]> git.pld-linux.org Git - packages/sssd.git/blame - sssd-heimdal.patch
projects / packages / sssd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- up to 1.11.6
[packages/sssd.git] / sssd-heimdal.patch
CommitLineData
38af2cc5
JB		 1--- sssd-1.11.6/Makefile.am.orig 2014-06-03 16:31:33.000000000 +0200
2+++ sssd-1.11.6/Makefile.am 2014-06-18 20:59:38.947444057 +0200
3@@ -1550,8 +1550,6 @@ test_utils_LDADD = \
4 test_search_bases_SOURCES = \
5 $(sssd_be_SOURCES) \
6 src/util/sss_ldap.c \
7- src/util/sss_krb5.c \
8- src/util/find_uid.c \
9 src/util/user_info_msg.c \
10 src/tests/cmocka/test_search_bases.c
11 test_search_bases_CFLAGS = \
12@@ -1574,8 +1572,6 @@ test_search_bases_LDADD = \
13 ad_access_filter_tests_SOURCES = \
14 $(sssd_be_SOURCES) \
15 src/util/sss_ldap.c \
16- src/util/sss_krb5.c \
17- src/util/find_uid.c \
18 src/util/user_info_msg.c \
19 src/providers/ad/ad_common.c \
20 src/tests/cmocka/test_ad_access_filter.c
21@@ -1599,8 +1595,6 @@ ad_access_filter_tests_LDADD = \
22 ad_common_tests_SOURCES = \
23 $(sssd_be_SOURCES) \
24 src/util/sss_ldap.c \
25- src/util/sss_krb5.c \
26- src/util/find_uid.c \
27 src/util/user_info_msg.c \
28 src/tests/cmocka/test_ad_common.c
29 ad_common_tests_CFLAGS = \
30@@ -1830,12 +1824,18 @@ libsss_krb5_common_la_SOURCES = \
dd3b701a
JB		 31 src/providers/krb5/krb5_auth.c \
32 src/providers/krb5/krb5_access.c \
33 src/providers/krb5/krb5_child_handler.c \
34- src/providers/krb5/krb5_init_shared.c
35+ src/providers/krb5/krb5_init_shared.c \
36+ src/util/sss_krb5.c \
37+ src/util/find_uid.c
38af2cc5
JB		 38 libsss_krb5_common_la_LIBADD = \
39- $(KEYUTILS_LIBS)
dd3b701a
JB		 40+ $(KEYUTILS_LIBS) \
41+ $(SYSTEMD_LOGIN_LIBS) \
42+ $(KRB5_LIBS) \
43+ libsss_debug.la
dd3b701a 44 libsss_krb5_common_la_LDFLAGS = \
dd3b701a 45 -avoid-version
38af2cc5
JB		 46 libsss_krb5_common_la_CFLAGS = \
47+ $(SYSTEMD_LOGIN_CFLAGS) \
48 $(KRB5_CFLAGS)
dd3b701a
JB		 49
50 libsss_ldap_la_SOURCES = \
38af2cc5 51@@ -1889,9 +1889,7 @@ libsss_simple_la_LDFLAGS = \
dd3b701a
JB		 52 -module
53
54 libsss_krb5_la_SOURCES = \
55- src/providers/krb5/krb5_init.c \
56- src/util/find_uid.c \
57- src/util/sss_krb5.c
58+ src/providers/krb5/krb5_init.c
59 libsss_krb5_la_CFLAGS = \
60 $(AM_CFLAGS) \
38af2cc5
JB		 61 $(DHASH_CFLAGS) \
62@@ -1937,12 +1935,10 @@ libsss_ipa_la_SOURCES = \
dd3b701a
JB		 63 src/providers/ad/ad_srv.c \
64 src/providers/ad/ad_domain_info.c \
65 src/util/user_info_msg.c \
66- src/util/find_uid.c \
67- src/util/sss_ldap.c \
68- src/util/sss_krb5.c
69+ src/util/sss_ldap.c
70 libsss_ipa_la_CFLAGS = \
71 $(AM_CFLAGS) \
72- $(LDAP_CFLAGS) \
73+ $(OPENLDAP_CFLAGS) \
74 $(DHASH_CFLAGS) \
75 $(NDR_NBT_CFLAGS) \
76 $(KRB5_CFLAGS)
38af2cc5 77@@ -1988,9 +1984,7 @@ libsss_ad_la_SOURCES = \
dd3b701a
JB		 78 src/providers/ad/ad_subdomains.h \
79 src/providers/ad/ad_domain_info.c \
80 src/providers/ad/ad_domain_info.h \
81- src/util/find_uid.c \
82 src/util/user_info_msg.c \
83- src/util/sss_krb5.c \
84 src/util/sss_ldap.c
85
38af2cc5
JB		 86 if BUILD_SUDO
87@@ -2000,7 +1994,7 @@ endif
88
dd3b701a
JB		 89 libsss_ad_la_CFLAGS = \
90 $(AM_CFLAGS) \
91- $(LDAP_CFLAGS) \
92+ $(OPENLDAP_CFLAGS) \
38af2cc5 93 $(SASL_CFLAGS) \
dd3b701a
JB		 94 $(DHASH_CFLAGS) \
95 $(KRB5_CFLAGS) \
dd3b701a
JB		 96diff --git a/src/external/krb5.m4 b/src/external/krb5.m4
97index 1a50bf1..54c5883 100644
98--- a/src/external/krb5.m4
99+++ b/src/external/krb5.m4
100@@ -37,8 +37,8 @@ SAVE_CFLAGS=$CFLAGS
101 SAVE_LIBS=$LIBS
102 CFLAGS="$CFLAGS $KRB5_CFLAGS"
103 LIBS="$LIBS $KRB5_LIBS"
104-AC_CHECK_HEADERS([krb5.h krb5/krb5.h])
105-AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [],
106+AC_CHECK_HEADERS([krb5.h krb5/krb5.h profile.h])
107+AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info, krb5_authdatatype], [], [],
108 [ #ifdef HAVE_KRB5_KRB5_H
109 #include <krb5/krb5.h>
110 #else
111@@ -46,6 +46,7 @@ AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [],
112 #endif
113 ])
114 AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \
115+ krb5_unparse_name_ext \
116 krb5_free_unparsed_name \
117 krb5_get_init_creds_opt_set_expire_callback \
118 krb5_get_init_creds_opt_set_fast_ccache_name \
119@@ -59,12 +60,33 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \
120 krb5_kt_free_entry \
121 krb5_princ_realm \
122 krb5_get_time_offsets \
123+ krb5_get_kdc_sec_offset \
124 krb5_principal_get_realm \
125 krb5_cc_cache_match \
126 krb5_timestamp_to_sfstring \
127 krb5_set_trace_callback \
128 krb5_find_authdata \
129- krb5_cc_get_full_name])
130+ krb5_cc_get_full_name \
131+ krb5_free_string \
132+ krb5_xfree])
133+
134+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H
135+ #include <krb5/krb5.h>
136+ #else
137+ #include <krb5.h>
138+ #endif
139+ ]],
140+ [[ krb5_get_init_creds_opt_set_canonicalize(NULL, 0); ]])],
141+ [AC_DEFINE([KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS], [2], [number of arguments])])
142+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H
143+ #include <krb5/krb5.h>
144+ #else
145+ #include <krb5.h>
146+ #endif
147+ ]],
148+ [[ krb5_get_init_creds_opt_set_canonicalize(NULL, NULL, 0); ]])],
149+ [AC_DEFINE([KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS], [3], [number of arguments])])
150+
151 CFLAGS=$SAVE_CFLAGS
152 LIBS=$SAVE_LIBS
153
154diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c
155index 725687d..586c7dd 100644
156--- a/src/krb5_plugin/sssd_krb5_locator_plugin.c
157+++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c
158@@ -340,6 +340,7 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data,
159 switch (socktype) {
160 case SOCK_STREAM:
161 case SOCK_DGRAM:
162+ case 0: /* any */
f74665dc 163 break;
dd3b701a
JB		 164 default:
165 return KRB5_PLUGIN_NO_HANDLE;
166@@ -374,7 +375,7 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data,
167 ai->ai_family, ai->ai_socktype));
168
169 if ((family == AF_UNSPEC || ai->ai_family == family) &&
170- ai->ai_socktype == socktype) {
171+ (ai->ai_socktype == socktype || socktype == 0)) {
172
173 ret = cbfunc(cbdata, socktype, ai->ai_addr);
174 if (ret != 0) {
38af2cc5
JB		 175--- sssd-1.11.6/src/providers/ad/ad_common.c.orig 2014-06-03 16:31:33.000000000 +0200
176+++ sssd-1.11.6/src/providers/ad/ad_common.c 2014-06-18 21:33:34.690734956 +0200
177@@ -536,7 +536,7 @@ errno_t
dd3b701a
JB		 178 ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
179 const char *primary_servers,
180 const char *backup_servers,
181- const char *krb5_realm,
182+ const char *krb5_realm_str,
183 const char *ad_service,
184 const char *ad_gc_service,
185 const char *ad_domain,
38af2cc5 186@@ -596,13 +596,13 @@ ad_failover_init(TALLOC_CTX *mem_ctx, st
dd3b701a
JB		 187 service->sdap->kinit_service_name = service->krb5_service->name;
188 service->gc->kinit_service_name = service->krb5_service->name;
189
190- if (!krb5_realm) {
191+ if (!krb5_realm_str) {
38af2cc5 192 DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm set\n");
dd3b701a
JB		 193 ret = EINVAL;
194 goto done;
195 }
196 service->krb5_service->realm =
197- talloc_strdup(service->krb5_service, krb5_realm);
198+ talloc_strdup(service->krb5_service, krb5_realm_str);
199 if (!service->krb5_service->realm) {
200 ret = ENOMEM;
201 goto done;
38af2cc5 202@@ -810,7 +810,7 @@ ad_set_ad_id_options(struct ad_options *
dd3b701a
JB		 203 struct sdap_options *id_opts)
204 {
205 errno_t ret;
206- char *krb5_realm;
207+ char *krb5_realm_str;
208 char *keytab_path;
209
210 /* We only support Kerberos password policy with AD, so
38af2cc5 211@@ -825,20 +825,20 @@ ad_set_ad_id_options(struct ad_options *
dd3b701a
JB		 212 }
213
214 /* Set the Kerberos Realm for GSSAPI */
215- krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
216- if (!krb5_realm) {
217+ krb5_realm_str = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
218+ if (!krb5_realm_str) {
219 /* Should be impossible, this is set in ad_get_common_options() */
38af2cc5 220 DEBUG(SSSDBG_FATAL_FAILURE, "No Kerberos realm\n");
dd3b701a
JB		 221 ret = EINVAL;
222 goto done;
223 }
224
225- ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm);
226+ ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm_str);
227 if (ret != EOK) goto done;
228 DEBUG(SSSDBG_CONF_SETTINGS,
38af2cc5 229 "Option %s set to %s\n",
dd3b701a 230 id_opts->basic[SDAP_KRB5_REALM].opt_name,
38af2cc5
JB		 231- krb5_realm);
232+ krb5_realm_str);
dd3b701a
JB		 233
234 keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB);
235 if (keytab_path) {
38af2cc5 236@@ -998,7 +998,7 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx,
dd3b701a
JB		 237 errno_t ret;
238 struct dp_option *krb5_options;
239 const char *ad_servers;
240- const char *krb5_realm;
241+ const char *krb5_realm_str;
242
243 TALLOC_CTX *tmp_ctx = talloc_new(NULL);
244 if (!tmp_ctx) return ENOMEM;
38af2cc5 245@@ -1025,8 +1025,8 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx,
dd3b701a
JB		 246
247 /* Set krb5 realm */
248 /* Set the Kerberos Realm for GSSAPI */
249- krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
250- if (!krb5_realm) {
251+ krb5_realm_str = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
252+ if (!krb5_realm_str) {
253 /* Should be impossible, this is set in ad_get_common_options() */
38af2cc5 254 DEBUG(SSSDBG_FATAL_FAILURE, "No Kerberos realm\n");
dd3b701a 255 ret = EINVAL;
38af2cc5 256@@ -1036,12 +1036,12 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx,
dd3b701a
JB		 257 /* Force the kerberos realm to match the AD_KRB5_REALM (which may have
258 * been upper-cased in ad_common_options()
259 */
260- ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm);
261+ ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm_str);
262 if (ret != EOK) goto done;
263 DEBUG(SSSDBG_CONF_SETTINGS,
38af2cc5 264 "Option %s set to %s\n",
dd3b701a 265 krb5_options[KRB5_REALM].opt_name,
38af2cc5
JB		 266- krb5_realm);
267+ krb5_realm_str);
dd3b701a
JB		 268
269 /* Set flag that controls whether we want to write the
270 * kdcinfo files at all
38af2cc5
JB		 271--- sssd-1.11.6/src/providers/krb5/krb5_child.c.orig 2014-06-03 16:31:33.000000000 +0200
272+++ sssd-1.11.6/src/providers/krb5/krb5_child.c 2014-06-18 22:16:37.020681134 +0200
273@@ -117,7 +117,7 @@ static krb5_error_code set_lifetime_opti
274 return 0;
275 }
276
277-static void set_canonicalize_option(krb5_get_init_creds_opt *opts)
278+static void set_canonicalize_option(krb5_context ctx, krb5_get_init_creds_opt *opts)
279 {
280 int canonicalize = 0;
281 char *tmp_str;
282@@ -128,24 +128,24 @@ static void set_canonicalize_option(krb5
dd3b701a 283 }
38af2cc5
JB		 284 DEBUG(SSSDBG_CONF_SETTINGS, "%s is set to [%s]\n",
285 SSSD_KRB5_CANONICALIZE, tmp_str ? tmp_str : "not set");
286- sss_krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize);
287+ sss_krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize);
288 }
dd3b701a 289
38af2cc5
JB		 290 static void set_changepw_options(krb5_context ctx,
291 krb5_get_init_creds_opt *options)
292 {
dd3b701a
JB		 293- sss_krb5_get_init_creds_opt_set_canonicalize(options, 0);
294+ sss_krb5_get_init_creds_opt_set_canonicalize(ctx, options, 0);
295 krb5_get_init_creds_opt_set_forwardable(options, 0);
296 krb5_get_init_creds_opt_set_proxiable(options, 0);
297 krb5_get_init_creds_opt_set_renew_life(options, 0);
38af2cc5
JB		 298 krb5_get_init_creds_opt_set_tkt_life(options, 5*60);
299 }
300
301-static void revert_changepw_options(krb5_get_init_creds_opt *options)
302+static void revert_changepw_options(krb5_context ctx, krb5_get_init_creds_opt *options)
303 {
304 krb5_error_code kerr;
305
306- set_canonicalize_option(options);
307+ set_canonicalize_option(ctx, options);
308
309 /* Currently we do not set forwardable and proxiable explicitly, the flags
310 * must be removed so that libkrb5 can take the defaults from krb5.conf */
311@@ -159,6 +159,7 @@ static void revert_changepw_options(krb5
dd3b701a
JB		 312 }
313
38af2cc5 314
dd3b701a
JB		 315+#ifdef HAVE_PAC_RESPONDER
316 static errno_t sss_send_pac(krb5_authdata **pac_authdata)
317 {
318 struct sss_cli_req_data sss_data;
38af2cc5 319@@ -178,6 +179,7 @@ static errno_t sss_send_pac(krb5_authdat
dd3b701a
JB		 320
321 return EOK;
322 }
323+#endif /* HAVE_PAC_RESPONDER */
324
325 static void sss_krb5_expire_callback_func(krb5_context context, void *data,
326 krb5_timestamp password_expiration,
38af2cc5 327@@ -469,7 +471,8 @@ static krb5_error_code create_empty_cred
dd3b701a
JB		 328 {
329 krb5_error_code kerr;
330 krb5_creds *cred = NULL;
331- krb5_data *krb5_realm;
332+ const char *realm_name;
333+ int realm_length;
334
335 cred = calloc(sizeof(krb5_creds), 1);
336 if (cred == NULL) {
38af2cc5 337@@ -483,12 +486,12 @@ static krb5_error_code create_empty_cred
dd3b701a
JB		 338 goto done;
339 }
340
341- krb5_realm = krb5_princ_realm(ctx, princ);
342+ sss_krb5_princ_realm(ctx, princ, &realm_name, &realm_length);
343
344 kerr = krb5_build_principal_ext(ctx, &cred->server,
345- krb5_realm->length, krb5_realm->data,
346+ realm_length, realm_name,
347 KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
348- krb5_realm->length, krb5_realm->data, 0);
349+ realm_length, realm_name, 0);
350 if (kerr != 0) {
38af2cc5 351 DEBUG(SSSDBG_CRIT_FAILURE, "krb5_build_principal_ext failed.\n");
dd3b701a 352 goto done;
38af2cc5 353@@ -747,7 +750,8 @@ static errno_t add_ticket_times_and_upn_
dd3b701a
JB		 354 goto done;
355 }
356
357- kerr = krb5_unparse_name_ext(kr->ctx, kr->creds->client, &upn, &upn_len);
358+ kerr = sss_krb5_unparse_name_ext(kr->ctx, kr->creds->client,
359+ &upn, &upn_len);
360 if (kerr != 0) {
38af2cc5 361 DEBUG(SSSDBG_OP_FAILURE, "krb5_unparse_name failed.\n");
dd3b701a 362 goto done;
38af2cc5 363@@ -755,7 +759,7 @@ static errno_t add_ticket_times_and_upn_
dd3b701a
JB		 364
365 ret = pam_add_response(kr->pd, SSS_KRB5_INFO_UPN, upn_len,
366 (uint8_t *) upn);
367- krb5_free_unparsed_name(kr->ctx, upn);
368+ sss_krb5_free_unparsed_name(kr->ctx, upn);
369 if (ret != EOK) {
38af2cc5 370 DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n");
dd3b701a 371 goto done;
38af2cc5 372@@ -777,7 +781,9 @@ static krb5_error_code validate_tgt(stru
dd3b701a
JB		 373 krb5_principal validation_princ = NULL;
374 bool realm_entry_found = false;
375 krb5_ccache validation_ccache = NULL;
376+#ifdef HAVE_PAC_RESPONDER
377 krb5_authdata **pac_authdata = NULL;
378+#endif
379
380 memset(&keytab, 0, sizeof(keytab));
381 kerr = krb5_kt_resolve(kr->ctx, kr->keytab, &keytab);
38af2cc5 382@@ -871,6 +877,7 @@ static krb5_error_code validate_tgt(stru
dd3b701a
JB		 383 goto done;
384 }
385
386+#ifdef HAVE_PAC_RESPONDER
387 /* Try to find and send the PAC to the PAC responder.
388 * Failures are not critical. */
389 if (kr->send_pac) {
38af2cc5 390@@ -893,6 +900,7 @@ static krb5_error_code validate_tgt(stru
dd3b701a 391 kerr = 0;
f74665dc 392 }
dd3b701a
JB		 393 }
394+#endif /* HAVE_PAC_RESPONDER */
395
396 done:
397 if (validation_ccache != NULL) {
38af2cc5 398@@ -928,7 +936,7 @@ static krb5_error_code get_and_save_tgt_
dd3b701a
JB		 399 krb5_get_init_creds_opt_set_address_list(&options, NULL);
400 krb5_get_init_creds_opt_set_forwardable(&options, 0);
401 krb5_get_init_creds_opt_set_proxiable(&options, 0);
38af2cc5
JB		 402- set_canonicalize_option(&options);
403+ set_canonicalize_option(ctx, &options);
f74665dc 404
dd3b701a
JB		 405 kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL,
406 &options);
38af2cc5 407@@ -1157,9 +1165,9 @@ static errno_t changepw_child(struct krb
dd3b701a
JB		 408
409 memset(&result_code_string, 0, sizeof(krb5_data));
410 memset(&result_string, 0, sizeof(krb5_data));
411- kerr = krb5_change_password(kr->ctx, kr->creds,
412- discard_const(newpassword), &result_code,
413- &result_code_string, &result_string);
414+ kerr = krb5_set_password(kr->ctx, kr->creds,
415+ discard_const(newpassword), NULL,
416+ &result_code, &result_code_string, &result_string);
417
418 if (kerr == KRB5_KDC_UNREACH) {
419 return ERR_NETWORK_IO;
38af2cc5 420@@ -1173,7 +1181,7 @@ static errno_t changepw_child(struct krb
dd3b701a 421 if (result_code_string.length > 0) {
38af2cc5
JB		 422 DEBUG(SSSDBG_CRIT_FAILURE,
423 "krb5_change_password failed [%d][%.*s].\n", result_code,
424- result_code_string.length, result_code_string.data);
425+ (int) result_code_string.length, (char *) result_code_string.data);
dd3b701a
JB		 426 user_error_message = talloc_strndup(kr->pd, result_code_string.data,
427 result_code_string.length);
428 if (user_error_message == NULL) {
38af2cc5 429@@ -1181,10 +1189,10 @@ static errno_t changepw_child(struct krb
dd3b701a 430 }
f74665dc 431 }
dd3b701a
JB		 432
433- if (result_string.length > 0 && result_string.data[0] != '\0') {
38af2cc5
JB		 434+ if (result_string.length > 0 && ((char *) result_string.data)[0] != '\0') {
435 DEBUG(SSSDBG_CRIT_FAILURE,
436 "krb5_change_password failed [%d][%.*s].\n", result_code,
437- result_string.length, result_string.data);
438+ (int) result_string.length, (char *) result_string.data);
dd3b701a
JB		 439 talloc_free(user_error_message);
440 user_error_message = talloc_strndup(kr->pd, result_string.data,
441 result_string.length);
38af2cc5
JB		 442@@ -1227,7 +1235,7 @@ static errno_t changepw_child(struct krb
443
444 /* We changed some of the gic options for the password change, now we have
445 * to change them back to get a fresh TGT. */
446- revert_changepw_options(kr->options);
447+ revert_changepw_options(kr->ctx, kr->options);
448
449 kerr = get_and_save_tgt(kr, newpassword);
450
451@@ -1765,7 +1773,8 @@ static errno_t k5c_recv_data(struct krb5
452 static int k5c_setup_fast(struct krb5_req *kr, bool demand)
f74665dc 453 {
dd3b701a
JB		 454 krb5_principal fast_princ_struct;
455- krb5_data *realm_data;
456+ const char *realm_name;
457+ int realm_length;
458 char *fast_principal_realm;
459 char *fast_principal;
f74665dc 460 krb5_error_code kerr;
38af2cc5 461@@ -1793,8 +1802,11 @@ static int k5c_setup_fast(struct krb5_re
dd3b701a
JB		 462 return KRB5KRB_ERR_GENERIC;
463 }
464 free(tmp_str);
465- realm_data = krb5_princ_realm(kr->ctx, fast_princ_struct);
466- fast_principal_realm = talloc_asprintf(kr, "%.*s", realm_data->length, realm_data->data);
467+ sss_krb5_princ_realm(kr->ctx, fast_princ_struct,
468+ &realm_name, &realm_length);
469+
470+ fast_principal_realm = talloc_asprintf(kr, "%.*s",
471+ realm_length, realm_name);
472 if (!fast_principal_realm) {
38af2cc5 473 DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
dd3b701a 474 return ENOMEM;
38af2cc5 475@@ -1928,7 +1940,7 @@ static int k5c_setup(struct krb5_req *kr
dd3b701a
JB		 476 }
477
478 if (!offline) {
38af2cc5
JB		 479- set_canonicalize_option(kr->options);
480+ set_canonicalize_option(kr->ctx, kr->options);
dd3b701a
JB		 481
482 use_fast_str = getenv(SSSD_KRB5_USE_FAST);
483 if (use_fast_str == NULL || strcasecmp(use_fast_str, "never") == 0) {
38af2cc5
JB		 484--- sssd-1.11.6/src/providers/krb5/krb5_common.c.orig 2014-06-03 16:31:33.000000000 +0200
485+++ sssd-1.11.6/src/providers/krb5/krb5_common.c 2014-06-18 22:23:18.480672769 +0200
dd3b701a
JB		 486@@ -33,7 +33,7 @@
487 #include "providers/krb5/krb5_opts.h"
488 #include "providers/krb5/krb5_utils.h"
489
490-#ifdef HAVE_KRB5_CC_COLLECTION
491+#ifdef HAVE_PROFILE_H
492 /* krb5 profile functions */
493 #include <profile.h>
494 #endif
495@@ -91,7 +91,7 @@ done:
496 return ret;
497 }
498
499-#ifdef HAVE_KRB5_CC_COLLECTION
500+#ifdef HAVE_PROFILE_H
501 /* source default_ccache_name from krb5.conf */
502 static errno_t sss_get_system_ccname_template(TALLOC_CTX *mem_ctx,
503 char **ccname)
38af2cc5 504@@ -912,7 +912,7 @@ errno_t krb5_install_offline_callback(st
dd3b701a
JB		 505 {
506 int ret;
507 struct remove_info_files_ctx *ctx;
508- const char *krb5_realm;
509+ const char *krb5_realm_str;
510
511 if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) {
38af2cc5
JB		 512 DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name!\n");
513@@ -925,14 +925,14 @@ errno_t krb5_install_offline_callback(st
dd3b701a
JB		 514 return ENOMEM;
515 }
516
517- krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
518- if (krb5_realm == NULL) {
519+ krb5_realm_str = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
520+ if (krb5_realm_str == NULL) {
38af2cc5 521 DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
dd3b701a
JB		 522 ret = EINVAL;
523 goto done;
524 }
525
526- ctx->realm = talloc_strdup(ctx, krb5_realm);
527+ ctx->realm = talloc_strdup(ctx, krb5_realm_str);
528 if (ctx->realm == NULL) {
38af2cc5 529 DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
dd3b701a 530 ret = ENOMEM;
38af2cc5 531@@ -967,19 +967,19 @@ done:
dd3b701a
JB		 532 errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
533 struct krb5_ctx *krb5_ctx)
534 {
535- const char *krb5_realm;
536+ const char *krb5_realm_str;
537 char *sig_realm;
538 struct tevent_signal *sige;
539
540 BlockSignals(false, SIGTERM);
541
542- krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
543- if (krb5_realm == NULL) {
544+ krb5_realm_str = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
545+ if (krb5_realm_str == NULL) {
38af2cc5 546 DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
dd3b701a
JB		 547 return EINVAL;
548 }
549
550- sig_realm = talloc_strdup(krb5_ctx, krb5_realm);
551+ sig_realm = talloc_strdup(krb5_ctx, krb5_realm_str);
552 if (sig_realm == NULL) {
38af2cc5 553 DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
dd3b701a 554 return ENOMEM;
38af2cc5
JB		 555--- sssd-1.11.6/src/providers/krb5/krb5_init.c.orig 2014-06-03 16:31:33.000000000 +0200
556+++ sssd-1.11.6/src/providers/krb5/krb5_init.c 2014-06-18 22:43:53.080647036 +0200
557@@ -64,7 +64,7 @@ int sssm_krb5_auth_init(struct be_ctx *b
dd3b701a
JB		 558 const char *krb5_backup_servers;
559 const char *krb5_kpasswd_servers;
560 const char *krb5_backup_kpasswd_servers;
561- const char *krb5_realm;
562+ const char *krb5_realm_str;
563 const char *errstr;
564 int errval;
565 int errpos;
38af2cc5 566@@ -103,15 +103,15 @@ int sssm_krb5_auth_init(struct be_ctx *b
dd3b701a
JB		 567 krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC);
568 krb5_backup_servers = dp_opt_get_string(ctx->opts, KRB5_BACKUP_KDC);
569
570- krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM);
571- if (krb5_realm == NULL) {
572+ krb5_realm_str = dp_opt_get_string(ctx->opts, KRB5_REALM);
573+ if (krb5_realm_str == NULL) {
38af2cc5 574 DEBUG(SSSDBG_FATAL_FAILURE, "Missing krb5_realm option!\n");
dd3b701a
JB		 575 return EINVAL;
576 }
577
578 ret = krb5_service_init(ctx, bectx,
579 SSS_KRB5KDC_FO_SRV, krb5_servers,
580- krb5_backup_servers, krb5_realm,
581+ krb5_backup_servers, krb5_realm_str,
582 dp_opt_get_bool(krb5_options->opts,
583 KRB5_USE_KDCINFO),
584 &ctx->service);
38af2cc5 585@@ -138,7 +138,7 @@ int sssm_krb5_auth_init(struct be_ctx *b
dd3b701a
JB		 586 } else {
587 ret = krb5_service_init(ctx, bectx,
588 SSS_KRB5KPASSWD_FO_SRV, krb5_kpasswd_servers,
589- krb5_backup_kpasswd_servers, krb5_realm,
590+ krb5_backup_kpasswd_servers, krb5_realm_str,
591 dp_opt_get_bool(krb5_options->opts,
592 KRB5_USE_KDCINFO),
593 &ctx->kpasswd_service);
38af2cc5
JB		 594--- sssd-1.11.6/src/providers/ldap/ldap_child.c.orig 2014-06-03 16:31:33.000000000 +0200
595+++ sssd-1.11.6/src/providers/ldap/ldap_child.c 2014-06-19 07:25:44.383327744 +0200
596@@ -97,7 +97,7 @@ static errno_t unpack_buffer(uint8_t *bu
dd3b701a
JB		 597
598 /* ticket lifetime */
599 SAFEALIGN_COPY_INT32_CHECK(&ibuf->lifetime, buf + p, size, &p);
38af2cc5
JB		 600- DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %d\n", ibuf->lifetime);
601+ DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %d\n", (int)ibuf->lifetime);
dd3b701a
JB		 602
603 return EOK;
604 }
38af2cc5
JB		 605@@ -310,7 +310,8 @@ static krb5_error_code ldap_child_get_tg
606 DEBUG(SSSDBG_CONF_SETTINGS, "Will canonicalize principals\n");
dd3b701a
JB		 607 canonicalize = 1;
608 }
609- sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize);
610+ sss_krb5_get_init_creds_opt_set_canonicalize(context,
611+ &options, canonicalize);
612
613 krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc,
614 keytab, 0, NULL, &options);
38af2cc5 615@@ -343,8 +344,7 @@ static krb5_error_code ldap_child_get_tg
dd3b701a 616 }
38af2cc5 617 DEBUG(SSSDBG_TRACE_INTERNAL, "credentials stored\n");
dd3b701a
JB		 618
619-#ifdef HAVE_KRB5_GET_TIME_OFFSETS
620- krberr = krb5_get_time_offsets(context, &kdc_time_offset,
621+ krberr = sss_krb5_get_time_offsets(context, &kdc_time_offset,
622 &kdc_time_offset_usec);
623 if (krberr) {
38af2cc5
JB		 624 DEBUG(SSSDBG_OP_FAILURE, "Failed to get KDC time offset: %s\n",
625@@ -356,10 +356,6 @@ static krb5_error_code ldap_child_get_tg
dd3b701a
JB		 626 }
627 }
38af2cc5 628 DEBUG(SSSDBG_TRACE_INTERNAL, "Got KDC time offset\n");
dd3b701a
JB		 629-#else
630- /* If we don't have this function, just assume no offset */
631- kdc_time_offset = 0;
632-#endif
f74665dc 633
634 krberr = 0;
635 *ccname_out = ccname;
38af2cc5
JB		 636--- sssd-1.11.6/src/providers/ldap/ldap_common.c.orig 2014-06-03 16:31:33.000000000 +0200
637+++ sssd-1.11.6/src/providers/ldap/ldap_common.c 2014-06-19 07:33:38.193317867 +0200
638@@ -1303,7 +1303,7 @@ done:
dd3b701a
JB		 639 static const char *
640 sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx)
641 {
642- char *krb5_realm = NULL;
643+ char *krb5_realm_str = NULL;
644 const char *realm = NULL;
645 krb5_error_code krberr;
646 krb5_context context = NULL;
38af2cc5 647@@ -1314,15 +1314,15 @@ sdap_gssapi_get_default_realm(TALLOC_CTX
dd3b701a
JB		 648 goto done;
649 }
f74665dc 650
dd3b701a
JB		 651- krberr = krb5_get_default_realm(context, &krb5_realm);
652+ krberr = krb5_get_default_realm(context, &krb5_realm_str);
653 if (krberr) {
38af2cc5
JB		 654 DEBUG(SSSDBG_OP_FAILURE, "Failed to get default realm name: %s\n",
655 sss_krb5_get_error_message(context, krberr));
dd3b701a
JB		 656 goto done;
657 }
658
659- realm = talloc_strdup(mem_ctx, krb5_realm);
660- krb5_free_default_realm(context, krb5_realm);
661+ realm = talloc_strdup(mem_ctx, krb5_realm_str);
662+ krb5_free_default_realm(context, krb5_realm_str);
663 if (!realm) {
38af2cc5 664 DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory\n");
dd3b701a 665 goto done;
38af2cc5 666@@ -1343,7 +1343,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx
dd3b701a
JB		 667 int ret;
668 const char *krb5_servers;
669 const char *krb5_backup_servers;
670- const char *krb5_realm;
671+ const char *krb5_realm_str;
672 const char *krb5_opt_realm;
673 struct krb5_service *service = NULL;
674 TALLOC_CTX *tmp_ctx;
38af2cc5 675@@ -1358,16 +1358,16 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx
dd3b701a 676 if (krb5_opt_realm == NULL) {
38af2cc5
JB		 677 DEBUG(SSSDBG_OP_FAILURE,
678 "Missing krb5_realm option, will use libkrb default\n");
dd3b701a
JB		 679- krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx);
680- if (krb5_realm == NULL) {
681+ krb5_realm_str = sdap_gssapi_get_default_realm(tmp_ctx);
682+ if (krb5_realm_str == NULL) {
38af2cc5
JB		 683 DEBUG(SSSDBG_FATAL_FAILURE,
684 "Cannot determine the Kerberos realm, aborting\n");
dd3b701a
JB		 685 ret = EIO;
686 goto done;
f74665dc 687 }
dd3b701a
JB		 688 } else {
689- krb5_realm = talloc_strdup(tmp_ctx, krb5_opt_realm);
690- if (krb5_realm == NULL) {
691+ krb5_realm_str = talloc_strdup(tmp_ctx, krb5_opt_realm);
692+ if (krb5_realm_str == NULL) {
693 ret = ENOMEM;
694 goto done;
f74665dc 695 }
38af2cc5 696@@ -1375,7 +1375,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx
f74665dc 697
dd3b701a
JB		 698 ret = krb5_service_init(mem_ctx, bectx,
699 SSS_KRB5KDC_FO_SRV, krb5_servers,
700- krb5_backup_servers, krb5_realm,
701+ krb5_backup_servers, krb5_realm_str,
702 dp_opt_get_bool(opts,
703 SDAP_KRB5_USE_KDCINFO),
704 &service);
38af2cc5 705@@ -1384,14 +1384,14 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx
dd3b701a
JB		 706 goto done;
707 }
708
709- ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm);
710+ ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm_str);
711 if (ret != EOK) {
38af2cc5 712 DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n");
dd3b701a
JB		 713 goto done;
714 }
715
716 ret = sdap_install_offline_callback(mem_ctx, bectx,
717- krb5_realm, SSS_KRB5KDC_FO_SRV);
718+ krb5_realm_str, SSS_KRB5KDC_FO_SRV);
719 if (ret != EOK) {
38af2cc5 720 DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n");
dd3b701a
JB		 721 goto done;
722diff --git a/src/tests/dlopen-tests.c b/src/tests/dlopen-tests.c
723index dd4cc75..9c09e33 100644
724--- a/src/tests/dlopen-tests.c
725+++ b/src/tests/dlopen-tests.c
726@@ -80,6 +80,8 @@ struct so {
727 LIBPFX"libsss_ipa.so", NULL } },
728 { "libsss_krb5.so", { LIBPFX"libdlopen_test_providers.so",
729 LIBPFX"libsss_krb5.so", NULL } },
730+ { "libsss_krb5_common.so", { LIBPFX"libdlopen_test_providers.so",
731+ LIBPFX"libsss_krb5_common.so", NULL } },
732 { "libsss_ldap.so", { LIBPFX"libdlopen_test_providers.so",
733 LIBPFX"libsss_ldap.so", NULL } },
734 { "libsss_proxy.so", { LIBPFX"libdlopen_test_providers.so",
735diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c
736index 0c6b68b..102827e 100644
737--- a/src/tests/krb5_child-test.c
738+++ b/src/tests/krb5_child-test.c
739@@ -290,17 +290,17 @@ child_done(struct tevent_req *req)
740 static void
741 printtime(krb5_timestamp ts)
742 {
743+#ifdef HAVE_KRB5_TIMESTAMP_TO_SFSTRING
744 krb5_error_code kret;
745 char timestring[BUFSIZ];
746 char fill = '\0';
747
748-#ifdef HAVE_KRB5_TIMESTAMP_TO_SFSTRING
749 kret = krb5_timestamp_to_sfstring(ts, timestring, BUFSIZ, &fill);
750 if (kret) {
751 KRB5_CHILD_TEST_DEBUG(SSSDBG_OP_FAILURE, kret);
752 }
753 printf("%s", timestring);
754-#else
755+#elif defined(HAVE_KRB5_FORMAT_TIME)
756 printf("%s", ctime(&ts));
757 #endif /* HAVE_KRB5_TIMESTAMP_TO_SFSTRING */
758 }
759@@ -333,8 +333,8 @@ print_creds(krb5_context kcontext, krb5_creds *cred, const char *defname)
760 }
f74665dc 761
762 done:
dd3b701a
JB		 763- krb5_free_unparsed_name(kcontext, name);
764- krb5_free_unparsed_name(kcontext, sname);
765+ sss_krb5_free_unparsed_name(kcontext, name);
766+ sss_krb5_free_unparsed_name(kcontext, sname);
767 }
768
769 static errno_t
770@@ -381,7 +381,7 @@ print_ccache(const char *cc)
771 ret = EOK;
772 done:
773 krb5_cc_close(kcontext, cache);
774- krb5_free_unparsed_name(kcontext, defname);
775+ sss_krb5_free_unparsed_name(kcontext, defname);
776 krb5_free_principal(kcontext, princ);
777 krb5_free_context(kcontext);
778 return ret;
779diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
780index f8a7e6f..a954d10 100644
781--- a/src/util/sss_krb5.c
782+++ b/src/util/sss_krb5.c
783@@ -535,7 +535,9 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context,
784
785 void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name)
786 {
787-#ifdef HAVE_KRB5_FREE_UNPARSED_NAME
788+#ifdef HAVE_KRB5_XFREE
789+ krb5_xfree(name);
790+#elif HAVE_KRB5_FREE_UNPARSED_NAME
791 krb5_free_unparsed_name(context, name);
792 #else
793 if (name != NULL) {
794@@ -545,6 +547,15 @@ void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name)
795 #endif
796 }
797
798+void KRB5_CALLCONV sss_krb5_free_string(krb5_context ctx, char *val)
799+{
800+/* TODO: ensure at least on is available in krb5.m4 */
801+#ifdef HAVE_KRB5_FREE_STRING
802+ krb5_free_string(ctx, val);
803+#elif HAVE_KRB5_XFREE
804+ (void) krb5_xfree(val);
805+#endif
806+}
807
808 krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_expire_callback(
809 krb5_context context,
810@@ -800,15 +811,16 @@ cleanup:
811 #endif /* HAVE_KRB5_UNPARSE_NAME_FLAGS */
812 }
813
814-void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts,
815+void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_context ctx,
816+ krb5_get_init_creds_opt *opts,
817 int canonicalize)
818 {
819- /* FIXME: The extra check for HAVE_KRB5_TICKET_TIMES is a workaround due to Heimdal
820- * defining krb5_get_init_creds_opt_set_canonicalize() with a different set of
821- * arguments. We should use a better configure check in the future.
822- */
823-#if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && defined(HAVE_KRB5_TICKET_TIMES)
824+#if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && \
825+ KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 2
826 krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize);
827+#elif defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && \
828+ KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 3
829+ (void) krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize);
830 #else
831 DEBUG(SSSDBG_OP_FAILURE, ("Kerberos principal canonicalization is not available!\n"));
832 #endif
833@@ -1063,10 +1075,51 @@ done:
834 KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
835 }
f74665dc 836 }
dd3b701a
JB		 837- krb5_free_string(ctx, tmp_ccname);
838+ sss_krb5_free_string(ctx, tmp_ccname);
839
840 return ret_ccname;
841 #else
842 return NULL;
843 #endif /* HAVE_KRB5_CC_COLLECTION */
844 }
845+
846+krb5_error_code KRB5_CALLCONV
847+sss_krb5_unparse_name_ext(krb5_context ctx,
848+ krb5_const_principal principal,
849+ char **name,
850+ unsigned int *len)
851+{
852+ krb5_error_code kerr;
853+
854+#ifdef HAVE_KRB5_UNPARSE_NAME_EXT
855+ kerr = krb5_unparse_name_ext(ctx, principal, name, len);
856+#else
857+ kerr = krb5_unparse_name(ctx, principal, name);
858+ if (kerr == 0 && *name)
859+ *len = strlen(*name);
860+#endif /* HAVE_KRB5_UNPARSE_NAME_EXT */
861+
862+ return kerr;
863+}
864+
865+krb5_error_code KRB5_CALLCONV
866+sss_krb5_get_time_offsets(krb5_context ctx,
867+ krb5_timestamp *seconds,
868+ int32_t *microseconds)
869+{
870+#if defined(HAVE_KRB5_GET_TIME_OFFSETS)
871+ return krb5_get_time_offsets(ctx, seconds, microseconds);
872+#elif defined(HAVE_KRB5_GET_KDC_SEC_OFFSET)
873+ int32_t _seconds;
874+ krb5_error_code ret;
875+
876+ ret = krb5_get_kdc_sec_offset(ctx, &_seconds, microseconds);
877+ *seconds = _seconds;
878+ return ret;
879+#else
880+ (void) ctx;
881+ *seconds = 0;
882+ *microseconds = 0;
883+ return 0;
884+#endif
885+}
886diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
887index db47e0a..c7b9a69 100644
888--- a/src/util/sss_krb5.h
889+++ b/src/util/sss_krb5.h
890@@ -70,6 +70,8 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context,
891
892 void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name);
893
894+void KRB5_CALLCONV sss_krb5_free_string(krb5_context ctx, char *val);
895+
896 int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name,
897 krb5_context context, krb5_keytab keytab);
898
899@@ -136,7 +138,8 @@ krb5_error_code
900 sss_krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal,
901 int flags, char **name);
902
903-void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts,
904+void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_context ctx,
905+ krb5_get_init_creds_opt *opts,
906 int canonicalize);
907
908 enum sss_krb5_cc_type {
909@@ -167,6 +170,10 @@ typedef krb5_times sss_krb5_ticket_times;
910 /* Redirect libkrb5 tracing towards our DEBUG statements */
911 errno_t sss_child_set_krb5_tracing(krb5_context ctx);
912
913+#ifndef HAVE_KRB5_AUTHDATATYPE
914+typedef int32_t krb5_authdatatype;
915+#endif
916+
917 krb5_error_code sss_krb5_find_authdata(krb5_context context,
918 krb5_authdata *const *ticket_authdata,
919 krb5_authdata *const *ap_req_authdata,
920@@ -184,4 +191,14 @@ char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx,
921 krb5_context ctx,
922 krb5_principal principal,
923 const char *location);
924+
925+krb5_error_code KRB5_CALLCONV
926+sss_krb5_unparse_name_ext(krb5_context ctx,
927+ krb5_const_principal principal,
928+ char **name,
929+ unsigned int *len);
930+krb5_error_code KRB5_CALLCONV
931+sss_krb5_get_time_offsets(krb5_context ctx,
932+ krb5_timestamp *seconds,
933+ int32_t *microseconds);
934 #endif /* __SSS_KRB5_H__ */
bf8e7304
JB		 935#--- sssd-1.11.4/src/external/pac_responder.m4.orig 2014-02-17 19:55:32.000000000 +0100
936#+++ sssd-1.11.4/src/external/pac_responder.m4 2014-03-22 17:59:50.707675270 +0100
937#@@ -21,7 +21,8 @@
938# Kerberos\ 5\ release\ 1.9* | \
939# Kerberos\ 5\ release\ 1.10* | \
940# Kerberos\ 5\ release\ 1.11* | \
941#- Kerberos\ 5\ release\ 1.12*)
942#+ Kerberos\ 5\ release\ 1.12* | \
943#+ heimdal\ *)
944# krb5_version_ok=yes
945# AC_MSG_RESULT([yes])
946# ;;
System Security Services Daemon
This page took 0.419589 seconds and 4 git commands to generate.