2012-04-20 13:21:12 +00:00
|
|
|
From 2464a7b0ddb556bed86a845c9400e26c4d7f584a Mon Sep 17 00:00:00 2001
|
|
|
|
From: Andreas Schneider <asn@samba.org>
|
|
|
|
Date: Wed, 30 Nov 2011 17:58:30 +0100
|
|
|
|
Subject: [PATCH] s3-libsmb: Remove obsolete smb_krb5_locate_kdc.
|
|
|
|
MIME-Version: 1.0
|
|
|
|
Content-Type: text/plain; charset=UTF-8
|
|
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
|
|
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
|
|
|
|
Autobuild-User: Günther Deschner <gd@samba.org>
|
|
|
|
Autobuild-Date: Thu Feb 9 14:58:57 CET 2012 on sn-devel-104
|
|
|
|
---
|
|
|
|
source3/configure.in | 1 -
|
|
|
|
source3/include/krb5_protos.h | 4 --
|
|
|
|
source3/libsmb/clikrb5.c | 89 -----------------------------------------
|
|
|
|
source3/wscript | 2 +-
|
|
|
|
4 files changed, 1 insertions(+), 95 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/source3/configure.in b/source3/configure.in
|
|
|
|
index 298fe1b..1ce1a5b 100644
|
|
|
|
--- a/source3/configure.in
|
|
|
|
+++ b/source3/configure.in
|
|
|
|
@@ -3860,7 +3860,6 @@ if test x"$with_ads_support" != x"no"; then
|
|
|
|
AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS)
|
|
|
|
AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS)
|
|
|
|
AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS)
|
|
|
|
- AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS)
|
|
|
|
AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS)
|
|
|
|
AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS)
|
|
|
|
AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS)
|
|
|
|
diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h
|
|
|
|
index 32f995c..f16cafd 100644
|
|
|
|
--- a/source3/include/krb5_protos.h
|
|
|
|
+++ b/source3/include/krb5_protos.h
|
|
|
|
@@ -67,10 +67,6 @@ bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr);
|
|
|
|
int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt);
|
|
|
|
bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt);
|
|
|
|
krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
|
|
|
|
-krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
|
|
|
|
-#if defined(HAVE_KRB5_LOCATE_KDC)
|
|
|
|
-krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
|
|
|
|
-#endif
|
|
|
|
krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
|
|
|
|
bool get_krb5_smb_session_key(TALLOC_CTX *mem_ctx,
|
|
|
|
krb5_context context,
|
|
|
|
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
|
|
|
|
index 9af3e49..8cea29c 100644
|
|
|
|
--- a/source3/libsmb/clikrb5.c
|
|
|
|
+++ b/source3/libsmb/clikrb5.c
|
|
|
|
@@ -488,95 +488,6 @@
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
-#if !defined(HAVE_KRB5_LOCATE_KDC)
|
|
|
|
-
|
|
|
|
-/* krb5_locate_kdc is an internal MIT symbol. MIT are not yet willing to commit
|
|
|
|
- * to a public interface for this functionality, so we have to be able to live
|
|
|
|
- * without it if the MIT libraries are hiding their internal symbols.
|
|
|
|
- */
|
|
|
|
-
|
|
|
|
-#if defined(KRB5_KRBHST_INIT)
|
|
|
|
-/* Heimdal */
|
|
|
|
- krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters)
|
|
|
|
-{
|
|
|
|
- krb5_krbhst_handle hnd;
|
|
|
|
- krb5_krbhst_info *hinfo;
|
|
|
|
- krb5_error_code rc;
|
|
|
|
- int num_kdcs, i;
|
|
|
|
- struct sockaddr *sa;
|
|
|
|
- struct addrinfo *ai;
|
|
|
|
-
|
|
|
|
- *addr_pp = NULL;
|
|
|
|
- *naddrs = 0;
|
|
|
|
-
|
|
|
|
- rc = krb5_krbhst_init(ctx, realm->data, KRB5_KRBHST_KDC, &hnd);
|
|
|
|
- if (rc) {
|
|
|
|
- DEBUG(0, ("smb_krb5_locate_kdc: krb5_krbhst_init failed (%s)\n", error_message(rc)));
|
|
|
|
- return rc;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- for ( num_kdcs = 0; (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); num_kdcs++)
|
|
|
|
- ;
|
|
|
|
-
|
|
|
|
- krb5_krbhst_reset(ctx, hnd);
|
|
|
|
-
|
|
|
|
- if (!num_kdcs) {
|
|
|
|
- DEBUG(0, ("smb_krb5_locate_kdc: zero kdcs found !\n"));
|
|
|
|
- krb5_krbhst_free(ctx, hnd);
|
|
|
|
- return -1;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- sa = SMB_MALLOC_ARRAY( struct sockaddr, num_kdcs );
|
|
|
|
- if (!sa) {
|
|
|
|
- DEBUG(0, ("smb_krb5_locate_kdc: malloc failed\n"));
|
|
|
|
- krb5_krbhst_free(ctx, hnd);
|
|
|
|
- naddrs = 0;
|
|
|
|
- return -1;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- memset(sa, '\0', sizeof(struct sockaddr) * num_kdcs );
|
|
|
|
-
|
|
|
|
- for (i = 0; i < num_kdcs && (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); i++) {
|
|
|
|
-
|
|
|
|
-#if defined(HAVE_KRB5_KRBHST_GET_ADDRINFO)
|
|
|
|
- rc = krb5_krbhst_get_addrinfo(ctx, hinfo, &ai);
|
|
|
|
- if (rc) {
|
|
|
|
- DEBUG(0,("krb5_krbhst_get_addrinfo failed: %s\n", error_message(rc)));
|
|
|
|
- continue;
|
|
|
|
- }
|
|
|
|
-#endif
|
|
|
|
- if (hinfo->ai && hinfo->ai->ai_family == AF_INET)
|
|
|
|
- memcpy(&sa[i], hinfo->ai->ai_addr, sizeof(struct sockaddr));
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- krb5_krbhst_free(ctx, hnd);
|
|
|
|
-
|
|
|
|
- *naddrs = num_kdcs;
|
|
|
|
- *addr_pp = sa;
|
|
|
|
- return 0;
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-#else /* ! defined(KRB5_KRBHST_INIT) */
|
|
|
|
-
|
|
|
|
- krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm,
|
|
|
|
- struct sockaddr **addr_pp, int *naddrs, int get_masters)
|
|
|
|
-{
|
|
|
|
- DEBUG(0, ("unable to explicitly locate the KDC on this platform\n"));
|
|
|
|
- return KRB5_KDC_UNREACH;
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-#endif /* KRB5_KRBHST_INIT */
|
|
|
|
-
|
|
|
|
-#else /* ! HAVE_KRB5_LOCATE_KDC */
|
|
|
|
-
|
|
|
|
- krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm,
|
|
|
|
- struct sockaddr **addr_pp, int *naddrs, int get_masters)
|
|
|
|
-{
|
|
|
|
- return krb5_locate_kdc(ctx, realm, addr_pp, naddrs, get_masters);
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-#endif /* HAVE_KRB5_LOCATE_KDC */
|
|
|
|
-
|
|
|
|
#if !defined(HAVE_KRB5_FREE_UNPARSED_NAME)
|
|
|
|
void krb5_free_unparsed_name(krb5_context context, char *val)
|
|
|
|
{
|
|
|
|
diff --git a/source3/wscript b/source3/wscript
|
|
|
|
index 901d2b6..40b2cde 100644
|
|
|
|
--- a/source3/wscript
|
|
|
|
+++ b/source3/wscript
|
2012-04-20 13:37:44 +00:00
|
|
|
@@ -639,7 +639,7 @@
|
|
|
|
krb5_set_real_time krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes
|
2012-04-20 13:21:12 +00:00
|
|
|
krb5_set_default_tgs_ktypes krb5_principal2salt krb5_use_enctype
|
|
|
|
krb5_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey
|
|
|
|
-krb5_auth_con_setuseruserkey krb5_locate_kdc krb5_get_permitted_enctypes
|
|
|
|
+krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes
|
|
|
|
krb5_get_default_in_tkt_etypes krb5_free_data_contents
|
|
|
|
krb5_principal_get_comp_string krb5_free_unparsed_name
|
|
|
|
krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init
|
|
|
|
--
|
|
|
|
1.7.7.6
|
|
|
|
|
2012-04-22 22:53:46 +00:00
|
|
|
From 419e92b1499c77ddf3648d6b99ed482a57b3e713 Mon Sep 17 00:00:00 2001
|
|
|
|
From: Andreas Schneider <asn@samba.org>
|
|
|
|
Date: Wed, 30 Nov 2011 17:39:22 +0100
|
|
|
|
Subject: [PATCH] s3-net: Don't use an internal krb5 for kdc lookup.
|
|
|
|
MIME-Version: 1.0
|
|
|
|
Content-Type: text/plain; charset=UTF-8
|
|
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
|
|
|
|
This replaces the use of the internal krb5_locate_kdc() function with
|
|
|
|
our own get_kdc_list() function.
|
|
|
|
|
|
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
---
|
|
|
|
source3/utils/net_lookup.c | 42 +++++++++++++++++++++++-------------------
|
|
|
|
1 files changed, 23 insertions(+), 19 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c
|
|
|
|
index febf481..7b2a214 100644
|
|
|
|
--- a/source3/utils/net_lookup.c
|
|
|
|
+++ b/source3/utils/net_lookup.c
|
|
|
|
@@ -276,10 +276,11 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv)
|
|
|
|
#ifdef HAVE_KRB5
|
|
|
|
krb5_error_code rc;
|
|
|
|
krb5_context ctx;
|
|
|
|
- struct sockaddr_in *addrs;
|
|
|
|
- int num_kdcs,i;
|
|
|
|
- krb5_data realm;
|
|
|
|
- char **realms;
|
|
|
|
+ struct ip_service *kdcs;
|
|
|
|
+ const char *realm;
|
|
|
|
+ int num_kdcs = 0;
|
|
|
|
+ int i;
|
|
|
|
+ NTSTATUS status;
|
|
|
|
|
|
|
|
initialize_krb5_error_table();
|
|
|
|
rc = krb5_init_context(&ctx);
|
|
|
|
@@ -289,34 +290,37 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
- if (argc>0) {
|
|
|
|
- realm.data = CONST_DISCARD(char *, argv[0]);
|
|
|
|
- realm.length = strlen(argv[0]);
|
|
|
|
+ if (argc > 0) {
|
|
|
|
+ realm = argv[0];
|
|
|
|
} else if (lp_realm() && *lp_realm()) {
|
|
|
|
- realm.data = lp_realm();
|
|
|
|
- realm.length = strlen((const char *)realm.data);
|
|
|
|
+ realm = lp_realm();
|
|
|
|
} else {
|
|
|
|
+ char **realms;
|
|
|
|
+
|
|
|
|
rc = krb5_get_host_realm(ctx, NULL, &realms);
|
|
|
|
if (rc) {
|
|
|
|
DEBUG(1,("krb5_gethost_realm failed (%s)\n",
|
|
|
|
error_message(rc)));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
- realm.data = (char *) *realms;
|
|
|
|
- realm.length = strlen((const char *)realm.data);
|
|
|
|
+ realm = (const char *) *realms;
|
|
|
|
}
|
|
|
|
|
|
|
|
- rc = smb_krb5_locate_kdc(ctx, &realm, (struct sockaddr **)(void *)&addrs, &num_kdcs, 0);
|
|
|
|
- if (rc) {
|
|
|
|
- DEBUG(1, ("smb_krb5_locate_kdc failed (%s)\n", error_message(rc)));
|
|
|
|
+ status = get_kdc_list(realm, NULL, &kdcs, &num_kdcs);
|
|
|
|
+ if (!NT_STATUS_IS_OK(status)) {
|
|
|
|
+ DEBUG(1,("get_kdc_list failed (%s)\n", nt_errstr(status)));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
- for (i=0;i<num_kdcs;i++)
|
|
|
|
- if (addrs[i].sin_family == AF_INET)
|
|
|
|
- d_printf("%s:%hd\n", inet_ntoa(addrs[i].sin_addr),
|
|
|
|
- ntohs(addrs[i].sin_port));
|
|
|
|
- return 0;
|
|
|
|
|
|
|
|
+ for (i = 0; i < num_kdcs; i++) {
|
|
|
|
+ char addr[INET6_ADDRSTRLEN];
|
|
|
|
+
|
|
|
|
+ print_sockaddr(addr, sizeof(addr), &kdcs[i].ss);
|
|
|
|
+
|
|
|
|
+ d_printf("%s:%hd\n", addr, kdcs[i].port);
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ return 0;
|
|
|
|
#endif
|
|
|
|
DEBUG(1, ("No kerberos support\n"));
|
|
|
|
return -1;
|