From 7716bef4a7515344a7f552011ba458aaf4582e44 Mon Sep 17 00:00:00 2001 From: sbose Date: Wed, 9 Sep 2009 12:26:07 +0200 Subject: added support for older MIT kerberos versions - make the build of the locator plugin optional - added a man page for the locator plugin - use krb5.h if krb5/krb5.h cannot be found - added alternatives for missing functions - set -DDBUS_API_SUBJECT_TO_CHANGE if libdbus version is lesser than 1.0.0 --- server/providers/krb5/krb5_auth.c | 3 +-- server/providers/krb5/krb5_auth.h | 10 +++++++--- server/providers/krb5/krb5_child.c | 31 +++++++++++++++++++++++++++++-- 3 files changed, 37 insertions(+), 7 deletions(-) (limited to 'server/providers/krb5') diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c index 03e79032..631f7086 100644 --- a/server/providers/krb5/krb5_auth.c +++ b/server/providers/krb5/krb5_auth.c @@ -22,10 +22,9 @@ along with this program. If not, see . */ - #include #include -#include + #include #include #include diff --git a/server/providers/krb5/krb5_auth.h b/server/providers/krb5/krb5_auth.h index 4e65d9fc..9a7807e8 100644 --- a/server/providers/krb5/krb5_auth.h +++ b/server/providers/krb5/krb5_auth.h @@ -26,8 +26,15 @@ #ifndef __KRB5_AUTH_H__ #define __KRB5_AUTH_H__ +#include "config.h" + #include + +#ifdef HAVE_KRB5_KRB5_H #include +#else +#include +#endif #define MAX_CHILD_MSG_SIZE 255 #define CCACHE_ENV_NAME "KRB5CCNAME" @@ -79,9 +86,6 @@ struct krb5_ctx { action_type action; - int num_pa_opts; - krb5_gic_opt_pa_data *pa_opts; - char *kdcip; char *realm; bool try_simple_upn; diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c index 3673c745..4f3a62c6 100644 --- a/server/providers/krb5/krb5_child.c +++ b/server/providers/krb5/krb5_child.c @@ -22,7 +22,6 @@ along with this program. If not, see . */ -#include #include #include #include @@ -53,6 +52,7 @@ struct krb5_req { char *ccname; }; +#ifdef HAVE_KRB5_GET_ERROR_MESSAGE static krb5_context krb5_error_ctx; static const char *__krb5_error_msg; #define KRB5_DEBUG(level, krb5_error) do { \ @@ -60,6 +60,11 @@ static const char *__krb5_error_msg; DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \ krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \ } while(0); +#else +#define KRB5_DEBUG(level, krb5_error) do { \ + DEBUG(level, ("%d: kerberos error [%d]\n", __LINE__, krb5_error)); \ +} while(0); +#endif struct response { size_t max_size; @@ -138,6 +143,7 @@ static struct response *prepare_response_message(struct krb5_req *kr, ret = pack_response_packet(resp, PAM_SUCCESS, PAM_ENV_ITEM, msg); talloc_zfree(msg); } else { +#ifdef HAVE_KRB5_GET_ERROR_MESSAGE krb5_msg = krb5_get_error_message(krb5_error_ctx, kerr); if (krb5_msg == NULL) { DEBUG(1, ("krb5_get_error_message failed.\n")); @@ -146,6 +152,11 @@ static struct response *prepare_response_message(struct krb5_req *kr, ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, krb5_msg); krb5_free_error_message(krb5_error_ctx, krb5_msg); +#else + msg = talloc_asprintf(kr, "Kerberos error [%d]", kerr); + ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, msg); + talloc_zfree(msg); +#endif } if (ret != EOK) { @@ -441,8 +452,14 @@ static int krb5_cleanup(void *ptr) struct krb5_req *kr = talloc_get_type(ptr, struct krb5_req); if (kr == NULL) return EOK; - if (kr->options != NULL) + if (kr->options != NULL) { +#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC krb5_get_init_creds_opt_free(kr->ctx, kr->options); +#else + free(kr->options); +#endif + } + if (kr->creds != NULL) { krb5_free_cred_contents(kr->ctx, kr->creds); krb5_free_creds(kr->ctx, kr->creds); @@ -539,11 +556,21 @@ static int krb5_setup(struct pam_data *pd, const char *user_princ_str, goto failed; } +#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC kerr = krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options); if (kerr != 0) { KRB5_DEBUG(1, kerr); goto failed; } +#else + kr->options = calloc(1, sizeof(krb5_get_init_creds_opt)); + if (kr->options == NULL) { + DEBUG(1, ("calloc failed.\n")); + kerr = ENOMEM; + goto failed; + } + krb5_get_init_creds_opt_init(&kr->options); +#endif /* TODO: set options, e.g. * krb5_get_init_creds_opt_set_tkt_life -- cgit