diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-06-08 19:06:16 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-06-12 07:45:48 +1000 |
commit | 9b261c008a395a323e0516f4cd3f3134aa050577 (patch) | |
tree | 91cf543ba7ccd560313bea52fa8678f0456e8485 /source4/auth | |
parent | 5cef57ff7d899773a084d23838b7f18a83f6e79d (diff) | |
download | samba-9b261c008a395a323e0516f4cd3f3134aa050577.tar.gz samba-9b261c008a395a323e0516f4cd3f3134aa050577.tar.bz2 samba-9b261c008a395a323e0516f4cd3f3134aa050577.zip |
s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba)
Also including the supporting changes required to pass make test
A number of heimdal functions and constants have changed since we last
imported a tree (for the better, but inconvenient for us).
Andrew Bartlett
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/credentials/credentials_krb5.c | 3 | ||||
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 3 | ||||
-rw-r--r-- | source4/auth/kerberos/clikrb5.c | 6 | ||||
-rw-r--r-- | source4/auth/kerberos/config.m4 | 2 | ||||
-rw-r--r-- | source4/auth/kerberos/kerberos.c | 26 | ||||
-rw-r--r-- | source4/auth/kerberos/kerberos_pac.c | 2 |
6 files changed, 27 insertions, 15 deletions
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index bc3d05f529..efcca3e269 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -71,7 +71,6 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, krb5_principal princ; krb5_error_code ret; char *name; - char **realm; if (cred->ccache_obtained > obtained) { return 0; @@ -98,8 +97,6 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, return ret; } - realm = krb5_princ_realm(ccache->smb_krb5_context->krb5_context, princ); - cli_credentials_set_principal(cred, name, obtained); free(name); diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index aae04dffe2..7129db72b8 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -170,6 +170,9 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS; gensec_gssapi_state->want_flags = 0; + if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation_by_kdc_policy", true)) { + gensec_gssapi_state->want_flags |= GSS_C_DELEG_POLICY_FLAG; + } if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "mutual", true)) { gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG; } diff --git a/source4/auth/kerberos/clikrb5.c b/source4/auth/kerberos/clikrb5.c index 68e7eb90cc..3314cbc591 100644 --- a/source4/auth/kerberos/clikrb5.c +++ b/source4/auth/kerberos/clikrb5.c @@ -94,11 +94,11 @@ { char *ret; -#if defined(HAVE_KRB5_GET_ERROR_STRING) && defined(HAVE_KRB5_FREE_ERROR_STRING) - char *context_error = krb5_get_error_string(context); +#if defined(HAVE_KRB5_GET_ERROR_MESSAGE) && defined(HAVE_KRB5_FREE_ERROR_MESSAGE) + const char *context_error = krb5_get_error_message(context, code); if (context_error) { ret = talloc_asprintf(mem_ctx, "%s: %s", error_message(code), context_error); - krb5_free_error_string(context, context_error); + krb5_free_error_message(context, context_error); return ret; } #endif diff --git a/source4/auth/kerberos/config.m4 b/source4/auth/kerberos/config.m4 index bf14ca0ee4..a8d55a1287 100644 --- a/source4/auth/kerberos/config.m4 +++ b/source4/auth/kerberos/config.m4 @@ -258,6 +258,8 @@ if test x"$with_krb5_support" != x"no"; then AC_CHECK_FUNC_EXT(krb5_enctypes_compatible_keys, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_error_string, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_free_error_string, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(krb5_get_error_message, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(krb5_free_error_message, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_initlog, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_addlog_func, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_set_warn_dest, $KRB5_LIBS) diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c index 1889dcab4d..a0b21c891a 100644 --- a/source4/auth/kerberos/kerberos.c +++ b/source4/auth/kerberos/kerberos.c @@ -40,23 +40,27 @@ { krb5_error_code code = 0; krb5_creds my_creds; - krb5_get_init_creds_opt options; + krb5_get_init_creds_opt *options; - krb5_get_init_creds_opt_init(&options); + if ((code = krb5_get_init_creds_opt_alloc(ctx, &options))) { + return code; + } - krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, &options); + krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, options); if ((code = krb5_get_init_creds_keyblock(ctx, &my_creds, principal, keyblock, - 0, NULL, &options))) { + 0, NULL, options))) { return code; } if ((code = krb5_cc_initialize(ctx, cc, principal))) { + krb5_get_init_creds_opt_free(ctx, options); krb5_free_cred_contents(ctx, &my_creds); return code; } if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) { + krb5_get_init_creds_opt_free(ctx, options); krb5_free_cred_contents(ctx, &my_creds); return code; } @@ -69,6 +73,7 @@ *kdc_time = (time_t) my_creds.times.starttime; } + krb5_get_init_creds_opt_free(ctx, options); krb5_free_cred_contents(ctx, &my_creds); return 0; @@ -84,24 +89,28 @@ { krb5_error_code code = 0; krb5_creds my_creds; - krb5_get_init_creds_opt options; + krb5_get_init_creds_opt *options; - krb5_get_init_creds_opt_init(&options); + if ((code = krb5_get_init_creds_opt_alloc(ctx, &options))) { + return code; + } - krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, &options); + krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, options); if ((code = krb5_get_init_creds_password(ctx, &my_creds, principal, password, NULL, - NULL, 0, NULL, &options))) { + NULL, 0, NULL, options))) { return code; } if ((code = krb5_cc_initialize(ctx, cc, principal))) { + krb5_get_init_creds_opt_free(ctx, options); krb5_free_cred_contents(ctx, &my_creds); return code; } if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) { + krb5_get_init_creds_opt_free(ctx, options); krb5_free_cred_contents(ctx, &my_creds); return code; } @@ -114,6 +123,7 @@ *kdc_time = (time_t) my_creds.times.starttime; } + krb5_get_init_creds_opt_free(ctx, options); krb5_free_cred_contents(ctx, &my_creds); return 0; diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c index 7a36c9ddea..7a6d008562 100644 --- a/source4/auth/kerberos/kerberos_pac.c +++ b/source4/auth/kerberos/kerberos_pac.c @@ -96,7 +96,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, krb5_principal client_principal_pac; int i; - krb5_clear_error_string(context); + krb5_clear_error_message(context); if (k5ret) { *k5ret = KRB5_PARSE_MALFORMED; |