From 768591607fc89d3a14fa00c9c8f78e83f3f6b565 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Tue, 20 Dec 2011 16:13:59 -0500 Subject: Add compatibility layer for Heimdal Kerberos implementation --- src/providers/krb5/krb5_child.c | 10 ++++++---- src/providers/krb5/krb5_utils.c | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) (limited to 'src/providers/krb5') diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 297e3a76..c83179b4 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -530,7 +530,7 @@ static krb5_error_code validate_tgt(struct krb5_req *kr) break; } - kerr = krb5_free_keytab_entry_contents(kr->ctx, &entry); + kerr = sss_krb5_free_keytab_entry_contents(kr->ctx, &entry); if (kerr != 0) { DEBUG(1, ("Failed to free keytab entry.\n")); } @@ -578,7 +578,7 @@ done: if (krb5_kt_close(kr->ctx, keytab) != 0) { DEBUG(1, ("krb5_kt_close failed")); } - if (krb5_free_keytab_entry_contents(kr->ctx, &entry) != 0) { + if (sss_krb5_free_keytab_entry_contents(kr->ctx, &entry) != 0) { DEBUG(1, ("Failed to free keytab entry.\n")); } if (principal != NULL) { @@ -1194,7 +1194,7 @@ static int krb5_cleanup(void *ptr) static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname, krb5_principal server_principal, krb5_principal client_principal, - krb5_ticket_times *tgtt) + sss_krb5_ticket_times *tgtt) { krb5_error_code krberr; krb5_ccache ccache = NULL; @@ -1247,7 +1247,7 @@ static krb5_error_code check_fast_ccache(krb5_context ctx, const char *primary, krb5_error_code kerr; char *ccname; char *server_name; - krb5_ticket_times tgtt; + sss_krb5_ticket_times tgtt; krb5_keytab keytab = NULL; krb5_principal client_princ = NULL; krb5_principal server_princ = NULL; @@ -1420,6 +1420,7 @@ static int krb5_child_setup(struct krb5_req *kr, uint32_t offline) goto failed; } +#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT /* A prompter is used to catch messages about when a password will * expired. The library shall not use the prompter to ask for a new password * but shall return KRB5KDC_ERR_KEY_EXP. */ @@ -1428,6 +1429,7 @@ static int krb5_child_setup(struct krb5_req *kr, uint32_t offline) KRB5_DEBUG(1, kerr); goto failed; } +#endif lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME); if (lifetime_str == NULL) { diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index 2957598c..c97d58e7 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -431,6 +431,8 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, char *server_name; krb5_creds mcred; krb5_creds cred; + const char *realm_name; + int realm_length; kerr = krb5_init_context(&ctx); if (kerr != 0) { @@ -444,11 +446,11 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, goto done; } + sss_krb5_princ_realm(ctx, client_princ, &realm_name, &realm_length); + server_name = talloc_asprintf(NULL, "krbtgt/%.*s@%.*s", - krb5_princ_realm(ctx, client_princ)->length, - krb5_princ_realm(ctx, client_princ)->data, - krb5_princ_realm(ctx, client_princ)->length, - krb5_princ_realm(ctx, client_princ)->data); + realm_length, realm_name, + realm_length, realm_name); if (server_name == NULL) { kerr = KRB5_CC_NOMEM; DEBUG(1, ("talloc_asprintf failed.\n")); -- cgit