diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-01-05 11:16:24 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-01-10 21:50:07 +0100 |
commit | 39d73e2420be17cc7db16353e1a51a5d2123f9f1 (patch) | |
tree | 5389cbead88d59531f3f5cb7fcf2bc346b3e5160 | |
parent | a33d86a74592498ec731d57e8cd2ff6a260635bc (diff) | |
download | samba-39d73e2420be17cc7db16353e1a51a5d2123f9f1.tar.gz samba-39d73e2420be17cc7db16353e1a51a5d2123f9f1.tar.bz2 samba-39d73e2420be17cc7db16353e1a51a5d2123f9f1.zip |
krb5: Require krb5_get_renewed_creds be available to build with krb5
-rw-r--r-- | source3/configure.in | 7 | ||||
-rw-r--r-- | source3/libsmb/clikrb5.c | 53 | ||||
-rw-r--r-- | source3/wscript | 5 | ||||
-rw-r--r-- | source4/heimdal_build/wscript_configure | 1 |
4 files changed, 14 insertions, 52 deletions
diff --git a/source3/configure.in b/source3/configure.in index 0372490b26..53eaaf2bc5 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3879,7 +3879,6 @@ if test x"$with_ads_support" != x"no"; then AC_CHECK_FUNC_EXT(krb5_princ_size, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_set_pac_request, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_renewed_creds, $KRB5_LIBS) - AC_CHECK_FUNC_EXT(krb5_get_kdc_cred, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_free_error_contents, $KRB5_LIBS) AC_CHECK_FUNC_EXT(initialize_krb5_error_table, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_alloc, $KRB5_LIBS) @@ -4442,6 +4441,12 @@ if test x"$with_ads_support" != x"no"; then use_ads=no fi + if test x"$ac_cv_func_ext_krb5_get_renewed_creds" != x"yes" + then + AC_MSG_WARN(krb5_get_renewed_creds not found in -lkrb5) + use_ads=no + fi + if test x"$ac_cv_func_ext_krb5_principal2salt" != x"yes" -a \ x"$ac_cv_func_ext_krb5_get_pw_salt" != x"yes" then diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index adb9c9c6fb..c0d822e5da 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -1156,56 +1156,11 @@ out: } } -#ifdef HAVE_KRB5_GET_RENEWED_CREDS /* MIT */ - { - ret = krb5_get_renewed_creds(context, &creds, client, ccache, discard_const_p(char, service_string)); - if (ret) { - DEBUG(10,("smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n", error_message(ret))); - goto done; - } - } -#elif defined(HAVE_KRB5_GET_KDC_CRED) /* Heimdal */ - { - krb5_kdc_flags flags; - krb5_realm *client_realm = NULL; - - ret = krb5_copy_principal(context, client, &creds_in.client); - if (ret) { - goto done; - } - - if (service_string) { - ret = smb_krb5_parse_name(context, service_string, &creds_in.server); - if (ret) { - goto done; - } - } else { - /* build tgt service by default */ - client_realm = krb5_princ_realm(context, creds_in.client); - if (!client_realm) { - ret = ENOMEM; - goto done; - } - ret = krb5_make_principal(context, &creds_in.server, *client_realm, KRB5_TGS_NAME, *client_realm, NULL); - if (ret) { - goto done; - } - } - - flags.i = 0; - flags.b.renewable = flags.b.renew = True; - - ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &creds_in, &creds_out); - if (ret) { - DEBUG(10,("smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n", error_message(ret))); - goto done; - } - - creds = *creds_out; + ret = krb5_get_renewed_creds(context, &creds, client, ccache, discard_const_p(char, service_string)); + if (ret) { + DEBUG(10,("smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n", error_message(ret))); + goto done; } -#else -#error NO_SUITABLE_KRB5_TICKET_RENEW_FUNCTION_AVAILABLE -#endif /* hm, doesn't that create a new one if the old one wasn't there? - Guenther */ ret = krb5_cc_initialize(context, ccache, client); diff --git a/source3/wscript b/source3/wscript index a5bb371466..7d6b708591 100644 --- a/source3/wscript +++ b/source3/wscript @@ -584,7 +584,7 @@ krb5_krbhst_get_addrinfo krb5_c_enctype_compare krb5_crypto_init krb5_crypto_destroy krb5_decode_ap_req free_AP_REQ krb5_c_verify_checksum krb5_principal_compare_any_realm krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request -krb5_get_renewed_creds krb5_get_kdc_cred krb5_free_error_contents +krb5_get_renewed_creds krb5_free_error_contents initialize_krb5_error_table krb5_get_init_creds_opt_alloc krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype @@ -765,6 +765,9 @@ return krb5_kt_resolve(context, "WRFILE:api", &keytab); if not conf.CONFIG_SET('KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT'): Logs.warn("krb5_get_init_creds_opt_free was not found or was too old in -lkrb5") use_ads=False + if not conf.CONFIG_SET('HAVE_KRB5_GET_RENEWED_CREDS'): + Logs.warn("krb5_get_renewed_creds not found in -lkrb5") + use_ads=False if not conf.CONFIG_SET('HAVE_KRB5_PRINCIPAL2SALT') and \ not conf.CONFIG_SET('HAVE_KRB5_GET_PW_SALT'): Logs.warn("no CREATE_KEY_FUNCTIONS detected") diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure index 7fd557c017..8a34fddccd 100644 --- a/source4/heimdal_build/wscript_configure +++ b/source4/heimdal_build/wscript_configure @@ -117,7 +117,6 @@ conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC', 1) conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_FREE', 1) conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR', 1) conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST', 1) -conf.define('HAVE_KRB5_GET_KDC_CRED', 1) conf.define('HAVE_KRB5_GET_PW_SALT', 1) conf.define('HAVE_KRB5_GET_RENEWED_CREDS', 1) conf.define('HAVE_KRB5_KEYBLOCK_KEYVALUE', 1) |