summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-01-05 11:16:24 +1100
committerAndrew Bartlett <abartlet@samba.org>2012-01-10 21:50:07 +0100
commit39d73e2420be17cc7db16353e1a51a5d2123f9f1 (patch)
tree5389cbead88d59531f3f5cb7fcf2bc346b3e5160
parenta33d86a74592498ec731d57e8cd2ff6a260635bc (diff)
downloadsamba-39d73e2420be17cc7db16353e1a51a5d2123f9f1.tar.gz
samba-39d73e2420be17cc7db16353e1a51a5d2123f9f1.tar.bz2
samba-39d73e2420be17cc7db16353e1a51a5d2123f9f1.zip
krb5: Require krb5_get_renewed_creds be available to build with krb5
-rw-r--r--source3/configure.in7
-rw-r--r--source3/libsmb/clikrb5.c53
-rw-r--r--source3/wscript5
-rw-r--r--source4/heimdal_build/wscript_configure1
4 files changed, 14 insertions, 52 deletions
diff --git a/source3/configure.in b/source3/configure.in
index 0372490b26..53eaaf2bc5 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3879,7 +3879,6 @@ if test x"$with_ads_support" != x"no"; then
AC_CHECK_FUNC_EXT(krb5_princ_size, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_set_pac_request, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_renewed_creds, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_get_kdc_cred, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_free_error_contents, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(initialize_krb5_error_table, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_alloc, $KRB5_LIBS)
@@ -4442,6 +4441,12 @@ if test x"$with_ads_support" != x"no"; then
use_ads=no
fi
+ if test x"$ac_cv_func_ext_krb5_get_renewed_creds" != x"yes"
+ then
+ AC_MSG_WARN(krb5_get_renewed_creds not found in -lkrb5)
+ use_ads=no
+ fi
+
if test x"$ac_cv_func_ext_krb5_principal2salt" != x"yes" -a \
x"$ac_cv_func_ext_krb5_get_pw_salt" != x"yes"
then
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index adb9c9c6fb..c0d822e5da 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -1156,56 +1156,11 @@ out:
}
}
-#ifdef HAVE_KRB5_GET_RENEWED_CREDS /* MIT */
- {
- ret = krb5_get_renewed_creds(context, &creds, client, ccache, discard_const_p(char, service_string));
- if (ret) {
- DEBUG(10,("smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n", error_message(ret)));
- goto done;
- }
- }
-#elif defined(HAVE_KRB5_GET_KDC_CRED) /* Heimdal */
- {
- krb5_kdc_flags flags;
- krb5_realm *client_realm = NULL;
-
- ret = krb5_copy_principal(context, client, &creds_in.client);
- if (ret) {
- goto done;
- }
-
- if (service_string) {
- ret = smb_krb5_parse_name(context, service_string, &creds_in.server);
- if (ret) {
- goto done;
- }
- } else {
- /* build tgt service by default */
- client_realm = krb5_princ_realm(context, creds_in.client);
- if (!client_realm) {
- ret = ENOMEM;
- goto done;
- }
- ret = krb5_make_principal(context, &creds_in.server, *client_realm, KRB5_TGS_NAME, *client_realm, NULL);
- if (ret) {
- goto done;
- }
- }
-
- flags.i = 0;
- flags.b.renewable = flags.b.renew = True;
-
- ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &creds_in, &creds_out);
- if (ret) {
- DEBUG(10,("smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n", error_message(ret)));
- goto done;
- }
-
- creds = *creds_out;
+ ret = krb5_get_renewed_creds(context, &creds, client, ccache, discard_const_p(char, service_string));
+ if (ret) {
+ DEBUG(10,("smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n", error_message(ret)));
+ goto done;
}
-#else
-#error NO_SUITABLE_KRB5_TICKET_RENEW_FUNCTION_AVAILABLE
-#endif
/* hm, doesn't that create a new one if the old one wasn't there? - Guenther */
ret = krb5_cc_initialize(context, ccache, client);
diff --git a/source3/wscript b/source3/wscript
index a5bb371466..7d6b708591 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -584,7 +584,7 @@ krb5_krbhst_get_addrinfo krb5_c_enctype_compare
krb5_crypto_init krb5_crypto_destroy krb5_decode_ap_req free_AP_REQ
krb5_c_verify_checksum krb5_principal_compare_any_realm
krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request
-krb5_get_renewed_creds krb5_get_kdc_cred krb5_free_error_contents
+krb5_get_renewed_creds krb5_free_error_contents
initialize_krb5_error_table krb5_get_init_creds_opt_alloc
krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error
krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype
@@ -765,6 +765,9 @@ return krb5_kt_resolve(context, "WRFILE:api", &keytab);
if not conf.CONFIG_SET('KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT'):
Logs.warn("krb5_get_init_creds_opt_free was not found or was too old in -lkrb5")
use_ads=False
+ if not conf.CONFIG_SET('HAVE_KRB5_GET_RENEWED_CREDS'):
+ Logs.warn("krb5_get_renewed_creds not found in -lkrb5")
+ use_ads=False
if not conf.CONFIG_SET('HAVE_KRB5_PRINCIPAL2SALT') and \
not conf.CONFIG_SET('HAVE_KRB5_GET_PW_SALT'):
Logs.warn("no CREATE_KEY_FUNCTIONS detected")
diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index 7fd557c017..8a34fddccd 100644
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -117,7 +117,6 @@ conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC', 1)
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_FREE', 1)
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR', 1)
conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST', 1)
-conf.define('HAVE_KRB5_GET_KDC_CRED', 1)
conf.define('HAVE_KRB5_GET_PW_SALT', 1)
conf.define('HAVE_KRB5_GET_RENEWED_CREDS', 1)
conf.define('HAVE_KRB5_KEYBLOCK_KEYVALUE', 1)