[PATCH] heimdal fixes for the new keytab code
Guenther Deschner
gd at sernet.de
Wed Jun 23 19:37:38 GMT 2004
Hello Jeremy,
as one of the initial authors of the samba-keytab-patch, I have to say first of
all: a big thank you for adding keytab-support to samba !
attached you'll find a quick, first proposal to get closer to build it with
heimdal as well. there is still an issue with initialising krb5_cursor and
setting typdef for realm in libads/krb5_setpw.c, IIRC.
Thanks,
Guenther
--
Guenther Deschner, SerNet Service Network GmbH
Phone: +49-(0)551-370000-0, Fax: +49-(0)551-370000-9
-------------- next part --------------
Index: source/configure.in
===================================================================
--- source/configure.in (revision 1229)
+++ source/configure.in (working copy)
@@ -2737,6 +2737,8 @@
AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_principal_get_comp_string, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_free_unparsed_name, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_free_keytab_entry_contents, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_kt_free_entry, $KRB5_LIBS)
LIBS="$LIBS $KRB5_LIBS"
Index: source/libsmb/clikrb5.c
===================================================================
--- source/libsmb/clikrb5.c (revision 1229)
+++ source/libsmb/clikrb5.c (working copy)
@@ -473,6 +473,18 @@
}
#endif
+
+krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry)
+{
+#if defined(HAVE_KRB5_KT_FREE_ENTRY)
+ return krb5_kt_free_entry(context, kt_entry);
+#elif defined(HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS)
+ return krb5_free_keytab_entry_contents(context, kt_entry);
+#else
+#error UNKNOWN_KT_FREE_FUNCTION
+#endif
+}
+
#else /* HAVE_KRB5 */
/* this saves a few linking headaches */
int cli_krb5_get_ticket(const char *principal, time_t time_offset,
Index: source/libads/kerberos_verify.c
===================================================================
--- source/libads/kerberos_verify.c (revision 1229)
+++ source/libads/kerberos_verify.c (working copy)
@@ -64,7 +64,11 @@
}
/* Look for a CIFS ticket */
if (!StrnCaseCmp(princ_name, "cifs/", 5)) {
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK
+ krb5_auth_con_setuseruserkey(context, auth_context, &kt_entry.keyblock);
+#else
krb5_auth_con_setuseruserkey(context, auth_context, &kt_entry.key);
+#endif
p_packet->length = ticket->length;
p_packet->data = (krb5_pointer)ticket->data;
@@ -73,7 +77,11 @@
krb5_free_unparsed_name(context, princ_name);
princ_name = NULL;
DEBUG(10,("ads_keytab_verify_ticket: enc type [%u] decrypted message !\n",
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK
+ (unsigned int) kt_entry.keyblock.keytype));
+#else
(unsigned int) kt_entry.key.enctype));
+#endif
auth_ok = True;
break;
}
Index: source/libads/kerberos_keytab.c
===================================================================
--- source/libads/kerberos_keytab.c (revision 1229)
+++ source/libads/kerberos_keytab.c (working copy)
@@ -48,6 +48,9 @@
char *principal = NULL;
char *princ_s = NULL;
char *password_s = NULL;
+#ifndef MAX_KEYTAB_NAME_LEN
+#define MAX_KEYTAB_NAME_LEN 1100
+#endif
char keytab_name[MAX_KEYTAB_NAME_LEN]; /* This MAX_NAME_LEN is a constant defined in krb5.h */
fstring my_fqdn;
int i;
@@ -163,7 +166,7 @@
error_message(ret)));
goto out;
}
- ret = krb5_free_keytab_entry_contents(context, &kt_entry);
+ ret = smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
if (ret) {
DEBUG(1,("ads_keytab_add_entry: krb5_kt_remove_entry failed (%s)\n",
@@ -174,10 +177,10 @@
}
/* Not a match, just free this entry and continue. */
- ret = krb5_free_keytab_entry_contents(context, &kt_entry);
+ ret = smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
if (ret) {
- DEBUG(1,("ads_keytab_add_entry: krb5_free_keytab_entry_contents failed (%s)\n", error_message(ret)));
+ DEBUG(1,("ads_keytab_add_entry: smb_krb5_kt_free_entry failed (%s)\n", error_message(ret)));
goto out;
}
}
@@ -253,7 +256,7 @@
krb5_keytab_entry zero_kt_entry;
ZERO_STRUCT(zero_kt_entry);
if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
- krb5_free_keytab_entry_contents(context, &kt_entry);
+ smb_krb5_kt_free_entry(context, &kt_entry);
}
}
if (princ) {
@@ -343,7 +346,7 @@
DEBUG(1,("ads_keytab_flush: krb5_kt_start_seq failed (%s)\n",error_message(ret)));
goto out;
}
- ret = krb5_free_keytab_entry_contents(context, &kt_entry);
+ ret = smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
if (ret) {
DEBUG(1,("ads_keytab_flush: krb5_kt_remove_entry failed (%s)\n",error_message(ret)));
@@ -367,7 +370,7 @@
krb5_keytab_entry zero_kt_entry;
ZERO_STRUCT(zero_kt_entry);
if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
- krb5_free_keytab_entry_contents(context, &kt_entry);
+ smb_krb5_kt_free_entry(context, &kt_entry);
}
}
if (cursor && keytab) {
@@ -434,7 +437,7 @@
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if (ret != KRB5_KT_END && ret != ENOENT ) {
while ((ret = krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) == 0) {
- krb5_free_keytab_entry_contents(context, &kt_entry);
+ smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
found++;
}
@@ -496,7 +499,7 @@
krb5_free_unparsed_name(context, ktprinc);
}
}
- krb5_free_keytab_entry_contents(context, &kt_entry);
+ smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
}
for (i = 0; oldEntries[i]; i++) {
@@ -515,7 +518,7 @@
krb5_keytab_entry zero_kt_entry;
ZERO_STRUCT(zero_kt_entry);
if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
- krb5_free_keytab_entry_contents(context, &kt_entry);
+ smb_krb5_kt_free_entry(context, &kt_entry);
}
}
if (cursor && keytab) {
More information about the samba-technical
mailing list