mirror of
https://github.com/samba-team/samba.git
synced 2025-01-10 01:18:15 +03:00
71d80e6be0
Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org>
75 lines
2.1 KiB
C
75 lines
2.1 KiB
C
#ifndef _HEADER_smb_krb5_h
|
|
#define _HEADER_smb_krb5_h
|
|
|
|
#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */
|
|
/* this file uses DEPRECATED interfaces! */
|
|
|
|
#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore"
|
|
|
|
#if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER)
|
|
#define KRB5_DEPRECATED 1
|
|
#else
|
|
#define KRB5_DEPRECATED
|
|
#endif
|
|
|
|
#if HAVE_KRB5_H
|
|
#include <krb5.h>
|
|
#endif
|
|
|
|
#ifndef KRB5_ADDR_NETBIOS
|
|
#define KRB5_ADDR_NETBIOS 0x14
|
|
#endif
|
|
|
|
#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG
|
|
#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
|
|
#endif
|
|
|
|
/* Heimdal uses a slightly different name */
|
|
#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5) && !defined(HAVE_ENCTYPE_ARCFOUR_HMAC)
|
|
#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
|
|
#endif
|
|
|
|
/* The older versions of heimdal that don't have this
|
|
define don't seem to use it anyway. I'm told they
|
|
always use a subkey */
|
|
#ifndef HAVE_AP_OPTS_USE_SUBKEY
|
|
#define AP_OPTS_USE_SUBKEY 0
|
|
#endif
|
|
|
|
#ifdef HAVE_KRB5
|
|
typedef struct {
|
|
#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
|
|
krb5_address **addrs;
|
|
#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */
|
|
krb5_addresses *addrs;
|
|
#else
|
|
#error UNKNOWN_KRB5_ADDRESS_TYPE
|
|
#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */
|
|
} smb_krb5_addresses;
|
|
|
|
#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
|
|
#define KRB5_KEY_TYPE(k) ((k)->keytype)
|
|
#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
|
|
#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
|
|
#define KRB5_KEY_DATA_CAST void
|
|
#else /* MIT */
|
|
#define KRB5_KEY_TYPE(k) ((k)->enctype)
|
|
#define KRB5_KEY_LENGTH(k) ((k)->length)
|
|
#define KRB5_KEY_DATA(k) ((k)->contents)
|
|
#define KRB5_KEY_DATA_CAST krb5_octet
|
|
#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
|
|
|
|
#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */
|
|
#define KRB5_KT_KEY(k) (&(k)->key)
|
|
#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */
|
|
#define KRB5_KT_KEY(k) (&(k)->keyblock)
|
|
#else
|
|
#error krb5_keytab_entry has no key or keyblock member
|
|
#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */
|
|
|
|
#endif /* HAVE_KRB5 */
|
|
|
|
#include "krb5_protos.h"
|
|
|
|
#endif /* _HEADER_smb_krb5_h */
|