summaryrefslogtreecommitdiff
path: root/source3/libads
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2004-06-24 05:56:44 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:52:01 -0500
commit2b76b28932d9d1ed714e79579414f630966342e7 (patch)
tree02a7e6fb3fa2cb0436b108ea9f23250fdbc6e9dc /source3/libads
parent087868c49916e96cf860577144bc19b799fd720e (diff)
downloadsamba-2b76b28932d9d1ed714e79579414f630966342e7.tar.gz
samba-2b76b28932d9d1ed714e79579414f630966342e7.tar.bz2
samba-2b76b28932d9d1ed714e79579414f630966342e7.zip
r1236: Heimdal fixes from Guenther Deschner <gd@sernet.de>, more to come before
it compiles with Heimdal. Jeremy. (This used to be commit dd07278b892770ac51750b87a4ab902d4de3a960)
Diffstat (limited to 'source3/libads')
-rw-r--r--source3/libads/kerberos_keytab.c21
-rw-r--r--source3/libads/kerberos_verify.c8
2 files changed, 20 insertions, 9 deletions
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index cb0841f2e2..f312d8b8ef 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -48,6 +48,9 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
char *principal = NULL;
char *princ_s = NULL;
char *password_s = NULL;
+#ifndef MAX_KEYTAB_NAME_LEN
+#define MAX_KEYTAB_NAME_LEN 1100
+#endif
char keytab_name[MAX_KEYTAB_NAME_LEN]; /* This MAX_NAME_LEN is a constant defined in krb5.h */
fstring my_fqdn;
int i;
@@ -163,7 +166,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
error_message(ret)));
goto out;
}
- ret = krb5_free_keytab_entry_contents(context, &kt_entry);
+ ret = smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
if (ret) {
DEBUG(1,("ads_keytab_add_entry: krb5_kt_remove_entry failed (%s)\n",
@@ -174,10 +177,10 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
}
/* Not a match, just free this entry and continue. */
- ret = krb5_free_keytab_entry_contents(context, &kt_entry);
+ ret = smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
if (ret) {
- DEBUG(1,("ads_keytab_add_entry: krb5_free_keytab_entry_contents failed (%s)\n", error_message(ret)));
+ DEBUG(1,("ads_keytab_add_entry: smb_krb5_kt_free_entry failed (%s)\n", error_message(ret)));
goto out;
}
}
@@ -253,7 +256,7 @@ out:
krb5_keytab_entry zero_kt_entry;
ZERO_STRUCT(zero_kt_entry);
if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
- krb5_free_keytab_entry_contents(context, &kt_entry);
+ smb_krb5_kt_free_entry(context, &kt_entry);
}
}
if (princ) {
@@ -343,7 +346,7 @@ int ads_keytab_flush(ADS_STRUCT *ads)
DEBUG(1,("ads_keytab_flush: krb5_kt_start_seq failed (%s)\n",error_message(ret)));
goto out;
}
- ret = krb5_free_keytab_entry_contents(context, &kt_entry);
+ ret = smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
if (ret) {
DEBUG(1,("ads_keytab_flush: krb5_kt_remove_entry failed (%s)\n",error_message(ret)));
@@ -367,7 +370,7 @@ out:
krb5_keytab_entry zero_kt_entry;
ZERO_STRUCT(zero_kt_entry);
if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
- krb5_free_keytab_entry_contents(context, &kt_entry);
+ smb_krb5_kt_free_entry(context, &kt_entry);
}
}
if (cursor && keytab) {
@@ -434,7 +437,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if (ret != KRB5_KT_END && ret != ENOENT ) {
while ((ret = krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) == 0) {
- krb5_free_keytab_entry_contents(context, &kt_entry);
+ smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
found++;
}
@@ -496,7 +499,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
krb5_free_unparsed_name(context, ktprinc);
}
}
- krb5_free_keytab_entry_contents(context, &kt_entry);
+ smb_krb5_kt_free_entry(context, &kt_entry);
ZERO_STRUCT(kt_entry);
}
for (i = 0; oldEntries[i]; i++) {
@@ -515,7 +518,7 @@ done:
krb5_keytab_entry zero_kt_entry;
ZERO_STRUCT(zero_kt_entry);
if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
- krb5_free_keytab_entry_contents(context, &kt_entry);
+ smb_krb5_kt_free_entry(context, &kt_entry);
}
}
if (cursor && keytab) {
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 2665f40c49..8a18976b3a 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -64,7 +64,11 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut
}
/* Look for a CIFS ticket */
if (!StrnCaseCmp(princ_name, "cifs/", 5)) {
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK
+ krb5_auth_con_setuseruserkey(context, auth_context, &kt_entry.keyblock);
+#else
krb5_auth_con_setuseruserkey(context, auth_context, &kt_entry.key);
+#endif
p_packet->length = ticket->length;
p_packet->data = (krb5_pointer)ticket->data;
@@ -73,7 +77,11 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut
krb5_free_unparsed_name(context, princ_name);
princ_name = NULL;
DEBUG(10,("ads_keytab_verify_ticket: enc type [%u] decrypted message !\n",
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK
+ (unsigned int) kt_entry.keyblock.keytype));
+#else
(unsigned int) kt_entry.key.enctype));
+#endif
auth_ok = True;
break;
}