From 53d357d1b7bacdf6cfc9146a4fe84e6f8706041e Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sat, 23 Nov 2013 19:46:29 +0000
Subject: [PATCH 1/3] Cope with first element in hdb_method having a different
 name in different heimdal versions.

It's called `interface_version` in older Heimdal versions and
`version` in newer versions.

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 28 04:17:55 CET 2013 on sn-devel-104

(cherry picked from commit 92489bfed4e6350b6858d5e39d538f41768912ae)
---
 source4/kdc/hdb-samba4-plugin.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source4/kdc/hdb-samba4-plugin.c b/source4/kdc/hdb-samba4-plugin.c
index 568386d..9135df8 100644
--- a/source4/kdc/hdb-samba4-plugin.c
+++ b/source4/kdc/hdb-samba4-plugin.c
@@ -78,7 +78,7 @@ static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db,
  * The <address> is the string form of a pointer to a talloced struct hdb_samba_context
  */
 struct hdb_method hdb_samba4_interface = {
-	.interface_version = HDB_INTERFACE_VERSION,
+	HDB_INTERFACE_VERSION,
 	.prefix = "samba4",
 	.create = hdb_samba4_create
 };
-- 
1.8.5.3


From 73f42f2f802b23c38b576d631f7eff61084ede1c Mon Sep 17 00:00:00 2001
From: Jeffrey Clark <dude@zaplabs.com>
Date: Fri, 10 Jan 2014 17:20:14 -0600
Subject: [PATCH 2/3] Support for Heimdal's unified krb5 and hdb plugin system.

Fixes exportkeytab and a kdc crash when building against heimdal master.

Bug-Debian: http://bugs.debian.org/732342

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
(cherry picked from commit 368208069e33a6d9b78a90f7326d5ac1bdd204f7)
---
 source4/kdc/hdb-samba4-plugin.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/source4/kdc/hdb-samba4-plugin.c b/source4/kdc/hdb-samba4-plugin.c
index 9135df8..cc38a60 100644
--- a/source4/kdc/hdb-samba4-plugin.c
+++ b/source4/kdc/hdb-samba4-plugin.c
@@ -70,6 +70,18 @@ static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db,
 	return EINVAL;
 }
 
+#if HDB_INTERFACE_VERSION >= 8
+static krb5_error_code hdb_samba4_init(krb5_context context, void **ctx)
+{
+	*ctx = NULL;
+	return 0;
+}
+
+static void hdb_samba4_fini(void *ctx)
+{
+}
+#endif
+
 /* Only used in the hdb-backed keytab code
  * for a keytab of 'samba4&<address>' or samba4, to find
  * kpasswd's key in the main DB, and to
@@ -79,6 +91,10 @@ static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db,
  */
 struct hdb_method hdb_samba4_interface = {
 	HDB_INTERFACE_VERSION,
+#if HDB_INTERFACE_VERSION >= 8
+	.init = hdb_samba4_init,
+	.fini = hdb_samba4_fini,
+#endif
 	.prefix = "samba4",
 	.create = hdb_samba4_create
 };
-- 
1.8.5.3


From 89e1b8a73c3d17db48c314258d97f88a2e2b7cf0 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 14 Jan 2014 11:23:04 +1300
Subject: [PATCH 3/3] kdc: Add belts-and-braces check that we fail if the hdb
 version changes

This checks both if host system run-time Heimdal has changed version,
and that the build-time version is supported.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jan 20 22:26:49 CET 2014 on sn-devel-104

(cherry picked from commit e758f4111356fafce5b5c8393648c9ea5c400601)
---
 source4/kdc/hdb-samba4-plugin.c | 6 ++++++
 source4/kdc/hdb-samba4.c        | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/source4/kdc/hdb-samba4-plugin.c b/source4/kdc/hdb-samba4-plugin.c
index cc38a60..6f76124 100644
--- a/source4/kdc/hdb-samba4-plugin.c
+++ b/source4/kdc/hdb-samba4-plugin.c
@@ -60,6 +60,8 @@ static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db,
 
 	if (NT_STATUS_IS_OK(nt_status)) {
 		return 0;
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ERROR_DS_INCOMPATIBLE_VERSION)) {
+		return EINVAL;
 	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) {
 		
 		krb5_set_error_message(context, EINVAL, "Failed to open Samba4 LDB at %s", lpcfg_private_path(base_ctx, base_ctx->lp_ctx, "sam.ldb"));
@@ -70,6 +72,10 @@ static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db,
 	return EINVAL;
 }
 
+#if (HDB_INTERFACE_VERSION != 8 && HDB_INTERFACE_VERSION != 7)
+#error "Unsupported Heimdal HDB version"
+#endif
+
 #if HDB_INTERFACE_VERSION >= 8
 static krb5_error_code hdb_samba4_init(krb5_context context, void **ctx)
 {
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 6a9e558..4519fb9 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -176,6 +176,11 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
 	struct samba_kdc_db_context *kdc_db_ctx;
 	NTSTATUS nt_status;
 
+	if (hdb_interface_version != HDB_INTERFACE_VERSION) {
+		krb5_set_error_message(context, EINVAL, "Heimdal HDB interface version mismatch between build-time and run-time libraries!");
+		return NT_STATUS_ERROR_DS_INCOMPATIBLE_VERSION;
+	}
+
 	*db = talloc(base_ctx, HDB);
 	if (!*db) {
 		krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
-- 
1.8.5.3