1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Get closer to Heimdal compile... Damn. HEAD has different code in

kerberos_verify...
Jeremy.
(This used to be commit e8c4098da6)
This commit is contained in:
Jeremy Allison 2003-01-21 20:43:26 +00:00
parent 85ecf66547
commit e545fe3c0a
6 changed files with 533 additions and 15 deletions

442
source3/configure vendored
View File

@ -21190,6 +21190,448 @@ cat >>confdefs.h <<\_ACEOF
#define HAVE_KRB5_SET_DEFAULT_TGS_KTYPES 1
_ACEOF
fi
echo "$as_me:$LINENO: checking for krb5_principal2salt in -lkrb5" >&5
echo $ECHO_N "checking for krb5_principal2salt in -lkrb5... $ECHO_C" >&6
if test "${ac_cv_lib_krb5_krb5_principal2salt+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lkrb5 $LIBS"
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char krb5_principal2salt ();
#ifdef F77_DUMMY_MAIN
# ifdef __cplusplus
extern "C"
# endif
int F77_DUMMY_MAIN() { return 1; }
#endif
int
main ()
{
krb5_principal2salt ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_lib_krb5_krb5_principal2salt=yes
else
echo "$as_me: failed program was:" >&5
cat conftest.$ac_ext >&5
ac_cv_lib_krb5_krb5_principal2salt=no
fi
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_principal2salt" >&5
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_principal2salt" >&6
if test $ac_cv_lib_krb5_krb5_principal2salt = yes; then
cat >>confdefs.h <<\_ACEOF
#define HAVE_KRB5_PRINCIPAL2SALT 1
_ACEOF
fi
echo "$as_me:$LINENO: checking for krb5_use_enctype in -lkrb5" >&5
echo $ECHO_N "checking for krb5_use_enctype in -lkrb5... $ECHO_C" >&6
if test "${ac_cv_lib_krb5_krb5_use_enctype+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lkrb5 $LIBS"
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char krb5_use_enctype ();
#ifdef F77_DUMMY_MAIN
# ifdef __cplusplus
extern "C"
# endif
int F77_DUMMY_MAIN() { return 1; }
#endif
int
main ()
{
krb5_use_enctype ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_lib_krb5_krb5_use_enctype=yes
else
echo "$as_me: failed program was:" >&5
cat conftest.$ac_ext >&5
ac_cv_lib_krb5_krb5_use_enctype=no
fi
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_use_enctype" >&5
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_use_enctype" >&6
if test $ac_cv_lib_krb5_krb5_use_enctype = yes; then
cat >>confdefs.h <<\_ACEOF
#define HAVE_KRB5_USE_ENCTYPE 1
_ACEOF
fi
echo "$as_me:$LINENO: checking for krb5_string_to_key in -lkrb5" >&5
echo $ECHO_N "checking for krb5_string_to_key in -lkrb5... $ECHO_C" >&6
if test "${ac_cv_lib_krb5_krb5_string_to_key+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lkrb5 $LIBS"
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char krb5_string_to_key ();
#ifdef F77_DUMMY_MAIN
# ifdef __cplusplus
extern "C"
# endif
int F77_DUMMY_MAIN() { return 1; }
#endif
int
main ()
{
krb5_string_to_key ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_lib_krb5_krb5_string_to_key=yes
else
echo "$as_me: failed program was:" >&5
cat conftest.$ac_ext >&5
ac_cv_lib_krb5_krb5_string_to_key=no
fi
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_string_to_key" >&5
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_string_to_key" >&6
if test $ac_cv_lib_krb5_krb5_string_to_key = yes; then
cat >>confdefs.h <<\_ACEOF
#define HAVE_KRB5_STRING_TO_KEY 1
_ACEOF
fi
echo "$as_me:$LINENO: checking for krb5_get_pw_salt in -lkrb5" >&5
echo $ECHO_N "checking for krb5_get_pw_salt in -lkrb5... $ECHO_C" >&6
if test "${ac_cv_lib_krb5_krb5_get_pw_salt+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lkrb5 $LIBS"
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char krb5_get_pw_salt ();
#ifdef F77_DUMMY_MAIN
# ifdef __cplusplus
extern "C"
# endif
int F77_DUMMY_MAIN() { return 1; }
#endif
int
main ()
{
krb5_get_pw_salt ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_lib_krb5_krb5_get_pw_salt=yes
else
echo "$as_me: failed program was:" >&5
cat conftest.$ac_ext >&5
ac_cv_lib_krb5_krb5_get_pw_salt=no
fi
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_get_pw_salt" >&5
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_get_pw_salt" >&6
if test $ac_cv_lib_krb5_krb5_get_pw_salt = yes; then
cat >>confdefs.h <<\_ACEOF
#define HAVE_KRB5_GET_PW_SALT 1
_ACEOF
fi
echo "$as_me:$LINENO: checking for krb5_string_to_key_salt in -lkrb5" >&5
echo $ECHO_N "checking for krb5_string_to_key_salt in -lkrb5... $ECHO_C" >&6
if test "${ac_cv_lib_krb5_krb5_string_to_key_salt+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lkrb5 $LIBS"
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char krb5_string_to_key_salt ();
#ifdef F77_DUMMY_MAIN
# ifdef __cplusplus
extern "C"
# endif
int F77_DUMMY_MAIN() { return 1; }
#endif
int
main ()
{
krb5_string_to_key_salt ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_lib_krb5_krb5_string_to_key_salt=yes
else
echo "$as_me: failed program was:" >&5
cat conftest.$ac_ext >&5
ac_cv_lib_krb5_krb5_string_to_key_salt=no
fi
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_string_to_key_salt" >&5
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_string_to_key_salt" >&6
if test $ac_cv_lib_krb5_krb5_string_to_key_salt = yes; then
cat >>confdefs.h <<\_ACEOF
#define HAVE_KRB5_STRING_TO_KEY_SALT 1
_ACEOF
fi
echo "$as_me:$LINENO: checking for krb5_auth_con_setkey in -lkrb5" >&5
echo $ECHO_N "checking for krb5_auth_con_setkey in -lkrb5... $ECHO_C" >&6
if test "${ac_cv_lib_krb5_krb5_auth_con_setkey+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lkrb5 $LIBS"
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char krb5_auth_con_setkey ();
#ifdef F77_DUMMY_MAIN
# ifdef __cplusplus
extern "C"
# endif
int F77_DUMMY_MAIN() { return 1; }
#endif
int
main ()
{
krb5_auth_con_setkey ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_lib_krb5_krb5_auth_con_setkey=yes
else
echo "$as_me: failed program was:" >&5
cat conftest.$ac_ext >&5
ac_cv_lib_krb5_krb5_auth_con_setkey=no
fi
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_auth_con_setkey" >&5
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_auth_con_setkey" >&6
if test $ac_cv_lib_krb5_krb5_auth_con_setkey = yes; then
cat >>confdefs.h <<\_ACEOF
#define HAVE_KRB5_AUTH_CON_SETKEY 1
_ACEOF
fi
echo "$as_me:$LINENO: checking for krb5_auth_con_setuseruserkey in -lkrb5" >&5
echo $ECHO_N "checking for krb5_auth_con_setuseruserkey in -lkrb5... $ECHO_C" >&6
if test "${ac_cv_lib_krb5_krb5_auth_con_setuseruserkey+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lkrb5 $LIBS"
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char krb5_auth_con_setuseruserkey ();
#ifdef F77_DUMMY_MAIN
# ifdef __cplusplus
extern "C"
# endif
int F77_DUMMY_MAIN() { return 1; }
#endif
int
main ()
{
krb5_auth_con_setuseruserkey ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_lib_krb5_krb5_auth_con_setuseruserkey=yes
else
echo "$as_me: failed program was:" >&5
cat conftest.$ac_ext >&5
ac_cv_lib_krb5_krb5_auth_con_setuseruserkey=no
fi
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_auth_con_setuseruserkey" >&5
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_auth_con_setuseruserkey" >&6
if test $ac_cv_lib_krb5_krb5_auth_con_setuseruserkey = yes; then
cat >>confdefs.h <<\_ACEOF
#define HAVE_KRB5_AUTH_CON_SETUSERUSERKEY 1
_ACEOF
fi

View File

@ -2045,6 +2045,14 @@ fi
AC_CHECK_LIB(krb5, krb5_set_default_in_tkt_etypes, [AC_DEFINE(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES,1,[Whether krb5_set_default_in_tkt_etypes, is available])])
AC_CHECK_LIB(krb5, krb5_set_default_tgs_ktypes, [AC_DEFINE(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES,1,[Whether krb5_set_default_tgs_ktypes is available])])
AC_CHECK_LIB(krb5, krb5_principal2salt, [AC_DEFINE(HAVE_KRB5_PRINCIPAL2SALT,1,[Whether krb5_principal2salt is available])])
AC_CHECK_LIB(krb5, krb5_use_enctype, [AC_DEFINE(HAVE_KRB5_USE_ENCTYPE,1,[Whether krb5_use_enctype is available])])
AC_CHECK_LIB(krb5, krb5_string_to_key, [AC_DEFINE(HAVE_KRB5_STRING_TO_KEY,1,[Whether krb5_string_to_key is available])])
AC_CHECK_LIB(krb5, krb5_get_pw_salt, [AC_DEFINE(HAVE_KRB5_GET_PW_SALT,1,[Whether krb5_get_pw_salt is available])])
AC_CHECK_LIB(krb5, krb5_string_to_key_salt, [AC_DEFINE(HAVE_KRB5_STRING_TO_KEY_SALT,1,[Whether krb5_string_to_key_salt is available])])
AC_CHECK_LIB(krb5, krb5_auth_con_setkey, [AC_DEFINE(HAVE_KRB5_AUTH_CON_SETKEY,1,[Whether krb5_auth_con_setkey is available])])
AC_CHECK_LIB(krb5, krb5_auth_con_setuseruserkey, [AC_DEFINE(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY,1,[Whether krb5_auth_con_setuseruserkey is available])])
AC_CACHE_CHECK([for addrtype in krb5_address],samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS,[
AC_TRY_COMPILE([#include <krb5.h>],
[krb5_address kaddr; kaddr.addrtype = ADDRTYPE_INET;],

View File

@ -555,9 +555,21 @@
/* Whether KRB5 is available */
#undef HAVE_KRB5
/* Whether krb5_auth_con_setkey is available */
#undef HAVE_KRB5_AUTH_CON_SETKEY
/* Whether krb5_auth_con_setuseruserkey is available */
#undef HAVE_KRB5_AUTH_CON_SETUSERUSERKEY
/* Whether krb5_get_pw_salt is available */
#undef HAVE_KRB5_GET_PW_SALT
/* Define to 1 if you have the <krb5.h> header file. */
#undef HAVE_KRB5_H
/* Whether krb5_principal2salt is available */
#undef HAVE_KRB5_PRINCIPAL2SALT
/* Whether krb5_set_default_in_tkt_etypes, is available */
#undef HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES
@ -567,6 +579,15 @@
/* Whether krb5_set_real_time is available */
#undef HAVE_KRB5_SET_REAL_TIME
/* Whether krb5_string_to_key is available */
#undef HAVE_KRB5_STRING_TO_KEY
/* Whether krb5_string_to_key_salt is available */
#undef HAVE_KRB5_STRING_TO_KEY_SALT
/* Whether krb5_use_enctype is available */
#undef HAVE_KRB5_USE_ENCTYPE
/* Define to 1 if you have the <lastlog.h> header file. */
#undef HAVE_LASTLOG_H

View File

@ -1214,8 +1214,18 @@ krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_
krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
#endif
/* Samba wrapper function for krb5 functionality. */
#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock);
#endif
/* Samba wrapper functions for krb5 functionality. */
void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr);
int create_kerberos_key_from_string(krb5_context context,
krb5_principal host_princ,
krb5_data *password,
krb5_keyblock *key);
#endif /* HAVE_KRB5 */

View File

@ -36,8 +36,6 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
krb5_keytab keytab = NULL;
krb5_data packet;
krb5_ticket *tkt = NULL;
krb5_data salt;
krb5_encrypt_block eblock;
int ret;
krb5_keyblock * key;
krb5_principal host_princ;
@ -91,24 +89,15 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
return NT_STATUS_LOGON_FAILURE;
}
ret = krb5_principal2salt(context, host_princ, &salt);
if (ret) {
DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
return NT_STATUS_LOGON_FAILURE;
}
if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
return NT_STATUS_NO_MEMORY;
}
krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_MD5);
ret = krb5_string_to_key(context, &eblock, key, &password, &salt);
if (ret) {
DEBUG(1,("krb5_string_to_key failed (%s)\n", error_message(ret)));
if (create_kerberos_key_from_string(context, host_princ, &password, key)) {
SAFE_FREE(key);
return NT_STATUS_LOGON_FAILURE;
}
krb5_auth_con_setuseruserkey(context, auth_context, key);
packet.length = ticket->length;

View File

@ -70,6 +70,54 @@
__ERROR__XX__UNKNOWN_ADDRTYPE
#endif
#if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_USE_ENCTYPE) && defined(HAVE_KRB5_STRING_TO_KEY)
int create_kerberos_key_from_string(krb5_context context,
krb5_principal host_princ,
krb5_data *password,
krb5_keyblock *key)
{
int ret;
krb5_data salt,
krb5_encrypt_block eblock;
ret = krb5_principal2salt(context, host_princ, &salt);
if (ret) {
DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
return ret;
}
krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_MD5);
return krb5_string_to_key(context, &eblock, key, password, &salt);
}
#elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
int create_kerberos_key_from_string(krb5_context context,
krb5_principal host_princ,
krb5_data *password,
krb5_keyblock *key)
{
int ret;
krb5_salt salt;
ret = krb5_get_pw_salt(context, host_princ, &salt);
if (ret) {
DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
return ret;
}
return krb5_string_to_key_salt(context, ENCTYPE_DES_CBC_MD5, password->data,
salt, key);
}
#else
__ERROR_XX_UNKNOWN_CREATE_KEY_FUNCTIONS
#endif
#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock)
{
return krb5_auth_con_setkey(context, auth_context, keyblock);
}
#endif
/*
we can't use krb5_mk_req because w2k wants the service to be in a particular format
*/