diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/libads/config.m4 | 3 | ||||
-rw-r--r-- | source4/libcli/auth/gensec_krb5.c | 6 | ||||
-rw-r--r-- | source4/libcli/auth/kerberos_verify.c | 5 |
3 files changed, 9 insertions, 5 deletions
diff --git a/source4/libads/config.m4 b/source4/libads/config.m4 index 545f6246cb..a98ac3189b 100644 --- a/source4/libads/config.m4 +++ b/source4/libads/config.m4 @@ -286,6 +286,9 @@ if test x"$with_ads_support" != x"no"; then AC_CHECK_FUNC_EXT(krb5_free_unparsed_name, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_free_keytab_entry_contents, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_kt_free_entry, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(krb5_verify_checksum, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(krb5_c_verify_checksum, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(krb5_ticket_get_authorization_data_type, $KRB5_LIBS) LIBS="$LIBS $KRB5_LIBS" diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c index 0effed2198..72def2d79e 100644 --- a/source4/libcli/auth/gensec_krb5.c +++ b/source4/libcli/auth/gensec_krb5.c @@ -47,6 +47,7 @@ struct gensec_krb5_state { krb5_keyblock krb5_keyblock; }; +#ifdef KRB5_DO_VERIFY_PAC static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data, struct PAC_SIGNATURE_DATA *sig, struct gensec_krb5_state *gensec_krb5_state, @@ -95,6 +96,7 @@ for (i=0; i < 40; i++) { return NT_STATUS_OK; } +#endif static NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx, struct PAC_LOGON_INFO *logon_info_out, @@ -168,7 +170,7 @@ static NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx, DEBUG(0,("PAC no kdc_key\n")); return NT_STATUS_FOOBAR; } - +#ifdef KRB5_DO_VERIFY_PAC /* clear the kdc_key */ /* memset((void *)kdc_sig_ptr , '\0', sizeof(*kdc_sig_ptr));*/ @@ -214,7 +216,7 @@ static NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx, if (!NT_STATUS_IS_OK(status)) { return status; } - +#endif DEBUG(0,("account_name: %s [%s]\n",logon_info->account_name.string, logon_info->full_name.string)); *logon_info_out = *logon_info; diff --git a/source4/libcli/auth/kerberos_verify.c b/source4/libcli/auth/kerberos_verify.c index d1f0433ccc..88bf391cfa 100644 --- a/source4/libcli/auth/kerberos_verify.c +++ b/source4/libcli/auth/kerberos_verify.c @@ -115,8 +115,7 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut copy_EncryptionKey(&kt_entry.keyblock, keyblock); #else keytype = (unsigned int) kt_entry.key.enctype; - /* I'not sure if that works --metze*/ - copy_EncryptionKey(&kt_entry.key, keyblock); + /* TODO: copy the keyblock on MIT krb5*/ #endif DEBUG(10,("ads_keytab_verify_ticket: enc type [%u] decrypted message !\n", keytype)); @@ -214,7 +213,7 @@ static BOOL ads_secrets_verify_ticket(krb5_context context, krb5_auth_context au break; } - free_EncryptionKey(keyblock); + krb5_free_keyblock(context, keyblock); DEBUG((ret != KRB5_BAD_ENCTYPE) ? 3 : 10, ("ads_secrets_verify_ticket: enc type [%u] failed to decrypt with error %s\n", |