summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c4
-rw-r--r--source4/auth/kerberos/kerberos_util.c6
-rw-r--r--source4/auth/kerberos/krb5_init_context.c5
-rw-r--r--source4/auth/kerberos/krb5_init_context.h8
-rwxr-xr-xsource4/auth/kerberos/wscript_build9
5 files changed, 29 insertions, 3 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 7de15c8673..efd8443760 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -434,8 +434,10 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
return nt_status;
}
+#ifdef SAMBA4_USES_HEIMDAL
send_to_kdc.func = smb_krb5_send_and_recv_func;
send_to_kdc.ptr = ev;
+#endif
min_stat = gsskrb5_set_send_to_kdc(&send_to_kdc);
if (min_stat) {
@@ -460,8 +462,10 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
gensec_gssapi_state->gss_oid = gss_oid_p;
}
+#ifdef SAMBA4_USES_HEIMDAL
send_to_kdc.func = smb_krb5_send_and_recv_func;
send_to_kdc.ptr = NULL;
+#endif
ret = gsskrb5_set_send_to_kdc(&send_to_kdc);
if (ret) {
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index d30ac24c34..9933ca84c7 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -224,11 +224,13 @@ static krb5_error_code impersonate_principal_from_credentials(
while (tries--) {
struct tevent_context *previous_ev;
/* Do this every time, in case we have weird recursive issues here */
+#ifdef SAMBA4_USES_HEIMDAL
ret = smb_krb5_context_set_event_ctx(smb_krb5_context, event_ctx, &previous_ev);
if (ret) {
talloc_free(mem_ctx);
return ret;
}
+#endif
if (password) {
ret = kerberos_kinit_password_cc(smb_krb5_context->krb5_context, ccache,
princ, password,
@@ -251,7 +253,9 @@ static krb5_error_code impersonate_principal_from_credentials(
talloc_free(mem_ctx);
(*error_string) = "kinit_to_ccache: No password available for kinit\n";
krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
+#ifdef SAMBA4_USES_HEIMDAL
smb_krb5_context_remove_event_ctx(smb_krb5_context, previous_ev, event_ctx);
+#endif
return EINVAL;
}
ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
@@ -268,7 +272,9 @@ static krb5_error_code impersonate_principal_from_credentials(
}
}
+#ifdef SAMBA4_USES_HEIMDAL
smb_krb5_context_remove_event_ctx(smb_krb5_context, previous_ev, event_ctx);
+#endif
if (ret == KRB5KRB_AP_ERR_SKEW || ret == KRB5_KDCREP_SKEW) {
/* Perhaps we have been given an invalid skew, so try again without it */
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index e3c0876f1a..4125f39548 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -86,6 +86,7 @@ static void smb_krb5_debug_wrapper(krb5_context context,
}
#endif
+#ifdef SAMBA4_USES_HEIMDAL
/*
handle recv events on a smb_krb5 socket
*/
@@ -214,7 +215,6 @@ static void smb_krb5_socket_handler(struct tevent_context *ev, struct tevent_fd
}
}
-
krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
void *data,
krb5_krbhst_info *hi,
@@ -412,6 +412,7 @@ krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
}
return KRB5_KDC_UNREACH;
}
+#endif
krb5_error_code
smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx,
@@ -558,6 +559,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
return 0;
}
+#ifdef SAMBA4_USES_HEIMDAL
krb5_error_code smb_krb5_context_set_event_ctx(struct smb_krb5_context *smb_krb5_context,
struct tevent_context *ev,
struct tevent_context **previous_ev)
@@ -611,3 +613,4 @@ krb5_error_code smb_krb5_context_remove_event_ctx(struct smb_krb5_context *smb_k
}
return 0;
}
+#endif
diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h
index 24ae374cd7..b955ae508d 100644
--- a/source4/auth/kerberos/krb5_init_context.h
+++ b/source4/auth/kerberos/krb5_init_context.h
@@ -38,11 +38,19 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, struct tevent_context *e
struct loadparm_context *lp_ctx,
struct smb_krb5_context **smb_krb5_context);
+#ifdef SAMBA4_USES_HEIMDAL
krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
void *data,
krb5_krbhst_info *hi,
time_t timeout,
const krb5_data *send_buf,
krb5_data *recv_buf);
+krb5_error_code smb_krb5_context_set_event_ctx(struct smb_krb5_context *smb_krb5_context,
+ struct tevent_context *ev,
+ struct tevent_context **previous_ev);
+krb5_error_code smb_krb5_context_remove_event_ctx(struct smb_krb5_context *smb_krb5_context,
+ struct tevent_context *previous_ev,
+ struct tevent_context *ev);
+#endif
#endif /* _KRB5_INIT_CONTEXT_H_ */
diff --git a/source4/auth/kerberos/wscript_build b/source4/auth/kerberos/wscript_build
index 619626fe19..be41d1b7b3 100755
--- a/source4/auth/kerberos/wscript_build
+++ b/source4/auth/kerberos/wscript_build
@@ -1,10 +1,15 @@
#!/usr/bin/env python
+bld.SAMBA_SUBSYSTEM('KRB_INIT_CTX',
+ source='krb5_init_context.c',
+ deps='krb5 com_err'
+ )
+
bld.SAMBA_LIBRARY('authkrb5',
- source='kerberos.c kerberos_heimdal.c kerberos_pac.c krb5_init_context.c keytab_copy.c',
+ source='kerberos.c kerberos_heimdal.c kerberos_pac.c keytab_copy.c',
autoproto='proto.h',
public_deps='krb5 ndr-krb5pac samba_socket LIBCLI_RESOLVE com_err asn1',
- deps='auth_sam_reply tevent LIBPACKET ndr ldb KRB5_WRAP errors',
+ deps='auth_sam_reply tevent LIBPACKET ndr ldb KRB5_WRAP KRB_INIT_CTX errors',
private_library=True
)