[SCM] Samba Shared Repository - branch v3-4-test updated
Karolin Seeger
kseeger at samba.org
Tue Nov 24 03:37:42 MST 2009
The branch, v3-4-test has been updated
via f9a9e32... cifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT.
via 80d2ad8... s3-kerberos: add smb_krb5_principal_get_realm().
from 8c2dfcd... s3: fixed krb5 build problem on ubuntu karmic
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit f9a9e3268212b0430588d7e727b37998ace23ba7
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 12 00:52:38 2009 +0100
cifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT.
Guenther
(cherry picked from commit b29eed492f1c056adb0b53510be10e738276ca11)
commit 80d2ad88d8deac953346d1ce98fb519d7f2bf3de
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 12 00:51:46 2009 +0100
s3-kerberos: add smb_krb5_principal_get_realm().
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/client/cifs.upcall.c | 34 ++++++++++++++++------------------
source3/include/includes.h | 3 ++-
source3/libsmb/clikrb5.c | 25 +++++++++++++++++++++++++
3 files changed, 43 insertions(+), 19 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c
index 71e60c6..ecd0348 100644
--- a/source3/client/cifs.upcall.c
+++ b/source3/client/cifs.upcall.c
@@ -44,18 +44,6 @@ typedef enum _sectype {
MS_KRB5
} sectype_t;
-static inline int
-k5_data_equal(krb5_data d1, krb5_data d2, unsigned int length)
-{
- if (!length)
- length = d1.length;
-
- return (d1.length == length &&
- d1.length == d2.length &&
- memcmp(d1.data, d2.data, length) == 0);
-
-}
-
/* does the ccache have a valid TGT? */
static time_t
get_tgt_time(const char *ccname) {
@@ -64,9 +52,8 @@ get_tgt_time(const char *ccname) {
krb5_cc_cursor cur;
krb5_creds creds;
krb5_principal principal;
- krb5_data tgt = { .data = "krbtgt",
- .length = 6 };
time_t credtime = 0;
+ char *realm = NULL;
if (krb5_init_context(&context)) {
syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__);
@@ -93,16 +80,27 @@ get_tgt_time(const char *ccname) {
goto err_ccstart;
}
+ if ((realm = smb_krb5_principal_get_realm(context, principal)) == NULL) {
+ syslog(LOG_DEBUG, "%s: unable to get realm", __func__);
+ goto err_ccstart;
+ }
+
while (!credtime && !krb5_cc_next_cred(context, ccache, &cur, &creds)) {
- if (k5_data_equal(creds.server->realm, principal->realm, 0) &&
- k5_data_equal(creds.server->data[0], tgt, tgt.length) &&
- k5_data_equal(creds.server->data[1], principal->realm, 0) &&
+ char *name;
+ if (smb_krb5_unparse_name(NULL, context, creds.server, &name)) {
+ syslog(LOG_DEBUG, "%s: unable to unparse name", __func__);
+ goto err_endseq;
+ }
+ if (krb5_realm_compare(context, creds.server, principal) &&
+ strnequal(name, KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE) &&
+ strnequal(name+KRB5_TGS_NAME_SIZE+1, realm, strlen(realm)) &&
creds.times.endtime > time(NULL))
credtime = creds.times.endtime;
krb5_free_cred_contents(context, &creds);
+ TALLOC_FREE(name);
}
+err_endseq:
krb5_cc_end_seq_get(context, ccache, &cur);
-
err_ccstart:
krb5_free_principal(context, principal);
err_princ:
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 4dee258..ea9a159 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -1025,7 +1025,8 @@ int smb_krb5_kt_add_entry_ext(krb5_context context,
krb5_data password,
bool no_salt,
bool keep_old_entries);
-
+char *smb_krb5_principal_get_realm(krb5_context context,
+ krb5_principal principal);
#endif /* HAVE_KRB5 */
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 76d99c1..6e6793b 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -1941,6 +1941,31 @@ krb5_error_code krb5_auth_con_set_req_cksumtype(
}
#endif
+/*
+ * smb_krb5_principal_get_realm
+ *
+ * @brief Get realm of a principal
+ *
+ * @param[in] context The krb5_context
+ * @param[in] principal The principal
+ * @return pointer to the realm
+ *
+ */
+
+char *smb_krb5_principal_get_realm(krb5_context context,
+ krb5_principal principal)
+{
+#ifdef HAVE_KRB5_PRINCIPAL_GET_REALM /* Heimdal */
+ return krb5_principal_get_realm(context, principal);
+#elif defined(krb5_princ_realm) /* MIT */
+ krb5_data *realm;
+ realm = krb5_princ_realm(context, principal);
+ return (char *)realm->data;
+#else
+ return NULL;
+#endif
+}
+
#else /* HAVE_KRB5 */
/* this saves a few linking headaches */
int cli_krb5_get_ticket(const char *principal, time_t time_offset,
--
Samba Shared Repository
More information about the samba-cvs
mailing list