diff options
| author | Jeremy Allison <jra@samba.org> | 2004-10-29 22:38:10 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:05 -0500 |
| commit | 0772ddbae1be394c538f1d3529ea84434eadcf97 (patch) | |
| tree | 8482824cfa5f0b9f157e61ac22afa045165113fd /source3/libsmb | |
| parent | b57feea6d312de778e232f478d768ac5f3552b3e (diff) | |
| download | samba-0772ddbae1be394c538f1d3529ea84434eadcf97.tar.gz samba-0772ddbae1be394c538f1d3529ea84434eadcf97.tar.bz2 samba-0772ddbae1be394c538f1d3529ea84434eadcf97.zip | |
r3377: Merge in first part of modified patch from Nalin Dahyabhai <nalin@redhat.com>
for bug #1717.The rest of the code needed to call this patch has not yet been
checked in (that's my next task). This has not yet been tested - I'll do this
once the rest of the patch is integrated.
Jeremy.
(This used to be commit 7565019286cf44f43c8066c005b1cd5c1556435f)
Diffstat (limited to 'source3/libsmb')
| -rw-r--r-- | source3/libsmb/cliconnect.c | 2 | ||||
| -rw-r--r-- | source3/libsmb/clikrb5.c | 47 |
2 files changed, 39 insertions, 10 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 4ff60c1b1c..60691287e6 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -757,7 +757,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, int ret; use_in_memory_ccache(); - ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL); + ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL, NULL); if (ret){ SAFE_FREE(principal); diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 5aa1668705..32a50464e0 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -81,7 +81,7 @@ #endif #if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_USE_ENCTYPE) && defined(HAVE_KRB5_STRING_TO_KEY) - int create_kerberos_key_from_string(krb5_context context, + int create_kerberos_key_from_string_direct(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, @@ -102,7 +102,7 @@ return ret; } #elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT) - int create_kerberos_key_from_string(krb5_context context, + int create_kerberos_key_from_string_direct(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, @@ -123,6 +123,27 @@ __ERROR_XX_UNKNOWN_CREATE_KEY_FUNCTIONS #endif +int create_kerberos_key_from_string(krb5_context context, + krb5_principal host_princ, + krb5_data *password, + krb5_keyblock *key, + krb5_enctype enctype) +{ + krb5_principal salt_princ = NULL; + int ret; + /* + * Check if we've determined that the KDC is salting keys for this + * principal/enctype in a non-obvious way. If it is, try to match + * its behavior. + */ + salt_princ = kerberos_fetch_salt_princ_for_host_princ(context, host_princ, enctype); + ret = create_kerberos_key_from_string_direct(context, salt_princ ? salt_princ : host_princ, password, key, enctype); + if (salt_princ) { + krb5_free_principal(context, salt_princ); + } + return ret; +} + #if defined(HAVE_KRB5_GET_PERMITTED_ENCTYPES) krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes) @@ -251,6 +272,17 @@ } #endif +void kerberos_free_data_contents(krb5_context context, krb5_data *pdata) +{ +#if !defined(HAVE_KRB5_FREE_DATA_CONTENTS) + if (pdata->data) { + krb5_free_data_contents(context, pdata); + } +#else + SAFE_FREE(pdata->data); +#endif +} + void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype) { #if defined(HAVE_KRB5_KEYBLOCK_IN_CREDS) @@ -262,7 +294,7 @@ void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype) #endif } -krb5_boolean kerberos_compatible_enctypes(krb5_context context, +BOOL kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2) { @@ -270,9 +302,9 @@ krb5_boolean kerberos_compatible_enctypes(krb5_context context, krb5_boolean similar = 0; krb5_c_enctype_compare(context, enctype1, enctype2, &similar); - return similar; + return similar ? True : False; #elif defined(HAVE_KRB5_ENCTYPES_COMPATIBLE_KEYS) - return krb5_enctypes_compatible_keys(context, enctype1, enctype2); + return krb5_enctypes_compatible_keys(context, enctype1, enctype2) ? True : False; #endif } @@ -447,10 +479,7 @@ int cli_krb5_get_ticket(const char *principal, time_t time_offset, *ticket = data_blob(packet.data, packet.length); -/* Hmm, heimdal dooesn't have this - what's the correct call? */ -#ifdef HAVE_KRB5_FREE_DATA_CONTENTS - krb5_free_data_contents(context, &packet); -#endif + kerberos_free_data_contents(context, &packet); failed: |