[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha6-424-g329b877

Günther Deschner gd at samba.org
Tue Feb 3 14:33:40 GMT 2009


The branch, master has been updated
       via  329b8775f56c8a89f02646e11ba27a33080f48b1 (commit)
       via  b0ea17973400cd15c3fb23c8deb4f9c37b42035a (commit)
       via  3367812df604bb1d01f59ee2750427426164c519 (commit)
       via  1318fe8c60cf3e6a12dfaf5933d7750d73cb3878 (commit)
      from  20a1cb15699c781651593c68685ece91c03e6a18 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 329b8775f56c8a89f02646e11ba27a33080f48b1
Author: Günther Deschner <gd at samba.org>
Date:   Tue Feb 3 15:31:28 2009 +0100

    s3-net: fix warning message for keytab usage.
    
    Guenther

commit b0ea17973400cd15c3fb23c8deb4f9c37b42035a
Author: Günther Deschner <gd at samba.org>
Date:   Tue Feb 3 14:15:40 2009 +0100

    s3-kerberos: use KRB5_KT_KEY compat macro.
    
    Guenther

commit 3367812df604bb1d01f59ee2750427426164c519
Author: Günther Deschner <gd at samba.org>
Date:   Tue Feb 3 14:53:58 2009 +0100

    s3-kerberos: fix ads_dedicated_keytab_verify_ticket with heimdal.
    
    Guenther

commit 1318fe8c60cf3e6a12dfaf5933d7750d73cb3878
Author: Günther Deschner <gd at samba.org>
Date:   Tue Feb 3 14:51:12 2009 +0100

    Revert "fix for commit d96248a9b46 which broke Heimdal builds"
    
    This does not build.
    
    This reverts commit af736923a541df1a37afeb72b8a5652932c4c69c.

-----------------------------------------------------------------------

Summary of changes:
 source3/libads/kerberos_verify.c |   25 ++++++++++---------------
 source3/utils/net_ads.c          |    4 ++--
 2 files changed, 12 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index ec897ad..b903b2a 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -45,6 +45,8 @@ static bool ads_dedicated_keytab_verify_ticket(krb5_context context,
 	krb5_ticket *dec_ticket = NULL;
 
 	krb5_data packet;
+	krb5_kvno kvno = 0;
+	krb5_enctype enctype;
 
 	*pp_tkt = NULL;
 	*keyblock = NULL;
@@ -62,7 +64,6 @@ static bool ads_dedicated_keytab_verify_ticket(krb5_context context,
 
 	packet.length = ticket->length;
 	packet.data = (char *)ticket->data;
-	*pp_tkt = NULL;
 
 	ret = krb5_rd_req(context, &auth_context, &packet, NULL, keytab,
 	    NULL, &dec_ticket);
@@ -71,29 +72,23 @@ static bool ads_dedicated_keytab_verify_ticket(krb5_context context,
 		goto out;
 	}
 
-	/* Get the key for checking the pac signature */
 #ifdef HAVE_ETYPE_IN_ENCRYPTEDDATA /* Heimdal */
-	ret = krb5_kt_get_entry(context, keytab, dec_ticket->server,
-	    dec_ticket.enc_part.kvno, dec_ticket.enc_part.etype,
-	    &kt_entry);
+	enctype = dec_ticket->ticket.key.keytype;
 #else /* MIT */
-	ret = krb5_kt_get_entry(context, keytab, dec_ticket->server,
-	    dec_ticket->enc_part.kvno, dec_ticket->enc_part.enctype,
-	    &kt_entry);
+	enctype = dec_ticket->enc_part.enctype;
+	kvno    = dec_ticket->enc_part.kvno;
 #endif
+
+	/* Get the key for checking the pac signature */
+	ret = krb5_kt_get_entry(context, keytab, dec_ticket->server,
+				kvno, enctype, &kt_entry);
 	if (ret) {
 		DEBUG(0, ("krb5_kt_get_entry failed (%s)\n",
 			  error_message(ret)));
 		goto out;
 	}
 
-#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */
-	ret = krb5_copy_keyblock(context, &kt_entry.keyblock, keyblock);
-#elif defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) /* MIT */
-	ret = krb5_copy_keyblock(context, &kt_entry.key, keyblock);
-#else
-#error UNKNOWN_KRB5_KEYTAB_ENTRY_FORMAT
-#endif
+	ret = krb5_copy_keyblock(context, KRB5_KT_KEY(&kt_entry), keyblock);
 	smb_krb5_kt_free_entry(context, &kt_entry);
 
 	if (ret) {
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 03786e2..86fb9f6 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -2242,8 +2242,8 @@ int net_ads_keytab(struct net_context *c, int argc, const char **argv)
 	};
 
 	if (!USE_KERBEROS_KEYTAB) {
-		d_printf("\nWarning: \"kerberos method\" must be set to a \
-		    keytab method to use keytab functions.\n");
+		d_printf("\nWarning: \"kerberos method\" must be set to a "
+		    "keytab method to use keytab functions.\n");
 	}
 
 	return net_run_function(c, argc, argv, "net ads keytab", func);


-- 
Samba Shared Repository


More information about the samba-cvs mailing list