summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/kerberos/clikrb5.c109
-rw-r--r--source4/auth/kerberos/kerberos_util.c4
-rw-r--r--source4/auth/kerberos/wscript_build4
-rw-r--r--source4/heimdal_build/wscript_configure75
4 files changed, 79 insertions, 113 deletions
diff --git a/source4/auth/kerberos/clikrb5.c b/source4/auth/kerberos/clikrb5.c
deleted file mode 100644
index 3314cbc591..0000000000
--- a/source4/auth/kerberos/clikrb5.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- simple kerberos5 routines for active directory
- Copyright (C) Andrew Tridgell 2001
- Copyright (C) Luke Howard 2002-2003
- Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "system/network.h"
-#include "system/kerberos.h"
-#include "system/time.h"
-#include "auth/kerberos/kerberos.h"
-
-#ifdef HAVE_KRB5
-
-#if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_USE_ENCTYPE) && defined(HAVE_KRB5_STRING_TO_KEY) && defined(HAVE_KRB5_ENCRYPT_BLOCK)
- int create_kerberos_key_from_string(krb5_context context,
- krb5_principal host_princ,
- krb5_data *password,
- krb5_keyblock *key,
- krb5_enctype enctype)
-{
- int ret;
- krb5_data salt;
- krb5_encrypt_block eblock;
-
- ret = krb5_principal2salt(context, host_princ, &salt);
- if (ret) {
- DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
- return ret;
- }
- krb5_use_enctype(context, &eblock, enctype);
- ret = krb5_string_to_key(context, &eblock, key, password, &salt);
- SAFE_FREE(salt.data);
- return ret;
-}
-#elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
- int create_kerberos_key_from_string(krb5_context context,
- krb5_principal host_princ,
- krb5_data *password,
- krb5_keyblock *key,
- krb5_enctype enctype)
-{
- int ret;
- krb5_salt salt;
-
- ret = krb5_get_pw_salt(context, host_princ, &salt);
- if (ret) {
- DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
- return ret;
- }
- ret = krb5_string_to_key_salt(context, enctype, password->data,
- salt, key);
- krb5_free_salt(context, salt);
- return ret;
-}
-#else
-#error UNKNOWN_CREATE_KEY_FUNCTIONS
-#endif
-
- void kerberos_free_data_contents(krb5_context context, krb5_data *pdata)
-{
- if (pdata->data) {
- krb5_data_free(pdata);
- }
-}
-
- krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry)
-{
-#if defined(HAVE_KRB5_KT_FREE_ENTRY)
- return krb5_kt_free_entry(context, kt_entry);
-#elif defined(HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS)
- return krb5_free_keytab_entry_contents(context, kt_entry);
-#else
-#error UNKNOWN_KT_FREE_FUNCTION
-#endif
-}
-
- char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx)
-{
- char *ret;
-
-#if defined(HAVE_KRB5_GET_ERROR_MESSAGE) && defined(HAVE_KRB5_FREE_ERROR_MESSAGE)
- const char *context_error = krb5_get_error_message(context, code);
- if (context_error) {
- ret = talloc_asprintf(mem_ctx, "%s: %s", error_message(code), context_error);
- krb5_free_error_message(context, context_error);
- return ret;
- }
-#endif
- ret = talloc_strdup(mem_ctx, error_message(code));
- return ret;
-}
-
-#endif
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index c5079123ef..9ac226390a 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -542,8 +542,8 @@ static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx,
ZERO_STRUCT(entry);
- ret = create_kerberos_key_from_string(smb_krb5_context->krb5_context,
- salt_princ, &password, &entry.keyblock, enctypes[i]);
+ ret = create_kerberos_key_from_string_direct(smb_krb5_context->krb5_context,
+ salt_princ, &password, &entry.keyblock, enctypes[i]);
if (ret != 0) {
return ret;
}
diff --git a/source4/auth/kerberos/wscript_build b/source4/auth/kerberos/wscript_build
index 1b4804e7cc..586366d422 100644
--- a/source4/auth/kerberos/wscript_build
+++ b/source4/auth/kerberos/wscript_build
@@ -1,10 +1,10 @@
#!/usr/bin/env python
bld.SAMBA_LIBRARY('authkrb5',
- source='kerberos.c clikrb5.c kerberos_heimdal.c kerberos_pac.c gssapi_parse.c krb5_init_context.c keytab_copy.c',
+ source='kerberos.c kerberos_heimdal.c kerberos_pac.c gssapi_parse.c krb5_init_context.c keytab_copy.c',
autoproto='proto.h',
public_deps='krb5 ndr-krb5pac samba_socket LIBCLI_RESOLVE com_err asn1',
- deps='asn1util auth_sam_reply tevent LIBPACKET ndr ldb',
+ deps='asn1util auth_sam_reply tevent LIBPACKET ndr ldb KRB5_WRAP',
private_library=True
)
diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index 29def8bcaa..2e8896cdb5 100644
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -70,6 +70,81 @@ conf.CHECK_STRUCTURE_MEMBER('DIR', 'dd_fd', define='HAVE_DIR_DD_FD', headers='d
conf.DEFINE('SAMBA4_INTERNAL_HEIMDAL', 1)
+# setup the right defines for a in-tree heimdal build
+Logs.info("Using in-tree heimdal kerberos defines")
+conf.define('HAVE_GSSAPI_GSSAPI_H', 1)
+conf.define('HAVE_AP_OPTS_USE_SUBKEY', 1)
+conf.define('HAVE_KRB5_ADDRESSES', 1)
+conf.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1)
+conf.define('HAVE_KRB5_SET_REAL_TIME', 1)
+conf.define('HAVE_COM_ERR_H', 1)
+conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
+conf.define('HAVE_GSS_DISPLAY_STATUS', 1)
+conf.define('HAVE_LIBGSSAPI', 1)
+conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
+conf.define('HAVE_CHECKSUM_IN_KRB5_CHECKSUM', 1)
+conf.define('HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE', 0)
+conf.define('HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER', 0)
+conf.define('HAVE_E_DATA_POINTER_IN_KRB5_ERROR', 1)
+conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1)
+conf.define('HAVE_KRB5_ADDRESSES', 1)
+conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
+conf.define('HAVE_KRB5_CRYPTO', 1)
+conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1)
+conf.define('HAVE_KRB5_CRYPTO_INIT', 1)
+conf.define('HAVE_KRB5_C_ENCTYPE_COMPARE', 1)
+conf.define('HAVE_KRB5_C_VERIFY_CHECKSUM', 1)
+conf.define('HAVE_FREE_AP_REQ', 1)
+conf.define('HAVE_KRB5_DECODE_AP_REQ', 1)
+conf.define('HAVE_KRB5_ENCTYPES_COMPATIBLE_KEYS', 1)
+conf.define('HAVE_KRB5_ENCTYPE_TO_STRING', 1)
+conf.define('HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG', 1)
+conf.define('HAVE_KRB5_FREE_ERROR_CONTENTS', 1)
+conf.define('HAVE_KRB5_FREE_HOST_REALM', 1)
+conf.define('HAVE_KRB5_FWD_TGT_CREDS', 1)
+conf.define('HAVE_KRB5_GET_CREDS', 1)
+conf.define('HAVE_KRB5_GET_CREDS_OPT_ALLOC', 1)
+conf.define('HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE', 1)
+conf.define('HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES', 1)
+conf.define('HAVE_KRB5_GET_HOST_REALM', 1)
+conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC', 1)
+conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_FREE', 1)
+conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR', 1)
+conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST', 1)
+conf.define('HAVE_KRB5_GET_KDC_CRED', 1)
+conf.define('HAVE_KRB5_GET_PW_SALT', 1)
+conf.define('HAVE_KRB5_GET_RENEWED_CREDS', 1)
+conf.define('HAVE_KRB5_KEYBLOCK_KEYVALUE', 1)
+conf.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1)
+conf.define('HAVE_KRB5_KRBHST_GET_ADDRINFO', 1)
+conf.define('HAVE_KRB5_KRBHST_INIT', 1)
+conf.define('HAVE_KRB5_KT_COMPARE', 1)
+conf.define('HAVE_KRB5_KT_FREE_ENTRY', 1)
+conf.define('HAVE_KRB5_KU_OTHER_CKSUM', 1)
+conf.define('HAVE_KRB5_LOCATE_PLUGIN_H', 1)
+conf.define('HAVE_KRB5_MK_REQ_EXTENDED', 1)
+conf.define('HAVE_KRB5_PRINCIPAL_COMPARE_ANY_REALM', 1)
+conf.define('HAVE_KRB5_PRINCIPAL_GET_COMP_STRING', 1)
+conf.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1)
+conf.define('HAVE_KRB5_REALM_TYPE', 1)
+conf.define('HAVE_KRB5_SESSION_IN_CREDS', 1)
+conf.define('HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES', 1)
+conf.define('HAVE_KRB5_SET_REAL_TIME', 1)
+conf.define('HAVE_KRB5_STRING_TO_KEY', 1)
+conf.define('HAVE_KRB5_STRING_TO_KEY_SALT', 1)
+conf.define('HAVE_KRB5_VERIFY_CHECKSUM', 1)
+conf.define('HAVE_LIBKRB5', 1)
+conf.define('KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT', 1)
+conf.define('KRB5_VERIFY_CHECKSUM_ARGS', 6)
+conf.define('HAVE_ETYPE_IN_ENCRYPTEDDATA', 1)
+conf.define('KRB5_PRINC_REALM_RETURNS_REALM', 1)
+conf.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1)
+conf.define('HAVE_KRB5_H', 1)
+conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', 1)
+conf.define('HAVE_AP_OPTS_USE_SUBKEY', 1)
+conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', 1)
+conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC', 1)
+
if conf.CHECK_BUNDLED_SYSTEM('com_err', checkfunctions='com_right_r com_err', headers='com_err.h'):
conf.define('USING_SYSTEM_COM_ERR', 1)