diff options
Diffstat (limited to 'source3/libads')
-rw-r--r-- | source3/libads/kerberos_keytab.c | 21 | ||||
-rw-r--r-- | source3/libads/kerberos_verify.c | 8 |
2 files changed, 20 insertions, 9 deletions
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index cb0841f2e2..f312d8b8ef 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -48,6 +48,9 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) char *principal = NULL; char *princ_s = NULL; char *password_s = NULL; +#ifndef MAX_KEYTAB_NAME_LEN +#define MAX_KEYTAB_NAME_LEN 1100 +#endif char keytab_name[MAX_KEYTAB_NAME_LEN]; /* This MAX_NAME_LEN is a constant defined in krb5.h */ fstring my_fqdn; int i; @@ -163,7 +166,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) error_message(ret))); goto out; } - ret = krb5_free_keytab_entry_contents(context, &kt_entry); + ret = smb_krb5_kt_free_entry(context, &kt_entry); ZERO_STRUCT(kt_entry); if (ret) { DEBUG(1,("ads_keytab_add_entry: krb5_kt_remove_entry failed (%s)\n", @@ -174,10 +177,10 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) } /* Not a match, just free this entry and continue. */ - ret = krb5_free_keytab_entry_contents(context, &kt_entry); + ret = smb_krb5_kt_free_entry(context, &kt_entry); ZERO_STRUCT(kt_entry); if (ret) { - DEBUG(1,("ads_keytab_add_entry: krb5_free_keytab_entry_contents failed (%s)\n", error_message(ret))); + DEBUG(1,("ads_keytab_add_entry: smb_krb5_kt_free_entry failed (%s)\n", error_message(ret))); goto out; } } @@ -253,7 +256,7 @@ out: krb5_keytab_entry zero_kt_entry; ZERO_STRUCT(zero_kt_entry); if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) { - krb5_free_keytab_entry_contents(context, &kt_entry); + smb_krb5_kt_free_entry(context, &kt_entry); } } if (princ) { @@ -343,7 +346,7 @@ int ads_keytab_flush(ADS_STRUCT *ads) DEBUG(1,("ads_keytab_flush: krb5_kt_start_seq failed (%s)\n",error_message(ret))); goto out; } - ret = krb5_free_keytab_entry_contents(context, &kt_entry); + ret = smb_krb5_kt_free_entry(context, &kt_entry); ZERO_STRUCT(kt_entry); if (ret) { DEBUG(1,("ads_keytab_flush: krb5_kt_remove_entry failed (%s)\n",error_message(ret))); @@ -367,7 +370,7 @@ out: krb5_keytab_entry zero_kt_entry; ZERO_STRUCT(zero_kt_entry); if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) { - krb5_free_keytab_entry_contents(context, &kt_entry); + smb_krb5_kt_free_entry(context, &kt_entry); } } if (cursor && keytab) { @@ -434,7 +437,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) ret = krb5_kt_start_seq_get(context, keytab, &cursor); if (ret != KRB5_KT_END && ret != ENOENT ) { while ((ret = krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) == 0) { - krb5_free_keytab_entry_contents(context, &kt_entry); + smb_krb5_kt_free_entry(context, &kt_entry); ZERO_STRUCT(kt_entry); found++; } @@ -496,7 +499,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) krb5_free_unparsed_name(context, ktprinc); } } - krb5_free_keytab_entry_contents(context, &kt_entry); + smb_krb5_kt_free_entry(context, &kt_entry); ZERO_STRUCT(kt_entry); } for (i = 0; oldEntries[i]; i++) { @@ -515,7 +518,7 @@ done: krb5_keytab_entry zero_kt_entry; ZERO_STRUCT(zero_kt_entry); if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) { - krb5_free_keytab_entry_contents(context, &kt_entry); + smb_krb5_kt_free_entry(context, &kt_entry); } } if (cursor && keytab) { diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index 2665f40c49..8a18976b3a 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -64,7 +64,11 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut } /* Look for a CIFS ticket */ if (!StrnCaseCmp(princ_name, "cifs/", 5)) { +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK + krb5_auth_con_setuseruserkey(context, auth_context, &kt_entry.keyblock); +#else krb5_auth_con_setuseruserkey(context, auth_context, &kt_entry.key); +#endif p_packet->length = ticket->length; p_packet->data = (krb5_pointer)ticket->data; @@ -73,7 +77,11 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut krb5_free_unparsed_name(context, princ_name); princ_name = NULL; DEBUG(10,("ads_keytab_verify_ticket: enc type [%u] decrypted message !\n", +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK + (unsigned int) kt_entry.keyblock.keytype)); +#else (unsigned int) kt_entry.key.enctype)); +#endif auth_ok = True; break; } |