2025-02-22 05:57:43 +03:00 · 2019-09-16 16:40:12 +03:00 · 2019-09-16 16:40:12 +03:00 · bebad45b29
commit bebad45b29
parent 9f9dcfb6c3
3 changed files with 49 additions and 1 deletions
--- a/source4/kdc/mit-kdb/kdb_samba.c
+++ b/source4/kdc/mit-kdb/kdb_samba.c
@ -139,7 +139,7 @@ static void kdb_samba_db_free_principal_e_data(krb5_context context,

 kdb_vftabl kdb_function_table = {
 	.maj_ver                   = KRB5_KDB_DAL_MAJOR_VERSION,
-	.min_ver                   = 1,
+	.min_ver                   = KRB5_KDB_DAL_MAJOR_VERSION == 6 ? 1 : 0,

 	.init_library              = kdb_samba_init_library,
 	.fini_library              = kdb_samba_fini_library,
--- a/source4/kdc/mit-kdb/kdb_samba.h
+++ b/source4/kdc/mit-kdb/kdb_samba.h
@ -114,6 +114,7 @@ krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,

 /* from kdb_samba_policies.c */

+#if KRB5_KDB_API_VERSION < 10
 krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 					    unsigned int flags,
 					    krb5_const_principal client_princ,
@ -127,6 +128,26 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 					    krb5_timestamp authtime,
 					    krb5_authdata **tgt_auth_data,
 					    krb5_authdata ***signed_auth_data);
+#else
+krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+					    unsigned int flags,
+					    krb5_const_principal client_princ,
+					    krb5_const_principal server_princ,
+					    krb5_db_entry *client,
+					    krb5_db_entry *server,
+					    krb5_db_entry *krbtgt,
+					    krb5_db_entry *local_krbtgt,
+					    krb5_keyblock *client_key,
+					    krb5_keyblock *server_key,
+					    krb5_keyblock *krbtgt_key,
+					    krb5_keyblock *local_krbtgt_key,
+					    krb5_keyblock *session_key,
+					    krb5_timestamp authtime,
+					    krb5_authdata **tgt_auth_data,
+					    void *authdata_info,
+					    krb5_data ***auth_indicators,
+					    krb5_authdata ***signed_auth_data);
+#endif

 krb5_error_code kdb_samba_db_check_policy_as(krb5_context context,
 					     krb5_kdc_req *kdcreq,
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@ -287,6 +287,7 @@ done:
 	return code;
 }

+#if KRB5_KDB_API_VERSION < 10
 krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 					    unsigned int flags,
 					    krb5_const_principal client_princ,
@ -301,6 +302,27 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 					    krb5_authdata **tgt_auth_data,
 					    krb5_authdata ***signed_auth_data)
 {
+#else
+krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+					    unsigned int flags,
+					    krb5_const_principal client_princ,
+					    krb5_const_principal server_princ,
+					    krb5_db_entry *client,
+					    krb5_db_entry *server,
+					    krb5_db_entry *krbtgt,
+					    krb5_db_entry *local_krbtgt,
+					    krb5_keyblock *client_key,
+					    krb5_keyblock *server_key,
+					    krb5_keyblock *krbtgt_key,
+					    krb5_keyblock *local_krbtgt_key,
+					    krb5_keyblock *session_key,
+					    krb5_timestamp authtime,
+					    krb5_authdata **tgt_auth_data,
+					    void *authdata_info,
+					    krb5_data ***auth_indicators,
+					    krb5_authdata ***signed_auth_data)
+{
+#endif
 	krb5_const_principal ks_client_princ;
 	krb5_authdata **authdata = NULL;
 	krb5_boolean is_as_req;
@ -308,6 +330,11 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 	krb5_pac pac = NULL;
 	krb5_data pac_data;

+#if KRB5_KDB_API_VERSION >= 10
+	krbtgt = krbtgt == NULL ? local_krbtgt : krbtgt;
+	krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key;
+#endif
+
 	/* Prefer canonicalised name from client entry */
 	if (client != NULL) {
 		ks_client_princ = client->princ;