diff options
| author | Günther Deschner <gd@samba.org> | 2006-04-25 12:24:25 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:16:29 -0500 |
| commit | 351e749246a278b60a7e18c1eeafdc8ec70efea2 (patch) | |
| tree | 7080fbf71b0f4cedfd4eeae1eb42478b2b327b49 /source3/configure.in | |
| parent | 66fd215dc754963c866c3c3402f65d6bd14b8dcd (diff) | |
| download | samba-351e749246a278b60a7e18c1eeafdc8ec70efea2.tar.gz samba-351e749246a278b60a7e18c1eeafdc8ec70efea2.tar.bz2 samba-351e749246a278b60a7e18c1eeafdc8ec70efea2.zip | |
r15240: Correctly disallow unauthorized access when logging on with the
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
Diffstat (limited to 'source3/configure.in')
| -rw-r--r-- | source3/configure.in | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/source3/configure.in b/source3/configure.in index c479d2d290..d700740c0d 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3655,6 +3655,18 @@ if test x"$with_ads_support" != x"no"; then [Whether krb5_keytab_entry has keyblock member]) fi + AC_CACHE_CHECK([for magic in krb5_address], + samba_cv_HAVE_MAGIC_IN_KRB5_ADDRESS,[ + AC_TRY_COMPILE([#include <krb5.h>], + [krb5_address addr; addr.magic = 0;], + samba_cv_HAVE_MAGIC_IN_KRB5_ADDRESS=yes, + samba_cv_HAVE_MAGIC_IN_KRB5_ADDRESS=no)]) + + if test x"$samba_cv_HAVE_MAGIC_IN_KRB5_ADDRESS" = x"yes"; then + AC_DEFINE(HAVE_MAGIC_IN_KRB5_ADDRESS,1, + [Whether the krb5_address struct has a magic property]) + fi + if test x"$ac_cv_lib_ext_krb5_krb5_mk_req_extended" = x"yes"; then AC_DEFINE(HAVE_KRB5,1,[Whether to have KRB5 support]) AC_DEFINE(WITH_ADS,1,[Whether to include Active Directory support]) @@ -3705,6 +3717,18 @@ if test x"$with_ads_support" != x"no"; then [Whether krb5_princ_realm returns krb5_realm or krb5_data]) fi + AC_CACHE_CHECK([for krb5_addresses type], + samba_cv_HAVE_KRB5_ADDRESSES,[ + AC_TRY_COMPILE([#include <krb5.h>], + [krb5_addresses addr;], + samba_cv_HAVE_KRB5_ADDRESSES=yes, + samba_cv_HAVE_KRB5_ADDRESSES=no)]) + + if test x"$samba_cv_HAVE_KRB5_ADDRESSES" = x"yes"; then + AC_DEFINE(HAVE_KRB5_ADDRESSES,1, + [Whether the type krb5_addresses type exists]) + fi + LIBS="$ac_save_LIBS" fi |