mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Get smbd to link with Heimdal. Still missing some client progs...
Jeremy.
(This used to be commit 85dda43476
)
This commit is contained in:
parent
f911f03a7d
commit
755e33ee3f
28433
source3/configure
vendored
28433
source3/configure
vendored
File diff suppressed because it is too large
Load Diff
@ -2001,6 +2001,7 @@ if test x$FOUND_KRB5 = x"no"; then
|
||||
# see if this box has the SuSE location for the heimdal kerberos implementation
|
||||
AC_MSG_CHECKING(for /usr/include/heimdal)
|
||||
if test -d /usr/include/heimdal; then
|
||||
LIBS="$LIBS -lkrb5"
|
||||
CFLAGS="$CFLAGS -I/usr/include/heimdal"
|
||||
CPPFLAGS="$CPPFLAGS -I/usr/include/heimdal"
|
||||
AC_MSG_RESULT(yes)
|
||||
@ -2015,6 +2016,7 @@ if test x$FOUND_KRB5 = x"no"; then
|
||||
# see if this box has the RedHat location for kerberos
|
||||
AC_MSG_CHECKING(for /usr/kerberos)
|
||||
if test -d /usr/kerberos; then
|
||||
LIBS="$LIBS -lkrb5"
|
||||
LDFLAGS="$LDFLAGS -L/usr/kerberos/lib"
|
||||
CFLAGS="$CFLAGS -I/usr/kerberos/include"
|
||||
CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
|
||||
@ -2041,6 +2043,10 @@ fi
|
||||
# Heimdal checks.
|
||||
AC_CHECK_LIB(crypto, des_set_key, [LIBS="$LIBS -lcrypto"])
|
||||
AC_CHECK_LIB(asn1, copy_Authenticator, [LIBS="$LIBS -lasn1 -lroken"])
|
||||
# Heimdal checks. On static Heimdal gssapi must be linked before krb5.
|
||||
AC_CHECK_LIB(gssapi, gss_display_status, [LIBS="$LIBS -lgssapi -lkrb5 -lasn1";
|
||||
AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])])
|
||||
|
||||
AC_CHECK_LIB(krb5, krb5_set_real_time, [AC_DEFINE(HAVE_KRB5_SET_REAL_TIME,1,[Whether krb5_set_real_time is available])])
|
||||
AC_CHECK_LIB(krb5, krb5_set_default_in_tkt_etypes, [AC_DEFINE(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES,1,[Whether krb5_set_default_in_tkt_etypes, is available])])
|
||||
AC_CHECK_LIB(krb5, krb5_set_default_tgs_ktypes, [AC_DEFINE(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES,1,[Whether krb5_set_default_tgs_ktypes is available])])
|
||||
@ -2069,6 +2075,14 @@ if test x"$samba_cv_HAVE_ADDR_TYPE_IN_KRB5_ADDRESS" = x"yes"; then
|
||||
AC_DEFINE(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS,1,[Whether the krb5_address struct has a addr_type property])
|
||||
fi
|
||||
|
||||
AC_CACHE_CHECK([for enc_part2 in krb5_ticket],samba_cv_HAVE_KRB5_TKT_ENC_PART2,[
|
||||
AC_TRY_COMPILE([#include <krb5.h>],
|
||||
[krb5_ticket tkt; tkt.enc_part2->authorization_data[0]->contents = NULL;],
|
||||
samba_cv_HAVE_KRB5_TKT_ENC_PART2=yes,samba_cv_HAVE_KRB5_TKT_ENC_PART2=no)])
|
||||
if test x"$samba_cv_HAVE_KRB5_TKT_ENC_PART2" = x"yes"; then
|
||||
AC_DEFINE(HAVE_KRB5_TKT_ENC_PART2,1,[Whether the krb5_ticket struct has a enc_part2 property])
|
||||
fi
|
||||
|
||||
########################################################
|
||||
# now see if we can find the krb5 libs in standard paths
|
||||
# or as specified above
|
||||
@ -2079,9 +2093,6 @@ fi
|
||||
# now see if we can find the gssapi libs in standard paths
|
||||
AC_CHECK_LIB(gssapi_krb5, gss_display_status, [LIBS="$LIBS -lgssapi_krb5";
|
||||
AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])])
|
||||
# Heimdal checks.
|
||||
AC_CHECK_LIB(gssapi, gss_display_status, [LIBS="$LIBS -lgssapi";
|
||||
AC_DEFINE(HAVE_GSSAPI,1,[Whether GSSAPI is available])])
|
||||
fi
|
||||
|
||||
########################################################
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1227,6 +1227,9 @@ int create_kerberos_key_from_string(krb5_context context,
|
||||
krb5_data *password,
|
||||
krb5_keyblock *key);
|
||||
|
||||
void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt);
|
||||
krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
|
||||
|
||||
#endif /* HAVE_KRB5 */
|
||||
|
||||
#endif /* _INCLUDES_H */
|
||||
|
@ -114,10 +114,7 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
}
|
||||
|
||||
if (tkt->enc_part2) {
|
||||
*auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents,
|
||||
tkt->enc_part2->authorization_data[0]->length);
|
||||
}
|
||||
get_auth_data_from_tkt(auth_data, tkt);
|
||||
|
||||
#if 0
|
||||
if (tkt->enc_part2) {
|
||||
@ -127,7 +124,7 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
|
||||
}
|
||||
#endif
|
||||
|
||||
if ((ret = krb5_unparse_name(context, tkt->enc_part2->client, principal))) {
|
||||
if ((ret = krb5_unparse_name(context, get_principal_from_tkt(tkt), principal))) {
|
||||
DEBUG(3,("krb5_unparse_name failed (%s)\n",
|
||||
error_message(ret)));
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
|
@ -118,6 +118,28 @@
|
||||
}
|
||||
#endif
|
||||
|
||||
void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt)
|
||||
{
|
||||
#if defined(HAVE_KRB5_TKT_ENC_PART2)
|
||||
if (tkt->enc_part2)
|
||||
*auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents,
|
||||
tkt->enc_part2->authorization_data[0]->length);
|
||||
#else
|
||||
if (tkt->ticket.authorization_data && tkt->ticket.authorization_data->len)
|
||||
*auth_data = data_blob(tkt->ticket.authorization_data->val->ad_data.data,
|
||||
tkt->ticket.authorization_data->val->ad_data.length);
|
||||
#endif
|
||||
}
|
||||
|
||||
krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt)
|
||||
{
|
||||
#if defined(HAVE_KRB5_TKT_ENC_PART2)
|
||||
return tkt->enc_part2->client;
|
||||
#else
|
||||
return tkt->client;
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
we can't use krb5_mk_req because w2k wants the service to be in a particular format
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user