4 files changed, 24 insertions, 23 deletions

diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c
index 06f0c186a3..2b4c5d4cb0 100644
--- a/source4/auth/kerberos/kerberos.c
+++ b/source4/auth/kerberos/kerberos.c
@@ -45,6 +45,8 @@
 
 	krb5_get_init_creds_opt_init(&options);
 
+	krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, &options);
+
 	if ((code = krb5_get_init_creds_keyblock(ctx, &my_creds, principal, keyblock,
 						 0, NULL, &options))) {
 		return code;
@@ -87,6 +89,8 @@
 
 	krb5_get_init_creds_opt_init(&options);
 
+	krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, &options);
+
 	if ((code = krb5_get_init_creds_password(ctx, &my_creds, principal, password, 
 						 NULL, 
 						 NULL, 0, NULL, &options))) {
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index dcfe16c896..8e1801f745 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -280,7 +280,8 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	ret = krb5_parse_name_norealm(context, logon_name->account_name, &client_principal_pac);
+	ret = krb5_parse_name_flags(context, logon_name->account_name, KRB5_PRINCIPAL_PARSE_NO_REALM, 
+				    &client_principal_pac);
 	if (ret) {
 		DEBUG(2, ("Could not parse name from incoming PAC: [%s]: %s\n", 
 			  logon_name->account_name, 
@@ -591,7 +592,8 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
 	u_LOGON_INFO->logon_info.info		= LOGON_INFO;
 	LOGON_INFO->info3 = *sam3;
 
-	ret = krb5_unparse_name_norealm(context, client_principal, &name);
+	ret = krb5_unparse_name_flags(context, client_principal, 
+				      KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name);
 	if (ret) {
 		return ret;
 	}
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index d895d7a336..a3ef895b16 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -23,6 +23,7 @@
 
 #include "includes.h"
 #include "system/kerberos.h"
+#include "heimdal/lib/krb5/krb5_locl.h"
 #include "auth/kerberos/kerberos.h"
 #include "lib/socket/socket.h"
 #include "system/network.h"
@@ -69,7 +70,7 @@ static void smb_krb5_debug_close(void *private) {
 
 static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private) 
 {
-	DEBUG(3, ("Kerberos: %s\n", msg));
+	DEBUG(2, ("Kerberos: %s\n", msg));
 }
 
 /*
@@ -224,11 +225,11 @@ static void smb_krb5_socket_handler(struct event_context *ev, struct fd_event *f
 }
 
 
-static krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
-						   void *data,
-						   krb5_krbhst_info *hi,
-						   const krb5_data *send_buf,
-						   krb5_data *recv_buf)
+krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
+					    void *data,
+					    krb5_krbhst_info *hi,
+					    const krb5_data *send_buf,
+					    krb5_data *recv_buf)
 {
 	krb5_error_code ret;
 	NTSTATUS status;
@@ -363,13 +364,6 @@ static krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
 	return KRB5_KDC_UNREACH;
 }
 
-/* NO internal data, so nothing to free */
-static void smb_krb5_send_and_recv_close_func(krb5_context context, void *data) 
-{
-	return;
-}
-
-
 krb5_error_code smb_krb5_init_context(void *parent_ctx, 
 				       struct smb_krb5_context **smb_krb5_context) 
 {
@@ -437,9 +431,9 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 
 	ev = event_context_find(*smb_krb5_context);
 	/* Set use of our socket lib */
-	ret = krb5_set_send_recv_func((*smb_krb5_context)->krb5_context, 
-				      smb_krb5_send_and_recv_func, 
-				      smb_krb5_send_and_recv_close_func, ev);
+	ret = krb5_set_send_to_kdc_func((*smb_krb5_context)->krb5_context, 
+					smb_krb5_send_and_recv_func, 
+					ev);
 	if (ret) {
 		DEBUG(1,("krb5_set_send_recv_func failed (%s)\n", 
 			 smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
@@ -454,12 +448,8 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 
 	/* Set options in kerberos */
 
-	(*smb_krb5_context)->krb5_context->fdns = FALSE;
+	krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context, FALSE);
 
 	return 0;
 }
 
- void smb_krb5_free_context(struct smb_krb5_context *smb_krb5_context) 
-{
-	talloc_free(smb_krb5_context);
-}
diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h
index f3ffc067fa..7aad97e2ca 100644
--- a/source4/auth/kerberos/krb5_init_context.h
+++ b/source4/auth/kerberos/krb5_init_context.h
@@ -27,3 +27,8 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 				      struct smb_krb5_context **smb_krb5_context); 
 void smb_krb5_free_context(struct smb_krb5_context *smb_krb5_context);
 
+krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
+					    void *data,
+					    krb5_krbhst_info *hi,
+					    const krb5_data *send_buf,
+					    krb5_data *recv_buf);