1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Get smbd to link with Heimdal. Still missing some client progs...

Jeremy.
(This used to be commit 85dda43476)
This commit is contained in:
Jeremy Allison 2003-01-28 00:33:21 +00:00
parent f911f03a7d
commit 755e33ee3f
6 changed files with 10669 additions and 20736 deletions

28433
source3/configure vendored

File diff suppressed because it is too large Load Diff

View File

@ -2001,6 +2001,7 @@ if test x$FOUND_KRB5 = x"no"; then
# see if this box has the SuSE location for the heimdal kerberos implementation
AC_MSG_CHECKING(for /usr/include/heimdal)
if test -d /usr/include/heimdal; then
LIBS="$LIBS -lkrb5"
CFLAGS="$CFLAGS -I/usr/include/heimdal"
CPPFLAGS="$CPPFLAGS -I/usr/include/heimdal"
AC_MSG_RESULT(yes)
@ -2015,6 +2016,7 @@ if test x$FOUND_KRB5 = x"no"; then
# see if this box has the RedHat location for kerberos
AC_MSG_CHECKING(for /usr/kerberos)
if test -d /usr/kerberos; then
LIBS="$LIBS -lkrb5"
LDFLAGS="$LDFLAGS -L/usr/kerberos/lib"
CFLAGS="$CFLAGS -I/usr/kerberos/include"
CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
@ -2041,6 +2043,10 @@ fi
# Heimdal checks.
AC_CHECK_LIB(crypto, des_set_key, [LIBS="$LIBS -lcrypto"])
AC_CHECK_LIB(asn1, copy_Authenticator, [LIBS="$LIBS -lasn1 -lroken"])
# Heimdal checks. On static Heimdal gssapi must be linked before krb5.
AC_CHECK_LIB(gssapi, gss_display_status, [LIBS="$LIBS -lgssapi -lkrb5 -lasn1";
AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])])
AC_CHECK_LIB(krb5, krb5_set_real_time, [AC_DEFINE(HAVE_KRB5_SET_REAL_TIME,1,[Whether krb5_set_real_time is available])])
AC_CHECK_LIB(krb5, krb5_set_default_in_tkt_etypes, [AC_DEFINE(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES,1,[Whether krb5_set_default_in_tkt_etypes, is available])])
AC_CHECK_LIB(krb5, krb5_set_default_tgs_ktypes, [AC_DEFINE(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES,1,[Whether krb5_set_default_tgs_ktypes is available])])
@ -2069,6 +2075,14 @@ if test x"$samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS" = x"yes"; then
AC_DEFINE(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,1,[Whether the krb5_address struct has a addr_type property])
fi
AC_CACHE_CHECK([for enc_part2 in krb5_ticket],samba_cv_HAVE_KRB5_TKT_ENC_PART2,[
AC_TRY_COMPILE([#include <krb5.h>],
[krb5_ticket tkt; tkt.enc_part2->authorization_data[0]->contents = NULL;],
samba_cv_HAVE_KRB5_TKT_ENC_PART2=yes,samba_cv_HAVE_KRB5_TKT_ENC_PART2=no)])
if test x"$samba_cv_HAVE_KRB5_TKT_ENC_PART2" = x"yes"; then
AC_DEFINE(HAVE_KRB5_TKT_ENC_PART2,1,[Whether the krb5_ticket struct has a enc_part2 property])
fi
########################################################
# now see if we can find the krb5 libs in standard paths
# or as specified above
@ -2079,9 +2093,6 @@ fi
# now see if we can find the gssapi libs in standard paths
AC_CHECK_LIB(gssapi_krb5, gss_display_status, [LIBS="$LIBS -lgssapi_krb5";
AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])])
# Heimdal checks.
AC_CHECK_LIB(gssapi, gss_display_status, [LIBS="$LIBS -lgssapi";
AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])])
fi
########################################################

File diff suppressed because it is too large Load Diff

View File

@ -1227,6 +1227,9 @@ int create_kerberos_key_from_string(krb5_context context,
krb5_data *password,
krb5_keyblock *key);
void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt);
krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
#endif /* HAVE_KRB5 */
#endif /* _INCLUDES_H */

View File

@ -114,10 +114,7 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
return NT_STATUS_LOGON_FAILURE;
}
if (tkt->enc_part2) {
*auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents,
tkt->enc_part2->authorization_data[0]->length);
}
get_auth_data_from_tkt(auth_data, tkt);
#if 0
if (tkt->enc_part2) {
@ -127,7 +124,7 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
}
#endif
if ((ret = krb5_unparse_name(context, tkt->enc_part2->client, principal))) {
if ((ret = krb5_unparse_name(context, get_principal_from_tkt(tkt), principal))) {
DEBUG(3,("krb5_unparse_name failed (%s)\n",
error_message(ret)));
return NT_STATUS_LOGON_FAILURE;

View File

@ -118,6 +118,28 @@
}
#endif
void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt)
{
#if defined(HAVE_KRB5_TKT_ENC_PART2)
if (tkt->enc_part2)
*auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents,
tkt->enc_part2->authorization_data[0]->length);
#else
if (tkt->ticket.authorization_data && tkt->ticket.authorization_data->len)
*auth_data = data_blob(tkt->ticket.authorization_data->val->ad_data.data,
tkt->ticket.authorization_data->val->ad_data.length);
#endif
}
krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt)
{
#if defined(HAVE_KRB5_TKT_ENC_PART2)
return tkt->enc_part2->client;
#else
return tkt->client;
#endif
}
/*
we can't use krb5_mk_req because w2k wants the service to be in a particular format
*/