Bug 1661 - build failure with recent Heimdal krb5 implementations
Summary: build failure with recent Heimdal krb5 implementations
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Build environment (show other bugs)
Version: 3.0.8
Hardware: All All
: P3 normal
Target Milestone: none
Assignee: Tim Potter
QA Contact: Samba QA Contact
Depends on:
Reported: 2004-08-24 23:09 UTC by Luke Mewburn
Modified: 2005-08-24 10:27 UTC (History)
0 users

See Also:

krb5_setpw.c.diff (1.76 KB, patch)
2004-08-24 23:10 UTC, Luke Mewburn
no flags Details
krb5_setpw.diff (1.62 KB, patch)
2004-11-02 04:55 UTC, Luke Mewburn
no flags Details
krb5_setpw.c fix for samba 3.0.8 (1.60 KB, patch)
2004-11-09 06:14 UTC, Luke Mewburn
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Luke Mewburn 2004-08-24 23:09:50 UTC
Samba 3.0.6 won't build on systems with recent Heimdal krb5 implementations, due
to a conflict between <krb5.h> and libads/krb5_setpw.c with the definition of

My reading of RFC3244 and brief chat with a Heimdal developer indicate that
samba should just use the RFC3244 value for KRB5_KPASSWD_VERS_SETPW (0xff80),
instead of calling that KRB5_KPASSWD_VERS_SETPW_MS, which is a misnomer IMHO.

Are there any systems that actually expect to use `2' as the protocol number
(the current KRB5_KPASSWD_VERS_SETPW value in samba) ?  Note that krb5_setpw.c
until rev 1.11 actually used the correct value (0xff80).

(I'll attach a patch.)
Comment 1 Luke Mewburn 2004-08-24 23:10:26 UTC
Created attachment 617 [details]
Comment 2 Guenther Deschner 2004-11-01 09:23:51 UTC

I added a check for the KRB5_KPASSWD_VERS_SETPW-define to svn (defining it to
the obscure value of "2" only in the case that the library does not provide it's
own define). As long as there is no clear information about it's real meaning, I
tend to leave the "2" as a fallback.

If you feel this is not correct, please reopen.
Comment 3 Luke Mewburn 2004-11-02 04:46:04 UTC
I don't think this is quite correct; if we're going to retain the `2' value for
compat with the unknown (?) systems that need it, then the recent commit won't
help on systems that define KRB5_KPASSWD_VERS_SETPW as 0xff80, since the code
that does
   if (pversion == KRB5_KPASSWD_VERS_SETPW || pversion ==
will be checking pversion against 0xff80 twice, which seems counterproductive.

If we want to retain the ability to check pversion against 0xff80 (the standard
value) as well as `2' (for ???), I suggest that instead we do something like:

#define KRB5_KPASSWD_VERS_SETPW 0xff80     /* the standard value */
#define KRB5_KPASSWD_VERS_SETPW_ALT 2     /* compat value (for ???) */

/* ... */

if (pversion == KRB5_KPASSWD_VERS_SETPW || pversion == KRB5_KPASSWD_VERS_SETPW_ALT)
  /* ... */

I.e, change SETPW to 0xff80, rename SETPW_MS to SETPW_ALT and change it to 2,
and replace SETPW_MS with SETPW_ALT in the code.

I can provide a diff that shows what I mean if it helps. 
Comment 4 Luke Mewburn 2004-11-02 04:55:28 UTC
Created attachment 750 [details]

Replaces previous fix; this one defines KRB5_KPASSWD_VERS_SETPW to the standard
0xff80, and KRB5_KPASSWD_VERS_SETPW_ALT as 2 and uses instead of
Comment 5 Luke Mewburn 2004-11-02 18:56:17 UTC
After some research, I think that the `2' value comes from the expired internet

0xff80 comes from RFC3244:

Comment 6 Luke Mewburn 2004-11-09 06:14:25 UTC
Created attachment 759 [details]
krb5_setpw.c fix for samba 3.0.8

A patch against samba 3.0.8 to implement the fix in the way I most recently
discussed.  I.e., #define KRB5_KPASSWD_VERS_SETPW 0xff80  (to be consistent
with heimdal's <krb5.h>) and #define KRB5_KPASSWD_VERS_SETPW_ALT 2, and change
the code to suit.
Comment 7 Guenther Deschner 2004-11-12 16:12:52 UTC
Applied, Luke, thanks!
Comment 8 Gerald (Jerry) Carter (dead mail address) 2005-02-07 09:19:32 UTC
originally reported against 3.0.8pre1.  Cleaning up 
non-production versions.
Comment 9 Gerald (Jerry) Carter (dead mail address) 2005-02-07 09:19:56 UTC
actually that was originally against 3.0.8pre2.  Sorry.
Comment 10 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:27:32 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.