2025-03-30 06:50:24 +03:00 · 2012-04-21 16:35:48 -04:00 · 2012-04-21 16:35:48 -04:00 · f7070c90b9
commit f7070c90b9
parent 110dad8c9e
5 changed files with 29 additions and 3 deletions
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@ -434,8 +434,10 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
 				return nt_status;
 			}

+#ifdef SAMBA4_USES_HEIMDAL
 			send_to_kdc.func = smb_krb5_send_and_recv_func;
 			send_to_kdc.ptr = ev;
+#endif

 			min_stat = gsskrb5_set_send_to_kdc(&send_to_kdc);
 			if (min_stat) {
@ -460,8 +462,10 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
 				gensec_gssapi_state->gss_oid = gss_oid_p;
 			}

+#ifdef SAMBA4_USES_HEIMDAL
 			send_to_kdc.func = smb_krb5_send_and_recv_func;
 			send_to_kdc.ptr = NULL;
+#endif

 			ret = gsskrb5_set_send_to_kdc(&send_to_kdc);
 			if (ret) {
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@ -224,11 +224,13 @@ static krb5_error_code impersonate_principal_from_credentials(
 	while (tries--) {
 		struct tevent_context *previous_ev;
 		/* Do this every time, in case we have weird recursive issues here */
+#ifdef SAMBA4_USES_HEIMDAL
 		ret = smb_krb5_context_set_event_ctx(smb_krb5_context, event_ctx, &previous_ev);
 		if (ret) {
 			talloc_free(mem_ctx);
 			return ret;
 		}
+#endif
 		if (password) {
 			ret = kerberos_kinit_password_cc(smb_krb5_context->krb5_context, ccache, 
 							 princ, password,
@ -251,7 +253,9 @@ static krb5_error_code impersonate_principal_from_credentials(
 				talloc_free(mem_ctx);
 				(*error_string) = "kinit_to_ccache: No password available for kinit\n";
 				krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
+#ifdef SAMBA4_USES_HEIMDAL
 				smb_krb5_context_remove_event_ctx(smb_krb5_context, previous_ev, event_ctx);
+#endif
 				return EINVAL;
 			}
 			ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
@ -268,7 +272,9 @@ static krb5_error_code impersonate_principal_from_credentials(
 			}
 		}

+#ifdef SAMBA4_USES_HEIMDAL
 		smb_krb5_context_remove_event_ctx(smb_krb5_context, previous_ev, event_ctx);
+#endif

 		if (ret == KRB5KRB_AP_ERR_SKEW || ret == KRB5_KDCREP_SKEW) {
 			/* Perhaps we have been given an invalid skew, so try again without it */
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@ -86,6 +86,7 @@ static void smb_krb5_debug_wrapper(krb5_context context,
 }
 #endif

+#ifdef SAMBA4_USES_HEIMDAL
 /*
  handle recv events on a smb_krb5 socket
 */
@ -214,7 +215,6 @@ static void smb_krb5_socket_handler(struct tevent_context *ev, struct tevent_fd
 	}
 }

-
 krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
 					    void *data,
 					    krb5_krbhst_info *hi,
@ -412,6 +412,7 @@ krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
 	}
 	return KRB5_KDC_UNREACH;
 }
+#endif

 krb5_error_code
 smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx,
@ -558,6 +559,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 	return 0;
 }

+#ifdef SAMBA4_USES_HEIMDAL
 krb5_error_code smb_krb5_context_set_event_ctx(struct smb_krb5_context *smb_krb5_context,
 					       struct tevent_context *ev,
 					       struct tevent_context **previous_ev)
@ -611,3 +613,4 @@ krb5_error_code smb_krb5_context_remove_event_ctx(struct smb_krb5_context *smb_k
 	}
 	return 0;
 }
+#endif
--- a/source4/auth/kerberos/krb5_init_context.h
+++ b/source4/auth/kerberos/krb5_init_context.h
@ -38,11 +38,19 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, struct tevent_context *e
 				      struct loadparm_context *lp_ctx,
 				      struct smb_krb5_context **smb_krb5_context); 

+#ifdef SAMBA4_USES_HEIMDAL
 krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
 					    void *data,
 					    krb5_krbhst_info *hi,
 					    time_t timeout,
 					    const krb5_data *send_buf,
 					    krb5_data *recv_buf);
+krb5_error_code smb_krb5_context_set_event_ctx(struct smb_krb5_context *smb_krb5_context,
+					       struct tevent_context *ev,
+					       struct tevent_context **previous_ev);
+krb5_error_code smb_krb5_context_remove_event_ctx(struct smb_krb5_context *smb_krb5_context,
+						  struct tevent_context *previous_ev,
+						  struct tevent_context *ev);
+#endif

 #endif /* _KRB5_INIT_CONTEXT_H_ */
--- a/source4/auth/kerberos/wscript_build
+++ b/source4/auth/kerberos/wscript_build
@ -1,10 +1,15 @@
 #!/usr/bin/env python

+bld.SAMBA_SUBSYSTEM('KRB_INIT_CTX',
+		    source='krb5_init_context.c',
+		    deps='krb5 com_err'
+		   )
+
 bld.SAMBA_LIBRARY('authkrb5',
-                  source='kerberos.c kerberos_heimdal.c kerberos_pac.c krb5_init_context.c keytab_copy.c',
+                  source='kerberos.c kerberos_heimdal.c kerberos_pac.c keytab_copy.c',
                  autoproto='proto.h',
                  public_deps='krb5 ndr-krb5pac samba_socket LIBCLI_RESOLVE com_err asn1',
-                  deps='auth_sam_reply tevent LIBPACKET ndr ldb KRB5_WRAP errors',
+                  deps='auth_sam_reply tevent LIBPACKET ndr ldb KRB5_WRAP KRB_INIT_CTX errors',
                  private_library=True
                  )