From 2464a7b0ddb556bed86a845c9400e26c4d7f584a Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 30 Nov 2011 17:58:30 +0100 Subject: [PATCH] s3-libsmb: Remove obsolete smb_krb5_locate_kdc. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Günther Deschner Autobuild-User: Günther Deschner Autobuild-Date: Thu Feb 9 14:58:57 CET 2012 on sn-devel-104 --- source3/configure.in | 1 - source3/include/krb5_protos.h | 4 -- source3/libsmb/clikrb5.c | 89 ----------------------------------------- source3/wscript | 2 +- 4 files changed, 1 insertions(+), 95 deletions(-) diff --git a/source3/configure.in b/source3/configure.in index 298fe1b..1ce1a5b 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3860,7 +3860,6 @@ if test x"$with_ads_support" != x"no"; then AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS) - AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS) diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h index 32f995c..f16cafd 100644 --- a/source3/include/krb5_protos.h +++ b/source3/include/krb5_protos.h @@ -67,10 +67,6 @@ bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr); int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt); bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt); krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt); -krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); -#if defined(HAVE_KRB5_LOCATE_KDC) -krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); -#endif krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes); bool get_krb5_smb_session_key(TALLOC_CTX *mem_ctx, krb5_context context, diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 9af3e49..8cea29c 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -488,95 +488,6 @@ #endif } -#if !defined(HAVE_KRB5_LOCATE_KDC) - -/* krb5_locate_kdc is an internal MIT symbol. MIT are not yet willing to commit - * to a public interface for this functionality, so we have to be able to live - * without it if the MIT libraries are hiding their internal symbols. - */ - -#if defined(KRB5_KRBHST_INIT) -/* Heimdal */ - krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters) -{ - krb5_krbhst_handle hnd; - krb5_krbhst_info *hinfo; - krb5_error_code rc; - int num_kdcs, i; - struct sockaddr *sa; - struct addrinfo *ai; - - *addr_pp = NULL; - *naddrs = 0; - - rc = krb5_krbhst_init(ctx, realm->data, KRB5_KRBHST_KDC, &hnd); - if (rc) { - DEBUG(0, ("smb_krb5_locate_kdc: krb5_krbhst_init failed (%s)\n", error_message(rc))); - return rc; - } - - for ( num_kdcs = 0; (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); num_kdcs++) - ; - - krb5_krbhst_reset(ctx, hnd); - - if (!num_kdcs) { - DEBUG(0, ("smb_krb5_locate_kdc: zero kdcs found !\n")); - krb5_krbhst_free(ctx, hnd); - return -1; - } - - sa = SMB_MALLOC_ARRAY( struct sockaddr, num_kdcs ); - if (!sa) { - DEBUG(0, ("smb_krb5_locate_kdc: malloc failed\n")); - krb5_krbhst_free(ctx, hnd); - naddrs = 0; - return -1; - } - - memset(sa, '\0', sizeof(struct sockaddr) * num_kdcs ); - - for (i = 0; i < num_kdcs && (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); i++) { - -#if defined(HAVE_KRB5_KRBHST_GET_ADDRINFO) - rc = krb5_krbhst_get_addrinfo(ctx, hinfo, &ai); - if (rc) { - DEBUG(0,("krb5_krbhst_get_addrinfo failed: %s\n", error_message(rc))); - continue; - } -#endif - if (hinfo->ai && hinfo->ai->ai_family == AF_INET) - memcpy(&sa[i], hinfo->ai->ai_addr, sizeof(struct sockaddr)); - } - - krb5_krbhst_free(ctx, hnd); - - *naddrs = num_kdcs; - *addr_pp = sa; - return 0; -} - -#else /* ! defined(KRB5_KRBHST_INIT) */ - - krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, - struct sockaddr **addr_pp, int *naddrs, int get_masters) -{ - DEBUG(0, ("unable to explicitly locate the KDC on this platform\n")); - return KRB5_KDC_UNREACH; -} - -#endif /* KRB5_KRBHST_INIT */ - -#else /* ! HAVE_KRB5_LOCATE_KDC */ - - krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, - struct sockaddr **addr_pp, int *naddrs, int get_masters) -{ - return krb5_locate_kdc(ctx, realm, addr_pp, naddrs, get_masters); -} - -#endif /* HAVE_KRB5_LOCATE_KDC */ - #if !defined(HAVE_KRB5_FREE_UNPARSED_NAME) void krb5_free_unparsed_name(krb5_context context, char *val) { diff --git a/source3/wscript b/source3/wscript index 901d2b6..40b2cde 100644 --- a/source3/wscript +++ b/source3/wscript @@ -639,7 +639,7 @@ krb5_set_real_time krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes krb5_set_default_tgs_ktypes krb5_principal2salt krb5_use_enctype krb5_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey -krb5_auth_con_setuseruserkey krb5_locate_kdc krb5_get_permitted_enctypes +krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes krb5_get_default_in_tkt_etypes krb5_free_data_contents krb5_principal_get_comp_string krb5_free_unparsed_name krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init -- 1.7.7.6 From 419e92b1499c77ddf3648d6b99ed482a57b3e713 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 30 Nov 2011 17:39:22 +0100 Subject: [PATCH] s3-net: Don't use an internal krb5 for kdc lookup. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This replaces the use of the internal krb5_locate_kdc() function with our own get_kdc_list() function. Signed-off-by: Günther Deschner --- source3/utils/net_lookup.c | 42 +++++++++++++++++++++++------------------- 1 files changed, 23 insertions(+), 19 deletions(-) diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c index febf481..7b2a214 100644 --- a/source3/utils/net_lookup.c +++ b/source3/utils/net_lookup.c @@ -276,10 +276,11 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv) #ifdef HAVE_KRB5 krb5_error_code rc; krb5_context ctx; - struct sockaddr_in *addrs; - int num_kdcs,i; - krb5_data realm; - char **realms; + struct ip_service *kdcs; + const char *realm; + int num_kdcs = 0; + int i; + NTSTATUS status; initialize_krb5_error_table(); rc = krb5_init_context(&ctx); @@ -289,34 +290,37 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv) return -1; } - if (argc>0) { - realm.data = CONST_DISCARD(char *, argv[0]); - realm.length = strlen(argv[0]); + if (argc > 0) { + realm = argv[0]; } else if (lp_realm() && *lp_realm()) { - realm.data = lp_realm(); - realm.length = strlen((const char *)realm.data); + realm = lp_realm(); } else { + char **realms; + rc = krb5_get_host_realm(ctx, NULL, &realms); if (rc) { DEBUG(1,("krb5_gethost_realm failed (%s)\n", error_message(rc))); return -1; } - realm.data = (char *) *realms; - realm.length = strlen((const char *)realm.data); + realm = (const char *) *realms; } - rc = smb_krb5_locate_kdc(ctx, &realm, (struct sockaddr **)(void *)&addrs, &num_kdcs, 0); - if (rc) { - DEBUG(1, ("smb_krb5_locate_kdc failed (%s)\n", error_message(rc))); + status = get_kdc_list(realm, NULL, &kdcs, &num_kdcs); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1,("get_kdc_list failed (%s)\n", nt_errstr(status))); return -1; } - for (i=0;i