1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s3-kerberos: only use krb5 headers where required.

This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.

Guenther
This commit is contained in:
Günther Deschner 2009-11-27 15:52:57 +01:00
parent 23d77be6cb
commit 04f8c229de
21 changed files with 257 additions and 229 deletions

View File

@ -27,6 +27,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k
#include "includes.h"
#include "../libcli/auth/spnego.h"
#include "smb_krb5.h"
#include <keyutils.h>
#include <getopt.h>

View File

@ -3375,10 +3375,7 @@ if test x"$with_ads_support" != x"no"; then
samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=no)])
if test x"$samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER" = x"yes"; then
AC_DEFINE(KRB5_DEPRECATED, 1,
[Whether to use deprecated krb5 interfaces])
else
AC_DEFINE(KRB5_DEPRECATED,,
AC_DEFINE(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER, 1,
[Whether to use deprecated krb5 interfaces])
fi
fi

View File

@ -8,6 +8,24 @@
#include "../libds/common/flags.h"
/*
* This should be under the HAVE_KRB5 flag but since they're used
* in lp_kerberos_method(), they ned to be always available
*/
#define KERBEROS_VERIFY_SECRETS 0
#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1
#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2
#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3
/*
* If you add any entries to the above, please modify the below expressions
* so they remain accurate.
*/
#define USE_KERBEROS_KEYTAB (KERBEROS_VERIFY_SECRETS != lp_kerberos_method())
#define USE_SYSTEM_KEYTAB \
((KERBEROS_VERIFY_SECRETS_AND_KEYTAB == lp_kerberos_method()) || \
(KERBEROS_VERIFY_SYSTEM_KEYTAB == lp_kerberos_method()))
#define TOK_ID_KRB_AP_REQ ((const uint8_t *)"\x01\x00")
#define TOK_ID_KRB_AP_REP ((const uint8_t *)"\x02\x00")
#define TOK_ID_KRB_ERROR ((const uint8_t *)"\x03\x00")
@ -226,62 +244,9 @@ typedef void **ADS_MODLIST;
/* Kerberos environment variable names */
#define KRB5_ENV_CCNAME "KRB5CCNAME"
/* Heimdal uses a slightly different name */
#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5)
#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
#endif
/* The older versions of heimdal that don't have this
define don't seem to use it anyway. I'm told they
always use a subkey */
#ifndef HAVE_AP_OPTS_USE_SUBKEY
#define AP_OPTS_USE_SUBKEY 0
#endif
#define WELL_KNOWN_GUID_COMPUTERS "AA312825768811D1ADED00C04FD8D5CD"
#define WELL_KNOWN_GUID_USERS "A9D1CA15768811D1ADED00C04FD8D5CD"
#ifndef KRB5_ADDR_NETBIOS
#define KRB5_ADDR_NETBIOS 0x14
#endif
#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG
#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
#endif
#ifdef HAVE_KRB5
typedef struct {
#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
krb5_address **addrs;
#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */
krb5_addresses *addrs;
#else
#error UNKNOWN_KRB5_ADDRESS_TYPE
#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */
} smb_krb5_addresses;
#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
#define KRB5_KEY_TYPE(k) ((k)->keytype)
#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
#define KRB5_KEY_DATA_CAST void
#else /* MIT */
#define KRB5_KEY_TYPE(k) ((k)->enctype)
#define KRB5_KEY_LENGTH(k) ((k)->length)
#define KRB5_KEY_DATA(k) ((k)->contents)
#define KRB5_KEY_DATA_CAST krb5_octet
#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */
#define KRB5_KT_KEY(k) (&(k)->key)
#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */
#define KRB5_KT_KEY(k) (&(k)->keyblock)
#else
#error krb5_keytab_entry has no key or keyblock member
#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */
#endif /* HAVE_KRB5 */
enum ads_extended_dn_flags {
ADS_EXTENDED_DN_HEX_STRING = 0,
ADS_EXTENDED_DN_STRING = 1 /* not supported on win2k */

View File

@ -20,11 +20,6 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/* work around broken krb5.h on sles9 */
#ifdef SIZEOF_LONG
#undef SIZEOF_LONG
#endif
#include "../replace/replace.h"
/* make sure we have included the correct config.h */
@ -146,9 +141,7 @@
#endif
#endif /* HAVE_NETGROUP */
#if HAVE_KRB5_H
#include <krb5.h>
#else
#ifndef HAVE_KRB5_H
#undef HAVE_KRB5
#endif
@ -929,167 +922,6 @@ char *talloc_asprintf_strupper_m(TALLOC_CTX *t, const char *fmt, ...) PRINTF_ATT
#define XATTR_REPLACE 0x2 /* set value, fail if attr does not exist */
#endif
/*
* This should be under the HAVE_KRB5 flag but since they're used
* in lp_kerberos_method(), they ned to be always available
*/
#define KERBEROS_VERIFY_SECRETS 0
#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1
#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2
#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3
/*
* If you add any entries to the above, please modify the below expressions
* so they remain accurate.
*/
#define USE_KERBEROS_KEYTAB (KERBEROS_VERIFY_SECRETS != lp_kerberos_method())
#define USE_SYSTEM_KEYTAB \
((KERBEROS_VERIFY_SECRETS_AND_KEYTAB == lp_kerberos_method()) || \
(KERBEROS_VERIFY_SYSTEM_KEYTAB == lp_kerberos_method()))
#if defined(HAVE_KRB5)
krb5_error_code smb_krb5_parse_name(krb5_context context,
const char *name, /* in unix charset */
krb5_principal *principal);
krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
krb5_context context,
krb5_const_principal principal,
char **unix_name);
#ifndef HAVE_KRB5_SET_REAL_TIME
krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds);
#endif
krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock);
#endif
#ifndef HAVE_KRB5_FREE_UNPARSED_NAME
void krb5_free_unparsed_name(krb5_context ctx, char *val);
#endif
/* Stub out initialize_krb5_error_table since it is not present in all
* Kerberos implementations. If it's not present, it's not necessary to
* call it.
*/
#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE
#define initialize_krb5_error_table()
#endif
/* Samba wrapper function for krb5 functionality. */
bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr);
int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt);
bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt);
krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
#if defined(HAVE_KRB5_LOCATE_KDC)
krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
#endif
krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote);
krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype);
void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype);
bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2);
void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx,
DATA_BLOB *pac_data_blob,
krb5_context context,
krb5_keyblock *service_keyblock,
krb5_const_principal client_principal,
time_t tgs_authtime,
struct PAC_DATA **pac_data_out);
void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
struct PAC_SIGNATURE_DATA *sig);
krb5_error_code smb_krb5_verify_checksum(krb5_context context,
const krb5_keyblock *keyblock,
krb5_keyusage usage,
krb5_checksum *cksum,
uint8 *data,
size_t length);
time_t get_authtime_from_tkt(krb5_ticket *tkt);
void smb_krb5_free_ap_req(krb5_context context,
krb5_ap_req *ap_req);
krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context,
const krb5_data *inbuf,
krb5_kvno *kvno,
krb5_enctype *enctype);
krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context,
krb5_auth_context *auth_context,
const krb5_data *inbuf,
krb5_const_principal server,
krb5_keytab keytab,
krb5_flags *ap_req_options,
krb5_ticket **ticket,
krb5_keyblock **keyblock);
krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
const char *name,
krb5_principal *principal);
bool smb_krb5_principal_compare_any_realm(krb5_context context,
krb5_const_principal princ1,
krb5_const_principal princ2);
int cli_krb5_get_ticket(const char *principal, time_t time_offset,
DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
uint32 extra_ap_opts, const char *ccname,
time_t *tgs_expire,
const char *impersonate_princ_s);
krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time);
krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code);
krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr);
krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr);
NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error);
krb5_error_code nt_status_to_krb5(NTSTATUS nt_status);
void smb_krb5_free_error(krb5_context context, krb5_error *krberror);
krb5_error_code handle_krberror_packet(krb5_context context,
krb5_data *packet);
void smb_krb5_get_init_creds_opt_free(krb5_context context,
krb5_get_init_creds_opt *opt);
krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context,
krb5_get_init_creds_opt **opt);
krb5_error_code smb_krb5_mk_error(krb5_context context,
krb5_error_code error_code,
const krb5_principal server,
krb5_data *reply);
krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry);
krb5_error_code smb_krb5_enctype_to_string(krb5_context context,
krb5_enctype enctype,
char **etype_s);
krb5_error_code smb_krb5_open_keytab(krb5_context context,
const char *keytab_name,
bool write_access,
krb5_keytab *keytab);
krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx,
krb5_context context,
krb5_keytab keytab,
const char **keytab_name);
int smb_krb5_kt_add_entry_ext(krb5_context context,
krb5_keytab keytab,
krb5_kvno kvno,
const char *princ_s,
krb5_enctype *enctypes,
krb5_data password,
bool no_salt,
bool keep_old_entries);
krb5_error_code smb_krb5_get_credentials(krb5_context context,
krb5_ccache ccache,
krb5_principal me,
krb5_principal server,
krb5_principal impersonate_princ,
krb5_creds **out_creds);
krb5_error_code smb_krb5_get_creds(const char *server_s,
time_t time_offset,
const char *cc,
const char *impersonate_princ_s,
krb5_creds **creds_p);
char *smb_krb5_principal_get_realm(krb5_context context,
krb5_principal principal);
#endif /* HAVE_KRB5 */
#ifdef HAVE_LDAP
/* function declarations not included in proto.h */

View File

@ -0,0 +1,148 @@
/* work around broken krb5.h on sles9 */
#ifdef SIZEOF_LONG
#undef SIZEOF_LONG
#endif
#if defined(HAVE_KRB5)
krb5_error_code smb_krb5_parse_name(krb5_context context,
const char *name, /* in unix charset */
krb5_principal *principal);
krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
krb5_context context,
krb5_const_principal principal,
char **unix_name);
#ifndef HAVE_KRB5_SET_REAL_TIME
krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds);
#endif
krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock);
#endif
#ifndef HAVE_KRB5_FREE_UNPARSED_NAME
void krb5_free_unparsed_name(krb5_context ctx, char *val);
#endif
/* Stub out initialize_krb5_error_table since it is not present in all
* Kerberos implementations. If it's not present, it's not necessary to
* call it.
*/
#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE
#define initialize_krb5_error_table()
#endif
/* Samba wrapper function for krb5 functionality. */
bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr);
int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt);
bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt);
krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
#if defined(HAVE_KRB5_LOCATE_KDC)
krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
#endif
krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote);
krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype);
void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype);
bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2);
void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx,
DATA_BLOB *pac_data_blob,
krb5_context context,
krb5_keyblock *service_keyblock,
krb5_const_principal client_principal,
time_t tgs_authtime,
struct PAC_DATA **pac_data_out);
void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
struct PAC_SIGNATURE_DATA *sig);
krb5_error_code smb_krb5_verify_checksum(krb5_context context,
const krb5_keyblock *keyblock,
krb5_keyusage usage,
krb5_checksum *cksum,
uint8 *data,
size_t length);
time_t get_authtime_from_tkt(krb5_ticket *tkt);
void smb_krb5_free_ap_req(krb5_context context,
krb5_ap_req *ap_req);
krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context,
const krb5_data *inbuf,
krb5_kvno *kvno,
krb5_enctype *enctype);
krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context,
krb5_auth_context *auth_context,
const krb5_data *inbuf,
krb5_const_principal server,
krb5_keytab keytab,
krb5_flags *ap_req_options,
krb5_ticket **ticket,
krb5_keyblock **keyblock);
krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
const char *name,
krb5_principal *principal);
bool smb_krb5_principal_compare_any_realm(krb5_context context,
krb5_const_principal princ1,
krb5_const_principal princ2);
int cli_krb5_get_ticket(const char *principal, time_t time_offset,
DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
uint32 extra_ap_opts, const char *ccname,
time_t *tgs_expire,
const char *impersonate_princ_s);
krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time);
krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code);
krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr);
krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr);
NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error);
krb5_error_code nt_status_to_krb5(NTSTATUS nt_status);
void smb_krb5_free_error(krb5_context context, krb5_error *krberror);
krb5_error_code handle_krberror_packet(krb5_context context,
krb5_data *packet);
void smb_krb5_get_init_creds_opt_free(krb5_context context,
krb5_get_init_creds_opt *opt);
krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context,
krb5_get_init_creds_opt **opt);
krb5_error_code smb_krb5_mk_error(krb5_context context,
krb5_error_code error_code,
const krb5_principal server,
krb5_data *reply);
krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry);
krb5_error_code smb_krb5_enctype_to_string(krb5_context context,
krb5_enctype enctype,
char **etype_s);
krb5_error_code smb_krb5_open_keytab(krb5_context context,
const char *keytab_name,
bool write_access,
krb5_keytab *keytab);
krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx,
krb5_context context,
krb5_keytab keytab,
const char **keytab_name);
int smb_krb5_kt_add_entry_ext(krb5_context context,
krb5_keytab keytab,
krb5_kvno kvno,
const char *princ_s,
krb5_enctype *enctypes,
krb5_data password,
bool no_salt,
bool keep_old_entries);
krb5_error_code smb_krb5_get_credentials(krb5_context context,
krb5_ccache ccache,
krb5_principal me,
krb5_principal server,
krb5_principal impersonate_princ,
krb5_creds **out_creds);
krb5_error_code smb_krb5_get_creds(const char *server_s,
time_t time_offset,
const char *cc,
const char *impersonate_princ_s,
krb5_creds **creds_p);
char *smb_krb5_principal_get_realm(krb5_context context,
krb5_principal principal);
#endif /* HAVE_KRB5 */

View File

@ -0,0 +1,72 @@
#ifndef _HEADER_smb_krb5_h
#define _HEADER_smb_krb5_h
#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */
/* this file uses DEPRECATED interfaces! */
#if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER)
#define KRB5_DEPRECATED 1
#else
#define KRB5_DEPRECATED
#endif
#if HAVE_KRB5_H
#include <krb5.h>
#endif
#ifndef KRB5_ADDR_NETBIOS
#define KRB5_ADDR_NETBIOS 0x14
#endif
#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG
#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
#endif
/* Heimdal uses a slightly different name */
#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5)
#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
#endif
/* The older versions of heimdal that don't have this
define don't seem to use it anyway. I'm told they
always use a subkey */
#ifndef HAVE_AP_OPTS_USE_SUBKEY
#define AP_OPTS_USE_SUBKEY 0
#endif
#ifdef HAVE_KRB5
typedef struct {
#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
krb5_address **addrs;
#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */
krb5_addresses *addrs;
#else
#error UNKNOWN_KRB5_ADDRESS_TYPE
#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */
} smb_krb5_addresses;
#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
#define KRB5_KEY_TYPE(k) ((k)->keytype)
#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
#define KRB5_KEY_DATA_CAST void
#else /* MIT */
#define KRB5_KEY_TYPE(k) ((k)->enctype)
#define KRB5_KEY_LENGTH(k) ((k)->length)
#define KRB5_KEY_DATA(k) ((k)->contents)
#define KRB5_KEY_DATA_CAST krb5_octet
#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */
#define KRB5_KT_KEY(k) (&(k)->key)
#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */
#define KRB5_KT_KEY(k) (&(k)->keyblock)
#else
#error krb5_keytab_entry has no key or keyblock member
#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */
#endif /* HAVE_KRB5 */
#include "krb5_protos.h"
#endif /* _HEADER_smb_krb5_h */

View File

@ -21,6 +21,7 @@
*/
#include "includes.h"
#include "smb_krb5.h"
/*
build a ADS_STATUS structure

View File

@ -24,6 +24,7 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_krb5pac.h"
#include "smb_krb5.h"
#ifdef HAVE_KRB5

View File

@ -22,6 +22,7 @@
*/
#include "includes.h"
#include "smb_krb5.h"
#ifdef HAVE_KRB5

View File

@ -26,6 +26,7 @@
*/
#include "includes.h"
#include "smb_krb5.h"
#ifdef HAVE_KRB5

View File

@ -24,6 +24,7 @@
*/
#include "includes.h"
#include "smb_krb5.h"
#ifdef HAVE_KRB5

View File

@ -18,6 +18,7 @@
*/
#include "includes.h"
#include "smb_krb5.h"
#ifdef HAVE_KRB5

View File

@ -19,6 +19,7 @@
*/
#include "includes.h"
#include "smb_krb5.h"
#ifdef HAVE_KRB5

View File

@ -20,6 +20,7 @@
#ifndef __LIBNET_H__
#define __LIBNET_H__
#include "smb_krb5.h"
#include "libnet/libnet_keytab.h"
#include "libnet/libnet_samsync.h"
#include "libnet/libnet_dssync.h"

View File

@ -21,6 +21,7 @@
#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
#include "../libcli/auth/spnego.h"
#include "smb_krb5.h"
static const struct {
int prot;

View File

@ -20,10 +20,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */
/* this file uses DEPRECATED interfaces! */
#include "includes.h"
#include "smb_krb5.h"
#ifdef HAVE_KRB5

View File

@ -21,6 +21,7 @@
#include "includes.h"
#include "../libcli/auth/spnego.h"
#include "smb_krb5.h"
/*
generate a negTokenInit packet given a GUID, a list of supported

View File

@ -22,6 +22,7 @@
#include "../librpc/gen_ndr/ndr_schannel.h"
#include "../libcli/auth/schannel.h"
#include "../libcli/auth/spnego.h"
#include "smb_krb5.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_CLI

View File

@ -27,6 +27,7 @@
#include "utils/ntlm_auth.h"
#include "../libcli/auth/libcli_auth.h"
#include "../libcli/auth/spnego.h"
#include "smb_krb5.h"
#include <iniparser.h>
#ifndef PAM_WINBIND_CONFIG_FILE

View File

@ -24,6 +24,8 @@
#include "includes.h"
#include "winbindd.h"
#include "../libcli/auth/libcli_auth.h"
#include "smb_krb5.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND

View File

@ -26,6 +26,7 @@
#include "winbindd.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/cli_samr.h"
#include "smb_krb5.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND