diff options
| author | Torsten Kurbad <torsten@tk-webart.de> | 2010-04-01 21:47:18 -0400 |
|---|---|---|
| committer | Jeff Layton <jlayton@redhat.com> | 2010-04-01 21:47:18 -0400 |
| commit | f5b79b44f25cdf4ba4363c7c05892af2865ce890 (patch) | |
| tree | 4450143d0b7eb2924fb17464ba7bfb3aa1b7533e | |
| parent | 20a5ec8bd8ea3edb943adb517f378938e31f1c41 (diff) | |
| download | cifs-utils-f5b79b44f25cdf4ba4363c7c05892af2865ce890.tar.gz cifs-utils-f5b79b44f25cdf4ba4363c7c05892af2865ce890.tar.bz2 cifs-utils-f5b79b44f25cdf4ba4363c7c05892af2865ce890.zip | |
cifs-upcall: heimdal fixes
Signed-off-by: Torsten Kurbad <torsten@tk-webart.de>
| -rw-r--r-- | cifs.upcall.c | 16 | ||||
| -rw-r--r-- | configure.ac | 48 | ||||
| -rw-r--r-- | replace.h | 13 |
3 files changed, 64 insertions, 13 deletions
diff --git a/cifs.upcall.c b/cifs.upcall.c index a81eb24..95ff521 100644 --- a/cifs.upcall.c +++ b/cifs.upcall.c @@ -86,12 +86,23 @@ static char *cifs_krb5_principal_get_realm(krb5_context context, } #if !defined(HAVE_KRB5_FREE_UNPARSED_NAME) -void krb5_free_unparsed_name(krb5_context context, char *val) +static void +krb5_free_unparsed_name(krb5_context context, char *val) { SAFE_FREE(val); } #endif +#if !defined(HAVE_KRB5_AUTH_CON_GETSENDSUBKEY) /* Heimdal */ +static krb5_error_code +krb5_auth_con_getsendsubkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock **keyblock) +{ + return krb5_auth_con_getlocalsubkey(context, auth_context, keyblock); +} +#endif + /* does the ccache have a valid TGT? */ static time_t get_tgt_time(const char *ccname) { @@ -275,7 +286,6 @@ cifs_krb5_get_req(const char *principal, const char *ccname, goto out_free_principal; } - in_creds.keyblock.enctype = 0; ret = krb5_get_credentials(context, 0, ccache, &in_creds, &out_creds); krb5_free_principal(context, in_creds.server); if (ret) { @@ -302,7 +312,7 @@ cifs_krb5_get_req(const char *principal, const char *ccname, } *mechtoken = data_blob(apreq_pkt.data, apreq_pkt.length); - *sess_key = data_blob(tokb->contents, tokb->length); + *sess_key = data_blob(KRB5_KEY_DATA(tokb), KRB5_KEY_LENGTH(tokb)); krb5_free_keyblock(context, tokb); out_free_creds: diff --git a/configure.ac b/configure.ac index 46a5848..4c5f973 100644 --- a/configure.ac +++ b/configure.ac @@ -20,20 +20,40 @@ AC_ARG_ENABLE(cifsupcall, AC_PROG_CC AC_GNU_SOURCE -# Checks for libraries. - # Checks for header files. AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h limits.h mntent.h netdb.h stddef.h stdint.h stdlib.h string.h strings.h sys/mount.h sys/param.h sys/socket.h sys/time.h syslog.h unistd.h], , [AC_MSG_ERROR([necessary header(s) not found])]) if test $enable_cifsupcall != "no"; then - AC_CHECK_HEADERS([krb5/krb5.h], ,[ - if test "$enable_cifsupcall" = "yes"; then - AC_MSG_ERROR([krb5/krb5.h not found, consider installing krb5-libs-devel.]) - else - AC_MSG_WARN([krb5/krb5.h not found, consider installing krb5-libs-devel. Disabling cifs.upcall.]) - enable_cifsupcall="no" - fi - ]) + AC_CHECK_HEADERS([krb5.h krb5/krb5.h]) + if test x$ac_cv_header_krb5_krb5_h != xyes ; then + if test x$ac_cv_header_krb5_h != xyes ; then + if test "$enable_cifsupcall" = "yes"; then + AC_MSG_ERROR([krb5.h not found, consider installing krb5-libs-devel.]) + else + AC_MSG_WARN([krb5.h not found, consider installing krb5-libs-devel. Disabling cifs.upcall.]) + enable_cifsupcall="no" + fi + fi + fi +fi +if test $enable_cifsupcall != "no"; then + if test x$ac_cv_header_krb5_krb5_h = xyes ; then + krb5_include="#include <krb5/krb5.h>" + fi + if test x$ac_cv_header_krb5_h = xyes ; then + krb5_include="#include <krb5.h>" + fi + + AC_CACHE_CHECK([for keyvalue in krb5_keyblock], + [ac_cv_have_krb5_keyblock_keyvalue],[ + AC_TRY_COMPILE([$krb5_include], + [krb5_keyblock key; key.keyvalue.data = NULL;], + ac_cv_have_krb5_keyblock_keyvalue=yes, + ac_cv_have_krb5_keyblock_keyvalue=no)]) + if test x"$ac_cv_have_krb5_keyblock_keyvalue" = x"yes" ; then + AC_DEFINE(HAVE_KRB5_KEYBLOCK_KEYVALUE,1, + [Whether the krb5_keyblock struct has a keyvalue property]) + fi fi if test $enable_cifsupcall != "no"; then AC_CHECK_HEADERS([talloc.h], , [ @@ -55,6 +75,9 @@ if test $enable_cifsupcall != "no"; then fi ]) fi +if test $enable_cifsupcall != "no"; then + AC_CHECK_LIB([krb5], [krb5_init_context]) +fi # Checks for typedefs, structures, and compiler characteristics. AC_HEADER_STDBOOL @@ -74,6 +97,11 @@ AC_FUNC_STRNLEN # check for required functions AC_CHECK_FUNCS([alarm atexit endpwent getmntent getpass gettimeofday inet_ntop memset realpath setenv strchr strdup strerror strncasecmp strndup strpbrk strrchr strstr strtol strtoul uname], , [AC_MSG_ERROR([necessary functions(s) not found])]) +# determine whether we can use MIT's new 'krb5_auth_con_getsendsubkey' to extract the signing key +if test $enable_cifsupcall != "no"; then + AC_CHECK_FUNCS([krb5_auth_con_getsendsubkey]) +fi + # non-critical functions (we have workarounds for these) if test $enable_cifsupcall != "no"; then AC_CHECK_FUNCS([krb5_principal_get_realm krb5_free_unparsed_name]) @@ -666,4 +666,17 @@ typedef uint32_t NTSTATUS; #define NT_STATUS(x) (x) #define NT_STATUS_V(x) (x) +/* These macros unify the keyblock handling of Heimdal and MIT somewhat */ +#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ +#define KRB5_KEY_TYPE(k) ((k)->keytype) +#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) +#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) +#define KRB5_KEY_DATA_CAST void +#else /* MIT */ +#define KRB5_KEY_TYPE(k) ((k)->enctype) +#define KRB5_KEY_LENGTH(k) ((k)->length) +#define KRB5_KEY_DATA(k) ((k)->contents) +#define KRB5_KEY_DATA_CAST krb5_octet +#endif + #endif /* _LIBREPLACE_REPLACE_H */ |