]> git.pld-linux.org Git - packages/sssd.git/blame - sssd-heimdal.patch
projects / packages / sssd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- updated gettext BR
[packages/sssd.git] / sssd-heimdal.patch
CommitLineData
dd3b701a
JB		 1diff --git a/src/external/krb5.m4 b/src/external/krb5.m4
2index 1a50bf1..54c5883 100644
3--- a/src/external/krb5.m4
4+++ b/src/external/krb5.m4
5@@ -37,8 +37,8 @@ SAVE_CFLAGS=$CFLAGS
6 SAVE_LIBS=$LIBS
7 CFLAGS="$CFLAGS $KRB5_CFLAGS"
8 LIBS="$LIBS $KRB5_LIBS"
9-AC_CHECK_HEADERS([krb5.h krb5/krb5.h])
10-AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [],
11+AC_CHECK_HEADERS([krb5.h krb5/krb5.h profile.h])
12+AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info, krb5_authdatatype], [], [],
13 [ #ifdef HAVE_KRB5_KRB5_H
14 #include <krb5/krb5.h>
15 #else
16@@ -46,6 +46,7 @@ AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [],
17 #endif
18 ])
19 AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \
20+ krb5_unparse_name_ext \
21 krb5_free_unparsed_name \
22 krb5_get_init_creds_opt_set_expire_callback \
23 krb5_get_init_creds_opt_set_fast_ccache_name \
24@@ -59,12 +60,33 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \
25 krb5_kt_free_entry \
26 krb5_princ_realm \
27 krb5_get_time_offsets \
28+ krb5_get_kdc_sec_offset \
29 krb5_principal_get_realm \
30 krb5_cc_cache_match \
31 krb5_timestamp_to_sfstring \
32 krb5_set_trace_callback \
33 krb5_find_authdata \
34- krb5_cc_get_full_name])
35+ krb5_cc_get_full_name \
36+ krb5_free_string \
37+ krb5_xfree])
38+
39+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H
40+ #include <krb5/krb5.h>
41+ #else
42+ #include <krb5.h>
43+ #endif
44+ ]],
45+ [[ krb5_get_init_creds_opt_set_canonicalize(NULL, 0); ]])],
46+ [AC_DEFINE([KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS], [2], [number of arguments])])
47+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H
48+ #include <krb5/krb5.h>
49+ #else
50+ #include <krb5.h>
51+ #endif
52+ ]],
53+ [[ krb5_get_init_creds_opt_set_canonicalize(NULL, NULL, 0); ]])],
54+ [AC_DEFINE([KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS], [3], [number of arguments])])
55+
56 CFLAGS=$SAVE_CFLAGS
57 LIBS=$SAVE_LIBS
58
59diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c
60index 725687d..586c7dd 100644
61--- a/src/krb5_plugin/sssd_krb5_locator_plugin.c
62+++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c
63@@ -340,6 +340,7 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data,
64 switch (socktype) {
65 case SOCK_STREAM:
66 case SOCK_DGRAM:
67+ case 0: /* any */
f74665dc 68 break;
dd3b701a
JB		 69 default:
70 return KRB5_PLUGIN_NO_HANDLE;
71@@ -374,7 +375,7 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data,
72 ai->ai_family, ai->ai_socktype));
73
74 if ((family == AF_UNSPEC || ai->ai_family == family) &&
75- ai->ai_socktype == socktype) {
76+ (ai->ai_socktype == socktype || socktype == 0)) {
77
78 ret = cbfunc(cbdata, socktype, ai->ai_addr);
79 if (ret != 0) {
38af2cc5
JB		 80--- sssd-1.11.6/src/providers/ad/ad_common.c.orig 2014-06-03 16:31:33.000000000 +0200
81+++ sssd-1.11.6/src/providers/ad/ad_common.c 2014-06-18 21:33:34.690734956 +0200
82@@ -536,7 +536,7 @@ errno_t
dd3b701a
JB		 83 ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
84 const char *primary_servers,
85 const char *backup_servers,
86- const char *krb5_realm,
87+ const char *krb5_realm_str,
88 const char *ad_service,
89 const char *ad_gc_service,
90 const char *ad_domain,
38af2cc5 91@@ -596,13 +596,13 @@ ad_failover_init(TALLOC_CTX *mem_ctx, st
dd3b701a
JB		 92 service->sdap->kinit_service_name = service->krb5_service->name;
93 service->gc->kinit_service_name = service->krb5_service->name;
94
95- if (!krb5_realm) {
96+ if (!krb5_realm_str) {
38af2cc5 97 DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm set\n");
dd3b701a
JB		 98 ret = EINVAL;
99 goto done;
100 }
101 service->krb5_service->realm =
102- talloc_strdup(service->krb5_service, krb5_realm);
103+ talloc_strdup(service->krb5_service, krb5_realm_str);
104 if (!service->krb5_service->realm) {
105 ret = ENOMEM;
106 goto done;
38af2cc5 107@@ -810,7 +810,7 @@ ad_set_ad_id_options(struct ad_options *
dd3b701a
JB		 108 struct sdap_options *id_opts)
109 {
110 errno_t ret;
111- char *krb5_realm;
112+ char *krb5_realm_str;
113 char *keytab_path;
114
115 /* We only support Kerberos password policy with AD, so
38af2cc5 116@@ -825,20 +825,20 @@ ad_set_ad_id_options(struct ad_options *
dd3b701a
JB		 117 }
118
119 /* Set the Kerberos Realm for GSSAPI */
120- krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
121- if (!krb5_realm) {
122+ krb5_realm_str = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
123+ if (!krb5_realm_str) {
124 /* Should be impossible, this is set in ad_get_common_options() */
38af2cc5 125 DEBUG(SSSDBG_FATAL_FAILURE, "No Kerberos realm\n");
dd3b701a
JB		 126 ret = EINVAL;
127 goto done;
128 }
129
130- ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm);
131+ ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm_str);
132 if (ret != EOK) goto done;
133 DEBUG(SSSDBG_CONF_SETTINGS,
38af2cc5 134 "Option %s set to %s\n",
dd3b701a 135 id_opts->basic[SDAP_KRB5_REALM].opt_name,
38af2cc5
JB		 136- krb5_realm);
137+ krb5_realm_str);
dd3b701a
JB		 138
139 keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB);
140 if (keytab_path) {
38af2cc5 141@@ -998,7 +998,7 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx,
dd3b701a
JB		 142 errno_t ret;
143 struct dp_option *krb5_options;
144 const char *ad_servers;
145- const char *krb5_realm;
146+ const char *krb5_realm_str;
147
148 TALLOC_CTX *tmp_ctx = talloc_new(NULL);
149 if (!tmp_ctx) return ENOMEM;
38af2cc5 150@@ -1025,8 +1025,8 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx,
dd3b701a
JB		 151
152 /* Set krb5 realm */
153 /* Set the Kerberos Realm for GSSAPI */
154- krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
155- if (!krb5_realm) {
156+ krb5_realm_str = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
157+ if (!krb5_realm_str) {
158 /* Should be impossible, this is set in ad_get_common_options() */
38af2cc5 159 DEBUG(SSSDBG_FATAL_FAILURE, "No Kerberos realm\n");
dd3b701a 160 ret = EINVAL;
38af2cc5 161@@ -1036,12 +1036,12 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx,
dd3b701a
JB		 162 /* Force the kerberos realm to match the AD_KRB5_REALM (which may have
163 * been upper-cased in ad_common_options()
164 */
165- ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm);
166+ ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm_str);
167 if (ret != EOK) goto done;
168 DEBUG(SSSDBG_CONF_SETTINGS,
38af2cc5 169 "Option %s set to %s\n",
dd3b701a 170 krb5_options[KRB5_REALM].opt_name,
38af2cc5
JB		 171- krb5_realm);
172+ krb5_realm_str);
dd3b701a
JB		 173
174 /* Set flag that controls whether we want to write the
175 * kdcinfo files at all
3278078b
JB		 176--- sssd-1.12.0/src/providers/krb5/krb5_child.c.orig 2014-07-09 19:44:02.000000000 +0200
177+++ sssd-1.12.0/src/providers/krb5/krb5_child.c 2014-07-15 22:14:25.585419861 +0200
38af2cc5
JB		 178@@ -117,7 +117,7 @@ static krb5_error_code set_lifetime_opti
179 return 0;
180 }
181
182-static void set_canonicalize_option(krb5_get_init_creds_opt *opts)
183+static void set_canonicalize_option(krb5_context ctx, krb5_get_init_creds_opt *opts)
184 {
185 int canonicalize = 0;
186 char *tmp_str;
3278078b 187@@ -128,23 +128,23 @@ static void set_canonicalize_option(krb5
dd3b701a 188 }
38af2cc5
JB		 189 DEBUG(SSSDBG_CONF_SETTINGS, "%s is set to [%s]\n",
190 SSSD_KRB5_CANONICALIZE, tmp_str ? tmp_str : "not set");
191- sss_krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize);
192+ sss_krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize);
193 }
dd3b701a 194
3278078b
JB		 195-static void set_changepw_options(krb5_get_init_creds_opt *options)
196+static void set_changepw_options(krb5_context ctx, krb5_get_init_creds_opt *options)
38af2cc5 197 {
dd3b701a
JB		 198- sss_krb5_get_init_creds_opt_set_canonicalize(options, 0);
199+ sss_krb5_get_init_creds_opt_set_canonicalize(ctx, options, 0);
200 krb5_get_init_creds_opt_set_forwardable(options, 0);
201 krb5_get_init_creds_opt_set_proxiable(options, 0);
202 krb5_get_init_creds_opt_set_renew_life(options, 0);
38af2cc5
JB		 203 krb5_get_init_creds_opt_set_tkt_life(options, 5*60);
204 }
205
206-static void revert_changepw_options(krb5_get_init_creds_opt *options)
207+static void revert_changepw_options(krb5_context ctx, krb5_get_init_creds_opt *options)
208 {
209 krb5_error_code kerr;
210
211- set_canonicalize_option(options);
212+ set_canonicalize_option(ctx, options);
213
214 /* Currently we do not set forwardable and proxiable explicitly, the flags
215 * must be removed so that libkrb5 can take the defaults from krb5.conf */
3278078b 216@@ -158,6 +158,7 @@ static void revert_changepw_options(krb5
dd3b701a
JB		 217 }
218
38af2cc5 219
dd3b701a
JB		 220+#ifdef HAVE_PAC_RESPONDER
221 static errno_t sss_send_pac(krb5_authdata **pac_authdata)
222 {
223 struct sss_cli_req_data sss_data;
3278078b 224@@ -177,6 +178,7 @@ static errno_t sss_send_pac(krb5_authdat
dd3b701a
JB		 225
226 return EOK;
227 }
228+#endif /* HAVE_PAC_RESPONDER */
229
230 static void sss_krb5_expire_callback_func(krb5_context context, void *data,
231 krb5_timestamp password_expiration,
3278078b 232@@ -468,7 +470,8 @@ static krb5_error_code create_empty_cred
dd3b701a
JB		 233 {
234 krb5_error_code kerr;
235 krb5_creds *cred = NULL;
236- krb5_data *krb5_realm;
237+ const char *realm_name;
238+ int realm_length;
239
240 cred = calloc(sizeof(krb5_creds), 1);
241 if (cred == NULL) {
3278078b 242@@ -482,12 +485,12 @@ static krb5_error_code create_empty_cred
dd3b701a
JB		 243 goto done;
244 }
245
246- krb5_realm = krb5_princ_realm(ctx, princ);
247+ sss_krb5_princ_realm(ctx, princ, &realm_name, &realm_length);
248
249 kerr = krb5_build_principal_ext(ctx, &cred->server,
250- krb5_realm->length, krb5_realm->data,
251+ realm_length, realm_name,
252 KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
253- krb5_realm->length, krb5_realm->data, 0);
254+ realm_length, realm_name, 0);
255 if (kerr != 0) {
38af2cc5 256 DEBUG(SSSDBG_CRIT_FAILURE, "krb5_build_principal_ext failed.\n");
dd3b701a 257 goto done;
3278078b 258@@ -746,7 +749,8 @@ static errno_t add_ticket_times_and_upn_
dd3b701a
JB		 259 goto done;
260 }
261
262- kerr = krb5_unparse_name_ext(kr->ctx, kr->creds->client, &upn, &upn_len);
263+ kerr = sss_krb5_unparse_name_ext(kr->ctx, kr->creds->client,
264+ &upn, &upn_len);
265 if (kerr != 0) {
38af2cc5 266 DEBUG(SSSDBG_OP_FAILURE, "krb5_unparse_name failed.\n");
dd3b701a 267 goto done;
3278078b 268@@ -754,7 +758,7 @@ static errno_t add_ticket_times_and_upn_
dd3b701a
JB		 269
270 ret = pam_add_response(kr->pd, SSS_KRB5_INFO_UPN, upn_len,
271 (uint8_t *) upn);
272- krb5_free_unparsed_name(kr->ctx, upn);
273+ sss_krb5_free_unparsed_name(kr->ctx, upn);
274 if (ret != EOK) {
38af2cc5 275 DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n");
dd3b701a 276 goto done;
3278078b 277@@ -776,7 +780,9 @@ static krb5_error_code validate_tgt(stru
dd3b701a
JB		 278 krb5_principal validation_princ = NULL;
279 bool realm_entry_found = false;
280 krb5_ccache validation_ccache = NULL;
281+#ifdef HAVE_PAC_RESPONDER
282 krb5_authdata **pac_authdata = NULL;
283+#endif
284
285 memset(&keytab, 0, sizeof(keytab));
286 kerr = krb5_kt_resolve(kr->ctx, kr->keytab, &keytab);
3278078b 287@@ -870,6 +876,7 @@ static krb5_error_code validate_tgt(stru
dd3b701a
JB		 288 goto done;
289 }
290
291+#ifdef HAVE_PAC_RESPONDER
292 /* Try to find and send the PAC to the PAC responder.
293 * Failures are not critical. */
294 if (kr->send_pac) {
3278078b 295@@ -892,6 +899,7 @@ static krb5_error_code validate_tgt(stru
dd3b701a 296 kerr = 0;
f74665dc 297 }
dd3b701a
JB		 298 }
299+#endif /* HAVE_PAC_RESPONDER */
300
301 done:
302 if (validation_ccache != NULL) {
3278078b 303@@ -927,7 +935,7 @@ static krb5_error_code get_and_save_tgt_
dd3b701a
JB		 304 krb5_get_init_creds_opt_set_address_list(&options, NULL);
305 krb5_get_init_creds_opt_set_forwardable(&options, 0);
306 krb5_get_init_creds_opt_set_proxiable(&options, 0);
38af2cc5
JB		 307- set_canonicalize_option(&options);
308+ set_canonicalize_option(ctx, &options);
f74665dc 309
dd3b701a
JB		 310 kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL,
311 &options);
3278078b
JB		 312@@ -1110,7 +1118,7 @@ static errno_t changepw_child(struct krb
313 prompter = sss_krb5_prompter;
314 }
315
316- set_changepw_options(kr->options);
317+ set_changepw_options(kr->ctx, kr->options);
318 sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length);
319
320 DEBUG(SSSDBG_TRACE_FUNC,
321@@ -1158,9 +1166,9 @@ static errno_t changepw_child(struct krb
dd3b701a
JB		 322
323 memset(&result_code_string, 0, sizeof(krb5_data));
324 memset(&result_string, 0, sizeof(krb5_data));
325- kerr = krb5_change_password(kr->ctx, kr->creds,
326- discard_const(newpassword), &result_code,
327- &result_code_string, &result_string);
328+ kerr = krb5_set_password(kr->ctx, kr->creds,
329+ discard_const(newpassword), NULL,
330+ &result_code, &result_code_string, &result_string);
331
332 if (kerr == KRB5_KDC_UNREACH) {
333 return ERR_NETWORK_IO;
3278078b 334@@ -1174,7 +1182,7 @@ static errno_t changepw_child(struct krb
dd3b701a 335 if (result_code_string.length > 0) {
38af2cc5
JB		 336 DEBUG(SSSDBG_CRIT_FAILURE,
337 "krb5_change_password failed [%d][%.*s].\n", result_code,
338- result_code_string.length, result_code_string.data);
339+ (int) result_code_string.length, (char *) result_code_string.data);
dd3b701a
JB		 340 user_error_message = talloc_strndup(kr->pd, result_code_string.data,
341 result_code_string.length);
342 if (user_error_message == NULL) {
3278078b 343@@ -1182,10 +1190,10 @@ static errno_t changepw_child(struct krb
dd3b701a 344 }
f74665dc 345 }
dd3b701a
JB		 346
347- if (result_string.length > 0 && result_string.data[0] != '\0') {
38af2cc5
JB		 348+ if (result_string.length > 0 && ((char *) result_string.data)[0] != '\0') {
349 DEBUG(SSSDBG_CRIT_FAILURE,
350 "krb5_change_password failed [%d][%.*s].\n", result_code,
351- result_string.length, result_string.data);
352+ (int) result_string.length, (char *) result_string.data);
dd3b701a
JB		 353 talloc_free(user_error_message);
354 user_error_message = talloc_strndup(kr->pd, result_string.data,
355 result_string.length);
3278078b 356@@ -1228,7 +1236,7 @@ static errno_t changepw_child(struct krb
38af2cc5
JB		 357
358 /* We changed some of the gic options for the password change, now we have
359 * to change them back to get a fresh TGT. */
360- revert_changepw_options(kr->options);
361+ revert_changepw_options(kr->ctx, kr->options);
362
363 kerr = get_and_save_tgt(kr, newpassword);
364
3278078b
JB		 365@@ -1288,7 +1296,7 @@ static errno_t tgt_req_child(struct krb5
366 "Failed to unset expire callback, continue ...\n");
367 }
368
369- set_changepw_options(kr->options);
370+ set_changepw_options(kr->ctx, kr->options);
371 kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ,
372 discard_const(password),
373 sss_krb5_prompter, kr, 0,
374@@ -1766,7 +1774,8 @@ static errno_t k5c_recv_data(struct krb5
38af2cc5 375 static int k5c_setup_fast(struct krb5_req *kr, bool demand)
f74665dc 376 {
dd3b701a
JB		 377 krb5_principal fast_princ_struct;
378- krb5_data *realm_data;
379+ const char *realm_name;
380+ int realm_length;
381 char *fast_principal_realm;
382 char *fast_principal;
f74665dc 383 krb5_error_code kerr;
3278078b 384@@ -1794,8 +1803,11 @@ static int k5c_setup_fast(struct krb5_re
dd3b701a
JB		 385 return KRB5KRB_ERR_GENERIC;
386 }
387 free(tmp_str);
388- realm_data = krb5_princ_realm(kr->ctx, fast_princ_struct);
389- fast_principal_realm = talloc_asprintf(kr, "%.*s", realm_data->length, realm_data->data);
390+ sss_krb5_princ_realm(kr->ctx, fast_princ_struct,
391+ &realm_name, &realm_length);
392+
393+ fast_principal_realm = talloc_asprintf(kr, "%.*s",
394+ realm_length, realm_name);
395 if (!fast_principal_realm) {
38af2cc5 396 DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
dd3b701a 397 return ENOMEM;
3278078b 398@@ -1929,7 +1941,7 @@ static int k5c_setup(struct krb5_req *kr
dd3b701a
JB		 399 }
400
401 if (!offline) {
38af2cc5
JB		 402- set_canonicalize_option(kr->options);
403+ set_canonicalize_option(kr->ctx, kr->options);
dd3b701a
JB		 404
405 use_fast_str = getenv(SSSD_KRB5_USE_FAST);
406 if (use_fast_str == NULL || strcasecmp(use_fast_str, "never") == 0) {
38af2cc5
JB		 407--- sssd-1.11.6/src/providers/krb5/krb5_common.c.orig 2014-06-03 16:31:33.000000000 +0200
408+++ sssd-1.11.6/src/providers/krb5/krb5_common.c 2014-06-18 22:23:18.480672769 +0200
dd3b701a
JB		 409@@ -33,7 +33,7 @@
410 #include "providers/krb5/krb5_opts.h"
411 #include "providers/krb5/krb5_utils.h"
412
413-#ifdef HAVE_KRB5_CC_COLLECTION
414+#ifdef HAVE_PROFILE_H
415 /* krb5 profile functions */
416 #include <profile.h>
417 #endif
418@@ -91,7 +91,7 @@ done:
419 return ret;
420 }
421
422-#ifdef HAVE_KRB5_CC_COLLECTION
423+#ifdef HAVE_PROFILE_H
424 /* source default_ccache_name from krb5.conf */
425 static errno_t sss_get_system_ccname_template(TALLOC_CTX *mem_ctx,
426 char **ccname)
38af2cc5 427@@ -912,7 +912,7 @@ errno_t krb5_install_offline_callback(st
dd3b701a
JB		 428 {
429 int ret;
430 struct remove_info_files_ctx *ctx;
431- const char *krb5_realm;
432+ const char *krb5_realm_str;
433
434 if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) {
38af2cc5
JB		 435 DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name!\n");
436@@ -925,14 +925,14 @@ errno_t krb5_install_offline_callback(st
dd3b701a
JB		 437 return ENOMEM;
438 }
439
440- krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
441- if (krb5_realm == NULL) {
442+ krb5_realm_str = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
443+ if (krb5_realm_str == NULL) {
38af2cc5 444 DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
dd3b701a
JB		 445 ret = EINVAL;
446 goto done;
447 }
448
449- ctx->realm = talloc_strdup(ctx, krb5_realm);
450+ ctx->realm = talloc_strdup(ctx, krb5_realm_str);
451 if (ctx->realm == NULL) {
38af2cc5 452 DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
dd3b701a 453 ret = ENOMEM;
38af2cc5 454@@ -967,19 +967,19 @@ done:
dd3b701a
JB		 455 errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
456 struct krb5_ctx *krb5_ctx)
457 {
458- const char *krb5_realm;
459+ const char *krb5_realm_str;
460 char *sig_realm;
461 struct tevent_signal *sige;
462
463 BlockSignals(false, SIGTERM);
464
465- krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
466- if (krb5_realm == NULL) {
467+ krb5_realm_str = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
468+ if (krb5_realm_str == NULL) {
38af2cc5 469 DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
dd3b701a
JB		 470 return EINVAL;
471 }
472
473- sig_realm = talloc_strdup(krb5_ctx, krb5_realm);
474+ sig_realm = talloc_strdup(krb5_ctx, krb5_realm_str);
475 if (sig_realm == NULL) {
38af2cc5 476 DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
dd3b701a 477 return ENOMEM;
38af2cc5
JB		 478--- sssd-1.11.6/src/providers/krb5/krb5_init.c.orig 2014-06-03 16:31:33.000000000 +0200
479+++ sssd-1.11.6/src/providers/krb5/krb5_init.c 2014-06-18 22:43:53.080647036 +0200
480@@ -64,7 +64,7 @@ int sssm_krb5_auth_init(struct be_ctx *b
dd3b701a
JB		 481 const char *krb5_backup_servers;
482 const char *krb5_kpasswd_servers;
483 const char *krb5_backup_kpasswd_servers;
484- const char *krb5_realm;
485+ const char *krb5_realm_str;
486 const char *errstr;
487 int errval;
488 int errpos;
38af2cc5 489@@ -103,15 +103,15 @@ int sssm_krb5_auth_init(struct be_ctx *b
dd3b701a
JB		 490 krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC);
491 krb5_backup_servers = dp_opt_get_string(ctx->opts, KRB5_BACKUP_KDC);
492
493- krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM);
494- if (krb5_realm == NULL) {
495+ krb5_realm_str = dp_opt_get_string(ctx->opts, KRB5_REALM);
496+ if (krb5_realm_str == NULL) {
38af2cc5 497 DEBUG(SSSDBG_FATAL_FAILURE, "Missing krb5_realm option!\n");
dd3b701a
JB		 498 return EINVAL;
499 }
500
501 ret = krb5_service_init(ctx, bectx,
502 SSS_KRB5KDC_FO_SRV, krb5_servers,
503- krb5_backup_servers, krb5_realm,
504+ krb5_backup_servers, krb5_realm_str,
505 dp_opt_get_bool(krb5_options->opts,
506 KRB5_USE_KDCINFO),
507 &ctx->service);
38af2cc5 508@@ -138,7 +138,7 @@ int sssm_krb5_auth_init(struct be_ctx *b
dd3b701a
JB		 509 } else {
510 ret = krb5_service_init(ctx, bectx,
511 SSS_KRB5KPASSWD_FO_SRV, krb5_kpasswd_servers,
512- krb5_backup_kpasswd_servers, krb5_realm,
513+ krb5_backup_kpasswd_servers, krb5_realm_str,
514 dp_opt_get_bool(krb5_options->opts,
515 KRB5_USE_KDCINFO),
516 &ctx->kpasswd_service);
38af2cc5
JB		 517--- sssd-1.11.6/src/providers/ldap/ldap_child.c.orig 2014-06-03 16:31:33.000000000 +0200
518+++ sssd-1.11.6/src/providers/ldap/ldap_child.c 2014-06-19 07:25:44.383327744 +0200
519@@ -97,7 +97,7 @@ static errno_t unpack_buffer(uint8_t *bu
dd3b701a
JB		 520
521 /* ticket lifetime */
522 SAFEALIGN_COPY_INT32_CHECK(&ibuf->lifetime, buf + p, size, &p);
38af2cc5
JB		 523- DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %d\n", ibuf->lifetime);
524+ DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %d\n", (int)ibuf->lifetime);
dd3b701a
JB		 525
526 return EOK;
527 }
38af2cc5
JB		 528@@ -310,7 +310,8 @@ static krb5_error_code ldap_child_get_tg
529 DEBUG(SSSDBG_CONF_SETTINGS, "Will canonicalize principals\n");
dd3b701a
JB		 530 canonicalize = 1;
531 }
532- sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize);
533+ sss_krb5_get_init_creds_opt_set_canonicalize(context,
534+ &options, canonicalize);
535
536 krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc,
537 keytab, 0, NULL, &options);
38af2cc5 538@@ -343,8 +344,7 @@ static krb5_error_code ldap_child_get_tg
dd3b701a 539 }
38af2cc5 540 DEBUG(SSSDBG_TRACE_INTERNAL, "credentials stored\n");
dd3b701a
JB		 541
542-#ifdef HAVE_KRB5_GET_TIME_OFFSETS
543- krberr = krb5_get_time_offsets(context, &kdc_time_offset,
544+ krberr = sss_krb5_get_time_offsets(context, &kdc_time_offset,
545 &kdc_time_offset_usec);
546 if (krberr) {
38af2cc5
JB		 547 DEBUG(SSSDBG_OP_FAILURE, "Failed to get KDC time offset: %s\n",
548@@ -356,10 +356,6 @@ static krb5_error_code ldap_child_get_tg
dd3b701a
JB		 549 }
550 }
38af2cc5 551 DEBUG(SSSDBG_TRACE_INTERNAL, "Got KDC time offset\n");
dd3b701a
JB		 552-#else
553- /* If we don't have this function, just assume no offset */
554- kdc_time_offset = 0;
555-#endif
f74665dc 556
557 krberr = 0;
558 *ccname_out = ccname;
38af2cc5
JB		 559--- sssd-1.11.6/src/providers/ldap/ldap_common.c.orig 2014-06-03 16:31:33.000000000 +0200
560+++ sssd-1.11.6/src/providers/ldap/ldap_common.c 2014-06-19 07:33:38.193317867 +0200
561@@ -1303,7 +1303,7 @@ done:
dd3b701a
JB		 562 static const char *
563 sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx)
564 {
565- char *krb5_realm = NULL;
566+ char *krb5_realm_str = NULL;
567 const char *realm = NULL;
568 krb5_error_code krberr;
569 krb5_context context = NULL;
38af2cc5 570@@ -1314,15 +1314,15 @@ sdap_gssapi_get_default_realm(TALLOC_CTX
dd3b701a
JB		 571 goto done;
572 }
f74665dc 573
dd3b701a
JB		 574- krberr = krb5_get_default_realm(context, &krb5_realm);
575+ krberr = krb5_get_default_realm(context, &krb5_realm_str);
576 if (krberr) {
38af2cc5
JB		 577 DEBUG(SSSDBG_OP_FAILURE, "Failed to get default realm name: %s\n",
578 sss_krb5_get_error_message(context, krberr));
dd3b701a
JB		 579 goto done;
580 }
581
582- realm = talloc_strdup(mem_ctx, krb5_realm);
583- krb5_free_default_realm(context, krb5_realm);
584+ realm = talloc_strdup(mem_ctx, krb5_realm_str);
585+ krb5_free_default_realm(context, krb5_realm_str);
586 if (!realm) {
38af2cc5 587 DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory\n");
dd3b701a 588 goto done;
38af2cc5 589@@ -1343,7 +1343,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx
dd3b701a
JB		 590 int ret;
591 const char *krb5_servers;
592 const char *krb5_backup_servers;
593- const char *krb5_realm;
594+ const char *krb5_realm_str;
595 const char *krb5_opt_realm;
596 struct krb5_service *service = NULL;
597 TALLOC_CTX *tmp_ctx;
38af2cc5 598@@ -1358,16 +1358,16 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx
dd3b701a 599 if (krb5_opt_realm == NULL) {
38af2cc5
JB		 600 DEBUG(SSSDBG_OP_FAILURE,
601 "Missing krb5_realm option, will use libkrb default\n");
dd3b701a
JB		 602- krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx);
603- if (krb5_realm == NULL) {
604+ krb5_realm_str = sdap_gssapi_get_default_realm(tmp_ctx);
605+ if (krb5_realm_str == NULL) {
38af2cc5
JB		 606 DEBUG(SSSDBG_FATAL_FAILURE,
607 "Cannot determine the Kerberos realm, aborting\n");
dd3b701a
JB		 608 ret = EIO;
609 goto done;
f74665dc 610 }
dd3b701a
JB		 611 } else {
612- krb5_realm = talloc_strdup(tmp_ctx, krb5_opt_realm);
613- if (krb5_realm == NULL) {
614+ krb5_realm_str = talloc_strdup(tmp_ctx, krb5_opt_realm);
615+ if (krb5_realm_str == NULL) {
616 ret = ENOMEM;
617 goto done;
f74665dc 618 }
38af2cc5 619@@ -1375,7 +1375,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx
f74665dc 620
dd3b701a
JB		 621 ret = krb5_service_init(mem_ctx, bectx,
622 SSS_KRB5KDC_FO_SRV, krb5_servers,
623- krb5_backup_servers, krb5_realm,
624+ krb5_backup_servers, krb5_realm_str,
625 dp_opt_get_bool(opts,
626 SDAP_KRB5_USE_KDCINFO),
627 &service);
38af2cc5 628@@ -1384,14 +1384,14 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx
dd3b701a
JB		 629 goto done;
630 }
631
632- ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm);
633+ ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm_str);
634 if (ret != EOK) {
38af2cc5 635 DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n");
dd3b701a
JB		 636 goto done;
637 }
638
639 ret = sdap_install_offline_callback(mem_ctx, bectx,
640- krb5_realm, SSS_KRB5KDC_FO_SRV);
641+ krb5_realm_str, SSS_KRB5KDC_FO_SRV);
642 if (ret != EOK) {
38af2cc5 643 DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n");
dd3b701a 644 goto done;
dd3b701a
JB		 645diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c
646index 0c6b68b..102827e 100644
647--- a/src/tests/krb5_child-test.c
648+++ b/src/tests/krb5_child-test.c
649@@ -290,17 +290,17 @@ child_done(struct tevent_req *req)
650 static void
651 printtime(krb5_timestamp ts)
652 {
653+#ifdef HAVE_KRB5_TIMESTAMP_TO_SFSTRING
654 krb5_error_code kret;
655 char timestring[BUFSIZ];
656 char fill = '\0';
657
658-#ifdef HAVE_KRB5_TIMESTAMP_TO_SFSTRING
659 kret = krb5_timestamp_to_sfstring(ts, timestring, BUFSIZ, &fill);
660 if (kret) {
661 KRB5_CHILD_TEST_DEBUG(SSSDBG_OP_FAILURE, kret);
662 }
663 printf("%s", timestring);
664-#else
665+#elif defined(HAVE_KRB5_FORMAT_TIME)
666 printf("%s", ctime(&ts));
667 #endif /* HAVE_KRB5_TIMESTAMP_TO_SFSTRING */
668 }
669@@ -333,8 +333,8 @@ print_creds(krb5_context kcontext, krb5_creds *cred, const char *defname)
670 }
f74665dc 671
672 done:
dd3b701a
JB		 673- krb5_free_unparsed_name(kcontext, name);
674- krb5_free_unparsed_name(kcontext, sname);
675+ sss_krb5_free_unparsed_name(kcontext, name);
676+ sss_krb5_free_unparsed_name(kcontext, sname);
677 }
678
679 static errno_t
680@@ -381,7 +381,7 @@ print_ccache(const char *cc)
681 ret = EOK;
682 done:
683 krb5_cc_close(kcontext, cache);
684- krb5_free_unparsed_name(kcontext, defname);
685+ sss_krb5_free_unparsed_name(kcontext, defname);
686 krb5_free_principal(kcontext, princ);
687 krb5_free_context(kcontext);
688 return ret;
689diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
690index f8a7e6f..a954d10 100644
691--- a/src/util/sss_krb5.c
692+++ b/src/util/sss_krb5.c
693@@ -535,7 +535,9 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context,
694
695 void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name)
696 {
697-#ifdef HAVE_KRB5_FREE_UNPARSED_NAME
698+#ifdef HAVE_KRB5_XFREE
699+ krb5_xfree(name);
700+#elif HAVE_KRB5_FREE_UNPARSED_NAME
701 krb5_free_unparsed_name(context, name);
702 #else
703 if (name != NULL) {
704@@ -545,6 +547,15 @@ void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name)
705 #endif
706 }
707
708+void KRB5_CALLCONV sss_krb5_free_string(krb5_context ctx, char *val)
709+{
710+/* TODO: ensure at least on is available in krb5.m4 */
711+#ifdef HAVE_KRB5_FREE_STRING
712+ krb5_free_string(ctx, val);
713+#elif HAVE_KRB5_XFREE
714+ (void) krb5_xfree(val);
715+#endif
716+}
717
718 krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_expire_callback(
719 krb5_context context,
720@@ -800,15 +811,16 @@ cleanup:
721 #endif /* HAVE_KRB5_UNPARSE_NAME_FLAGS */
722 }
723
724-void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts,
725+void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_context ctx,
726+ krb5_get_init_creds_opt *opts,
727 int canonicalize)
728 {
729- /* FIXME: The extra check for HAVE_KRB5_TICKET_TIMES is a workaround due to Heimdal
730- * defining krb5_get_init_creds_opt_set_canonicalize() with a different set of
731- * arguments. We should use a better configure check in the future.
732- */
733-#if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && defined(HAVE_KRB5_TICKET_TIMES)
734+#if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && \
735+ KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 2
736 krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize);
737+#elif defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && \
738+ KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 3
739+ (void) krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize);
740 #else
741 DEBUG(SSSDBG_OP_FAILURE, ("Kerberos principal canonicalization is not available!\n"));
742 #endif
743@@ -1063,10 +1075,51 @@ done:
744 KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
745 }
f74665dc 746 }
dd3b701a
JB		 747- krb5_free_string(ctx, tmp_ccname);
748+ sss_krb5_free_string(ctx, tmp_ccname);
749
750 return ret_ccname;
751 #else
752 return NULL;
753 #endif /* HAVE_KRB5_CC_COLLECTION */
754 }
755+
756+krb5_error_code KRB5_CALLCONV
757+sss_krb5_unparse_name_ext(krb5_context ctx,
758+ krb5_const_principal principal,
759+ char **name,
760+ unsigned int *len)
761+{
762+ krb5_error_code kerr;
763+
764+#ifdef HAVE_KRB5_UNPARSE_NAME_EXT
765+ kerr = krb5_unparse_name_ext(ctx, principal, name, len);
766+#else
767+ kerr = krb5_unparse_name(ctx, principal, name);
768+ if (kerr == 0 && *name)
769+ *len = strlen(*name);
770+#endif /* HAVE_KRB5_UNPARSE_NAME_EXT */
771+
772+ return kerr;
773+}
774+
775+krb5_error_code KRB5_CALLCONV
776+sss_krb5_get_time_offsets(krb5_context ctx,
777+ krb5_timestamp *seconds,
778+ int32_t *microseconds)
779+{
780+#if defined(HAVE_KRB5_GET_TIME_OFFSETS)
781+ return krb5_get_time_offsets(ctx, seconds, microseconds);
782+#elif defined(HAVE_KRB5_GET_KDC_SEC_OFFSET)
783+ int32_t _seconds;
784+ krb5_error_code ret;
785+
786+ ret = krb5_get_kdc_sec_offset(ctx, &_seconds, microseconds);
787+ *seconds = _seconds;
788+ return ret;
789+#else
790+ (void) ctx;
791+ *seconds = 0;
792+ *microseconds = 0;
793+ return 0;
794+#endif
795+}
796diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
797index db47e0a..c7b9a69 100644
798--- a/src/util/sss_krb5.h
799+++ b/src/util/sss_krb5.h
800@@ -70,6 +70,8 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context,
801
802 void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name);
803
804+void KRB5_CALLCONV sss_krb5_free_string(krb5_context ctx, char *val);
805+
806 int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name,
807 krb5_context context, krb5_keytab keytab);
808
809@@ -136,7 +138,8 @@ krb5_error_code
810 sss_krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal,
811 int flags, char **name);
812
813-void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts,
814+void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_context ctx,
815+ krb5_get_init_creds_opt *opts,
816 int canonicalize);
817
818 enum sss_krb5_cc_type {
819@@ -167,6 +170,10 @@ typedef krb5_times sss_krb5_ticket_times;
820 /* Redirect libkrb5 tracing towards our DEBUG statements */
821 errno_t sss_child_set_krb5_tracing(krb5_context ctx);
822
823+#ifndef HAVE_KRB5_AUTHDATATYPE
824+typedef int32_t krb5_authdatatype;
825+#endif
826+
827 krb5_error_code sss_krb5_find_authdata(krb5_context context,
828 krb5_authdata *const *ticket_authdata,
829 krb5_authdata *const *ap_req_authdata,
830@@ -184,4 +191,14 @@ char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx,
831 krb5_context ctx,
832 krb5_principal principal,
833 const char *location);
834+
835+krb5_error_code KRB5_CALLCONV
836+sss_krb5_unparse_name_ext(krb5_context ctx,
837+ krb5_const_principal principal,
838+ char **name,
839+ unsigned int *len);
840+krb5_error_code KRB5_CALLCONV
841+sss_krb5_get_time_offsets(krb5_context ctx,
842+ krb5_timestamp *seconds,
843+ int32_t *microseconds);
844 #endif /* __SSS_KRB5_H__ */
bf8e7304
JB		 845#--- sssd-1.11.4/src/external/pac_responder.m4.orig 2014-02-17 19:55:32.000000000 +0100
846#+++ sssd-1.11.4/src/external/pac_responder.m4 2014-03-22 17:59:50.707675270 +0100
847#@@ -21,7 +21,8 @@
848# Kerberos\ 5\ release\ 1.9* | \
849# Kerberos\ 5\ release\ 1.10* | \
850# Kerberos\ 5\ release\ 1.11* | \
851#- Kerberos\ 5\ release\ 1.12*)
852#+ Kerberos\ 5\ release\ 1.12* | \
853#+ heimdal\ *)
854# krb5_version_ok=yes
855# AC_MSG_RESULT([yes])
856# ;;
System Security Services Daemon
This page took 0.174701 seconds and 4 git commands to generate.