summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-06-08 19:06:16 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-06-12 07:45:48 +1000
commit9b261c008a395a323e0516f4cd3f3134aa050577 (patch)
tree91cf543ba7ccd560313bea52fa8678f0456e8485 /source4/auth
parent5cef57ff7d899773a084d23838b7f18a83f6e79d (diff)
downloadsamba-9b261c008a395a323e0516f4cd3f3134aa050577.tar.gz
samba-9b261c008a395a323e0516f4cd3f3134aa050577.tar.bz2
samba-9b261c008a395a323e0516f4cd3f3134aa050577.zip
s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba)
Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/credentials/credentials_krb5.c3
-rw-r--r--source4/auth/gensec/gensec_gssapi.c3
-rw-r--r--source4/auth/kerberos/clikrb5.c6
-rw-r--r--source4/auth/kerberos/config.m42
-rw-r--r--source4/auth/kerberos/kerberos.c26
-rw-r--r--source4/auth/kerberos/kerberos_pac.c2
6 files changed, 27 insertions, 15 deletions
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index bc3d05f529..efcca3e269 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -71,7 +71,6 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
krb5_principal princ;
krb5_error_code ret;
char *name;
- char **realm;
if (cred->ccache_obtained > obtained) {
return 0;
@@ -98,8 +97,6 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
return ret;
}
- realm = krb5_princ_realm(ccache->smb_krb5_context->krb5_context, princ);
-
cli_credentials_set_principal(cred, name, obtained);
free(name);
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index aae04dffe2..7129db72b8 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -170,6 +170,9 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
gensec_gssapi_state->want_flags = 0;
+ if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation_by_kdc_policy", true)) {
+ gensec_gssapi_state->want_flags |= GSS_C_DELEG_POLICY_FLAG;
+ }
if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "mutual", true)) {
gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG;
}
diff --git a/source4/auth/kerberos/clikrb5.c b/source4/auth/kerberos/clikrb5.c
index 68e7eb90cc..3314cbc591 100644
--- a/source4/auth/kerberos/clikrb5.c
+++ b/source4/auth/kerberos/clikrb5.c
@@ -94,11 +94,11 @@
{
char *ret;
-#if defined(HAVE_KRB5_GET_ERROR_STRING) && defined(HAVE_KRB5_FREE_ERROR_STRING)
- char *context_error = krb5_get_error_string(context);
+#if defined(HAVE_KRB5_GET_ERROR_MESSAGE) && defined(HAVE_KRB5_FREE_ERROR_MESSAGE)
+ const char *context_error = krb5_get_error_message(context, code);
if (context_error) {
ret = talloc_asprintf(mem_ctx, "%s: %s", error_message(code), context_error);
- krb5_free_error_string(context, context_error);
+ krb5_free_error_message(context, context_error);
return ret;
}
#endif
diff --git a/source4/auth/kerberos/config.m4 b/source4/auth/kerberos/config.m4
index bf14ca0ee4..a8d55a1287 100644
--- a/source4/auth/kerberos/config.m4
+++ b/source4/auth/kerberos/config.m4
@@ -258,6 +258,8 @@ if test x"$with_krb5_support" != x"no"; then
AC_CHECK_FUNC_EXT(krb5_enctypes_compatible_keys, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_error_string, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_free_error_string, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_get_error_message, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_free_error_message, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_initlog, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_addlog_func, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_set_warn_dest, $KRB5_LIBS)
diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c
index 1889dcab4d..a0b21c891a 100644
--- a/source4/auth/kerberos/kerberos.c
+++ b/source4/auth/kerberos/kerberos.c
@@ -40,23 +40,27 @@
{
krb5_error_code code = 0;
krb5_creds my_creds;
- krb5_get_init_creds_opt options;
+ krb5_get_init_creds_opt *options;
- krb5_get_init_creds_opt_init(&options);
+ if ((code = krb5_get_init_creds_opt_alloc(ctx, &options))) {
+ return code;
+ }
- krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, &options);
+ krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, options);
if ((code = krb5_get_init_creds_keyblock(ctx, &my_creds, principal, keyblock,
- 0, NULL, &options))) {
+ 0, NULL, options))) {
return code;
}
if ((code = krb5_cc_initialize(ctx, cc, principal))) {
+ krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return code;
}
if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
+ krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return code;
}
@@ -69,6 +73,7 @@
*kdc_time = (time_t) my_creds.times.starttime;
}
+ krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return 0;
@@ -84,24 +89,28 @@
{
krb5_error_code code = 0;
krb5_creds my_creds;
- krb5_get_init_creds_opt options;
+ krb5_get_init_creds_opt *options;
- krb5_get_init_creds_opt_init(&options);
+ if ((code = krb5_get_init_creds_opt_alloc(ctx, &options))) {
+ return code;
+ }
- krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, &options);
+ krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, options);
if ((code = krb5_get_init_creds_password(ctx, &my_creds, principal, password,
NULL,
- NULL, 0, NULL, &options))) {
+ NULL, 0, NULL, options))) {
return code;
}
if ((code = krb5_cc_initialize(ctx, cc, principal))) {
+ krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return code;
}
if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
+ krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return code;
}
@@ -114,6 +123,7 @@
*kdc_time = (time_t) my_creds.times.starttime;
}
+ krb5_get_init_creds_opt_free(ctx, options);
krb5_free_cred_contents(ctx, &my_creds);
return 0;
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 7a36c9ddea..7a6d008562 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -96,7 +96,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
krb5_principal client_principal_pac;
int i;
- krb5_clear_error_string(context);
+ krb5_clear_error_message(context);
if (k5ret) {
*k5ret = KRB5_PARSE_MALFORMED;