diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 4 | ||||
-rw-r--r-- | source4/auth/kerberos/kerberos_util.c | 6 | ||||
-rw-r--r-- | source4/auth/kerberos/krb5_init_context.c | 5 | ||||
-rw-r--r-- | source4/auth/kerberos/krb5_init_context.h | 8 | ||||
-rwxr-xr-x | source4/auth/kerberos/wscript_build | 9 |
5 files changed, 29 insertions, 3 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 7de15c8673..efd8443760 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -434,8 +434,10 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security, return nt_status; } +#ifdef SAMBA4_USES_HEIMDAL send_to_kdc.func = smb_krb5_send_and_recv_func; send_to_kdc.ptr = ev; +#endif min_stat = gsskrb5_set_send_to_kdc(&send_to_kdc); if (min_stat) { @@ -460,8 +462,10 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security, gensec_gssapi_state->gss_oid = gss_oid_p; } +#ifdef SAMBA4_USES_HEIMDAL send_to_kdc.func = smb_krb5_send_and_recv_func; send_to_kdc.ptr = NULL; +#endif ret = gsskrb5_set_send_to_kdc(&send_to_kdc); if (ret) { diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index d30ac24c34..9933ca84c7 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -224,11 +224,13 @@ static krb5_error_code impersonate_principal_from_credentials( while (tries--) { struct tevent_context *previous_ev; /* Do this every time, in case we have weird recursive issues here */ +#ifdef SAMBA4_USES_HEIMDAL ret = smb_krb5_context_set_event_ctx(smb_krb5_context, event_ctx, &previous_ev); if (ret) { talloc_free(mem_ctx); return ret; } +#endif if (password) { ret = kerberos_kinit_password_cc(smb_krb5_context->krb5_context, ccache, princ, password, @@ -251,7 +253,9 @@ static krb5_error_code impersonate_principal_from_credentials( talloc_free(mem_ctx); (*error_string) = "kinit_to_ccache: No password available for kinit\n"; krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options); +#ifdef SAMBA4_USES_HEIMDAL smb_krb5_context_remove_event_ctx(smb_krb5_context, previous_ev, event_ctx); +#endif return EINVAL; } ret = krb5_keyblock_init(smb_krb5_context->krb5_context, @@ -268,7 +272,9 @@ static krb5_error_code impersonate_principal_from_credentials( } } +#ifdef SAMBA4_USES_HEIMDAL smb_krb5_context_remove_event_ctx(smb_krb5_context, previous_ev, event_ctx); +#endif if (ret == KRB5KRB_AP_ERR_SKEW || ret == KRB5_KDCREP_SKEW) { /* Perhaps we have been given an invalid skew, so try again without it */ diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index e3c0876f1a..4125f39548 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -86,6 +86,7 @@ static void smb_krb5_debug_wrapper(krb5_context context, } #endif +#ifdef SAMBA4_USES_HEIMDAL /* handle recv events on a smb_krb5 socket */ @@ -214,7 +215,6 @@ static void smb_krb5_socket_handler(struct tevent_context *ev, struct tevent_fd } } - krb5_error_code smb_krb5_send_and_recv_func(krb5_context context, void *data, krb5_krbhst_info *hi, @@ -412,6 +412,7 @@ krb5_error_code smb_krb5_send_and_recv_func(krb5_context context, } return KRB5_KDC_UNREACH; } +#endif krb5_error_code smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx, @@ -558,6 +559,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, return 0; } +#ifdef SAMBA4_USES_HEIMDAL krb5_error_code smb_krb5_context_set_event_ctx(struct smb_krb5_context *smb_krb5_context, struct tevent_context *ev, struct tevent_context **previous_ev) @@ -611,3 +613,4 @@ krb5_error_code smb_krb5_context_remove_event_ctx(struct smb_krb5_context *smb_k } return 0; } +#endif diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h index 24ae374cd7..b955ae508d 100644 --- a/source4/auth/kerberos/krb5_init_context.h +++ b/source4/auth/kerberos/krb5_init_context.h @@ -38,11 +38,19 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, struct tevent_context *e struct loadparm_context *lp_ctx, struct smb_krb5_context **smb_krb5_context); +#ifdef SAMBA4_USES_HEIMDAL krb5_error_code smb_krb5_send_and_recv_func(krb5_context context, void *data, krb5_krbhst_info *hi, time_t timeout, const krb5_data *send_buf, krb5_data *recv_buf); +krb5_error_code smb_krb5_context_set_event_ctx(struct smb_krb5_context *smb_krb5_context, + struct tevent_context *ev, + struct tevent_context **previous_ev); +krb5_error_code smb_krb5_context_remove_event_ctx(struct smb_krb5_context *smb_krb5_context, + struct tevent_context *previous_ev, + struct tevent_context *ev); +#endif #endif /* _KRB5_INIT_CONTEXT_H_ */ diff --git a/source4/auth/kerberos/wscript_build b/source4/auth/kerberos/wscript_build index 619626fe19..be41d1b7b3 100755 --- a/source4/auth/kerberos/wscript_build +++ b/source4/auth/kerberos/wscript_build @@ -1,10 +1,15 @@ #!/usr/bin/env python +bld.SAMBA_SUBSYSTEM('KRB_INIT_CTX', + source='krb5_init_context.c', + deps='krb5 com_err' + ) + bld.SAMBA_LIBRARY('authkrb5', - source='kerberos.c kerberos_heimdal.c kerberos_pac.c krb5_init_context.c keytab_copy.c', + source='kerberos.c kerberos_heimdal.c kerberos_pac.c keytab_copy.c', autoproto='proto.h', public_deps='krb5 ndr-krb5pac samba_socket LIBCLI_RESOLVE com_err asn1', - deps='auth_sam_reply tevent LIBPACKET ndr ldb KRB5_WRAP errors', + deps='auth_sam_reply tevent LIBPACKET ndr ldb KRB5_WRAP KRB_INIT_CTX errors', private_library=True ) |