From 04f8c229de7ffad5f4ec1a0bb68c2c8b4ccf4e15 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 27 Nov 2009 15:52:57 +0100 Subject: s3-kerberos: only use krb5 headers where required. This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther --- source3/include/includes.h | 170 +-------------------------------------------- 1 file changed, 1 insertion(+), 169 deletions(-) (limited to 'source3/include/includes.h') diff --git a/source3/include/includes.h b/source3/include/includes.h index 438b346445..37cb611a91 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -20,11 +20,6 @@ along with this program. If not, see . */ -/* work around broken krb5.h on sles9 */ -#ifdef SIZEOF_LONG -#undef SIZEOF_LONG -#endif - #include "../replace/replace.h" /* make sure we have included the correct config.h */ @@ -146,9 +141,7 @@ #endif #endif /* HAVE_NETGROUP */ -#if HAVE_KRB5_H -#include -#else +#ifndef HAVE_KRB5_H #undef HAVE_KRB5 #endif @@ -929,167 +922,6 @@ char *talloc_asprintf_strupper_m(TALLOC_CTX *t, const char *fmt, ...) PRINTF_ATT #define XATTR_REPLACE 0x2 /* set value, fail if attr does not exist */ #endif -/* - * This should be under the HAVE_KRB5 flag but since they're used - * in lp_kerberos_method(), they ned to be always available - */ -#define KERBEROS_VERIFY_SECRETS 0 -#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1 -#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2 -#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3 - -/* - * If you add any entries to the above, please modify the below expressions - * so they remain accurate. - */ -#define USE_KERBEROS_KEYTAB (KERBEROS_VERIFY_SECRETS != lp_kerberos_method()) -#define USE_SYSTEM_KEYTAB \ - ((KERBEROS_VERIFY_SECRETS_AND_KEYTAB == lp_kerberos_method()) || \ - (KERBEROS_VERIFY_SYSTEM_KEYTAB == lp_kerberos_method())) - -#if defined(HAVE_KRB5) -krb5_error_code smb_krb5_parse_name(krb5_context context, - const char *name, /* in unix charset */ - krb5_principal *principal); - -krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, - krb5_context context, - krb5_const_principal principal, - char **unix_name); - -#ifndef HAVE_KRB5_SET_REAL_TIME -krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds); -#endif - -krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc); - -#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) -krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock); -#endif - -#ifndef HAVE_KRB5_FREE_UNPARSED_NAME -void krb5_free_unparsed_name(krb5_context ctx, char *val); -#endif - -/* Stub out initialize_krb5_error_table since it is not present in all - * Kerberos implementations. If it's not present, it's not necessary to - * call it. - */ -#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE -#define initialize_krb5_error_table() -#endif - -/* Samba wrapper function for krb5 functionality. */ -bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr); -int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt); -bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt); -krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt); -krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); -#if defined(HAVE_KRB5_LOCATE_KDC) -krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); -#endif -krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes); -bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote); -krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry); -krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype); -void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype); -bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2); -void kerberos_free_data_contents(krb5_context context, krb5_data *pdata); -NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx, - DATA_BLOB *pac_data_blob, - krb5_context context, - krb5_keyblock *service_keyblock, - krb5_const_principal client_principal, - time_t tgs_authtime, - struct PAC_DATA **pac_data_out); -void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum, - struct PAC_SIGNATURE_DATA *sig); -krb5_error_code smb_krb5_verify_checksum(krb5_context context, - const krb5_keyblock *keyblock, - krb5_keyusage usage, - krb5_checksum *cksum, - uint8 *data, - size_t length); -time_t get_authtime_from_tkt(krb5_ticket *tkt); -void smb_krb5_free_ap_req(krb5_context context, - krb5_ap_req *ap_req); -krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context, - const krb5_data *inbuf, - krb5_kvno *kvno, - krb5_enctype *enctype); -krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context, - krb5_auth_context *auth_context, - const krb5_data *inbuf, - krb5_const_principal server, - krb5_keytab keytab, - krb5_flags *ap_req_options, - krb5_ticket **ticket, - krb5_keyblock **keyblock); -krb5_error_code smb_krb5_parse_name_norealm(krb5_context context, - const char *name, - krb5_principal *principal); -bool smb_krb5_principal_compare_any_realm(krb5_context context, - krb5_const_principal princ1, - krb5_const_principal princ2); -int cli_krb5_get_ticket(const char *principal, time_t time_offset, - DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, - uint32 extra_ap_opts, const char *ccname, - time_t *tgs_expire, - const char *impersonate_princ_s); -krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time); -krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code); -krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr); -krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr); -NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error); -krb5_error_code nt_status_to_krb5(NTSTATUS nt_status); -void smb_krb5_free_error(krb5_context context, krb5_error *krberror); -krb5_error_code handle_krberror_packet(krb5_context context, - krb5_data *packet); - -void smb_krb5_get_init_creds_opt_free(krb5_context context, - krb5_get_init_creds_opt *opt); -krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context, - krb5_get_init_creds_opt **opt); -krb5_error_code smb_krb5_mk_error(krb5_context context, - krb5_error_code error_code, - const krb5_principal server, - krb5_data *reply); -krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry); -krb5_error_code smb_krb5_enctype_to_string(krb5_context context, - krb5_enctype enctype, - char **etype_s); -krb5_error_code smb_krb5_open_keytab(krb5_context context, - const char *keytab_name, - bool write_access, - krb5_keytab *keytab); -krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx, - krb5_context context, - krb5_keytab keytab, - const char **keytab_name); -int smb_krb5_kt_add_entry_ext(krb5_context context, - krb5_keytab keytab, - krb5_kvno kvno, - const char *princ_s, - krb5_enctype *enctypes, - krb5_data password, - bool no_salt, - bool keep_old_entries); -krb5_error_code smb_krb5_get_credentials(krb5_context context, - krb5_ccache ccache, - krb5_principal me, - krb5_principal server, - krb5_principal impersonate_princ, - krb5_creds **out_creds); -krb5_error_code smb_krb5_get_creds(const char *server_s, - time_t time_offset, - const char *cc, - const char *impersonate_princ_s, - krb5_creds **creds_p); -char *smb_krb5_principal_get_realm(krb5_context context, - krb5_principal principal); -#endif /* HAVE_KRB5 */ - - #ifdef HAVE_LDAP /* function declarations not included in proto.h */ -- cgit