summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/libads/config.m43
-rw-r--r--source4/libcli/auth/gensec_krb5.c6
-rw-r--r--source4/libcli/auth/kerberos_verify.c5
3 files changed, 9 insertions, 5 deletions
diff --git a/source4/libads/config.m4 b/source4/libads/config.m4
index 545f6246cb..a98ac3189b 100644
--- a/source4/libads/config.m4
+++ b/source4/libads/config.m4
@@ -286,6 +286,9 @@ if test x"$with_ads_support" != x"no"; then
AC_CHECK_FUNC_EXT(krb5_free_unparsed_name, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_free_keytab_entry_contents, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_kt_free_entry, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_verify_checksum, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_c_verify_checksum, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_ticket_get_authorization_data_type, $KRB5_LIBS)
LIBS="$LIBS $KRB5_LIBS"
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c
index 0effed2198..72def2d79e 100644
--- a/source4/libcli/auth/gensec_krb5.c
+++ b/source4/libcli/auth/gensec_krb5.c
@@ -47,6 +47,7 @@ struct gensec_krb5_state {
krb5_keyblock krb5_keyblock;
};
+#ifdef KRB5_DO_VERIFY_PAC
static NTSTATUS gensec_krb5_pac_checksum(DATA_BLOB pac_data,
struct PAC_SIGNATURE_DATA *sig,
struct gensec_krb5_state *gensec_krb5_state,
@@ -95,6 +96,7 @@ for (i=0; i < 40; i++) {
return NT_STATUS_OK;
}
+#endif
static NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx,
struct PAC_LOGON_INFO *logon_info_out,
@@ -168,7 +170,7 @@ static NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx,
DEBUG(0,("PAC no kdc_key\n"));
return NT_STATUS_FOOBAR;
}
-
+#ifdef KRB5_DO_VERIFY_PAC
/* clear the kdc_key */
/* memset((void *)kdc_sig_ptr , '\0', sizeof(*kdc_sig_ptr));*/
@@ -214,7 +216,7 @@ static NTSTATUS gensec_krb5_decode_pac(TALLOC_CTX *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
return status;
}
-
+#endif
DEBUG(0,("account_name: %s [%s]\n",logon_info->account_name.string, logon_info->full_name.string));
*logon_info_out = *logon_info;
diff --git a/source4/libcli/auth/kerberos_verify.c b/source4/libcli/auth/kerberos_verify.c
index d1f0433ccc..88bf391cfa 100644
--- a/source4/libcli/auth/kerberos_verify.c
+++ b/source4/libcli/auth/kerberos_verify.c
@@ -115,8 +115,7 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut
copy_EncryptionKey(&kt_entry.keyblock, keyblock);
#else
keytype = (unsigned int) kt_entry.key.enctype;
- /* I'not sure if that works --metze*/
- copy_EncryptionKey(&kt_entry.key, keyblock);
+ /* TODO: copy the keyblock on MIT krb5*/
#endif
DEBUG(10,("ads_keytab_verify_ticket: enc type [%u] decrypted message !\n",
keytype));
@@ -214,7 +213,7 @@ static BOOL ads_secrets_verify_ticket(krb5_context context, krb5_auth_context au
break;
}
- free_EncryptionKey(keyblock);
+ krb5_free_keyblock(context, keyblock);
DEBUG((ret != KRB5_BAD_ENCTYPE) ? 3 : 10,
("ads_secrets_verify_ticket: enc type [%u] failed to decrypt with error %s\n",