git a/source/include/includes.h b/source/include/includes.h >index baf22e8..b97f78f 100644 >--- a/source/include/includes.h >+++ b/source/include/includes.h >@@ -1268,7 +1268,8 @@ int smb_krb5_kt_add_entry_ext(krb5_context context, > krb5_data password, > bool no_salt, > bool keep_old_entries); >- >+char *smb_krb5_principal_get_realm(krb5_context context, >+ krb5_principal principal); > #endif /* HAVE_KRB5 */ > > >diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c >index 3f995de..2319387 100644 >--- a/source/libsmb/clikrb5.c >+++ b/source/libsmb/clikrb5.c >@@ -1935,6 +1935,31 @@ krb5_error_code krb5_auth_con_set_req_cksumtype( > } > #endif > >+/* >+ * smb_krb5_principal_get_realm >+ * >+ * @brief Get realm of a principal >+ * >+ * @param[in] context The krb5_context >+ * @param[in] principal The principal >+ * @return pointer to the realm >+ * >+ */ >+ >+char *smb_krb5_principal_get_realm(krb5_context context, >+ krb5_principal principal) >+{ >+#ifdef HAVE_KRB5_PRINCIPAL_GET_REALM /* Heimdal */ >+ return krb5_principal_get_realm(context, principal); >+#elif defined(krb5_princ_realm) /* MIT */ >+ krb5_data *realm; >+ realm = krb5_princ_realm(context, principal); >+ return (char *)realm->data; >+#else >+ return NULL; >+#endif >+} >+ > #else /* HAVE_KRB5 */ > /* this saves a few linking headaches */ > int cli_krb5_get_ticket(const char *principal, time_t time_offset, >-- >1.6.5.2 > > >From 049b8293340c3adc05f9249cecd90646328b6d22 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 12 Nov 2009 00:52:38 +0100 >Subject: [PATCH 04/15] cifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT. > >Guenther >(cherry picked from commit b29eed492f1c056adb0b53510be10e738276ca11) >--- > source/client/cifs.upcall.c | 34 ++++++++++++++++------------------ > 1 files changed, 16 insertions(+), 18 deletions(-) > >diff --git a/source/client/cifs.upcall.c b/source/client/cifs.upcall.c >index 71e60c6..6d4ff75 100644 >--- a/source/client/cifs.upcall.c >+++ b/source/client/cifs.upcall.c >@@ -44,18 +44,6 @@ typedef enum _sectype { > MS_KRB5 > } sectype_t; > >-static inline int >-k5_data_equal(krb5_data d1, krb5_data d2, unsigned int length) >-{ >- if (!length) >- length = d1.length; >- >- return (d1.length == length && >- d1.length == d2.length && >- memcmp(d1.data, d2.data, length) == 0); >- >-} >- > /* does the ccache have a valid TGT? */ > static time_t > get_tgt_time(const char *ccname) { >@@ -64,9 +52,8 @@ get_tgt_time(const char *ccname) { > krb5_cc_cursor cur; > krb5_creds creds; > krb5_principal principal; >- krb5_data tgt = { .data = "krbtgt", >- .length = 6 }; > time_t credtime = 0; >+ char *realm = NULL; > > if (krb5_init_context(&context)) { > syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__); >@@ -93,16 +80,27 @@ get_tgt_time(const char *ccname) { > goto err_ccstart; > } > >+ if ((realm = smb_krb5_principal_get_realm(context, principal)) == NULL) { >+ syslog(LOG_DEBUG, "%s: unable to get realm", __func__); >+ goto err_ccstart; >+ } >+ > while (!credtime && !krb5_cc_next_cred(context, ccache, &cur, &creds)) { >- if (k5_data_equal(creds.server->realm, principal->realm, 0) && >- k5_data_equal(creds.server->data[0], tgt, tgt.length) && >- k5_data_equal(creds.server->data[1], principal->realm, 0) && >+ char *name; >+ if (smb_krb5_unparse_name(context, creds.server, &name)) { >+ syslog(LOG_DEBUG, "%s: unable to unparse name", __func__); >+ goto err_endseq; >+ } >+ if (krb5_realm_compare(context, creds.server, principal) && >+ strnequal(name, KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE) && >+ strnequal(name+KRB5_TGS_NAME_SIZE+1, realm, strlen(realm)) && > creds.times.endtime > time(NULL)) > credtime = creds.times.endtime; > krb5_free_cred_contents(context, &creds); >+ SAFE_FREE(name); > } >+err_endseq: > krb5_cc_end_seq_get(context, ccache, &cur); >- > err_ccstart: > krb5_free_principal(context, principal); > err_princ: >-- >1.6.5.2 > > >From 287ca7908e7967ede14b58814b7dd708d6550bbf Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 21 Oct 2009 02:44:44 +0200 >Subject: [PATCH 05/15] nsswitch: fix the build of the winbind krb5 locator plugin. > >Guenther >(cherry picked from commit b9d9353b548d9b2ab684aa171f511174e6414762) >--- > source/Makefile.in | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/source/Makefile.in b/source/Makefile.in >index 474bc1e..77b526f 100644 >--- a/source/Makefile.in >+++ b/source/Makefile.in >@@ -2207,7 +2207,7 @@ bin/vlp@EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ > > bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ) @LIBWBCLIENT_SHARED@ > @echo "Linking $@" >- @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(WINBIND_LIBS) \ >+ @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(WINBIND_LIBS) $(KRB5_LIBS) \ > @SONAMEFLAG@`basename $@` > > bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) @LIBTALLOC_SHARED@ @LIBWBCLIENT_SHARED@ >-- >1.6.5.2 > > >From 8ffcacff89c189f70f0d254b34b6e23225d48f42 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 19 Nov 2009 13:44:33 +0100 >Subject: [PATCH 06/15] s3-build: really fix build of winbind_krb5_locator. > >Guenther >(cherry picked from commit fc9f199f2619635f73e8ee7f3b5359521d63f325) >--- > source/Makefile.in | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/source/Makefile.in b/source/Makefile.in >index 77b526f..8b364e3 100644 >--- a/source/Makefile.in >+++ b/source/Makefile.in >@@ -2207,7 +2207,7 @@ bin/vlp@EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ > > bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ) @LIBWBCLIENT_SHARED@ > @echo "Linking $@" >- @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(WINBIND_LIBS) $(KRB5_LIBS) \ >+ @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(WINBIND_LIBS) $(KRB5LIBS) \ > @SONAMEFLAG@`basename $@` > > bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) @LIBTALLOC_SHARED@ @LIBWBCLIENT_SHARED@ >-- >1.6.5.2 > > >From ca755c5c78ceb6a3076788e81889652726d83342 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 25 Nov 2009 15:06:19 +0100 >Subject: [PATCH 07/15] cifs.upcall: 2nd part of fix for Bug #6868: support building with Heimdal we well as with MIT. > >Guenther >(cherry picked from commit 660ee2e74523194e5f6b2b6428d76628beb74717) >--- > source/client/cifs.upcall.c | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > >diff --git a/source/client/cifs.upcall.c b/source/client/cifs.upcall.c >index 6d4ff75..a2616f0 100644 >--- a/source/client/cifs.upcall.c >+++ b/source/client/cifs.upcall.c >@@ -104,7 +104,9 @@ err_endseq: > err_ccstart: > krb5_free_principal(context, principal); > err_princ: >+#if defined(KRB5_TC_OPENCLOSE) > krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE); >+#endif > krb5_cc_close(context, ccache); > err_cache: > krb5_free_context(context); >-- >1.6.5.2 > > >From 715936e95016e99f4da9652d8c6902c00d4034db Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 25 Nov 2009 15:21:54 +0100 >Subject: [PATCH 08/15] nsswitch: fix compile of winbind_krb5_locator with recent Heimdal versions. > >Guenther >(cherry picked from commit 51864219cc12ceb66c281355f3e1191d5e32842d) >--- > source/nsswitch/winbind_krb5_locator.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > >diff --git a/source/nsswitch/winbind_krb5_locator.c b/source/nsswitch/winbind_krb5_locator.c >index b9e35bd..272e7db 100644 >--- a/source/nsswitch/winbind_krb5_locator.c >+++ b/source/nsswitch/winbind_krb5_locator.c >@@ -26,6 +26,7 @@ > > #if defined(HAVE_KRB5) && defined(HAVE_KRB5_LOCATE_PLUGIN_H) > >+#include <krb5/krb5.h> > #include <krb5/locate_plugin.h> > > #ifndef KRB5_PLUGIN_NO_HANDLE >-- >1.6.5.2 > > >From 12dc9a7ad58bf546e53d99e15c22cbd017fc2131 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 25 Nov 2009 21:33:48 +0100 >Subject: [PATCH 09/15] s3-kerberos: add check for prerequisite krb5/krb5.h header while checking for krb5/locate_plugin.h. > >(Needed for new Heimdal versions). > >Guenther >(cherry picked from commit c438b2b3923db66672ec82e795eef543de5fcb8a) >--- > source/configure.in | 9 +++++++-- > 1 files changed, 7 insertions(+), 2 deletions(-) > >diff --git a/source/configure.in b/source/configure.in >index cf46405..ead0e29 100644 >--- a/source/configure.in >+++ b/source/configure.in >@@ -3519,7 +3519,7 @@ if test x"$with_ads_support" != x"no"; then > # now check for krb5.h. Some systems have the libraries without the headers! > # note that this check is done here to allow for different kerberos > # include paths >- AC_CHECK_HEADERS(krb5.h) >+ AC_CHECK_HEADERS(krb5.h krb5/krb5.h) > > if test x"$ac_cv_header_krb5_h" = x"no"; then > >@@ -3540,7 +3540,12 @@ if test x"$with_ads_support" != x"no"; then > CPPFLAGS=$ac_save_CPPFLAGS > LDFLAGS=$ac_save_LDFLAGS > fi >- AC_CHECK_HEADERS(krb5/locate_plugin.h) >+ AC_CHECK_HEADERS([krb5/locate_plugin.h], [], [], >+[[#ifdef HAVE_KRB5_KRB5_H >+ #include <krb5/krb5.h> >+ #endif >+]]) >+ > if test x"$ac_cv_header_krb5_locate_plugin_h" = x"yes"; then > WINBIND_KRB5_LOCATOR="bin/winbind_krb5_locator.$SHLIBEXT" > EXTRA_ALL_TARGETS="$EXTRA_ALL_TARGETS $WINBIND_KRB5_LOCATOR" >-- >1.6.5.2 > > >From 6c72590d76cf28c060856ca420c1decc4e52809b Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 26 Nov 2009 10:15:45 +0100 >Subject: [PATCH 10/15] s3-kerberos: next step to resolve Bug #6929: build with recent heimdal. > >Based on patch from Allan <allan@archlinux.org>. > >Also should fix the FreeBSD build on the buildfarm. > >Guenther >(cherry picked from commit 5b3a32be97a37c119e837bdee8f049684565458c) >--- > source/configure.in | 6 +++--- > source/nsswitch/winbind_krb5_locator.c | 6 +++++- > 2 files changed, 8 insertions(+), 4 deletions(-) > >diff --git a/source/configure.in b/source/configure.in >index ead0e29..1092d00 100644 >--- a/source/configure.in >+++ b/source/configure.in >@@ -3519,7 +3519,7 @@ if test x"$with_ads_support" != x"no"; then > # now check for krb5.h. Some systems have the libraries without the headers! > # note that this check is done here to allow for different kerberos > # include paths >- AC_CHECK_HEADERS(krb5.h krb5/krb5.h) >+ AC_CHECK_HEADERS(krb5.h) > > if test x"$ac_cv_header_krb5_h" = x"no"; then > >@@ -3541,8 +3541,8 @@ if test x"$with_ads_support" != x"no"; then > LDFLAGS=$ac_save_LDFLAGS > fi > AC_CHECK_HEADERS([krb5/locate_plugin.h], [], [], >-[[#ifdef HAVE_KRB5_KRB5_H >- #include <krb5/krb5.h> >+[[#ifdef HAVE_KRB5_H >+ #include <krb5.h> > #endif > ]]) > >diff --git a/source/nsswitch/winbind_krb5_locator.c b/source/nsswitch/winbind_krb5_locator.c >index 272e7db..db6e8d0 100644 >--- a/source/nsswitch/winbind_krb5_locator.c >+++ b/source/nsswitch/winbind_krb5_locator.c >@@ -26,7 +26,11 @@ > > #if defined(HAVE_KRB5) && defined(HAVE_KRB5_LOCATE_PLUGIN_H) > >-#include <krb5/krb5.h> >+#if HAVE_COM_ERR_H >+#include <com_err.h> >+#endif >+ >+#include <krb5.h> > #include <krb5/locate_plugin.h> > > #ifndef KRB5_PLUGIN_NO_HANDLE >-- >1.6.5.2 > > >From d44a6e7ab4b2eeef5478689bf883ead7df3a3b2d Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 27 Nov 2009 01:06:36 +0100 >Subject: [PATCH 11/15] s3-kerberos: Fix Bug #6929: build with recent heimdal. > >Heimdal changed the KRB5_DEPRECATED define (which now may not take an identifier >for activation) in new releases (like 1.3.1). > >Guenther >(cherry picked from commit 1a8f8382740e352a83133b8c49aaedd4716210cd) >--- > source/configure.in | 19 +++++++++++++++++++ > source/libsmb/clikrb5.c | 2 +- > 2 files changed, 20 insertions(+), 1 deletions(-) > >diff --git a/source/configure.in b/source/configure.in >index 1092d00..6594e7c 100644 >--- a/source/configure.in >+++ b/source/configure.in >@@ -3550,6 +3550,25 @@ if test x"$with_ads_support" != x"no"; then > WINBIND_KRB5_LOCATOR="bin/winbind_krb5_locator.$SHLIBEXT" > EXTRA_ALL_TARGETS="$EXTRA_ALL_TARGETS $WINBIND_KRB5_LOCATOR" > fi >+ >+ # check for new heimdal KRB5_DEPRECATED handling >+ >+ AC_CACHE_CHECK([for KRB5_DEPRECATED define taking an identifier], >+ samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER,[ >+ AC_TRY_COMPILE( >+ [#define KRB5_DEPRECATED 1 >+ #include <krb5.h>], >+ [void main(void) {}], >+ samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=yes, >+ samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=no)]) >+ >+ if test x"$samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER" = x"yes"; then >+ AC_DEFINE(KRB5_DEPRECATED, 1, >+ [Whether to use deprecated krb5 interfaces]) >+ else >+ AC_DEFINE(KRB5_DEPRECATED,, >+ [Whether to use deprecated krb5 interfaces]) >+ fi > fi > > # Now we have determined whether we really want ADS support >diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c >index 2319387..666ca08 100644 >--- a/source/libsmb/clikrb5.c >+++ b/source/libsmb/clikrb5.c >@@ -21,7 +21,7 @@ > */ > > #define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */ >-#define KRB5_DEPRECATED 1 /* this file uses DEPRECATED interfaces! */ >+/* this file uses DEPRECATED interfaces! */ > > #include "includes.h" > >-- >1.6.5.2 > > >From 0d54df02509a830c0a2ed76e6e4afaffd81568dc Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 27 Nov 2009 15:52:57 +0100 >Subject: [PATCH 12/15] s3-kerberos: only use krb5 headers where required. > >This seems to be the only way to deal with mixed heimdal/MIT setups during >merged build. > >Guenther >--- > source/client/cifs.upcall.c | 1 + > source/configure.in | 5 +- > source/include/ads.h | 59 ------------- > source/include/includes.h | 138 +------------------------------- > source/include/krb5_protos.h | 146 +++++++++++++++++++++++++++++++++ > source/include/smb_krb5.h | 78 +++++++++++++++++ > source/libads/ads_status.c | 1 + > source/libads/authdata.c | 2 + > source/libads/kerberos.c | 1 + > source/libads/kerberos_keytab.c | 1 + > source/libads/kerberos_verify.c | 1 + > source/libads/krb5_errs.c | 1 + > source/libads/krb5_setpw.c | 1 + > source/libnet/libnet_keytab.h | 2 + > source/libsmb/cliconnect.c | 1 + > source/libsmb/clikrb5.c | 4 +- > source/rpc_client/cli_pipe.c | 1 + > source/utils/ntlm_auth.c | 1 + > source/winbindd/winbindd_cred_cache.c | 2 + > source/winbindd/winbindd_pam.c | 2 + > 20 files changed, 245 insertions(+), 203 deletions(-) > create mode 100644 source/include/krb5_protos.h > create mode 100644 source/include/smb_krb5.h > >diff --git a/source/client/cifs.upcall.c b/source/client/cifs.upcall.c >index a2616f0..7bc370c 100644 >--- a/source/client/cifs.upcall.c >+++ b/source/client/cifs.upcall.c >@@ -26,6 +26,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k > */ > > #include "includes.h" >+#include "smb_krb5.h" > #include <keyutils.h> > #include <getopt.h> > >diff --git a/source/configure.in b/source/configure.in >index 6594e7c..ba68a3c 100644 >--- a/source/configure.in >+++ b/source/configure.in >@@ -3563,10 +3563,7 @@ if test x"$with_ads_support" != x"no"; then > samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=no)]) > > if test x"$samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER" = x"yes"; then >- AC_DEFINE(KRB5_DEPRECATED, 1, >- [Whether to use deprecated krb5 interfaces]) >- else >- AC_DEFINE(KRB5_DEPRECATED,, >+ AC_DEFINE(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER, 1, > [Whether to use deprecated krb5 interfaces]) > fi > fi >diff --git a/source/include/ads.h b/source/include/ads.h >index abff9ea..ba3db90 100644 >--- a/source/include/ads.h >+++ b/source/include/ads.h >@@ -339,68 +339,9 @@ typedef void **ADS_MODLIST; > /* Kerberos environment variable names */ > #define KRB5_ENV_CCNAME "KRB5CCNAME" > >-/* Heimdal uses a slightly different name */ >-#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5) >-#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5 >-#endif >- >-/* The older versions of heimdal that don't have this >- define don't seem to use it anyway. I'm told they >- always use a subkey */ >-#ifndef HAVE_AP_OPTS_USE_SUBKEY >-#define AP_OPTS_USE_SUBKEY 0 >-#endif >- > #define WELL_KNOWN_GUID_COMPUTERS "AA312825768811D1ADED00C04FD8D5CD" > #define WELL_KNOWN_GUID_USERS "A9D1CA15768811D1ADED00C04FD8D5CD" > >-#ifndef KRB5_ADDR_NETBIOS >-#define KRB5_ADDR_NETBIOS 0x14 >-#endif >- >-#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG >-#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L) >-#endif >- >-#ifdef HAVE_KRB5 >-typedef struct { >- NTSTATUS ntstatus; >- uint32 unknown1; >- uint32 unknown2; /* 0x00000001 */ >-} KRB5_EDATA_NTSTATUS; >- >-typedef struct { >-#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */ >- krb5_address **addrs; >-#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */ >- krb5_addresses *addrs; >-#else >-#error UNKNOWN_KRB5_ADDRESS_TYPE >-#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */ >-} smb_krb5_addresses; >- >-#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ >-#define KRB5_KEY_TYPE(k) ((k)->keytype) >-#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) >-#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) >-#define KRB5_KEY_DATA_CAST void >-#else /* MIT */ >-#define KRB5_KEY_TYPE(k) ((k)->enctype) >-#define KRB5_KEY_LENGTH(k) ((k)->length) >-#define KRB5_KEY_DATA(k) ((k)->contents) >-#define KRB5_KEY_DATA_CAST krb5_octet >-#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */ >- >-#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ >-#define KRB5_KT_KEY(k) (&(k)->key) >-#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ >-#define KRB5_KT_KEY(k) (&(k)->keyblock) >-#else >-#error krb5_keytab_entry has no key or keyblock member >-#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */ >- >-#endif /* HAVE_KRB5 */ >- > enum ads_extended_dn_flags { > ADS_EXTENDED_DN_HEX_STRING = 0, > ADS_EXTENDED_DN_STRING = 1 /* not supported on win2k */ >diff --git a/source/include/includes.h b/source/include/includes.h >index b97f78f..d4f6ffc 100644 >--- a/source/include/includes.h >+++ b/source/include/includes.h >@@ -20,11 +20,6 @@ > along with this program. If not, see <http://www.gnu.org/licenses/>. > */ > >-/* work around broken krb5.h on sles9 */ >-#ifdef SIZEOF_LONG >-#undef SIZEOF_LONG >-#endif >- > #include "lib/replace/replace.h" > > /* make sure we have included the correct config.h */ >@@ -163,9 +158,7 @@ > #endif > #endif /* HAVE_NETGROUP */ > >-#if HAVE_KRB5_H >-#include <krb5.h> >-#else >+#ifndef HAVE_KRB5_H > #undef HAVE_KRB5 > #endif > >@@ -1144,135 +1137,6 @@ char *talloc_asprintf_strupper_m(TALLOC_CTX *t, const char *fmt, ...) PRINTF_ATT > #define XATTR_REPLACE 0x2 /* set value, fail if attr does not exist */ > #endif > >-#if defined(HAVE_KRB5) >- >-krb5_error_code smb_krb5_parse_name(krb5_context context, >- const char *name, /* in unix charset */ >- krb5_principal *principal); >- >-krb5_error_code smb_krb5_unparse_name(krb5_context context, >- krb5_const_principal principal, >- char **unix_name); >- >-#ifndef HAVE_KRB5_SET_REAL_TIME >-krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds); >-#endif >- >-krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc); >- >-#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) >-krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock); >-#endif >- >-#ifndef HAVE_KRB5_FREE_UNPARSED_NAME >-void krb5_free_unparsed_name(krb5_context ctx, char *val); >-#endif >- >-/* Stub out initialize_krb5_error_table since it is not present in all >- * Kerberos implementations. If it's not present, it's not necessary to >- * call it. >- */ >-#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE >-#define initialize_krb5_error_table() >-#endif >- >-/* Samba wrapper function for krb5 functionality. */ >-bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr); >-int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt); >-bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt); >-krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt); >-krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); >-#if defined(HAVE_KRB5_LOCATE_KDC) >-krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); >-#endif >-krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes); >-bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote); >-krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry); >-krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype); >-void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype); >-bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2); >-void kerberos_free_data_contents(krb5_context context, krb5_data *pdata); >-NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx, >- DATA_BLOB *pac_data_blob, >- krb5_context context, >- krb5_keyblock *service_keyblock, >- krb5_const_principal client_principal, >- time_t tgs_authtime, >- struct PAC_DATA **pac_data_out); >-void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum, >- struct PAC_SIGNATURE_DATA *sig); >-krb5_error_code smb_krb5_verify_checksum(krb5_context context, >- const krb5_keyblock *keyblock, >- krb5_keyusage usage, >- krb5_checksum *cksum, >- uint8 *data, >- size_t length); >-time_t get_authtime_from_tkt(krb5_ticket *tkt); >-void smb_krb5_free_ap_req(krb5_context context, >- krb5_ap_req *ap_req); >-krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context, >- const krb5_data *inbuf, >- krb5_kvno *kvno, >- krb5_enctype *enctype); >-krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context, >- krb5_auth_context *auth_context, >- const krb5_data *inbuf, >- krb5_const_principal server, >- krb5_keytab keytab, >- krb5_flags *ap_req_options, >- krb5_ticket **ticket, >- krb5_keyblock **keyblock); >-krb5_error_code smb_krb5_parse_name_norealm(krb5_context context, >- const char *name, >- krb5_principal *principal); >-bool smb_krb5_principal_compare_any_realm(krb5_context context, >- krb5_const_principal princ1, >- krb5_const_principal princ2); >-int cli_krb5_get_ticket(const char *principal, time_t time_offset, >- DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, const char *ccname, time_t *tgs_expire); >-krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time); >-krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code); >-krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr); >-krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr); >-NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error); >-krb5_error_code nt_status_to_krb5(NTSTATUS nt_status); >-void smb_krb5_free_error(krb5_context context, krb5_error *krberror); >-krb5_error_code handle_krberror_packet(krb5_context context, >- krb5_data *packet); >- >-void smb_krb5_get_init_creds_opt_free(krb5_context context, >- krb5_get_init_creds_opt *opt); >-krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context, >- krb5_get_init_creds_opt **opt); >-krb5_error_code smb_krb5_mk_error(krb5_context context, >- krb5_error_code error_code, >- const krb5_principal server, >- krb5_data *reply); >-krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry); >-krb5_error_code smb_krb5_enctype_to_string(krb5_context context, >- krb5_enctype enctype, >- char **etype_s); >-krb5_error_code smb_krb5_open_keytab(krb5_context context, >- const char *keytab_name, >- bool write_access, >- krb5_keytab *keytab); >-krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx, >- krb5_context context, >- krb5_keytab keytab, >- const char **keytab_name); >-int smb_krb5_kt_add_entry_ext(krb5_context context, >- krb5_keytab keytab, >- krb5_kvno kvno, >- const char *princ_s, >- krb5_enctype *enctypes, >- krb5_data password, >- bool no_salt, >- bool keep_old_entries); >-char *smb_krb5_principal_get_realm(krb5_context context, >- krb5_principal principal); >-#endif /* HAVE_KRB5 */ >- >- > #ifdef HAVE_LDAP > > /* function declarations not included in proto.h */ >diff --git a/source/include/krb5_protos.h b/source/include/krb5_protos.h >new file mode 100644 >index 0000000..ef5c667 >--- /dev/null >+++ b/source/include/krb5_protos.h >@@ -0,0 +1,146 @@ >+/* work around broken krb5.h on sles9 */ >+#ifdef SIZEOF_LONG >+#undef SIZEOF_LONG >+#endif >+ >+ >+#if defined(HAVE_KRB5) >+krb5_error_code smb_krb5_parse_name(krb5_context context, >+ const char *name, /* in unix charset */ >+ krb5_principal *principal); >+ >+krb5_error_code smb_krb5_unparse_name(krb5_context context, >+ krb5_const_principal principal, >+ char **unix_name); >+ >+#ifndef HAVE_KRB5_SET_REAL_TIME >+krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds); >+#endif >+ >+krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc); >+ >+#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) >+krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock); >+#endif >+ >+#ifndef HAVE_KRB5_FREE_UNPARSED_NAME >+void krb5_free_unparsed_name(krb5_context ctx, char *val); >+#endif >+ >+/* Stub out initialize_krb5_error_table since it is not present in all >+ * Kerberos implementations. If it's not present, it's not necessary to >+ * call it. >+ */ >+#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE >+#define initialize_krb5_error_table() >+#endif >+ >+/* Samba wrapper function for krb5 functionality. */ >+bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr); >+int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt); >+bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt); >+krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt); >+krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); >+#if defined(HAVE_KRB5_LOCATE_KDC) >+krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); >+#endif >+krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes); >+bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote); >+krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry); >+krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype); >+void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype); >+bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2); >+void kerberos_free_data_contents(krb5_context context, krb5_data *pdata); >+NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx, >+ DATA_BLOB *pac_data_blob, >+ krb5_context context, >+ krb5_keyblock *service_keyblock, >+ krb5_const_principal client_principal, >+ time_t tgs_authtime, >+ struct PAC_DATA **pac_data_out); >+void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum, >+ struct PAC_SIGNATURE_DATA *sig); >+krb5_error_code smb_krb5_verify_checksum(krb5_context context, >+ const krb5_keyblock *keyblock, >+ krb5_keyusage usage, >+ krb5_checksum *cksum, >+ uint8 *data, >+ size_t length); >+time_t get_authtime_from_tkt(krb5_ticket *tkt); >+void smb_krb5_free_ap_req(krb5_context context, >+ krb5_ap_req *ap_req); >+krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context, >+ const krb5_data *inbuf, >+ krb5_kvno *kvno, >+ krb5_enctype *enctype); >+krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context, >+ krb5_auth_context *auth_context, >+ const krb5_data *inbuf, >+ krb5_const_principal server, >+ krb5_keytab keytab, >+ krb5_flags *ap_req_options, >+ krb5_ticket **ticket, >+ krb5_keyblock **keyblock); >+krb5_error_code smb_krb5_parse_name_norealm(krb5_context context, >+ const char *name, >+ krb5_principal *principal); >+bool smb_krb5_principal_compare_any_realm(krb5_context context, >+ krb5_const_principal princ1, >+ krb5_const_principal princ2); >+int cli_krb5_get_ticket(const char *principal, time_t time_offset, >+ DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, >+ uint32 extra_ap_opts, const char *ccname, >+ time_t *tgs_expire); >+krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time); >+krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code); >+krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr); >+krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr); >+NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error); >+krb5_error_code nt_status_to_krb5(NTSTATUS nt_status); >+void smb_krb5_free_error(krb5_context context, krb5_error *krberror); >+krb5_error_code handle_krberror_packet(krb5_context context, >+ krb5_data *packet); >+ >+void smb_krb5_get_init_creds_opt_free(krb5_context context, >+ krb5_get_init_creds_opt *opt); >+krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context, >+ krb5_get_init_creds_opt **opt); >+krb5_error_code smb_krb5_mk_error(krb5_context context, >+ krb5_error_code error_code, >+ const krb5_principal server, >+ krb5_data *reply); >+krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry); >+krb5_error_code smb_krb5_enctype_to_string(krb5_context context, >+ krb5_enctype enctype, >+ char **etype_s); >+krb5_error_code smb_krb5_open_keytab(krb5_context context, >+ const char *keytab_name, >+ bool write_access, >+ krb5_keytab *keytab); >+krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx, >+ krb5_context context, >+ krb5_keytab keytab, >+ const char **keytab_name); >+int smb_krb5_kt_add_entry_ext(krb5_context context, >+ krb5_keytab keytab, >+ krb5_kvno kvno, >+ const char *princ_s, >+ krb5_enctype *enctypes, >+ krb5_data password, >+ bool no_salt, >+ bool keep_old_entries); >+krb5_error_code smb_krb5_get_credentials(krb5_context context, >+ krb5_ccache ccache, >+ krb5_principal me, >+ krb5_principal server, >+ krb5_principal impersonate_princ, >+ krb5_creds **out_creds); >+krb5_error_code smb_krb5_get_creds(const char *server_s, >+ time_t time_offset, >+ const char *cc, >+ const char *impersonate_princ_s, >+ krb5_creds **creds_p); >+char *smb_krb5_principal_get_realm(krb5_context context, >+ krb5_principal principal); >+#endif /* HAVE_KRB5 */ >+ >diff --git a/source/include/smb_krb5.h b/source/include/smb_krb5.h >new file mode 100644 >index 0000000..ce7acc4 >--- /dev/null >+++ b/source/include/smb_krb5.h >@@ -0,0 +1,78 @@ >+#ifndef _HEADER_smb_krb5_h >+#define _HEADER_smb_krb5_h >+ >+#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */ >+/* this file uses DEPRECATED interfaces! */ >+ >+#if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER) >+#define KRB5_DEPRECATED 1 >+#else >+#define KRB5_DEPRECATED >+#endif >+ >+#if HAVE_KRB5_H >+#include <krb5.h> >+#endif >+ >+#ifndef KRB5_ADDR_NETBIOS >+#define KRB5_ADDR_NETBIOS 0x14 >+#endif >+ >+#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG >+#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L) >+#endif >+ >+typedef struct { >+ NTSTATUS ntstatus; >+ uint32 unknown1; >+ uint32 unknown2; /* 0x00000001 */ >+} KRB5_EDATA_NTSTATUS; >+ >+/* Heimdal uses a slightly different name */ >+#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5) >+#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5 >+#endif >+ >+/* The older versions of heimdal that don't have this >+ define don't seem to use it anyway. I'm told they >+ always use a subkey */ >+#ifndef HAVE_AP_OPTS_USE_SUBKEY >+#define AP_OPTS_USE_SUBKEY 0 >+#endif >+ >+#ifdef HAVE_KRB5 >+typedef struct { >+#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */ >+ krb5_address **addrs; >+#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */ >+ krb5_addresses *addrs; >+#else >+#error UNKNOWN_KRB5_ADDRESS_TYPE >+#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */ >+} smb_krb5_addresses; >+ >+#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ >+#define KRB5_KEY_TYPE(k) ((k)->keytype) >+#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) >+#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) >+#define KRB5_KEY_DATA_CAST void >+#else /* MIT */ >+#define KRB5_KEY_TYPE(k) ((k)->enctype) >+#define KRB5_KEY_LENGTH(k) ((k)->length) >+#define KRB5_KEY_DATA(k) ((k)->contents) >+#define KRB5_KEY_DATA_CAST krb5_octet >+#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */ >+ >+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ >+#define KRB5_KT_KEY(k) (&(k)->key) >+#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ >+#define KRB5_KT_KEY(k) (&(k)->keyblock) >+#else >+#error krb5_keytab_entry has no key or keyblock member >+#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */ >+ >+#endif /* HAVE_KRB5 */ >+ >+#include "krb5_protos.h" >+ >+#endif /* _HEADER_smb_krb5_h */ >diff --git a/source/libads/ads_status.c b/source/libads/ads_status.c >index 29148e8..6680766 100644 >--- a/source/libads/ads_status.c >+++ b/source/libads/ads_status.c >@@ -21,6 +21,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > /* > build a ADS_STATUS structure >diff --git a/source/libads/authdata.c b/source/libads/authdata.c >index 0bde3e6..3ff69f4 100644 >--- a/source/libads/authdata.c >+++ b/source/libads/authdata.c >@@ -23,6 +23,8 @@ > */ > > #include "includes.h" >+#include "librpc/gen_ndr/ndr_krb5pac.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source/libads/kerberos.c b/source/libads/kerberos.c >index 1ceed64..f709102 100644 >--- a/source/libads/kerberos.c >+++ b/source/libads/kerberos.c >@@ -22,6 +22,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source/libads/kerberos_keytab.c b/source/libads/kerberos_keytab.c >index 7c028cb..8af44b5 100644 >--- a/source/libads/kerberos_keytab.c >+++ b/source/libads/kerberos_keytab.c >@@ -26,6 +26,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source/libads/kerberos_verify.c b/source/libads/kerberos_verify.c >index de3fdeb..f48a9f7 100644 >--- a/source/libads/kerberos_verify.c >+++ b/source/libads/kerberos_verify.c >@@ -24,6 +24,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source/libads/krb5_errs.c b/source/libads/krb5_errs.c >index 0e03ebb..d4ff09a 100644 >--- a/source/libads/krb5_errs.c >+++ b/source/libads/krb5_errs.c >@@ -18,6 +18,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source/libads/krb5_setpw.c b/source/libads/krb5_setpw.c >index ad86f0c..a83e6c5 100644 >--- a/source/libads/krb5_setpw.c >+++ b/source/libads/krb5_setpw.c >@@ -19,6 +19,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source/libnet/libnet_keytab.h b/source/libnet/libnet_keytab.h >index 4d311a4..9d72f0a 100644 >--- a/source/libnet/libnet_keytab.h >+++ b/source/libnet/libnet_keytab.h >@@ -17,6 +17,8 @@ > * along with this program; if not, see <http://www.gnu.org/licenses/>. > */ > >+#include "smb_krb5.h" >+ > #ifdef HAVE_KRB5 > > struct libnet_keytab_entry { >diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c >index 3e076b2..1362960 100644 >--- a/source/libsmb/cliconnect.c >+++ b/source/libsmb/cliconnect.c >@@ -19,6 +19,7 @@ > */ > > #include "includes.h" >+#include "smb_krb5.h" > > static const struct { > int prot; >diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c >index 666ca08..1b45e82 100644 >--- a/source/libsmb/clikrb5.c >+++ b/source/libsmb/clikrb5.c >@@ -20,10 +20,8 @@ > along with this program. If not, see <http://www.gnu.org/licenses/>. > */ > >-#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */ >-/* this file uses DEPRECATED interfaces! */ >- > #include "includes.h" >+#include "smb_krb5.h" > > #ifdef HAVE_KRB5 > >diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c >index 88bd4be..b976560 100644 >--- a/source/rpc_client/cli_pipe.c >+++ b/source/rpc_client/cli_pipe.c >@@ -19,6 +19,7 @@ > > #include "includes.h" > #include "librpc/gen_ndr/cli_epmapper.h" >+#include "smb_krb5.h" > > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_RPC_CLI >diff --git a/source/utils/ntlm_auth.c b/source/utils/ntlm_auth.c >index 8a9ac42..2d29ea9 100644 >--- a/source/utils/ntlm_auth.c >+++ b/source/utils/ntlm_auth.c >@@ -25,6 +25,7 @@ > > #include "includes.h" > #include "utils/ntlm_auth.h" >+#include "smb_krb5.h" > > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_WINBIND >diff --git a/source/winbindd/winbindd_cred_cache.c b/source/winbindd/winbindd_cred_cache.c >index ff6d0f3..9488a6f 100644 >--- a/source/winbindd/winbindd_cred_cache.c >+++ b/source/winbindd/winbindd_cred_cache.c >@@ -23,6 +23,8 @@ > > #include "includes.h" > #include "winbindd.h" >+#include "smb_krb5.h" >+ > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_WINBIND > >diff --git a/source/winbindd/winbindd_pam.c b/source/winbindd/winbindd_pam.c >index 646bef3..5130597 100644 >--- a/source/winbindd/winbindd_pam.c >+++ b/source/winbindd/winbindd_pam.c >@@ -24,6 +24,8 @@ > > #include "includes.h" > #include "winbindd.h" >+#include "smb_krb5.h" >+ > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_WINBIND > >-- >1.6.5.2 > > >From 2c69ecf1e287118bd8adf810e414bcb0ad3ff1e1 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 27 Nov 2009 18:30:18 +0100 >Subject: [PATCH 13/15] s3-kerberos: do not include authdata headers before including krb5 headers. > >Guenther >--- > source/include/includes.h | 1 - > source/libads/authdata.c | 1 + > 2 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/source/include/includes.h b/source/include/includes.h >index d4f6ffc..bf38d99 100644 >--- a/source/include/includes.h >+++ b/source/include/includes.h >@@ -679,7 +679,6 @@ typedef char fstring[FSTRING_LEN]; > #include "passdb.h" > #include "rpc_secdes.h" > #include "gpo.h" >-#include "authdata.h" > #include "msdfs.h" > #include "rap.h" > #include "md5.h" >diff --git a/source/libads/authdata.c b/source/libads/authdata.c >index 3ff69f4..9ee540d 100644 >--- a/source/libads/authdata.c >+++ b/source/libads/authdata.c >@@ -25,6 +25,7 @@ > #include "includes.h" > #include "librpc/gen_ndr/ndr_krb5pac.h" > #include "smb_krb5.h" >+#include "authdata.h" > > #ifdef HAVE_KRB5 > >-- >1.6.5.2 > > >From 8cc561cae43a4029b297eab4d5db0065409dbc5a Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 27 Nov 2009 18:51:56 +0100 >Subject: [PATCH 14/15] s3-kerberos: add a missing reference to authdata headers. > >Guenther >(cherry picked from commit da79cbb0800dd647be864e8bbb5fe1132708174b) >--- > source/libsmb/clikrb5.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > >diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c >index 1b45e82..595d6a0 100644 >--- a/source/libsmb/clikrb5.c >+++ b/source/libsmb/clikrb5.c >@@ -22,6 +22,7 @@ > > #include "includes.h" > #include "smb_krb5.h" >+#include "authdata.h" > > #ifdef HAVE_KRB5 > >-- >1.6.5.2 > > >From c5cf6ecfa215c1231692d0de86cc5dc42a075a3a Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 27 Nov 2009 20:08:44 +0100 >Subject: [PATCH 15/15] s3-kerberos: fix the build on Mac OS X 10.6.2. > >Guenther >(cherry picked from commit 51328a7056918bc75a7c1c442f47cf0271075542) >--- > source/configure.in | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/source/configure.in b/source/configure.in >index ba68a3c..650a38f 100644 >--- a/source/configure.in >+++ b/source/configure.in >@@ -3558,7 +3558,7 @@ if test x"$with_ads_support" != x"no"; then > AC_TRY_COMPILE( > [#define KRB5_DEPRECATED 1 > #include <krb5.h>], >- [void main(void) {}], >+ [], > samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=yes, > samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=no)]) > >-- >1.6.5.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 6929
:
5011
|
5016
|
5017
|
5024
| 5038 |
5051