diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-01-05 10:51:29 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-01-10 21:50:07 +0100 |
| commit | 6b2e742d6c719258c8ff1c2309847e88bdae97e7 (patch) | |
| tree | 79e819e85c4d6df9df58a56347244dc1b3662b76 /libcli/auth | |
| parent | 17e61e4290d7d95b0bdd2accda24e526484a1c51 (diff) | |
| download | samba-6b2e742d6c719258c8ff1c2309847e88bdae97e7.tar.gz samba-6b2e742d6c719258c8ff1c2309847e88bdae97e7.tar.bz2 samba-6b2e742d6c719258c8ff1c2309847e88bdae97e7.zip | |
krb5: Require krb5_c_verify_checksum is available to build with krb5
Diffstat (limited to 'libcli/auth')
| -rw-r--r-- | libcli/auth/krb5_wrap.c | 83 |
1 files changed, 20 insertions, 63 deletions
diff --git a/libcli/auth/krb5_wrap.c b/libcli/auth/krb5_wrap.c index e7e071d484..8bd17670bb 100644 --- a/libcli/auth/krb5_wrap.c +++ b/libcli/auth/krb5_wrap.c @@ -241,71 +241,28 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, { krb5_error_code ret; - /* verify the checksum */ - - /* welcome to the wonderful world of samba's kerberos abstraction layer: - * - * function heimdal 0.6.1rc3 heimdal 0.7 MIT krb 1.4.2 - * ----------------------------------------------------------------------------- - * krb5_c_verify_checksum - works works - * krb5_verify_checksum works (6 args) works (6 args) broken (7 args) - */ - -#if defined(HAVE_KRB5_C_VERIFY_CHECKSUM) - { - krb5_boolean checksum_valid = false; - krb5_data input; - - input.data = (char *)data; - input.length = length; - - ret = krb5_c_verify_checksum(context, - keyblock, - usage, - &input, - cksum, - &checksum_valid); - if (ret) { - DEBUG(3,("smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: %s\n", - error_message(ret))); - return ret; - } - - if (!checksum_valid) - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - -#elif KRB5_VERIFY_CHECKSUM_ARGS == 6 && defined(HAVE_KRB5_CRYPTO_INIT) && defined(HAVE_KRB5_CRYPTO) && defined(HAVE_KRB5_CRYPTO_DESTROY) - - /* Warning: MIT's krb5_verify_checksum cannot be used as it will use a key - * without enctype and it ignores any key_usage types - Guenther */ - - { + /* verify the checksum, heimdal 0.7 and MIT krb 1.4.2 and above */ - krb5_crypto crypto; - ret = krb5_crypto_init(context, - keyblock, - 0, - &crypto); - if (ret) { - DEBUG(0,("smb_krb5_verify_checksum: krb5_crypto_init() failed: %s\n", - error_message(ret))); - return ret; - } - - ret = krb5_verify_checksum(context, - crypto, - usage, - data, - length, - cksum); - - krb5_crypto_destroy(context, crypto); + krb5_boolean checksum_valid = false; + krb5_data input; + + input.data = (char *)data; + input.length = length; + + ret = krb5_c_verify_checksum(context, + keyblock, + usage, + &input, + cksum, + &checksum_valid); + if (ret) { + DEBUG(3,("smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: %s\n", + error_message(ret))); + return ret; } - -#else -#error UNKNOWN_KRB5_VERIFY_CHECKSUM_FUNCTION -#endif + + if (!checksum_valid) + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; return ret; } |