From 04f8c229de7ffad5f4ec1a0bb68c2c8b4ccf4e15 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 27 Nov 2009 15:52:57 +0100 Subject: s3-kerberos: only use krb5 headers where required. This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther --- source3/include/ads.h | 71 +++++------------- source3/include/includes.h | 170 +----------------------------------------- source3/include/krb5_protos.h | 148 ++++++++++++++++++++++++++++++++++++ source3/include/smb_krb5.h | 72 ++++++++++++++++++ 4 files changed, 239 insertions(+), 222 deletions(-) create mode 100644 source3/include/krb5_protos.h create mode 100644 source3/include/smb_krb5.h (limited to 'source3/include') diff --git a/source3/include/ads.h b/source3/include/ads.h index 30f0b1fc0c..d0bae80845 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -8,6 +8,24 @@ #include "../libds/common/flags.h" +/* + * This should be under the HAVE_KRB5 flag but since they're used + * in lp_kerberos_method(), they ned to be always available + */ +#define KERBEROS_VERIFY_SECRETS 0 +#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1 +#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2 +#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3 + +/* + * If you add any entries to the above, please modify the below expressions + * so they remain accurate. + */ +#define USE_KERBEROS_KEYTAB (KERBEROS_VERIFY_SECRETS != lp_kerberos_method()) +#define USE_SYSTEM_KEYTAB \ + ((KERBEROS_VERIFY_SECRETS_AND_KEYTAB == lp_kerberos_method()) || \ + (KERBEROS_VERIFY_SYSTEM_KEYTAB == lp_kerberos_method())) + #define TOK_ID_KRB_AP_REQ ((const uint8_t *)"\x01\x00") #define TOK_ID_KRB_AP_REP ((const uint8_t *)"\x02\x00") #define TOK_ID_KRB_ERROR ((const uint8_t *)"\x03\x00") @@ -226,62 +244,9 @@ typedef void **ADS_MODLIST; /* Kerberos environment variable names */ #define KRB5_ENV_CCNAME "KRB5CCNAME" -/* Heimdal uses a slightly different name */ -#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5) -#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5 -#endif - -/* The older versions of heimdal that don't have this - define don't seem to use it anyway. I'm told they - always use a subkey */ -#ifndef HAVE_AP_OPTS_USE_SUBKEY -#define AP_OPTS_USE_SUBKEY 0 -#endif - #define WELL_KNOWN_GUID_COMPUTERS "AA312825768811D1ADED00C04FD8D5CD" #define WELL_KNOWN_GUID_USERS "A9D1CA15768811D1ADED00C04FD8D5CD" -#ifndef KRB5_ADDR_NETBIOS -#define KRB5_ADDR_NETBIOS 0x14 -#endif - -#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG -#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L) -#endif - -#ifdef HAVE_KRB5 -typedef struct { -#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */ - krb5_address **addrs; -#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */ - krb5_addresses *addrs; -#else -#error UNKNOWN_KRB5_ADDRESS_TYPE -#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */ -} smb_krb5_addresses; - -#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ -#define KRB5_KEY_TYPE(k) ((k)->keytype) -#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) -#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) -#define KRB5_KEY_DATA_CAST void -#else /* MIT */ -#define KRB5_KEY_TYPE(k) ((k)->enctype) -#define KRB5_KEY_LENGTH(k) ((k)->length) -#define KRB5_KEY_DATA(k) ((k)->contents) -#define KRB5_KEY_DATA_CAST krb5_octet -#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */ - -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ -#define KRB5_KT_KEY(k) (&(k)->key) -#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ -#define KRB5_KT_KEY(k) (&(k)->keyblock) -#else -#error krb5_keytab_entry has no key or keyblock member -#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */ - -#endif /* HAVE_KRB5 */ - enum ads_extended_dn_flags { ADS_EXTENDED_DN_HEX_STRING = 0, ADS_EXTENDED_DN_STRING = 1 /* not supported on win2k */ diff --git a/source3/include/includes.h b/source3/include/includes.h index 438b346445..37cb611a91 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -20,11 +20,6 @@ along with this program. If not, see . */ -/* work around broken krb5.h on sles9 */ -#ifdef SIZEOF_LONG -#undef SIZEOF_LONG -#endif - #include "../replace/replace.h" /* make sure we have included the correct config.h */ @@ -146,9 +141,7 @@ #endif #endif /* HAVE_NETGROUP */ -#if HAVE_KRB5_H -#include -#else +#ifndef HAVE_KRB5_H #undef HAVE_KRB5 #endif @@ -929,167 +922,6 @@ char *talloc_asprintf_strupper_m(TALLOC_CTX *t, const char *fmt, ...) PRINTF_ATT #define XATTR_REPLACE 0x2 /* set value, fail if attr does not exist */ #endif -/* - * This should be under the HAVE_KRB5 flag but since they're used - * in lp_kerberos_method(), they ned to be always available - */ -#define KERBEROS_VERIFY_SECRETS 0 -#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1 -#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2 -#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3 - -/* - * If you add any entries to the above, please modify the below expressions - * so they remain accurate. - */ -#define USE_KERBEROS_KEYTAB (KERBEROS_VERIFY_SECRETS != lp_kerberos_method()) -#define USE_SYSTEM_KEYTAB \ - ((KERBEROS_VERIFY_SECRETS_AND_KEYTAB == lp_kerberos_method()) || \ - (KERBEROS_VERIFY_SYSTEM_KEYTAB == lp_kerberos_method())) - -#if defined(HAVE_KRB5) -krb5_error_code smb_krb5_parse_name(krb5_context context, - const char *name, /* in unix charset */ - krb5_principal *principal); - -krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, - krb5_context context, - krb5_const_principal principal, - char **unix_name); - -#ifndef HAVE_KRB5_SET_REAL_TIME -krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds); -#endif - -krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc); - -#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) -krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock); -#endif - -#ifndef HAVE_KRB5_FREE_UNPARSED_NAME -void krb5_free_unparsed_name(krb5_context ctx, char *val); -#endif - -/* Stub out initialize_krb5_error_table since it is not present in all - * Kerberos implementations. If it's not present, it's not necessary to - * call it. - */ -#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE -#define initialize_krb5_error_table() -#endif - -/* Samba wrapper function for krb5 functionality. */ -bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr); -int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt); -bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt); -krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt); -krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); -#if defined(HAVE_KRB5_LOCATE_KDC) -krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); -#endif -krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes); -bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote); -krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry); -krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype); -void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype); -bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2); -void kerberos_free_data_contents(krb5_context context, krb5_data *pdata); -NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx, - DATA_BLOB *pac_data_blob, - krb5_context context, - krb5_keyblock *service_keyblock, - krb5_const_principal client_principal, - time_t tgs_authtime, - struct PAC_DATA **pac_data_out); -void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum, - struct PAC_SIGNATURE_DATA *sig); -krb5_error_code smb_krb5_verify_checksum(krb5_context context, - const krb5_keyblock *keyblock, - krb5_keyusage usage, - krb5_checksum *cksum, - uint8 *data, - size_t length); -time_t get_authtime_from_tkt(krb5_ticket *tkt); -void smb_krb5_free_ap_req(krb5_context context, - krb5_ap_req *ap_req); -krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context, - const krb5_data *inbuf, - krb5_kvno *kvno, - krb5_enctype *enctype); -krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context, - krb5_auth_context *auth_context, - const krb5_data *inbuf, - krb5_const_principal server, - krb5_keytab keytab, - krb5_flags *ap_req_options, - krb5_ticket **ticket, - krb5_keyblock **keyblock); -krb5_error_code smb_krb5_parse_name_norealm(krb5_context context, - const char *name, - krb5_principal *principal); -bool smb_krb5_principal_compare_any_realm(krb5_context context, - krb5_const_principal princ1, - krb5_const_principal princ2); -int cli_krb5_get_ticket(const char *principal, time_t time_offset, - DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, - uint32 extra_ap_opts, const char *ccname, - time_t *tgs_expire, - const char *impersonate_princ_s); -krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time); -krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code); -krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr); -krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr); -NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error); -krb5_error_code nt_status_to_krb5(NTSTATUS nt_status); -void smb_krb5_free_error(krb5_context context, krb5_error *krberror); -krb5_error_code handle_krberror_packet(krb5_context context, - krb5_data *packet); - -void smb_krb5_get_init_creds_opt_free(krb5_context context, - krb5_get_init_creds_opt *opt); -krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context, - krb5_get_init_creds_opt **opt); -krb5_error_code smb_krb5_mk_error(krb5_context context, - krb5_error_code error_code, - const krb5_principal server, - krb5_data *reply); -krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry); -krb5_error_code smb_krb5_enctype_to_string(krb5_context context, - krb5_enctype enctype, - char **etype_s); -krb5_error_code smb_krb5_open_keytab(krb5_context context, - const char *keytab_name, - bool write_access, - krb5_keytab *keytab); -krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx, - krb5_context context, - krb5_keytab keytab, - const char **keytab_name); -int smb_krb5_kt_add_entry_ext(krb5_context context, - krb5_keytab keytab, - krb5_kvno kvno, - const char *princ_s, - krb5_enctype *enctypes, - krb5_data password, - bool no_salt, - bool keep_old_entries); -krb5_error_code smb_krb5_get_credentials(krb5_context context, - krb5_ccache ccache, - krb5_principal me, - krb5_principal server, - krb5_principal impersonate_princ, - krb5_creds **out_creds); -krb5_error_code smb_krb5_get_creds(const char *server_s, - time_t time_offset, - const char *cc, - const char *impersonate_princ_s, - krb5_creds **creds_p); -char *smb_krb5_principal_get_realm(krb5_context context, - krb5_principal principal); -#endif /* HAVE_KRB5 */ - - #ifdef HAVE_LDAP /* function declarations not included in proto.h */ diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h new file mode 100644 index 0000000000..4f8521b167 --- /dev/null +++ b/source3/include/krb5_protos.h @@ -0,0 +1,148 @@ +/* work around broken krb5.h on sles9 */ +#ifdef SIZEOF_LONG +#undef SIZEOF_LONG +#endif + + +#if defined(HAVE_KRB5) +krb5_error_code smb_krb5_parse_name(krb5_context context, + const char *name, /* in unix charset */ + krb5_principal *principal); + +krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, + krb5_context context, + krb5_const_principal principal, + char **unix_name); + +#ifndef HAVE_KRB5_SET_REAL_TIME +krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds); +#endif + +krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc); + +#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) +krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock); +#endif + +#ifndef HAVE_KRB5_FREE_UNPARSED_NAME +void krb5_free_unparsed_name(krb5_context ctx, char *val); +#endif + +/* Stub out initialize_krb5_error_table since it is not present in all + * Kerberos implementations. If it's not present, it's not necessary to + * call it. + */ +#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE +#define initialize_krb5_error_table() +#endif + +/* Samba wrapper function for krb5 functionality. */ +bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr); +int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt); +bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt); +krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt); +krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); +#if defined(HAVE_KRB5_LOCATE_KDC) +krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); +#endif +krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes); +bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote); +krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry); +krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype); +void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype); +bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2); +void kerberos_free_data_contents(krb5_context context, krb5_data *pdata); +NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx, + DATA_BLOB *pac_data_blob, + krb5_context context, + krb5_keyblock *service_keyblock, + krb5_const_principal client_principal, + time_t tgs_authtime, + struct PAC_DATA **pac_data_out); +void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum, + struct PAC_SIGNATURE_DATA *sig); +krb5_error_code smb_krb5_verify_checksum(krb5_context context, + const krb5_keyblock *keyblock, + krb5_keyusage usage, + krb5_checksum *cksum, + uint8 *data, + size_t length); +time_t get_authtime_from_tkt(krb5_ticket *tkt); +void smb_krb5_free_ap_req(krb5_context context, + krb5_ap_req *ap_req); +krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context, + const krb5_data *inbuf, + krb5_kvno *kvno, + krb5_enctype *enctype); +krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context, + krb5_auth_context *auth_context, + const krb5_data *inbuf, + krb5_const_principal server, + krb5_keytab keytab, + krb5_flags *ap_req_options, + krb5_ticket **ticket, + krb5_keyblock **keyblock); +krb5_error_code smb_krb5_parse_name_norealm(krb5_context context, + const char *name, + krb5_principal *principal); +bool smb_krb5_principal_compare_any_realm(krb5_context context, + krb5_const_principal princ1, + krb5_const_principal princ2); +int cli_krb5_get_ticket(const char *principal, time_t time_offset, + DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, + uint32 extra_ap_opts, const char *ccname, + time_t *tgs_expire, + const char *impersonate_princ_s); +krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time); +krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code); +krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr); +krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr); +NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error); +krb5_error_code nt_status_to_krb5(NTSTATUS nt_status); +void smb_krb5_free_error(krb5_context context, krb5_error *krberror); +krb5_error_code handle_krberror_packet(krb5_context context, + krb5_data *packet); + +void smb_krb5_get_init_creds_opt_free(krb5_context context, + krb5_get_init_creds_opt *opt); +krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context, + krb5_get_init_creds_opt **opt); +krb5_error_code smb_krb5_mk_error(krb5_context context, + krb5_error_code error_code, + const krb5_principal server, + krb5_data *reply); +krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry); +krb5_error_code smb_krb5_enctype_to_string(krb5_context context, + krb5_enctype enctype, + char **etype_s); +krb5_error_code smb_krb5_open_keytab(krb5_context context, + const char *keytab_name, + bool write_access, + krb5_keytab *keytab); +krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx, + krb5_context context, + krb5_keytab keytab, + const char **keytab_name); +int smb_krb5_kt_add_entry_ext(krb5_context context, + krb5_keytab keytab, + krb5_kvno kvno, + const char *princ_s, + krb5_enctype *enctypes, + krb5_data password, + bool no_salt, + bool keep_old_entries); +krb5_error_code smb_krb5_get_credentials(krb5_context context, + krb5_ccache ccache, + krb5_principal me, + krb5_principal server, + krb5_principal impersonate_princ, + krb5_creds **out_creds); +krb5_error_code smb_krb5_get_creds(const char *server_s, + time_t time_offset, + const char *cc, + const char *impersonate_princ_s, + krb5_creds **creds_p); +char *smb_krb5_principal_get_realm(krb5_context context, + krb5_principal principal); +#endif /* HAVE_KRB5 */ + diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h new file mode 100644 index 0000000000..3e5c86268a --- /dev/null +++ b/source3/include/smb_krb5.h @@ -0,0 +1,72 @@ +#ifndef _HEADER_smb_krb5_h +#define _HEADER_smb_krb5_h + +#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */ +/* this file uses DEPRECATED interfaces! */ + +#if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER) +#define KRB5_DEPRECATED 1 +#else +#define KRB5_DEPRECATED +#endif + +#if HAVE_KRB5_H +#include +#endif + +#ifndef KRB5_ADDR_NETBIOS +#define KRB5_ADDR_NETBIOS 0x14 +#endif + +#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG +#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L) +#endif + +/* Heimdal uses a slightly different name */ +#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5) +#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5 +#endif + +/* The older versions of heimdal that don't have this + define don't seem to use it anyway. I'm told they + always use a subkey */ +#ifndef HAVE_AP_OPTS_USE_SUBKEY +#define AP_OPTS_USE_SUBKEY 0 +#endif + +#ifdef HAVE_KRB5 +typedef struct { +#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */ + krb5_address **addrs; +#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */ + krb5_addresses *addrs; +#else +#error UNKNOWN_KRB5_ADDRESS_TYPE +#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */ +} smb_krb5_addresses; + +#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ +#define KRB5_KEY_TYPE(k) ((k)->keytype) +#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) +#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) +#define KRB5_KEY_DATA_CAST void +#else /* MIT */ +#define KRB5_KEY_TYPE(k) ((k)->enctype) +#define KRB5_KEY_LENGTH(k) ((k)->length) +#define KRB5_KEY_DATA(k) ((k)->contents) +#define KRB5_KEY_DATA_CAST krb5_octet +#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */ + +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ +#define KRB5_KT_KEY(k) (&(k)->key) +#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ +#define KRB5_KT_KEY(k) (&(k)->keyblock) +#else +#error krb5_keytab_entry has no key or keyblock member +#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */ + +#endif /* HAVE_KRB5 */ + +#include "krb5_protos.h" + +#endif /* _HEADER_smb_krb5_h */ -- cgit