summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2004-10-29 22:38:10 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:53:05 -0500
commit0772ddbae1be394c538f1d3529ea84434eadcf97 (patch)
tree8482824cfa5f0b9f157e61ac22afa045165113fd /source3/libsmb
parentb57feea6d312de778e232f478d768ac5f3552b3e (diff)
downloadsamba-0772ddbae1be394c538f1d3529ea84434eadcf97.tar.gz
samba-0772ddbae1be394c538f1d3529ea84434eadcf97.tar.bz2
samba-0772ddbae1be394c538f1d3529ea84434eadcf97.zip
r3377: Merge in first part of modified patch from Nalin Dahyabhai <nalin@redhat.com>
for bug #1717.The rest of the code needed to call this patch has not yet been checked in (that's my next task). This has not yet been tested - I'll do this once the rest of the patch is integrated. Jeremy. (This used to be commit 7565019286cf44f43c8066c005b1cd5c1556435f)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/cliconnect.c2
-rw-r--r--source3/libsmb/clikrb5.c47
2 files changed, 39 insertions, 10 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 4ff60c1b1c..60691287e6 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -757,7 +757,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
int ret;
use_in_memory_ccache();
- ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL);
+ ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL, NULL);
if (ret){
SAFE_FREE(principal);
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 5aa1668705..32a50464e0 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -81,7 +81,7 @@
#endif
#if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_USE_ENCTYPE) && defined(HAVE_KRB5_STRING_TO_KEY)
- int create_kerberos_key_from_string(krb5_context context,
+ int create_kerberos_key_from_string_direct(krb5_context context,
krb5_principal host_princ,
krb5_data *password,
krb5_keyblock *key,
@@ -102,7 +102,7 @@
return ret;
}
#elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
- int create_kerberos_key_from_string(krb5_context context,
+ int create_kerberos_key_from_string_direct(krb5_context context,
krb5_principal host_princ,
krb5_data *password,
krb5_keyblock *key,
@@ -123,6 +123,27 @@
__ERROR_XX_UNKNOWN_CREATE_KEY_FUNCTIONS
#endif
+int create_kerberos_key_from_string(krb5_context context,
+ krb5_principal host_princ,
+ krb5_data *password,
+ krb5_keyblock *key,
+ krb5_enctype enctype)
+{
+ krb5_principal salt_princ = NULL;
+ int ret;
+ /*
+ * Check if we've determined that the KDC is salting keys for this
+ * principal/enctype in a non-obvious way. If it is, try to match
+ * its behavior.
+ */
+ salt_princ = kerberos_fetch_salt_princ_for_host_princ(context, host_princ, enctype);
+ ret = create_kerberos_key_from_string_direct(context, salt_princ ? salt_princ : host_princ, password, key, enctype);
+ if (salt_princ) {
+ krb5_free_principal(context, salt_princ);
+ }
+ return ret;
+}
+
#if defined(HAVE_KRB5_GET_PERMITTED_ENCTYPES)
krb5_error_code get_kerberos_allowed_etypes(krb5_context context,
krb5_enctype **enctypes)
@@ -251,6 +272,17 @@
}
#endif
+void kerberos_free_data_contents(krb5_context context, krb5_data *pdata)
+{
+#if !defined(HAVE_KRB5_FREE_DATA_CONTENTS)
+ if (pdata->data) {
+ krb5_free_data_contents(context, pdata);
+ }
+#else
+ SAFE_FREE(pdata->data);
+#endif
+}
+
void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype)
{
#if defined(HAVE_KRB5_KEYBLOCK_IN_CREDS)
@@ -262,7 +294,7 @@ void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype)
#endif
}
-krb5_boolean kerberos_compatible_enctypes(krb5_context context,
+BOOL kerberos_compatible_enctypes(krb5_context context,
krb5_enctype enctype1,
krb5_enctype enctype2)
{
@@ -270,9 +302,9 @@ krb5_boolean kerberos_compatible_enctypes(krb5_context context,
krb5_boolean similar = 0;
krb5_c_enctype_compare(context, enctype1, enctype2, &similar);
- return similar;
+ return similar ? True : False;
#elif defined(HAVE_KRB5_ENCTYPES_COMPATIBLE_KEYS)
- return krb5_enctypes_compatible_keys(context, enctype1, enctype2);
+ return krb5_enctypes_compatible_keys(context, enctype1, enctype2) ? True : False;
#endif
}
@@ -447,10 +479,7 @@ int cli_krb5_get_ticket(const char *principal, time_t time_offset,
*ticket = data_blob(packet.data, packet.length);
-/* Hmm, heimdal dooesn't have this - what's the correct call? */
-#ifdef HAVE_KRB5_FREE_DATA_CONTENTS
- krb5_free_data_contents(context, &packet);
-#endif
+ kerberos_free_data_contents(context, &packet);
failed: