From f5b79b44f25cdf4ba4363c7c05892af2865ce890 Mon Sep 17 00:00:00 2001
From: Torsten Kurbad <torsten@tk-webart.de>
Date: Thu, 1 Apr 2010 21:47:18 -0400
Subject: cifs-upcall: heimdal fixes

Signed-off-by: Torsten Kurbad <torsten@tk-webart.de>
---
 cifs.upcall.c | 16 +++++++++++++---
 configure.ac  | 48 ++++++++++++++++++++++++++++++++++++++----------
 replace.h     | 13 +++++++++++++
 3 files changed, 64 insertions(+), 13 deletions(-)

diff --git a/cifs.upcall.c b/cifs.upcall.c
index a81eb24..95ff521 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -86,12 +86,23 @@ static char *cifs_krb5_principal_get_realm(krb5_context context,
 }
 
 #if !defined(HAVE_KRB5_FREE_UNPARSED_NAME)
-void krb5_free_unparsed_name(krb5_context context, char *val)
+static void
+krb5_free_unparsed_name(krb5_context context, char *val)
 {
 	SAFE_FREE(val);
 }
 #endif
 
+#if !defined(HAVE_KRB5_AUTH_CON_GETSENDSUBKEY) /* Heimdal */
+static krb5_error_code
+krb5_auth_con_getsendsubkey(krb5_context context,
+			    krb5_auth_context auth_context,
+			    krb5_keyblock **keyblock)
+{
+	return krb5_auth_con_getlocalsubkey(context, auth_context, keyblock);
+}
+#endif
+
 /* does the ccache have a valid TGT? */
 static time_t
 get_tgt_time(const char *ccname) {
@@ -275,7 +286,6 @@ cifs_krb5_get_req(const char *principal, const char *ccname,
 		goto out_free_principal;
 	}
 
-	in_creds.keyblock.enctype = 0;
 	ret = krb5_get_credentials(context, 0, ccache, &in_creds, &out_creds);
 	krb5_free_principal(context, in_creds.server);
 	if (ret) {
@@ -302,7 +312,7 @@ cifs_krb5_get_req(const char *principal, const char *ccname,
 	}
 
 	*mechtoken = data_blob(apreq_pkt.data, apreq_pkt.length);
-	*sess_key = data_blob(tokb->contents, tokb->length);
+	*sess_key = data_blob(KRB5_KEY_DATA(tokb), KRB5_KEY_LENGTH(tokb));
 
 	krb5_free_keyblock(context, tokb);
 out_free_creds:
diff --git a/configure.ac b/configure.ac
index 46a5848..4c5f973 100644
--- a/configure.ac
+++ b/configure.ac
@@ -20,20 +20,40 @@ AC_ARG_ENABLE(cifsupcall,
 AC_PROG_CC
 AC_GNU_SOURCE
 
-# Checks for libraries.
-
 # Checks for header files.
 AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h limits.h mntent.h netdb.h stddef.h stdint.h stdlib.h string.h strings.h sys/mount.h sys/param.h sys/socket.h sys/time.h syslog.h unistd.h], , [AC_MSG_ERROR([necessary header(s) not found])])
 
 if test $enable_cifsupcall != "no"; then
-	AC_CHECK_HEADERS([krb5/krb5.h], ,[
-				if test "$enable_cifsupcall" = "yes"; then
-					AC_MSG_ERROR([krb5/krb5.h not found, consider installing krb5-libs-devel.])
-				else
-					AC_MSG_WARN([krb5/krb5.h not found, consider installing krb5-libs-devel. Disabling cifs.upcall.])
-					enable_cifsupcall="no"
-				fi
-			])
+	AC_CHECK_HEADERS([krb5.h krb5/krb5.h])
+	if test x$ac_cv_header_krb5_krb5_h != xyes ; then
+		if test x$ac_cv_header_krb5_h != xyes ; then
+			if test "$enable_cifsupcall" = "yes"; then
+				AC_MSG_ERROR([krb5.h not found, consider installing krb5-libs-devel.])
+			else
+				AC_MSG_WARN([krb5.h not found, consider installing krb5-libs-devel. Disabling cifs.upcall.])
+				enable_cifsupcall="no"
+			fi
+		fi
+	fi
+fi
+if test $enable_cifsupcall != "no"; then
+	if test x$ac_cv_header_krb5_krb5_h = xyes ; then
+		krb5_include="#include <krb5/krb5.h>"
+	fi
+	if test x$ac_cv_header_krb5_h = xyes ; then
+		krb5_include="#include <krb5.h>"
+	fi
+
+	AC_CACHE_CHECK([for keyvalue in krb5_keyblock],
+		[ac_cv_have_krb5_keyblock_keyvalue],[
+			AC_TRY_COMPILE([$krb5_include],
+			[krb5_keyblock key; key.keyvalue.data = NULL;],
+			ac_cv_have_krb5_keyblock_keyvalue=yes,
+			ac_cv_have_krb5_keyblock_keyvalue=no)])
+	if test x"$ac_cv_have_krb5_keyblock_keyvalue" = x"yes" ; then
+		AC_DEFINE(HAVE_KRB5_KEYBLOCK_KEYVALUE,1,
+			[Whether the krb5_keyblock struct has a keyvalue property])
+	fi
 fi
 if test $enable_cifsupcall != "no"; then
 	AC_CHECK_HEADERS([talloc.h], , [
@@ -55,6 +75,9 @@ if test $enable_cifsupcall != "no"; then
 				fi
 			])
 fi
+if test $enable_cifsupcall != "no"; then
+	AC_CHECK_LIB([krb5], [krb5_init_context])
+fi
 
 # Checks for typedefs, structures, and compiler characteristics.
 AC_HEADER_STDBOOL
@@ -74,6 +97,11 @@ AC_FUNC_STRNLEN
 # check for required functions
 AC_CHECK_FUNCS([alarm atexit endpwent getmntent getpass gettimeofday inet_ntop memset realpath setenv strchr strdup strerror strncasecmp strndup strpbrk strrchr strstr strtol strtoul uname], , [AC_MSG_ERROR([necessary functions(s) not found])])
 
+# determine whether we can use MIT's new 'krb5_auth_con_getsendsubkey' to extract the signing key
+if test $enable_cifsupcall != "no"; then
+	AC_CHECK_FUNCS([krb5_auth_con_getsendsubkey])
+fi
+
 # non-critical functions (we have workarounds for these)
 if test $enable_cifsupcall != "no"; then
 	AC_CHECK_FUNCS([krb5_principal_get_realm krb5_free_unparsed_name])
diff --git a/replace.h b/replace.h
index 69cf776..ee4d618 100644
--- a/replace.h
+++ b/replace.h
@@ -666,4 +666,17 @@ typedef uint32_t NTSTATUS;
 #define NT_STATUS(x) (x)
 #define NT_STATUS_V(x) (x)
 
+/* These macros unify the keyblock handling of Heimdal and MIT somewhat */
+#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
+#define KRB5_KEY_TYPE(k)        ((k)->keytype)
+#define KRB5_KEY_LENGTH(k)      ((k)->keyvalue.length)
+#define KRB5_KEY_DATA(k)        ((k)->keyvalue.data)
+#define KRB5_KEY_DATA_CAST      void
+#else /* MIT */
+#define KRB5_KEY_TYPE(k)        ((k)->enctype)
+#define KRB5_KEY_LENGTH(k)      ((k)->length)
+#define KRB5_KEY_DATA(k)        ((k)->contents)
+#define KRB5_KEY_DATA_CAST      krb5_octet
+#endif
+
 #endif /* _LIBREPLACE_REPLACE_H */
-- 
cgit v1.2.3