mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Get closer to Heimdal compile... Damn. HEAD has different code in
kerberos_verify...
Jeremy.
(This used to be commit e8c4098da6
)
This commit is contained in:
parent
85ecf66547
commit
e545fe3c0a
442
source3/configure
vendored
442
source3/configure
vendored
@ -21190,6 +21190,448 @@ cat >>confdefs.h <<\_ACEOF
|
||||
#define HAVE_KRB5_SET_DEFAULT_TGS_KTYPES 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
|
||||
|
||||
echo "$as_me:$LINENO: checking for krb5_principal2salt in -lkrb5" >&5
|
||||
echo $ECHO_N "checking for krb5_principal2salt in -lkrb5... $ECHO_C" >&6
|
||||
if test "${ac_cv_lib_krb5_krb5_principal2salt+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lkrb5 $LIBS"
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
#line $LINENO "configure"
|
||||
#include "confdefs.h"
|
||||
|
||||
/* Override any gcc2 internal prototype to avoid an error. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
/* We use char because int might match the return type of a gcc2
|
||||
builtin and then its argument prototype would still apply. */
|
||||
char krb5_principal2salt ();
|
||||
#ifdef F77_DUMMY_MAIN
|
||||
# ifdef __cplusplus
|
||||
extern "C"
|
||||
# endif
|
||||
int F77_DUMMY_MAIN() { return 1; }
|
||||
#endif
|
||||
int
|
||||
main ()
|
||||
{
|
||||
krb5_principal2salt ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext
|
||||
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
|
||||
(eval $ac_link) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } &&
|
||||
{ ac_try='test -s conftest$ac_exeext'
|
||||
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
|
||||
(eval $ac_try) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); }; }; then
|
||||
ac_cv_lib_krb5_krb5_principal2salt=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
cat conftest.$ac_ext >&5
|
||||
ac_cv_lib_krb5_krb5_principal2salt=no
|
||||
fi
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_principal2salt" >&5
|
||||
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_principal2salt" >&6
|
||||
if test $ac_cv_lib_krb5_krb5_principal2salt = yes; then
|
||||
|
||||
cat >>confdefs.h <<\_ACEOF
|
||||
#define HAVE_KRB5_PRINCIPAL2SALT 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
|
||||
echo "$as_me:$LINENO: checking for krb5_use_enctype in -lkrb5" >&5
|
||||
echo $ECHO_N "checking for krb5_use_enctype in -lkrb5... $ECHO_C" >&6
|
||||
if test "${ac_cv_lib_krb5_krb5_use_enctype+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lkrb5 $LIBS"
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
#line $LINENO "configure"
|
||||
#include "confdefs.h"
|
||||
|
||||
/* Override any gcc2 internal prototype to avoid an error. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
/* We use char because int might match the return type of a gcc2
|
||||
builtin and then its argument prototype would still apply. */
|
||||
char krb5_use_enctype ();
|
||||
#ifdef F77_DUMMY_MAIN
|
||||
# ifdef __cplusplus
|
||||
extern "C"
|
||||
# endif
|
||||
int F77_DUMMY_MAIN() { return 1; }
|
||||
#endif
|
||||
int
|
||||
main ()
|
||||
{
|
||||
krb5_use_enctype ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext
|
||||
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
|
||||
(eval $ac_link) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } &&
|
||||
{ ac_try='test -s conftest$ac_exeext'
|
||||
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
|
||||
(eval $ac_try) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); }; }; then
|
||||
ac_cv_lib_krb5_krb5_use_enctype=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
cat conftest.$ac_ext >&5
|
||||
ac_cv_lib_krb5_krb5_use_enctype=no
|
||||
fi
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_use_enctype" >&5
|
||||
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_use_enctype" >&6
|
||||
if test $ac_cv_lib_krb5_krb5_use_enctype = yes; then
|
||||
|
||||
cat >>confdefs.h <<\_ACEOF
|
||||
#define HAVE_KRB5_USE_ENCTYPE 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
|
||||
echo "$as_me:$LINENO: checking for krb5_string_to_key in -lkrb5" >&5
|
||||
echo $ECHO_N "checking for krb5_string_to_key in -lkrb5... $ECHO_C" >&6
|
||||
if test "${ac_cv_lib_krb5_krb5_string_to_key+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lkrb5 $LIBS"
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
#line $LINENO "configure"
|
||||
#include "confdefs.h"
|
||||
|
||||
/* Override any gcc2 internal prototype to avoid an error. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
/* We use char because int might match the return type of a gcc2
|
||||
builtin and then its argument prototype would still apply. */
|
||||
char krb5_string_to_key ();
|
||||
#ifdef F77_DUMMY_MAIN
|
||||
# ifdef __cplusplus
|
||||
extern "C"
|
||||
# endif
|
||||
int F77_DUMMY_MAIN() { return 1; }
|
||||
#endif
|
||||
int
|
||||
main ()
|
||||
{
|
||||
krb5_string_to_key ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext
|
||||
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
|
||||
(eval $ac_link) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } &&
|
||||
{ ac_try='test -s conftest$ac_exeext'
|
||||
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
|
||||
(eval $ac_try) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); }; }; then
|
||||
ac_cv_lib_krb5_krb5_string_to_key=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
cat conftest.$ac_ext >&5
|
||||
ac_cv_lib_krb5_krb5_string_to_key=no
|
||||
fi
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_string_to_key" >&5
|
||||
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_string_to_key" >&6
|
||||
if test $ac_cv_lib_krb5_krb5_string_to_key = yes; then
|
||||
|
||||
cat >>confdefs.h <<\_ACEOF
|
||||
#define HAVE_KRB5_STRING_TO_KEY 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
|
||||
echo "$as_me:$LINENO: checking for krb5_get_pw_salt in -lkrb5" >&5
|
||||
echo $ECHO_N "checking for krb5_get_pw_salt in -lkrb5... $ECHO_C" >&6
|
||||
if test "${ac_cv_lib_krb5_krb5_get_pw_salt+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lkrb5 $LIBS"
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
#line $LINENO "configure"
|
||||
#include "confdefs.h"
|
||||
|
||||
/* Override any gcc2 internal prototype to avoid an error. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
/* We use char because int might match the return type of a gcc2
|
||||
builtin and then its argument prototype would still apply. */
|
||||
char krb5_get_pw_salt ();
|
||||
#ifdef F77_DUMMY_MAIN
|
||||
# ifdef __cplusplus
|
||||
extern "C"
|
||||
# endif
|
||||
int F77_DUMMY_MAIN() { return 1; }
|
||||
#endif
|
||||
int
|
||||
main ()
|
||||
{
|
||||
krb5_get_pw_salt ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext
|
||||
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
|
||||
(eval $ac_link) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } &&
|
||||
{ ac_try='test -s conftest$ac_exeext'
|
||||
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
|
||||
(eval $ac_try) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); }; }; then
|
||||
ac_cv_lib_krb5_krb5_get_pw_salt=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
cat conftest.$ac_ext >&5
|
||||
ac_cv_lib_krb5_krb5_get_pw_salt=no
|
||||
fi
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_get_pw_salt" >&5
|
||||
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_get_pw_salt" >&6
|
||||
if test $ac_cv_lib_krb5_krb5_get_pw_salt = yes; then
|
||||
|
||||
cat >>confdefs.h <<\_ACEOF
|
||||
#define HAVE_KRB5_GET_PW_SALT 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
|
||||
echo "$as_me:$LINENO: checking for krb5_string_to_key_salt in -lkrb5" >&5
|
||||
echo $ECHO_N "checking for krb5_string_to_key_salt in -lkrb5... $ECHO_C" >&6
|
||||
if test "${ac_cv_lib_krb5_krb5_string_to_key_salt+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lkrb5 $LIBS"
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
#line $LINENO "configure"
|
||||
#include "confdefs.h"
|
||||
|
||||
/* Override any gcc2 internal prototype to avoid an error. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
/* We use char because int might match the return type of a gcc2
|
||||
builtin and then its argument prototype would still apply. */
|
||||
char krb5_string_to_key_salt ();
|
||||
#ifdef F77_DUMMY_MAIN
|
||||
# ifdef __cplusplus
|
||||
extern "C"
|
||||
# endif
|
||||
int F77_DUMMY_MAIN() { return 1; }
|
||||
#endif
|
||||
int
|
||||
main ()
|
||||
{
|
||||
krb5_string_to_key_salt ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext
|
||||
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
|
||||
(eval $ac_link) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } &&
|
||||
{ ac_try='test -s conftest$ac_exeext'
|
||||
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
|
||||
(eval $ac_try) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); }; }; then
|
||||
ac_cv_lib_krb5_krb5_string_to_key_salt=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
cat conftest.$ac_ext >&5
|
||||
ac_cv_lib_krb5_krb5_string_to_key_salt=no
|
||||
fi
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_string_to_key_salt" >&5
|
||||
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_string_to_key_salt" >&6
|
||||
if test $ac_cv_lib_krb5_krb5_string_to_key_salt = yes; then
|
||||
|
||||
cat >>confdefs.h <<\_ACEOF
|
||||
#define HAVE_KRB5_STRING_TO_KEY_SALT 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
|
||||
echo "$as_me:$LINENO: checking for krb5_auth_con_setkey in -lkrb5" >&5
|
||||
echo $ECHO_N "checking for krb5_auth_con_setkey in -lkrb5... $ECHO_C" >&6
|
||||
if test "${ac_cv_lib_krb5_krb5_auth_con_setkey+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lkrb5 $LIBS"
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
#line $LINENO "configure"
|
||||
#include "confdefs.h"
|
||||
|
||||
/* Override any gcc2 internal prototype to avoid an error. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
/* We use char because int might match the return type of a gcc2
|
||||
builtin and then its argument prototype would still apply. */
|
||||
char krb5_auth_con_setkey ();
|
||||
#ifdef F77_DUMMY_MAIN
|
||||
# ifdef __cplusplus
|
||||
extern "C"
|
||||
# endif
|
||||
int F77_DUMMY_MAIN() { return 1; }
|
||||
#endif
|
||||
int
|
||||
main ()
|
||||
{
|
||||
krb5_auth_con_setkey ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext
|
||||
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
|
||||
(eval $ac_link) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } &&
|
||||
{ ac_try='test -s conftest$ac_exeext'
|
||||
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
|
||||
(eval $ac_try) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); }; }; then
|
||||
ac_cv_lib_krb5_krb5_auth_con_setkey=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
cat conftest.$ac_ext >&5
|
||||
ac_cv_lib_krb5_krb5_auth_con_setkey=no
|
||||
fi
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_auth_con_setkey" >&5
|
||||
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_auth_con_setkey" >&6
|
||||
if test $ac_cv_lib_krb5_krb5_auth_con_setkey = yes; then
|
||||
|
||||
cat >>confdefs.h <<\_ACEOF
|
||||
#define HAVE_KRB5_AUTH_CON_SETKEY 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
|
||||
echo "$as_me:$LINENO: checking for krb5_auth_con_setuseruserkey in -lkrb5" >&5
|
||||
echo $ECHO_N "checking for krb5_auth_con_setuseruserkey in -lkrb5... $ECHO_C" >&6
|
||||
if test "${ac_cv_lib_krb5_krb5_auth_con_setuseruserkey+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lkrb5 $LIBS"
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
#line $LINENO "configure"
|
||||
#include "confdefs.h"
|
||||
|
||||
/* Override any gcc2 internal prototype to avoid an error. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
/* We use char because int might match the return type of a gcc2
|
||||
builtin and then its argument prototype would still apply. */
|
||||
char krb5_auth_con_setuseruserkey ();
|
||||
#ifdef F77_DUMMY_MAIN
|
||||
# ifdef __cplusplus
|
||||
extern "C"
|
||||
# endif
|
||||
int F77_DUMMY_MAIN() { return 1; }
|
||||
#endif
|
||||
int
|
||||
main ()
|
||||
{
|
||||
krb5_auth_con_setuseruserkey ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext
|
||||
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
|
||||
(eval $ac_link) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } &&
|
||||
{ ac_try='test -s conftest$ac_exeext'
|
||||
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
|
||||
(eval $ac_try) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); }; }; then
|
||||
ac_cv_lib_krb5_krb5_auth_con_setuseruserkey=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
cat conftest.$ac_ext >&5
|
||||
ac_cv_lib_krb5_krb5_auth_con_setuseruserkey=no
|
||||
fi
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_auth_con_setuseruserkey" >&5
|
||||
echo "${ECHO_T}$ac_cv_lib_krb5_krb5_auth_con_setuseruserkey" >&6
|
||||
if test $ac_cv_lib_krb5_krb5_auth_con_setuseruserkey = yes; then
|
||||
|
||||
cat >>confdefs.h <<\_ACEOF
|
||||
#define HAVE_KRB5_AUTH_CON_SETUSERUSERKEY 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
|
||||
|
||||
|
@ -2045,6 +2045,14 @@ fi
|
||||
AC_CHECK_LIB(krb5, krb5_set_default_in_tkt_etypes, [AC_DEFINE(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES,1,[Whether krb5_set_default_in_tkt_etypes, is available])])
|
||||
AC_CHECK_LIB(krb5, krb5_set_default_tgs_ktypes, [AC_DEFINE(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES,1,[Whether krb5_set_default_tgs_ktypes is available])])
|
||||
|
||||
AC_CHECK_LIB(krb5, krb5_principal2salt, [AC_DEFINE(HAVE_KRB5_PRINCIPAL2SALT,1,[Whether krb5_principal2salt is available])])
|
||||
AC_CHECK_LIB(krb5, krb5_use_enctype, [AC_DEFINE(HAVE_KRB5_USE_ENCTYPE,1,[Whether krb5_use_enctype is available])])
|
||||
AC_CHECK_LIB(krb5, krb5_string_to_key, [AC_DEFINE(HAVE_KRB5_STRING_TO_KEY,1,[Whether krb5_string_to_key is available])])
|
||||
AC_CHECK_LIB(krb5, krb5_get_pw_salt, [AC_DEFINE(HAVE_KRB5_GET_PW_SALT,1,[Whether krb5_get_pw_salt is available])])
|
||||
AC_CHECK_LIB(krb5, krb5_string_to_key_salt, [AC_DEFINE(HAVE_KRB5_STRING_TO_KEY_SALT,1,[Whether krb5_string_to_key_salt is available])])
|
||||
AC_CHECK_LIB(krb5, krb5_auth_con_setkey, [AC_DEFINE(HAVE_KRB5_AUTH_CON_SETKEY,1,[Whether krb5_auth_con_setkey is available])])
|
||||
AC_CHECK_LIB(krb5, krb5_auth_con_setuseruserkey, [AC_DEFINE(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY,1,[Whether krb5_auth_con_setuseruserkey is available])])
|
||||
|
||||
AC_CACHE_CHECK([for addrtype in krb5_address],samba_cv_HAVE_ADDRTYPE_IN_KRB5_ADDRESS,[
|
||||
AC_TRY_COMPILE([#include <krb5.h>],
|
||||
[krb5_address kaddr; kaddr.addrtype = ADDRTYPE_INET;],
|
||||
|
@ -555,9 +555,21 @@
|
||||
/* Whether KRB5 is available */
|
||||
#undef HAVE_KRB5
|
||||
|
||||
/* Whether krb5_auth_con_setkey is available */
|
||||
#undef HAVE_KRB5_AUTH_CON_SETKEY
|
||||
|
||||
/* Whether krb5_auth_con_setuseruserkey is available */
|
||||
#undef HAVE_KRB5_AUTH_CON_SETUSERUSERKEY
|
||||
|
||||
/* Whether krb5_get_pw_salt is available */
|
||||
#undef HAVE_KRB5_GET_PW_SALT
|
||||
|
||||
/* Define to 1 if you have the <krb5.h> header file. */
|
||||
#undef HAVE_KRB5_H
|
||||
|
||||
/* Whether krb5_principal2salt is available */
|
||||
#undef HAVE_KRB5_PRINCIPAL2SALT
|
||||
|
||||
/* Whether krb5_set_default_in_tkt_etypes, is available */
|
||||
#undef HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES
|
||||
|
||||
@ -567,6 +579,15 @@
|
||||
/* Whether krb5_set_real_time is available */
|
||||
#undef HAVE_KRB5_SET_REAL_TIME
|
||||
|
||||
/* Whether krb5_string_to_key is available */
|
||||
#undef HAVE_KRB5_STRING_TO_KEY
|
||||
|
||||
/* Whether krb5_string_to_key_salt is available */
|
||||
#undef HAVE_KRB5_STRING_TO_KEY_SALT
|
||||
|
||||
/* Whether krb5_use_enctype is available */
|
||||
#undef HAVE_KRB5_USE_ENCTYPE
|
||||
|
||||
/* Define to 1 if you have the <lastlog.h> header file. */
|
||||
#undef HAVE_LASTLOG_H
|
||||
|
||||
|
@ -1214,8 +1214,18 @@ krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_
|
||||
krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
|
||||
#endif
|
||||
|
||||
/* Samba wrapper function for krb5 functionality. */
|
||||
#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
|
||||
krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keyblock *keyblock);
|
||||
#endif
|
||||
|
||||
/* Samba wrapper functions for krb5 functionality. */
|
||||
void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr);
|
||||
int create_kerberos_key_from_string(krb5_context context,
|
||||
krb5_principal host_princ,
|
||||
krb5_data *password,
|
||||
krb5_keyblock *key);
|
||||
|
||||
#endif /* HAVE_KRB5 */
|
||||
|
||||
|
@ -36,8 +36,6 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
|
||||
krb5_keytab keytab = NULL;
|
||||
krb5_data packet;
|
||||
krb5_ticket *tkt = NULL;
|
||||
krb5_data salt;
|
||||
krb5_encrypt_block eblock;
|
||||
int ret;
|
||||
krb5_keyblock * key;
|
||||
krb5_principal host_princ;
|
||||
@ -91,24 +89,15 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
}
|
||||
|
||||
ret = krb5_principal2salt(context, host_princ, &salt);
|
||||
if (ret) {
|
||||
DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
}
|
||||
|
||||
if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_MD5);
|
||||
|
||||
ret = krb5_string_to_key(context, &eblock, key, &password, &salt);
|
||||
if (ret) {
|
||||
DEBUG(1,("krb5_string_to_key failed (%s)\n", error_message(ret)));
|
||||
if (create_kerberos_key_from_string(context, host_princ, &password, key)) {
|
||||
SAFE_FREE(key);
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
}
|
||||
|
||||
|
||||
krb5_auth_con_setuseruserkey(context, auth_context, key);
|
||||
|
||||
packet.length = ticket->length;
|
||||
|
@ -70,6 +70,54 @@
|
||||
__ERROR__XX__UNKNOWN_ADDRTYPE
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_USE_ENCTYPE) && defined(HAVE_KRB5_STRING_TO_KEY)
|
||||
int create_kerberos_key_from_string(krb5_context context,
|
||||
krb5_principal host_princ,
|
||||
krb5_data *password,
|
||||
krb5_keyblock *key)
|
||||
{
|
||||
int ret;
|
||||
krb5_data salt,
|
||||
krb5_encrypt_block eblock;
|
||||
|
||||
ret = krb5_principal2salt(context, host_princ, &salt);
|
||||
if (ret) {
|
||||
DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
|
||||
return ret;
|
||||
}
|
||||
krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_MD5);
|
||||
return krb5_string_to_key(context, &eblock, key, password, &salt);
|
||||
}
|
||||
#elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
|
||||
int create_kerberos_key_from_string(krb5_context context,
|
||||
krb5_principal host_princ,
|
||||
krb5_data *password,
|
||||
krb5_keyblock *key)
|
||||
{
|
||||
int ret;
|
||||
krb5_salt salt;
|
||||
|
||||
ret = krb5_get_pw_salt(context, host_princ, &salt);
|
||||
if (ret) {
|
||||
DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
|
||||
return ret;
|
||||
}
|
||||
return krb5_string_to_key_salt(context, ENCTYPE_DES_CBC_MD5, password->data,
|
||||
salt, key);
|
||||
}
|
||||
#else
|
||||
__ERROR_XX_UNKNOWN_CREATE_KEY_FUNCTIONS
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
|
||||
krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keyblock *keyblock)
|
||||
{
|
||||
return krb5_auth_con_setkey(context, auth_context, keyblock);
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
we can't use krb5_mk_req because w2k wants the service to be in a particular format
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user