From 2b76b28932d9d1ed714e79579414f630966342e7 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 24 Jun 2004 05:56:44 +0000
Subject: r1236: Heimdal fixes from Guenther Deschner <gd@sernet.de>, more to
 come before it compiles with Heimdal. Jeremy. (This used to be commit
 dd07278b892770ac51750b87a4ab902d4de3a960)

---
 source3/configure.in             |  2 ++
 source3/libads/kerberos_keytab.c | 21 ++++++++++++---------
 source3/libads/kerberos_verify.c |  8 ++++++++
 source3/libsmb/clikrb5.c         | 11 +++++++++++
 source3/script/mkproto.awk       |  2 +-
 5 files changed, 34 insertions(+), 10 deletions(-)

diff --git a/source3/configure.in b/source3/configure.in
index b77016c0e3..9bc69926ad 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -2737,6 +2737,8 @@ if test x"$with_ads_support" != x"no"; then
   AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(krb5_principal_get_comp_string, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(krb5_free_unparsed_name, $KRB5_LIBS)
+  AC_CHECK_FUNC_EXT(krb5_free_keytab_entry_contents, $KRB5_LIBS)
+  AC_CHECK_FUNC_EXT(krb5_kt_free_entry, $KRB5_LIBS)
 
   LIBS="$LIBS $KRB5_LIBS"
   
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index cb0841f2e2..f312d8b8ef 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -48,6 +48,9 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
 	char *principal = NULL;
 	char *princ_s = NULL;
 	char *password_s = NULL;
+#ifndef MAX_KEYTAB_NAME_LEN
+#define MAX_KEYTAB_NAME_LEN 1100
+#endif
 	char keytab_name[MAX_KEYTAB_NAME_LEN];          /* This MAX_NAME_LEN is a constant defined in krb5.h */
 	fstring my_fqdn;
 	int i;
@@ -163,7 +166,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
 						error_message(ret)));
 					goto out;
 				}
-				ret = krb5_free_keytab_entry_contents(context, &kt_entry);
+				ret = smb_krb5_kt_free_entry(context, &kt_entry);
 				ZERO_STRUCT(kt_entry);
 				if (ret) {
 					DEBUG(1,("ads_keytab_add_entry: krb5_kt_remove_entry failed (%s)\n",
@@ -174,10 +177,10 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
 			}
 
 			/* Not a match, just free this entry and continue. */
-			ret = krb5_free_keytab_entry_contents(context, &kt_entry);
+			ret = smb_krb5_kt_free_entry(context, &kt_entry);
 			ZERO_STRUCT(kt_entry);
 			if (ret) {
-				DEBUG(1,("ads_keytab_add_entry: krb5_free_keytab_entry_contents failed (%s)\n", error_message(ret)));
+				DEBUG(1,("ads_keytab_add_entry: smb_krb5_kt_free_entry failed (%s)\n", error_message(ret)));
 				goto out;
 			}
 		}
@@ -253,7 +256,7 @@ out:
 		krb5_keytab_entry zero_kt_entry;
 		ZERO_STRUCT(zero_kt_entry);
 		if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
-			krb5_free_keytab_entry_contents(context, &kt_entry);
+			smb_krb5_kt_free_entry(context, &kt_entry);
 		}
 	}
 	if (princ) {
@@ -343,7 +346,7 @@ int ads_keytab_flush(ADS_STRUCT *ads)
 				DEBUG(1,("ads_keytab_flush: krb5_kt_start_seq failed (%s)\n",error_message(ret)));
 				goto out;
 			}
-			ret = krb5_free_keytab_entry_contents(context, &kt_entry);
+			ret = smb_krb5_kt_free_entry(context, &kt_entry);
 			ZERO_STRUCT(kt_entry);
 			if (ret) {
 				DEBUG(1,("ads_keytab_flush: krb5_kt_remove_entry failed (%s)\n",error_message(ret)));
@@ -367,7 +370,7 @@ out:
 		krb5_keytab_entry zero_kt_entry;
 		ZERO_STRUCT(zero_kt_entry);
 		if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
-			krb5_free_keytab_entry_contents(context, &kt_entry);
+			smb_krb5_kt_free_entry(context, &kt_entry);
 		}
 	}
 	if (cursor && keytab) {
@@ -434,7 +437,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 	ret = krb5_kt_start_seq_get(context, keytab, &cursor);
 	if (ret != KRB5_KT_END && ret != ENOENT ) {
 		while ((ret = krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) == 0) {
-			krb5_free_keytab_entry_contents(context, &kt_entry);
+			smb_krb5_kt_free_entry(context, &kt_entry);
 			ZERO_STRUCT(kt_entry);
 			found++;
 		}
@@ -496,7 +499,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 					krb5_free_unparsed_name(context, ktprinc);
 				}
 			}
-			krb5_free_keytab_entry_contents(context, &kt_entry);
+			smb_krb5_kt_free_entry(context, &kt_entry);
 			ZERO_STRUCT(kt_entry);
 		}
 		for (i = 0; oldEntries[i]; i++) {
@@ -515,7 +518,7 @@ done:
 		krb5_keytab_entry zero_kt_entry;
 		ZERO_STRUCT(zero_kt_entry);
 		if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
-			krb5_free_keytab_entry_contents(context, &kt_entry);
+			smb_krb5_kt_free_entry(context, &kt_entry);
 		}
 	}
 	if (cursor && keytab) {
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 2665f40c49..8a18976b3a 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -64,7 +64,11 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut
 		}
 		/* Look for a CIFS ticket */
 		if (!StrnCaseCmp(princ_name, "cifs/", 5)) {
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK
+			krb5_auth_con_setuseruserkey(context, auth_context, &kt_entry.keyblock);
+#else
 			krb5_auth_con_setuseruserkey(context, auth_context, &kt_entry.key);
+#endif
 
 			p_packet->length = ticket->length;
 			p_packet->data = (krb5_pointer)ticket->data;
@@ -73,7 +77,11 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut
 				krb5_free_unparsed_name(context, princ_name);
 				princ_name = NULL;
 				DEBUG(10,("ads_keytab_verify_ticket: enc type [%u] decrypted message !\n",
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK
+					(unsigned int) kt_entry.keyblock.keytype));
+#else
 					(unsigned int) kt_entry.key.enctype));
+#endif
 				auth_ok = True;
 				break;
 			}
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index ab9bc28fe5..e7db33a1e8 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -473,6 +473,17 @@ failed:
 }
 #endif
 
+krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry)
+{
+#if defined(HAVE_KRB5_KT_FREE_ENTRY)
+	return krb5_kt_free_entry(context, kt_entry);
+#elif defined(HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS)
+	return krb5_free_keytab_entry_contents(context, kt_entry);
+#else
+#error UNKNOWN_KT_FREE_FUNCTION
+#endif
+}
+
 #else /* HAVE_KRB5 */
  /* this saves a few linking headaches */
 int cli_krb5_get_ticket(const char *principal, time_t time_offset, 
diff --git a/source3/script/mkproto.awk b/source3/script/mkproto.awk
index fbe1bddf35..03151d656a 100644
--- a/source3/script/mkproto.awk
+++ b/source3/script/mkproto.awk
@@ -132,7 +132,7 @@ END {
     gotstart = 1;
   }
 
-  if( $0 ~ /^WINBINDD_PW|^WINBINDD_GR|^NT_PRINTER_INFO_LEVEL_2|^LOGIN_CACHE/ ) {
+  if( $0 ~ /^WINBINDD_PW|^WINBINDD_GR|^NT_PRINTER_INFO_LEVEL_2|^LOGIN_CACHE|^krb5_error_code/ ) {
     gotstart = 1;
   }
 
-- 
cgit