summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/external/krb5.m418
-rw-r--r--src/providers/krb5/krb5_child.c11
-rw-r--r--src/providers/ldap/ldap_child.c3
-rw-r--r--src/util/sss_krb5.c13
-rw-r--r--src/util/sss_krb5.h3
5 files changed, 35 insertions, 13 deletions
diff --git a/src/external/krb5.m4 b/src/external/krb5.m4
index a29056d3..54c5883e 100644
--- a/src/external/krb5.m4
+++ b/src/external/krb5.m4
@@ -69,6 +69,24 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \
krb5_cc_get_full_name \
krb5_free_string \
krb5_xfree])
+
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H
+ #include <krb5/krb5.h>
+ #else
+ #include <krb5.h>
+ #endif
+ ]],
+ [[ krb5_get_init_creds_opt_set_canonicalize(NULL, 0); ]])],
+ [AC_DEFINE([KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS], [2], [number of arguments])])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H
+ #include <krb5/krb5.h>
+ #else
+ #include <krb5.h>
+ #endif
+ ]],
+ [[ krb5_get_init_creds_opt_set_canonicalize(NULL, NULL, 0); ]])],
+ [AC_DEFINE([KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS], [3], [number of arguments])])
+
CFLAGS=$SAVE_CFLAGS
LIBS=$SAVE_LIBS
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 2593cab0..fe0e1d6c 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -77,7 +77,7 @@ static krb5_error_code get_changepw_options(krb5_context ctx,
return kerr;
}
- sss_krb5_get_init_creds_opt_set_canonicalize(options, 0);
+ sss_krb5_get_init_creds_opt_set_canonicalize(ctx, options, 0);
krb5_get_init_creds_opt_set_forwardable(options, 0);
krb5_get_init_creds_opt_set_proxiable(options, 0);
krb5_get_init_creds_opt_set_renew_life(options, 0);
@@ -844,7 +844,8 @@ done:
}
-static void krb5_set_canonicalize(krb5_get_init_creds_opt *opts)
+static void krb5_set_canonicalize(krb5_context ctx,
+ krb5_get_init_creds_opt *opts)
{
int canonicalize = 0;
char *tmp_str;
@@ -855,7 +856,7 @@ static void krb5_set_canonicalize(krb5_get_init_creds_opt *opts)
}
DEBUG(SSSDBG_CONF_SETTINGS, ("%s is set to [%s]\n",
SSSD_KRB5_CANONICALIZE, tmp_str ? tmp_str : "not set"));
- sss_krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize);
+ sss_krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize);
}
static krb5_error_code get_and_save_tgt_with_keytab(krb5_context ctx,
@@ -873,7 +874,7 @@ static krb5_error_code get_and_save_tgt_with_keytab(krb5_context ctx,
krb5_get_init_creds_opt_set_address_list(&options, NULL);
krb5_get_init_creds_opt_set_forwardable(&options, 0);
krb5_get_init_creds_opt_set_proxiable(&options, 0);
- krb5_set_canonicalize(&options);
+ krb5_set_canonicalize(ctx, &options);
kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL,
&options);
@@ -1901,7 +1902,7 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline)
}
if (!offline) {
- krb5_set_canonicalize(kr->options);
+ krb5_set_canonicalize(kr->ctx, kr->options);
use_fast_str = getenv(SSSD_KRB5_USE_FAST);
if (use_fast_str == NULL || strcasecmp(use_fast_str, "never") == 0) {
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c
index d6435b93..16f724bc 100644
--- a/src/providers/ldap/ldap_child.c
+++ b/src/providers/ldap/ldap_child.c
@@ -310,7 +310,8 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
DEBUG(SSSDBG_CONF_SETTINGS, ("Will canonicalize principals\n"));
canonicalize = 1;
}
- sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize);
+ sss_krb5_get_init_creds_opt_set_canonicalize(context,
+ &options, canonicalize);
krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc,
keytab, 0, NULL, &options);
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 5f3177a9..a954d10a 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -811,15 +811,16 @@ cleanup:
#endif /* HAVE_KRB5_UNPARSE_NAME_FLAGS */
}
-void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts,
+void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_context ctx,
+ krb5_get_init_creds_opt *opts,
int canonicalize)
{
- /* FIXME: The extra check for HAVE_KRB5_TICKET_TIMES is a workaround due to Heimdal
- * defining krb5_get_init_creds_opt_set_canonicalize() with a different set of
- * arguments. We should use a better configure check in the future.
- */
-#if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && defined(HAVE_KRB5_TICKET_TIMES)
+#if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && \
+ KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 2
krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize);
+#elif defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && \
+ KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 3
+ (void) krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize);
#else
DEBUG(SSSDBG_OP_FAILURE, ("Kerberos principal canonicalization is not available!\n"));
#endif
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
index 2481dc12..c7b9a69f 100644
--- a/src/util/sss_krb5.h
+++ b/src/util/sss_krb5.h
@@ -138,7 +138,8 @@ krb5_error_code
sss_krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal,
int flags, char **name);
-void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts,
+void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_context ctx,
+ krb5_get_init_creds_opt *opts,
int canonicalize);
enum sss_krb5_cc_type {