From 6b2e742d6c719258c8ff1c2309847e88bdae97e7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 5 Jan 2012 10:51:29 +1100
Subject: krb5: Require krb5_c_verify_checksum is available to build with krb5

---
 libcli/auth/krb5_wrap.c | 83 ++++++++++++-------------------------------------
 1 file changed, 20 insertions(+), 63 deletions(-)

(limited to 'libcli/auth')

diff --git a/libcli/auth/krb5_wrap.c b/libcli/auth/krb5_wrap.c
index e7e071d484..8bd17670bb 100644
--- a/libcli/auth/krb5_wrap.c
+++ b/libcli/auth/krb5_wrap.c
@@ -241,71 +241,28 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
 {
 	krb5_error_code ret;
 
-	/* verify the checksum */
-
-	/* welcome to the wonderful world of samba's kerberos abstraction layer:
-	 * 
-	 * function			heimdal 0.6.1rc3	heimdal 0.7	MIT krb 1.4.2
-	 * -----------------------------------------------------------------------------
-	 * krb5_c_verify_checksum	-			works		works
-	 * krb5_verify_checksum		works (6 args)		works (6 args)	broken (7 args) 
-	 */
-
-#if defined(HAVE_KRB5_C_VERIFY_CHECKSUM)
-	{
-		krb5_boolean checksum_valid = false;
-		krb5_data input;
-
-		input.data = (char *)data;
-		input.length = length;
-
-		ret = krb5_c_verify_checksum(context, 
-					     keyblock, 
-					     usage,
-					     &input, 
-					     cksum,
-					     &checksum_valid);
-		if (ret) {
-			DEBUG(3,("smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: %s\n", 
-				error_message(ret)));
-			return ret;
-		}
-
-		if (!checksum_valid)
-			ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	}
-
-#elif KRB5_VERIFY_CHECKSUM_ARGS == 6 && defined(HAVE_KRB5_CRYPTO_INIT) && defined(HAVE_KRB5_CRYPTO) && defined(HAVE_KRB5_CRYPTO_DESTROY)
-
-	/* Warning: MIT's krb5_verify_checksum cannot be used as it will use a key
-	 * without enctype and it ignores any key_usage types - Guenther */
-
-	{
+	/* verify the checksum, heimdal 0.7 and MIT krb 1.4.2 and above */
 
-		krb5_crypto crypto;
-		ret = krb5_crypto_init(context,
-				       keyblock,
-				       0,
-				       &crypto);
-		if (ret) {
-			DEBUG(0,("smb_krb5_verify_checksum: krb5_crypto_init() failed: %s\n", 
-				error_message(ret)));
-			return ret;
-		}
-
-		ret = krb5_verify_checksum(context,
-					   crypto,
-					   usage,
-					   data,
-					   length,
-					   cksum);
-
-		krb5_crypto_destroy(context, crypto);
+	krb5_boolean checksum_valid = false;
+	krb5_data input;
+	
+	input.data = (char *)data;
+	input.length = length;
+	
+	ret = krb5_c_verify_checksum(context, 
+				     keyblock, 
+				     usage,
+				     &input, 
+				     cksum,
+				     &checksum_valid);
+	if (ret) {
+		DEBUG(3,("smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: %s\n", 
+			 error_message(ret)));
+		return ret;
 	}
-
-#else
-#error UNKNOWN_KRB5_VERIFY_CHECKSUM_FUNCTION
-#endif
+	
+	if (!checksum_valid)
+		ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
 
 	return ret;
 }
-- 
cgit