[SCM] Samba Shared Repository - branch v3-4-test updated
Karolin Seeger
kseeger at samba.org
Mon Nov 30 07:21:43 MST 2009
The branch, v3-4-test has been updated
via 2004627... s3-kerberos: fix the build on Mac OS X 10.6.2.
via a9a3504... s3-kerberos: add a missing reference to authdata headers.
via 41fb263... s3-kerberos: only use krb5 headers where required.
via 83ee139... s3-kerberos: Fix Bug #6929: build with recent heimdal.
via 9ea9c20... s3-kerberos: next step to resolve Bug #6929: build with recent heimdal.
via 124c695... s3-kerberos: add check for prerequisite krb5/krb5.h header while checking for krb5/locate_plugin.h.
via 0d19596... nsswitch: fix compile of winbind_krb5_locator with recent Heimdal versions.
via e3a06f2... cifs.upcall: 2nd part of fix for Bug #6868: support building with Heimdal we well as with MIT.
via 15832c2... s3-build: really fix build of winbind_krb5_locator.
via 8900c0a... nsswitch: fix the build of the winbind krb5 locator plugin.
from dbe41dc... s3:docs: Fix typo in man mount.cifs.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit 200462730f39d7eaee3917801046b120bc807c3f
Author: Günther Deschner <gd at samba.org>
Date: Fri Nov 27 20:08:44 2009 +0100
s3-kerberos: fix the build on Mac OS X 10.6.2.
Guenther
(cherry picked from commit 51328a7056918bc75a7c1c442f47cf0271075542)
commit a9a3504ede1306ceb86d99bceb5e8bf4d48f40c2
Author: Günther Deschner <gd at samba.org>
Date: Fri Nov 27 18:51:56 2009 +0100
s3-kerberos: add a missing reference to authdata headers.
Guenther
(cherry picked from commit da79cbb0800dd647be864e8bbb5fe1132708174b)
commit 41fb263aacc5dce50d3554598d08cb497ffd929f
Author: Günther Deschner <gd at samba.org>
Date: Fri Nov 27 15:52:57 2009 +0100
s3-kerberos: only use krb5 headers where required.
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.
Guenther
commit 83ee139ddde91bffc7b5921eb5e6a4364a408d38
Author: Günther Deschner <gd at samba.org>
Date: Fri Nov 27 01:06:36 2009 +0100
s3-kerberos: Fix Bug #6929: build with recent heimdal.
Heimdal changed the KRB5_DEPRECATED define (which now may not take an identifier
for activation) in new releases (like 1.3.1).
Guenther
(cherry picked from commit 1a8f8382740e352a83133b8c49aaedd4716210cd)
commit 9ea9c2089ed0835f4cf8f5fb6fecf4f156b19520
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 26 10:15:45 2009 +0100
s3-kerberos: next step to resolve Bug #6929: build with recent heimdal.
Based on patch from Allan <allan at archlinux.org>.
Also should fix the FreeBSD build on the buildfarm.
Guenther
(cherry picked from commit 5b3a32be97a37c119e837bdee8f049684565458c)
commit 124c695872a6630cc6670a0547e1c3e6507be748
Author: Günther Deschner <gd at samba.org>
Date: Wed Nov 25 21:33:48 2009 +0100
s3-kerberos: add check for prerequisite krb5/krb5.h header while checking for krb5/locate_plugin.h.
(Needed for new Heimdal versions).
Guenther
(cherry picked from commit c438b2b3923db66672ec82e795eef543de5fcb8a)
commit 0d19596e123d63343d31ca1783cc1f56d4f21684
Author: Günther Deschner <gd at samba.org>
Date: Wed Nov 25 15:21:54 2009 +0100
nsswitch: fix compile of winbind_krb5_locator with recent Heimdal versions.
Guenther
(cherry picked from commit 51864219cc12ceb66c281355f3e1191d5e32842d)
commit e3a06f282d5e5c06bd006497dd8736a531e6cb3b
Author: Günther Deschner <gd at samba.org>
Date: Wed Nov 25 15:06:19 2009 +0100
cifs.upcall: 2nd part of fix for Bug #6868: support building with Heimdal we well as with MIT.
Guenther
(cherry picked from commit 660ee2e74523194e5f6b2b6428d76628beb74717)
commit 15832c25f0d252646045b292530556239805e737
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 19 13:44:33 2009 +0100
s3-build: really fix build of winbind_krb5_locator.
Guenther
(cherry picked from commit fc9f199f2619635f73e8ee7f3b5359521d63f325)
commit 8900c0a1c8dd16cd98bfd219232d3bc57acb033a
Author: Günther Deschner <gd at samba.org>
Date: Wed Oct 21 02:44:44 2009 +0200
nsswitch: fix the build of the winbind krb5 locator plugin.
Guenther
(cherry picked from commit b9d9353b548d9b2ab684aa171f511174e6414762)
-----------------------------------------------------------------------
Summary of changes:
nsswitch/winbind_krb5_locator.c | 5 +
source3/Makefile.in | 2 +-
source3/client/cifs.upcall.c | 3 +
source3/configure.in | 23 +++++-
source3/include/ads.h | 71 ++++-----------
source3/include/includes.h | 156 +-------------------------------
source3/include/krb5_protos.h | 147 ++++++++++++++++++++++++++++++
source3/include/proto.h | 4 -
source3/include/smb_krb5.h | 72 +++++++++++++++
source3/libads/ads_status.c | 1 +
source3/libads/authdata.c | 1 +
source3/libads/kerberos.c | 1 +
source3/libads/kerberos_keytab.c | 1 +
source3/libads/kerberos_verify.c | 1 +
source3/libads/krb5_errs.c | 1 +
source3/libads/krb5_setpw.c | 1 +
source3/libnet/libnet.h | 1 +
source3/libsmb/cliconnect.c | 1 +
source3/libsmb/clikrb5.c | 5 +-
source3/libsmb/clispnego.c | 1 +
source3/rpc_client/cli_pipe.c | 1 +
source3/utils/ntlm_auth.c | 1 +
source3/winbindd/winbindd_cred_cache.c | 2 +
source3/winbindd/winbindd_pam.c | 2 +
24 files changed, 287 insertions(+), 217 deletions(-)
create mode 100644 source3/include/krb5_protos.h
create mode 100644 source3/include/smb_krb5.h
Changeset truncated at 500 lines:
diff --git a/nsswitch/winbind_krb5_locator.c b/nsswitch/winbind_krb5_locator.c
index b9e35bd..db6e8d0 100644
--- a/nsswitch/winbind_krb5_locator.c
+++ b/nsswitch/winbind_krb5_locator.c
@@ -26,6 +26,11 @@
#if defined(HAVE_KRB5) && defined(HAVE_KRB5_LOCATE_PLUGIN_H)
+#if HAVE_COM_ERR_H
+#include <com_err.h>
+#endif
+
+#include <krb5.h>
#include <krb5/locate_plugin.h>
#ifndef KRB5_PLUGIN_NO_HANDLE
diff --git a/source3/Makefile.in b/source3/Makefile.in
index fb45056..f1f8471 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -2390,7 +2390,7 @@ bin/vlp at EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
bin/winbind_krb5_locator. at SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ) @LIBWBCLIENT_TARGET@
@echo "Linking $@"
- @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(LIBWBCLIENT_LIBS) \
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(LIBWBCLIENT_LIBS) $(KRB5LIBS) \
@SONAMEFLAG@`basename $@`
bin/pam_winbind. at SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) @LIBTALLOC_TARGET@ @LIBWBCLIENT_TARGET@
diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c
index ecd0348..1617e0e 100644
--- a/source3/client/cifs.upcall.c
+++ b/source3/client/cifs.upcall.c
@@ -26,6 +26,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k
*/
#include "includes.h"
+#include "smb_krb5.h"
#include <keyutils.h>
#include <getopt.h>
@@ -104,7 +105,9 @@ err_endseq:
err_ccstart:
krb5_free_principal(context, principal);
err_princ:
+#if defined(KRB5_TC_OPENCLOSE)
krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
+#endif
krb5_cc_close(context, ccache);
err_cache:
krb5_free_context(context);
diff --git a/source3/configure.in b/source3/configure.in
index 70a8fe8..705aa9b 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3297,11 +3297,32 @@ if test x"$with_ads_support" != x"no"; then
CPPFLAGS=$ac_save_CPPFLAGS
LDFLAGS=$ac_save_LDFLAGS
fi
- AC_CHECK_HEADERS(krb5/locate_plugin.h)
+ AC_CHECK_HEADERS([krb5/locate_plugin.h], [], [],
+[[#ifdef HAVE_KRB5_H
+ #include <krb5.h>
+ #endif
+]])
+
if test x"$ac_cv_header_krb5_locate_plugin_h" = x"yes"; then
WINBIND_KRB5_LOCATOR="bin/winbind_krb5_locator.$SHLIBEXT"
EXTRA_ALL_TARGETS="$EXTRA_ALL_TARGETS $WINBIND_KRB5_LOCATOR"
fi
+
+ # check for new heimdal KRB5_DEPRECATED handling
+
+ AC_CACHE_CHECK([for KRB5_DEPRECATED define taking an identifier],
+ samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER,[
+ AC_TRY_COMPILE(
+ [#define KRB5_DEPRECATED 1
+ #include <krb5.h>],
+ [],
+ samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=yes,
+ samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=no)])
+
+ if test x"$samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER, 1,
+ [Whether to use deprecated krb5 interfaces])
+ fi
fi
# Now we have determined whether we really want ADS support
diff --git a/source3/include/ads.h b/source3/include/ads.h
index 0fa19b5..3921c77 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -6,6 +6,24 @@
basically this is a wrapper around ldap
*/
+/*
+ * This should be under the HAVE_KRB5 flag but since they're used
+ * in lp_kerberos_method(), they ned to be always available
+ */
+#define KERBEROS_VERIFY_SECRETS 0
+#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1
+#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2
+#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3
+
+/*
+ * If you add any entries to the above, please modify the below expressions
+ * so they remain accurate.
+ */
+#define USE_KERBEROS_KEYTAB (KERBEROS_VERIFY_SECRETS != lp_kerberos_method())
+#define USE_SYSTEM_KEYTAB \
+ ((KERBEROS_VERIFY_SECRETS_AND_KEYTAB == lp_kerberos_method()) || \
+ (KERBEROS_VERIFY_SYSTEM_KEYTAB == lp_kerberos_method()))
+
enum wb_posix_mapping {
WB_POSIX_MAP_UNKNOWN = -1,
WB_POSIX_MAP_TEMPLATE = 0,
@@ -339,62 +357,9 @@ typedef void **ADS_MODLIST;
/* Kerberos environment variable names */
#define KRB5_ENV_CCNAME "KRB5CCNAME"
-/* Heimdal uses a slightly different name */
-#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5)
-#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
-#endif
-
-/* The older versions of heimdal that don't have this
- define don't seem to use it anyway. I'm told they
- always use a subkey */
-#ifndef HAVE_AP_OPTS_USE_SUBKEY
-#define AP_OPTS_USE_SUBKEY 0
-#endif
-
#define WELL_KNOWN_GUID_COMPUTERS "AA312825768811D1ADED00C04FD8D5CD"
#define WELL_KNOWN_GUID_USERS "A9D1CA15768811D1ADED00C04FD8D5CD"
-#ifndef KRB5_ADDR_NETBIOS
-#define KRB5_ADDR_NETBIOS 0x14
-#endif
-
-#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG
-#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
-#endif
-
-#ifdef HAVE_KRB5
-typedef struct {
-#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
- krb5_address **addrs;
-#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */
- krb5_addresses *addrs;
-#else
-#error UNKNOWN_KRB5_ADDRESS_TYPE
-#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */
-} smb_krb5_addresses;
-
-#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
-#define KRB5_KEY_TYPE(k) ((k)->keytype)
-#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
-#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
-#define KRB5_KEY_DATA_CAST void
-#else /* MIT */
-#define KRB5_KEY_TYPE(k) ((k)->enctype)
-#define KRB5_KEY_LENGTH(k) ((k)->length)
-#define KRB5_KEY_DATA(k) ((k)->contents)
-#define KRB5_KEY_DATA_CAST krb5_octet
-#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
-
-#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */
-#define KRB5_KT_KEY(k) (&(k)->key)
-#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */
-#define KRB5_KT_KEY(k) (&(k)->keyblock)
-#else
-#error krb5_keytab_entry has no key or keyblock member
-#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */
-
-#endif /* HAVE_KRB5 */
-
enum ads_extended_dn_flags {
ADS_EXTENDED_DN_HEX_STRING = 0,
ADS_EXTENDED_DN_STRING = 1 /* not supported on win2k */
diff --git a/source3/include/includes.h b/source3/include/includes.h
index ea9a159..471b955 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -20,11 +20,6 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-/* work around broken krb5.h on sles9 */
-#ifdef SIZEOF_LONG
-#undef SIZEOF_LONG
-#endif
-
#include "../replace/replace.h"
/* make sure we have included the correct config.h */
@@ -146,9 +141,7 @@
#endif
#endif /* HAVE_NETGROUP */
-#if HAVE_KRB5_H
-#include <krb5.h>
-#else
+#ifndef HAVE_KRB5_H
#undef HAVE_KRB5
#endif
@@ -883,153 +876,6 @@ char *talloc_asprintf_strupper_m(TALLOC_CTX *t, const char *fmt, ...) PRINTF_ATT
#define XATTR_REPLACE 0x2 /* set value, fail if attr does not exist */
#endif
-/*
- * This should be under the HAVE_KRB5 flag but since they're used
- * in lp_kerberos_method(), they ned to be always available
- */
-#define KERBEROS_VERIFY_SECRETS 0
-#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1
-#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2
-#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3
-
-/*
- * If you add any entries to the above, please modify the below expressions
- * so they remain accurate.
- */
-#define USE_KERBEROS_KEYTAB (KERBEROS_VERIFY_SECRETS != lp_kerberos_method())
-#define USE_SYSTEM_KEYTAB \
- ((KERBEROS_VERIFY_SECRETS_AND_KEYTAB == lp_kerberos_method()) || \
- (KERBEROS_VERIFY_SYSTEM_KEYTAB == lp_kerberos_method()))
-
-#if defined(HAVE_KRB5)
-krb5_error_code smb_krb5_parse_name(krb5_context context,
- const char *name, /* in unix charset */
- krb5_principal *principal);
-
-krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
- krb5_context context,
- krb5_const_principal principal,
- char **unix_name);
-
-#ifndef HAVE_KRB5_SET_REAL_TIME
-krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds);
-#endif
-
-krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
-
-#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
-krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock);
-#endif
-
-#ifndef HAVE_KRB5_FREE_UNPARSED_NAME
-void krb5_free_unparsed_name(krb5_context ctx, char *val);
-#endif
-
-/* Stub out initialize_krb5_error_table since it is not present in all
- * Kerberos implementations. If it's not present, it's not necessary to
- * call it.
- */
-#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE
-#define initialize_krb5_error_table()
-#endif
-
-/* Samba wrapper function for krb5 functionality. */
-bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr);
-int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt);
-bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt);
-krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
-krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
-#if defined(HAVE_KRB5_LOCATE_KDC)
-krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
-#endif
-krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
-bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote);
-krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
-krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype);
-void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype);
-bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2);
-void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
-NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx,
- DATA_BLOB *pac_data_blob,
- krb5_context context,
- krb5_keyblock *service_keyblock,
- krb5_const_principal client_principal,
- time_t tgs_authtime,
- struct PAC_DATA **pac_data_out);
-void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
- struct PAC_SIGNATURE_DATA *sig);
-krb5_error_code smb_krb5_verify_checksum(krb5_context context,
- const krb5_keyblock *keyblock,
- krb5_keyusage usage,
- krb5_checksum *cksum,
- uint8 *data,
- size_t length);
-time_t get_authtime_from_tkt(krb5_ticket *tkt);
-void smb_krb5_free_ap_req(krb5_context context,
- krb5_ap_req *ap_req);
-krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context,
- const krb5_data *inbuf,
- krb5_kvno *kvno,
- krb5_enctype *enctype);
-krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context,
- krb5_auth_context *auth_context,
- const krb5_data *inbuf,
- krb5_const_principal server,
- krb5_keytab keytab,
- krb5_flags *ap_req_options,
- krb5_ticket **ticket,
- krb5_keyblock **keyblock);
-krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
- const char *name,
- krb5_principal *principal);
-bool smb_krb5_principal_compare_any_realm(krb5_context context,
- krb5_const_principal princ1,
- krb5_const_principal princ2);
-int cli_krb5_get_ticket(const char *principal, time_t time_offset,
- DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, const char *ccname, time_t *tgs_expire);
-krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time);
-krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code);
-krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr);
-krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr);
-NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error);
-krb5_error_code nt_status_to_krb5(NTSTATUS nt_status);
-void smb_krb5_free_error(krb5_context context, krb5_error *krberror);
-krb5_error_code handle_krberror_packet(krb5_context context,
- krb5_data *packet);
-
-void smb_krb5_get_init_creds_opt_free(krb5_context context,
- krb5_get_init_creds_opt *opt);
-krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context,
- krb5_get_init_creds_opt **opt);
-krb5_error_code smb_krb5_mk_error(krb5_context context,
- krb5_error_code error_code,
- const krb5_principal server,
- krb5_data *reply);
-krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry);
-krb5_error_code smb_krb5_enctype_to_string(krb5_context context,
- krb5_enctype enctype,
- char **etype_s);
-krb5_error_code smb_krb5_open_keytab(krb5_context context,
- const char *keytab_name,
- bool write_access,
- krb5_keytab *keytab);
-krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx,
- krb5_context context,
- krb5_keytab keytab,
- const char **keytab_name);
-int smb_krb5_kt_add_entry_ext(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- krb5_enctype *enctypes,
- krb5_data password,
- bool no_salt,
- bool keep_old_entries);
-char *smb_krb5_principal_get_realm(krb5_context context,
- krb5_principal principal);
-#endif /* HAVE_KRB5 */
-
-
#ifdef HAVE_LDAP
/* function declarations not included in proto.h */
diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h
new file mode 100644
index 0000000..2a6069a
--- /dev/null
+++ b/source3/include/krb5_protos.h
@@ -0,0 +1,147 @@
+/* work around broken krb5.h on sles9 */
+#ifdef SIZEOF_LONG
+#undef SIZEOF_LONG
+#endif
+
+
+#if defined(HAVE_KRB5)
+krb5_error_code smb_krb5_parse_name(krb5_context context,
+ const char *name, /* in unix charset */
+ krb5_principal *principal);
+
+krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
+ krb5_context context,
+ krb5_const_principal principal,
+ char **unix_name);
+
+#ifndef HAVE_KRB5_SET_REAL_TIME
+krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds);
+#endif
+
+krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
+
+#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
+krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock);
+#endif
+
+#ifndef HAVE_KRB5_FREE_UNPARSED_NAME
+void krb5_free_unparsed_name(krb5_context ctx, char *val);
+#endif
+
+/* Stub out initialize_krb5_error_table since it is not present in all
+ * Kerberos implementations. If it's not present, it's not necessary to
+ * call it.
+ */
+#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE
+#define initialize_krb5_error_table()
+#endif
+
+/* Samba wrapper function for krb5 functionality. */
+bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr);
+int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt);
+bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt);
+krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
+krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
+#if defined(HAVE_KRB5_LOCATE_KDC)
+krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
+#endif
+krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
+bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote);
+krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
+krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype);
+void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype);
+bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2);
+void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
+NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *pac_data_blob,
+ krb5_context context,
+ krb5_keyblock *service_keyblock,
+ krb5_const_principal client_principal,
+ time_t tgs_authtime,
+ struct PAC_DATA **pac_data_out);
+void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
+ struct PAC_SIGNATURE_DATA *sig);
+krb5_error_code smb_krb5_verify_checksum(krb5_context context,
+ const krb5_keyblock *keyblock,
+ krb5_keyusage usage,
+ krb5_checksum *cksum,
+ uint8 *data,
+ size_t length);
+time_t get_authtime_from_tkt(krb5_ticket *tkt);
+void smb_krb5_free_ap_req(krb5_context context,
+ krb5_ap_req *ap_req);
+krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context,
+ const krb5_data *inbuf,
+ krb5_kvno *kvno,
+ krb5_enctype *enctype);
+krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context,
+ krb5_auth_context *auth_context,
+ const krb5_data *inbuf,
+ krb5_const_principal server,
+ krb5_keytab keytab,
+ krb5_flags *ap_req_options,
+ krb5_ticket **ticket,
+ krb5_keyblock **keyblock);
+krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
+ const char *name,
+ krb5_principal *principal);
+bool smb_krb5_principal_compare_any_realm(krb5_context context,
+ krb5_const_principal princ1,
+ krb5_const_principal princ2);
+int cli_krb5_get_ticket(const char *principal, time_t time_offset,
+ DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
+ uint32 extra_ap_opts, const char *ccname,
+ time_t *tgs_expire);
+krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time);
+krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code);
+krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr);
+krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr);
+NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error);
+krb5_error_code nt_status_to_krb5(NTSTATUS nt_status);
+void smb_krb5_free_error(krb5_context context, krb5_error *krberror);
+krb5_error_code handle_krberror_packet(krb5_context context,
+ krb5_data *packet);
+
+void smb_krb5_get_init_creds_opt_free(krb5_context context,
+ krb5_get_init_creds_opt *opt);
+krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context,
+ krb5_get_init_creds_opt **opt);
+krb5_error_code smb_krb5_mk_error(krb5_context context,
+ krb5_error_code error_code,
+ const krb5_principal server,
+ krb5_data *reply);
+krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry);
+krb5_error_code smb_krb5_enctype_to_string(krb5_context context,
+ krb5_enctype enctype,
+ char **etype_s);
+krb5_error_code smb_krb5_open_keytab(krb5_context context,
+ const char *keytab_name,
+ bool write_access,
+ krb5_keytab *keytab);
+krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx,
+ krb5_context context,
+ krb5_keytab keytab,
+ const char **keytab_name);
+int smb_krb5_kt_add_entry_ext(krb5_context context,
+ krb5_keytab keytab,
+ krb5_kvno kvno,
+ const char *princ_s,
+ krb5_enctype *enctypes,
+ krb5_data password,
+ bool no_salt,
+ bool keep_old_entries);
--
Samba Shared Repository
More information about the samba-cvs
mailing list