]>
Commit | Line | Data |
---|---|---|
dd3b701a JB |
1 | diff --git a/src/external/krb5.m4 b/src/external/krb5.m4 |
2 | index 1a50bf1..54c5883 100644 | |
3 | --- a/src/external/krb5.m4 | |
4 | +++ b/src/external/krb5.m4 | |
5 | @@ -37,8 +37,8 @@ SAVE_CFLAGS=$CFLAGS | |
6 | SAVE_LIBS=$LIBS | |
7 | CFLAGS="$CFLAGS $KRB5_CFLAGS" | |
8 | LIBS="$LIBS $KRB5_LIBS" | |
9 | -AC_CHECK_HEADERS([krb5.h krb5/krb5.h]) | |
10 | -AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [], | |
11 | +AC_CHECK_HEADERS([krb5.h krb5/krb5.h profile.h]) | |
12 | +AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info, krb5_authdatatype], [], [], | |
13 | [ #ifdef HAVE_KRB5_KRB5_H | |
14 | #include <krb5/krb5.h> | |
15 | #else | |
16 | @@ -46,6 +46,7 @@ AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [], | |
17 | #endif | |
18 | ]) | |
19 | AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \ | |
20 | + krb5_unparse_name_ext \ | |
21 | krb5_free_unparsed_name \ | |
22 | krb5_get_init_creds_opt_set_expire_callback \ | |
23 | krb5_get_init_creds_opt_set_fast_ccache_name \ | |
24 | @@ -59,12 +60,33 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \ | |
25 | krb5_kt_free_entry \ | |
26 | krb5_princ_realm \ | |
27 | krb5_get_time_offsets \ | |
28 | + krb5_get_kdc_sec_offset \ | |
29 | krb5_principal_get_realm \ | |
30 | krb5_cc_cache_match \ | |
31 | krb5_timestamp_to_sfstring \ | |
32 | krb5_set_trace_callback \ | |
33 | krb5_find_authdata \ | |
34 | - krb5_cc_get_full_name]) | |
35 | + krb5_cc_get_full_name \ | |
36 | + krb5_free_string \ | |
37 | + krb5_xfree]) | |
38 | + | |
39 | +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H | |
40 | + #include <krb5/krb5.h> | |
41 | + #else | |
42 | + #include <krb5.h> | |
43 | + #endif | |
44 | + ]], | |
45 | + [[ krb5_get_init_creds_opt_set_canonicalize(NULL, 0); ]])], | |
46 | + [AC_DEFINE([KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS], [2], [number of arguments])]) | |
47 | +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H | |
48 | + #include <krb5/krb5.h> | |
49 | + #else | |
50 | + #include <krb5.h> | |
51 | + #endif | |
52 | + ]], | |
53 | + [[ krb5_get_init_creds_opt_set_canonicalize(NULL, NULL, 0); ]])], | |
54 | + [AC_DEFINE([KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS], [3], [number of arguments])]) | |
55 | + | |
56 | CFLAGS=$SAVE_CFLAGS | |
57 | LIBS=$SAVE_LIBS | |
58 | ||
59 | diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c | |
60 | index 725687d..586c7dd 100644 | |
61 | --- a/src/krb5_plugin/sssd_krb5_locator_plugin.c | |
62 | +++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c | |
63 | @@ -340,6 +340,7 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data, | |
64 | switch (socktype) { | |
65 | case SOCK_STREAM: | |
66 | case SOCK_DGRAM: | |
67 | + case 0: /* any */ | |
f74665dc | 68 | break; |
dd3b701a JB |
69 | default: |
70 | return KRB5_PLUGIN_NO_HANDLE; | |
71 | @@ -374,7 +375,7 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data, | |
72 | ai->ai_family, ai->ai_socktype)); | |
73 | ||
74 | if ((family == AF_UNSPEC || ai->ai_family == family) && | |
75 | - ai->ai_socktype == socktype) { | |
76 | + (ai->ai_socktype == socktype || socktype == 0)) { | |
77 | ||
78 | ret = cbfunc(cbdata, socktype, ai->ai_addr); | |
79 | if (ret != 0) { | |
38af2cc5 JB |
80 | --- sssd-1.11.6/src/providers/ad/ad_common.c.orig 2014-06-03 16:31:33.000000000 +0200 |
81 | +++ sssd-1.11.6/src/providers/ad/ad_common.c 2014-06-18 21:33:34.690734956 +0200 | |
82 | @@ -536,7 +536,7 @@ errno_t | |
dd3b701a JB |
83 | ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, |
84 | const char *primary_servers, | |
85 | const char *backup_servers, | |
86 | - const char *krb5_realm, | |
87 | + const char *krb5_realm_str, | |
88 | const char *ad_service, | |
89 | const char *ad_gc_service, | |
90 | const char *ad_domain, | |
38af2cc5 | 91 | @@ -596,13 +596,13 @@ ad_failover_init(TALLOC_CTX *mem_ctx, st |
dd3b701a JB |
92 | service->sdap->kinit_service_name = service->krb5_service->name; |
93 | service->gc->kinit_service_name = service->krb5_service->name; | |
94 | ||
95 | - if (!krb5_realm) { | |
96 | + if (!krb5_realm_str) { | |
38af2cc5 | 97 | DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm set\n"); |
dd3b701a JB |
98 | ret = EINVAL; |
99 | goto done; | |
100 | } | |
101 | service->krb5_service->realm = | |
102 | - talloc_strdup(service->krb5_service, krb5_realm); | |
103 | + talloc_strdup(service->krb5_service, krb5_realm_str); | |
104 | if (!service->krb5_service->realm) { | |
105 | ret = ENOMEM; | |
106 | goto done; | |
38af2cc5 | 107 | @@ -810,7 +810,7 @@ ad_set_ad_id_options(struct ad_options * |
dd3b701a JB |
108 | struct sdap_options *id_opts) |
109 | { | |
110 | errno_t ret; | |
111 | - char *krb5_realm; | |
112 | + char *krb5_realm_str; | |
113 | char *keytab_path; | |
114 | ||
115 | /* We only support Kerberos password policy with AD, so | |
38af2cc5 | 116 | @@ -825,20 +825,20 @@ ad_set_ad_id_options(struct ad_options * |
dd3b701a JB |
117 | } |
118 | ||
119 | /* Set the Kerberos Realm for GSSAPI */ | |
120 | - krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); | |
121 | - if (!krb5_realm) { | |
122 | + krb5_realm_str = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); | |
123 | + if (!krb5_realm_str) { | |
124 | /* Should be impossible, this is set in ad_get_common_options() */ | |
38af2cc5 | 125 | DEBUG(SSSDBG_FATAL_FAILURE, "No Kerberos realm\n"); |
dd3b701a JB |
126 | ret = EINVAL; |
127 | goto done; | |
128 | } | |
129 | ||
130 | - ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm); | |
131 | + ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm_str); | |
132 | if (ret != EOK) goto done; | |
133 | DEBUG(SSSDBG_CONF_SETTINGS, | |
38af2cc5 | 134 | "Option %s set to %s\n", |
dd3b701a | 135 | id_opts->basic[SDAP_KRB5_REALM].opt_name, |
38af2cc5 JB |
136 | - krb5_realm); |
137 | + krb5_realm_str); | |
dd3b701a JB |
138 | |
139 | keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB); | |
140 | if (keytab_path) { | |
38af2cc5 | 141 | @@ -998,7 +998,7 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx, |
dd3b701a JB |
142 | errno_t ret; |
143 | struct dp_option *krb5_options; | |
144 | const char *ad_servers; | |
145 | - const char *krb5_realm; | |
146 | + const char *krb5_realm_str; | |
147 | ||
148 | TALLOC_CTX *tmp_ctx = talloc_new(NULL); | |
149 | if (!tmp_ctx) return ENOMEM; | |
38af2cc5 | 150 | @@ -1025,8 +1025,8 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx, |
dd3b701a JB |
151 | |
152 | /* Set krb5 realm */ | |
153 | /* Set the Kerberos Realm for GSSAPI */ | |
154 | - krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); | |
155 | - if (!krb5_realm) { | |
156 | + krb5_realm_str = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); | |
157 | + if (!krb5_realm_str) { | |
158 | /* Should be impossible, this is set in ad_get_common_options() */ | |
38af2cc5 | 159 | DEBUG(SSSDBG_FATAL_FAILURE, "No Kerberos realm\n"); |
dd3b701a | 160 | ret = EINVAL; |
38af2cc5 | 161 | @@ -1036,12 +1036,12 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx, |
dd3b701a JB |
162 | /* Force the kerberos realm to match the AD_KRB5_REALM (which may have |
163 | * been upper-cased in ad_common_options() | |
164 | */ | |
165 | - ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm); | |
166 | + ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm_str); | |
167 | if (ret != EOK) goto done; | |
168 | DEBUG(SSSDBG_CONF_SETTINGS, | |
38af2cc5 | 169 | "Option %s set to %s\n", |
dd3b701a | 170 | krb5_options[KRB5_REALM].opt_name, |
38af2cc5 JB |
171 | - krb5_realm); |
172 | + krb5_realm_str); | |
dd3b701a JB |
173 | |
174 | /* Set flag that controls whether we want to write the | |
175 | * kdcinfo files at all | |
3278078b JB |
176 | --- sssd-1.12.0/src/providers/krb5/krb5_child.c.orig 2014-07-09 19:44:02.000000000 +0200 |
177 | +++ sssd-1.12.0/src/providers/krb5/krb5_child.c 2014-07-15 22:14:25.585419861 +0200 | |
38af2cc5 JB |
178 | @@ -117,7 +117,7 @@ static krb5_error_code set_lifetime_opti |
179 | return 0; | |
180 | } | |
181 | ||
182 | -static void set_canonicalize_option(krb5_get_init_creds_opt *opts) | |
183 | +static void set_canonicalize_option(krb5_context ctx, krb5_get_init_creds_opt *opts) | |
184 | { | |
185 | int canonicalize = 0; | |
186 | char *tmp_str; | |
3278078b | 187 | @@ -128,23 +128,23 @@ static void set_canonicalize_option(krb5 |
dd3b701a | 188 | } |
38af2cc5 JB |
189 | DEBUG(SSSDBG_CONF_SETTINGS, "%s is set to [%s]\n", |
190 | SSSD_KRB5_CANONICALIZE, tmp_str ? tmp_str : "not set"); | |
191 | - sss_krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize); | |
192 | + sss_krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize); | |
193 | } | |
dd3b701a | 194 | |
3278078b JB |
195 | -static void set_changepw_options(krb5_get_init_creds_opt *options) |
196 | +static void set_changepw_options(krb5_context ctx, krb5_get_init_creds_opt *options) | |
38af2cc5 | 197 | { |
dd3b701a JB |
198 | - sss_krb5_get_init_creds_opt_set_canonicalize(options, 0); |
199 | + sss_krb5_get_init_creds_opt_set_canonicalize(ctx, options, 0); | |
200 | krb5_get_init_creds_opt_set_forwardable(options, 0); | |
201 | krb5_get_init_creds_opt_set_proxiable(options, 0); | |
202 | krb5_get_init_creds_opt_set_renew_life(options, 0); | |
38af2cc5 JB |
203 | krb5_get_init_creds_opt_set_tkt_life(options, 5*60); |
204 | } | |
205 | ||
206 | -static void revert_changepw_options(krb5_get_init_creds_opt *options) | |
207 | +static void revert_changepw_options(krb5_context ctx, krb5_get_init_creds_opt *options) | |
208 | { | |
209 | krb5_error_code kerr; | |
210 | ||
211 | - set_canonicalize_option(options); | |
212 | + set_canonicalize_option(ctx, options); | |
213 | ||
214 | /* Currently we do not set forwardable and proxiable explicitly, the flags | |
215 | * must be removed so that libkrb5 can take the defaults from krb5.conf */ | |
3278078b | 216 | @@ -158,6 +158,7 @@ static void revert_changepw_options(krb5 |
dd3b701a JB |
217 | } |
218 | ||
38af2cc5 | 219 | |
dd3b701a JB |
220 | +#ifdef HAVE_PAC_RESPONDER |
221 | static errno_t sss_send_pac(krb5_authdata **pac_authdata) | |
222 | { | |
223 | struct sss_cli_req_data sss_data; | |
3278078b | 224 | @@ -177,6 +178,7 @@ static errno_t sss_send_pac(krb5_authdat |
dd3b701a JB |
225 | |
226 | return EOK; | |
227 | } | |
228 | +#endif /* HAVE_PAC_RESPONDER */ | |
229 | ||
230 | static void sss_krb5_expire_callback_func(krb5_context context, void *data, | |
231 | krb5_timestamp password_expiration, | |
3278078b | 232 | @@ -468,7 +470,8 @@ static krb5_error_code create_empty_cred |
dd3b701a JB |
233 | { |
234 | krb5_error_code kerr; | |
235 | krb5_creds *cred = NULL; | |
236 | - krb5_data *krb5_realm; | |
237 | + const char *realm_name; | |
238 | + int realm_length; | |
239 | ||
240 | cred = calloc(sizeof(krb5_creds), 1); | |
241 | if (cred == NULL) { | |
3278078b | 242 | @@ -482,12 +485,12 @@ static krb5_error_code create_empty_cred |
dd3b701a JB |
243 | goto done; |
244 | } | |
245 | ||
246 | - krb5_realm = krb5_princ_realm(ctx, princ); | |
247 | + sss_krb5_princ_realm(ctx, princ, &realm_name, &realm_length); | |
248 | ||
249 | kerr = krb5_build_principal_ext(ctx, &cred->server, | |
250 | - krb5_realm->length, krb5_realm->data, | |
251 | + realm_length, realm_name, | |
252 | KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, | |
253 | - krb5_realm->length, krb5_realm->data, 0); | |
254 | + realm_length, realm_name, 0); | |
255 | if (kerr != 0) { | |
38af2cc5 | 256 | DEBUG(SSSDBG_CRIT_FAILURE, "krb5_build_principal_ext failed.\n"); |
dd3b701a | 257 | goto done; |
3278078b | 258 | @@ -746,7 +749,8 @@ static errno_t add_ticket_times_and_upn_ |
dd3b701a JB |
259 | goto done; |
260 | } | |
261 | ||
262 | - kerr = krb5_unparse_name_ext(kr->ctx, kr->creds->client, &upn, &upn_len); | |
263 | + kerr = sss_krb5_unparse_name_ext(kr->ctx, kr->creds->client, | |
264 | + &upn, &upn_len); | |
265 | if (kerr != 0) { | |
38af2cc5 | 266 | DEBUG(SSSDBG_OP_FAILURE, "krb5_unparse_name failed.\n"); |
dd3b701a | 267 | goto done; |
3278078b | 268 | @@ -754,7 +758,7 @@ static errno_t add_ticket_times_and_upn_ |
dd3b701a JB |
269 | |
270 | ret = pam_add_response(kr->pd, SSS_KRB5_INFO_UPN, upn_len, | |
271 | (uint8_t *) upn); | |
272 | - krb5_free_unparsed_name(kr->ctx, upn); | |
273 | + sss_krb5_free_unparsed_name(kr->ctx, upn); | |
274 | if (ret != EOK) { | |
38af2cc5 | 275 | DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n"); |
dd3b701a | 276 | goto done; |
3278078b | 277 | @@ -776,7 +780,9 @@ static krb5_error_code validate_tgt(stru |
dd3b701a JB |
278 | krb5_principal validation_princ = NULL; |
279 | bool realm_entry_found = false; | |
280 | krb5_ccache validation_ccache = NULL; | |
281 | +#ifdef HAVE_PAC_RESPONDER | |
282 | krb5_authdata **pac_authdata = NULL; | |
283 | +#endif | |
284 | ||
285 | memset(&keytab, 0, sizeof(keytab)); | |
286 | kerr = krb5_kt_resolve(kr->ctx, kr->keytab, &keytab); | |
3278078b | 287 | @@ -870,6 +876,7 @@ static krb5_error_code validate_tgt(stru |
dd3b701a JB |
288 | goto done; |
289 | } | |
290 | ||
291 | +#ifdef HAVE_PAC_RESPONDER | |
292 | /* Try to find and send the PAC to the PAC responder. | |
293 | * Failures are not critical. */ | |
294 | if (kr->send_pac) { | |
3278078b | 295 | @@ -892,6 +899,7 @@ static krb5_error_code validate_tgt(stru |
dd3b701a | 296 | kerr = 0; |
f74665dc | 297 | } |
dd3b701a JB |
298 | } |
299 | +#endif /* HAVE_PAC_RESPONDER */ | |
300 | ||
301 | done: | |
302 | if (validation_ccache != NULL) { | |
3278078b | 303 | @@ -927,7 +935,7 @@ static krb5_error_code get_and_save_tgt_ |
dd3b701a JB |
304 | krb5_get_init_creds_opt_set_address_list(&options, NULL); |
305 | krb5_get_init_creds_opt_set_forwardable(&options, 0); | |
306 | krb5_get_init_creds_opt_set_proxiable(&options, 0); | |
38af2cc5 JB |
307 | - set_canonicalize_option(&options); |
308 | + set_canonicalize_option(ctx, &options); | |
f74665dc | 309 | |
dd3b701a JB |
310 | kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL, |
311 | &options); | |
3278078b JB |
312 | @@ -1110,7 +1118,7 @@ static errno_t changepw_child(struct krb |
313 | prompter = sss_krb5_prompter; | |
314 | } | |
315 | ||
316 | - set_changepw_options(kr->options); | |
317 | + set_changepw_options(kr->ctx, kr->options); | |
318 | sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length); | |
319 | ||
320 | DEBUG(SSSDBG_TRACE_FUNC, | |
321 | @@ -1158,9 +1166,9 @@ static errno_t changepw_child(struct krb | |
dd3b701a JB |
322 | |
323 | memset(&result_code_string, 0, sizeof(krb5_data)); | |
324 | memset(&result_string, 0, sizeof(krb5_data)); | |
325 | - kerr = krb5_change_password(kr->ctx, kr->creds, | |
326 | - discard_const(newpassword), &result_code, | |
327 | - &result_code_string, &result_string); | |
328 | + kerr = krb5_set_password(kr->ctx, kr->creds, | |
329 | + discard_const(newpassword), NULL, | |
330 | + &result_code, &result_code_string, &result_string); | |
331 | ||
332 | if (kerr == KRB5_KDC_UNREACH) { | |
333 | return ERR_NETWORK_IO; | |
3278078b | 334 | @@ -1174,7 +1182,7 @@ static errno_t changepw_child(struct krb |
dd3b701a | 335 | if (result_code_string.length > 0) { |
38af2cc5 JB |
336 | DEBUG(SSSDBG_CRIT_FAILURE, |
337 | "krb5_change_password failed [%d][%.*s].\n", result_code, | |
338 | - result_code_string.length, result_code_string.data); | |
339 | + (int) result_code_string.length, (char *) result_code_string.data); | |
dd3b701a JB |
340 | user_error_message = talloc_strndup(kr->pd, result_code_string.data, |
341 | result_code_string.length); | |
342 | if (user_error_message == NULL) { | |
3278078b | 343 | @@ -1182,10 +1190,10 @@ static errno_t changepw_child(struct krb |
dd3b701a | 344 | } |
f74665dc | 345 | } |
dd3b701a JB |
346 | |
347 | - if (result_string.length > 0 && result_string.data[0] != '\0') { | |
38af2cc5 JB |
348 | + if (result_string.length > 0 && ((char *) result_string.data)[0] != '\0') { |
349 | DEBUG(SSSDBG_CRIT_FAILURE, | |
350 | "krb5_change_password failed [%d][%.*s].\n", result_code, | |
351 | - result_string.length, result_string.data); | |
352 | + (int) result_string.length, (char *) result_string.data); | |
dd3b701a JB |
353 | talloc_free(user_error_message); |
354 | user_error_message = talloc_strndup(kr->pd, result_string.data, | |
355 | result_string.length); | |
3278078b | 356 | @@ -1228,7 +1236,7 @@ static errno_t changepw_child(struct krb |
38af2cc5 JB |
357 | |
358 | /* We changed some of the gic options for the password change, now we have | |
359 | * to change them back to get a fresh TGT. */ | |
360 | - revert_changepw_options(kr->options); | |
361 | + revert_changepw_options(kr->ctx, kr->options); | |
362 | ||
363 | kerr = get_and_save_tgt(kr, newpassword); | |
364 | ||
3278078b JB |
365 | @@ -1288,7 +1296,7 @@ static errno_t tgt_req_child(struct krb5 |
366 | "Failed to unset expire callback, continue ...\n"); | |
367 | } | |
368 | ||
369 | - set_changepw_options(kr->options); | |
370 | + set_changepw_options(kr->ctx, kr->options); | |
371 | kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, | |
372 | discard_const(password), | |
373 | sss_krb5_prompter, kr, 0, | |
374 | @@ -1766,7 +1774,8 @@ static errno_t k5c_recv_data(struct krb5 | |
38af2cc5 | 375 | static int k5c_setup_fast(struct krb5_req *kr, bool demand) |
f74665dc | 376 | { |
dd3b701a JB |
377 | krb5_principal fast_princ_struct; |
378 | - krb5_data *realm_data; | |
379 | + const char *realm_name; | |
380 | + int realm_length; | |
381 | char *fast_principal_realm; | |
382 | char *fast_principal; | |
f74665dc | 383 | krb5_error_code kerr; |
3278078b | 384 | @@ -1794,8 +1803,11 @@ static int k5c_setup_fast(struct krb5_re |
dd3b701a JB |
385 | return KRB5KRB_ERR_GENERIC; |
386 | } | |
387 | free(tmp_str); | |
388 | - realm_data = krb5_princ_realm(kr->ctx, fast_princ_struct); | |
389 | - fast_principal_realm = talloc_asprintf(kr, "%.*s", realm_data->length, realm_data->data); | |
390 | + sss_krb5_princ_realm(kr->ctx, fast_princ_struct, | |
391 | + &realm_name, &realm_length); | |
392 | + | |
393 | + fast_principal_realm = talloc_asprintf(kr, "%.*s", | |
394 | + realm_length, realm_name); | |
395 | if (!fast_principal_realm) { | |
38af2cc5 | 396 | DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); |
dd3b701a | 397 | return ENOMEM; |
3278078b | 398 | @@ -1929,7 +1941,7 @@ static int k5c_setup(struct krb5_req *kr |
dd3b701a JB |
399 | } |
400 | ||
401 | if (!offline) { | |
38af2cc5 JB |
402 | - set_canonicalize_option(kr->options); |
403 | + set_canonicalize_option(kr->ctx, kr->options); | |
dd3b701a JB |
404 | |
405 | use_fast_str = getenv(SSSD_KRB5_USE_FAST); | |
406 | if (use_fast_str == NULL || strcasecmp(use_fast_str, "never") == 0) { | |
38af2cc5 JB |
407 | --- sssd-1.11.6/src/providers/krb5/krb5_common.c.orig 2014-06-03 16:31:33.000000000 +0200 |
408 | +++ sssd-1.11.6/src/providers/krb5/krb5_common.c 2014-06-18 22:23:18.480672769 +0200 | |
dd3b701a JB |
409 | @@ -33,7 +33,7 @@ |
410 | #include "providers/krb5/krb5_opts.h" | |
411 | #include "providers/krb5/krb5_utils.h" | |
412 | ||
413 | -#ifdef HAVE_KRB5_CC_COLLECTION | |
414 | +#ifdef HAVE_PROFILE_H | |
415 | /* krb5 profile functions */ | |
416 | #include <profile.h> | |
417 | #endif | |
418 | @@ -91,7 +91,7 @@ done: | |
419 | return ret; | |
420 | } | |
421 | ||
422 | -#ifdef HAVE_KRB5_CC_COLLECTION | |
423 | +#ifdef HAVE_PROFILE_H | |
424 | /* source default_ccache_name from krb5.conf */ | |
425 | static errno_t sss_get_system_ccname_template(TALLOC_CTX *mem_ctx, | |
426 | char **ccname) | |
38af2cc5 | 427 | @@ -912,7 +912,7 @@ errno_t krb5_install_offline_callback(st |
dd3b701a JB |
428 | { |
429 | int ret; | |
430 | struct remove_info_files_ctx *ctx; | |
431 | - const char *krb5_realm; | |
432 | + const char *krb5_realm_str; | |
433 | ||
434 | if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) { | |
38af2cc5 JB |
435 | DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name!\n"); |
436 | @@ -925,14 +925,14 @@ errno_t krb5_install_offline_callback(st | |
dd3b701a JB |
437 | return ENOMEM; |
438 | } | |
439 | ||
440 | - krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); | |
441 | - if (krb5_realm == NULL) { | |
442 | + krb5_realm_str = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); | |
443 | + if (krb5_realm_str == NULL) { | |
38af2cc5 | 444 | DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n"); |
dd3b701a JB |
445 | ret = EINVAL; |
446 | goto done; | |
447 | } | |
448 | ||
449 | - ctx->realm = talloc_strdup(ctx, krb5_realm); | |
450 | + ctx->realm = talloc_strdup(ctx, krb5_realm_str); | |
451 | if (ctx->realm == NULL) { | |
38af2cc5 | 452 | DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); |
dd3b701a | 453 | ret = ENOMEM; |
38af2cc5 | 454 | @@ -967,19 +967,19 @@ done: |
dd3b701a JB |
455 | errno_t krb5_install_sigterm_handler(struct tevent_context *ev, |
456 | struct krb5_ctx *krb5_ctx) | |
457 | { | |
458 | - const char *krb5_realm; | |
459 | + const char *krb5_realm_str; | |
460 | char *sig_realm; | |
461 | struct tevent_signal *sige; | |
462 | ||
463 | BlockSignals(false, SIGTERM); | |
464 | ||
465 | - krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); | |
466 | - if (krb5_realm == NULL) { | |
467 | + krb5_realm_str = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); | |
468 | + if (krb5_realm_str == NULL) { | |
38af2cc5 | 469 | DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n"); |
dd3b701a JB |
470 | return EINVAL; |
471 | } | |
472 | ||
473 | - sig_realm = talloc_strdup(krb5_ctx, krb5_realm); | |
474 | + sig_realm = talloc_strdup(krb5_ctx, krb5_realm_str); | |
475 | if (sig_realm == NULL) { | |
38af2cc5 | 476 | DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); |
dd3b701a | 477 | return ENOMEM; |
38af2cc5 JB |
478 | --- sssd-1.11.6/src/providers/krb5/krb5_init.c.orig 2014-06-03 16:31:33.000000000 +0200 |
479 | +++ sssd-1.11.6/src/providers/krb5/krb5_init.c 2014-06-18 22:43:53.080647036 +0200 | |
480 | @@ -64,7 +64,7 @@ int sssm_krb5_auth_init(struct be_ctx *b | |
dd3b701a JB |
481 | const char *krb5_backup_servers; |
482 | const char *krb5_kpasswd_servers; | |
483 | const char *krb5_backup_kpasswd_servers; | |
484 | - const char *krb5_realm; | |
485 | + const char *krb5_realm_str; | |
486 | const char *errstr; | |
487 | int errval; | |
488 | int errpos; | |
38af2cc5 | 489 | @@ -103,15 +103,15 @@ int sssm_krb5_auth_init(struct be_ctx *b |
dd3b701a JB |
490 | krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC); |
491 | krb5_backup_servers = dp_opt_get_string(ctx->opts, KRB5_BACKUP_KDC); | |
492 | ||
493 | - krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM); | |
494 | - if (krb5_realm == NULL) { | |
495 | + krb5_realm_str = dp_opt_get_string(ctx->opts, KRB5_REALM); | |
496 | + if (krb5_realm_str == NULL) { | |
38af2cc5 | 497 | DEBUG(SSSDBG_FATAL_FAILURE, "Missing krb5_realm option!\n"); |
dd3b701a JB |
498 | return EINVAL; |
499 | } | |
500 | ||
501 | ret = krb5_service_init(ctx, bectx, | |
502 | SSS_KRB5KDC_FO_SRV, krb5_servers, | |
503 | - krb5_backup_servers, krb5_realm, | |
504 | + krb5_backup_servers, krb5_realm_str, | |
505 | dp_opt_get_bool(krb5_options->opts, | |
506 | KRB5_USE_KDCINFO), | |
507 | &ctx->service); | |
38af2cc5 | 508 | @@ -138,7 +138,7 @@ int sssm_krb5_auth_init(struct be_ctx *b |
dd3b701a JB |
509 | } else { |
510 | ret = krb5_service_init(ctx, bectx, | |
511 | SSS_KRB5KPASSWD_FO_SRV, krb5_kpasswd_servers, | |
512 | - krb5_backup_kpasswd_servers, krb5_realm, | |
513 | + krb5_backup_kpasswd_servers, krb5_realm_str, | |
514 | dp_opt_get_bool(krb5_options->opts, | |
515 | KRB5_USE_KDCINFO), | |
516 | &ctx->kpasswd_service); | |
38af2cc5 JB |
517 | --- sssd-1.11.6/src/providers/ldap/ldap_child.c.orig 2014-06-03 16:31:33.000000000 +0200 |
518 | +++ sssd-1.11.6/src/providers/ldap/ldap_child.c 2014-06-19 07:25:44.383327744 +0200 | |
519 | @@ -97,7 +97,7 @@ static errno_t unpack_buffer(uint8_t *bu | |
dd3b701a JB |
520 | |
521 | /* ticket lifetime */ | |
522 | SAFEALIGN_COPY_INT32_CHECK(&ibuf->lifetime, buf + p, size, &p); | |
38af2cc5 JB |
523 | - DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %d\n", ibuf->lifetime); |
524 | + DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %d\n", (int)ibuf->lifetime); | |
dd3b701a JB |
525 | |
526 | return EOK; | |
527 | } | |
38af2cc5 JB |
528 | @@ -310,7 +310,8 @@ static krb5_error_code ldap_child_get_tg |
529 | DEBUG(SSSDBG_CONF_SETTINGS, "Will canonicalize principals\n"); | |
dd3b701a JB |
530 | canonicalize = 1; |
531 | } | |
532 | - sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize); | |
533 | + sss_krb5_get_init_creds_opt_set_canonicalize(context, | |
534 | + &options, canonicalize); | |
535 | ||
536 | krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc, | |
537 | keytab, 0, NULL, &options); | |
38af2cc5 | 538 | @@ -343,8 +344,7 @@ static krb5_error_code ldap_child_get_tg |
dd3b701a | 539 | } |
38af2cc5 | 540 | DEBUG(SSSDBG_TRACE_INTERNAL, "credentials stored\n"); |
dd3b701a JB |
541 | |
542 | -#ifdef HAVE_KRB5_GET_TIME_OFFSETS | |
543 | - krberr = krb5_get_time_offsets(context, &kdc_time_offset, | |
544 | + krberr = sss_krb5_get_time_offsets(context, &kdc_time_offset, | |
545 | &kdc_time_offset_usec); | |
546 | if (krberr) { | |
38af2cc5 JB |
547 | DEBUG(SSSDBG_OP_FAILURE, "Failed to get KDC time offset: %s\n", |
548 | @@ -356,10 +356,6 @@ static krb5_error_code ldap_child_get_tg | |
dd3b701a JB |
549 | } |
550 | } | |
38af2cc5 | 551 | DEBUG(SSSDBG_TRACE_INTERNAL, "Got KDC time offset\n"); |
dd3b701a JB |
552 | -#else |
553 | - /* If we don't have this function, just assume no offset */ | |
554 | - kdc_time_offset = 0; | |
555 | -#endif | |
f74665dc | 556 | |
557 | krberr = 0; | |
558 | *ccname_out = ccname; | |
38af2cc5 JB |
559 | --- sssd-1.11.6/src/providers/ldap/ldap_common.c.orig 2014-06-03 16:31:33.000000000 +0200 |
560 | +++ sssd-1.11.6/src/providers/ldap/ldap_common.c 2014-06-19 07:33:38.193317867 +0200 | |
561 | @@ -1303,7 +1303,7 @@ done: | |
dd3b701a JB |
562 | static const char * |
563 | sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) | |
564 | { | |
565 | - char *krb5_realm = NULL; | |
566 | + char *krb5_realm_str = NULL; | |
567 | const char *realm = NULL; | |
568 | krb5_error_code krberr; | |
569 | krb5_context context = NULL; | |
38af2cc5 | 570 | @@ -1314,15 +1314,15 @@ sdap_gssapi_get_default_realm(TALLOC_CTX |
dd3b701a JB |
571 | goto done; |
572 | } | |
f74665dc | 573 | |
dd3b701a JB |
574 | - krberr = krb5_get_default_realm(context, &krb5_realm); |
575 | + krberr = krb5_get_default_realm(context, &krb5_realm_str); | |
576 | if (krberr) { | |
38af2cc5 JB |
577 | DEBUG(SSSDBG_OP_FAILURE, "Failed to get default realm name: %s\n", |
578 | sss_krb5_get_error_message(context, krberr)); | |
dd3b701a JB |
579 | goto done; |
580 | } | |
581 | ||
582 | - realm = talloc_strdup(mem_ctx, krb5_realm); | |
583 | - krb5_free_default_realm(context, krb5_realm); | |
584 | + realm = talloc_strdup(mem_ctx, krb5_realm_str); | |
585 | + krb5_free_default_realm(context, krb5_realm_str); | |
586 | if (!realm) { | |
38af2cc5 | 587 | DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory\n"); |
dd3b701a | 588 | goto done; |
38af2cc5 | 589 | @@ -1343,7 +1343,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx |
dd3b701a JB |
590 | int ret; |
591 | const char *krb5_servers; | |
592 | const char *krb5_backup_servers; | |
593 | - const char *krb5_realm; | |
594 | + const char *krb5_realm_str; | |
595 | const char *krb5_opt_realm; | |
596 | struct krb5_service *service = NULL; | |
597 | TALLOC_CTX *tmp_ctx; | |
38af2cc5 | 598 | @@ -1358,16 +1358,16 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx |
dd3b701a | 599 | if (krb5_opt_realm == NULL) { |
38af2cc5 JB |
600 | DEBUG(SSSDBG_OP_FAILURE, |
601 | "Missing krb5_realm option, will use libkrb default\n"); | |
dd3b701a JB |
602 | - krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx); |
603 | - if (krb5_realm == NULL) { | |
604 | + krb5_realm_str = sdap_gssapi_get_default_realm(tmp_ctx); | |
605 | + if (krb5_realm_str == NULL) { | |
38af2cc5 JB |
606 | DEBUG(SSSDBG_FATAL_FAILURE, |
607 | "Cannot determine the Kerberos realm, aborting\n"); | |
dd3b701a JB |
608 | ret = EIO; |
609 | goto done; | |
f74665dc | 610 | } |
dd3b701a JB |
611 | } else { |
612 | - krb5_realm = talloc_strdup(tmp_ctx, krb5_opt_realm); | |
613 | - if (krb5_realm == NULL) { | |
614 | + krb5_realm_str = talloc_strdup(tmp_ctx, krb5_opt_realm); | |
615 | + if (krb5_realm_str == NULL) { | |
616 | ret = ENOMEM; | |
617 | goto done; | |
f74665dc | 618 | } |
38af2cc5 | 619 | @@ -1375,7 +1375,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx |
f74665dc | 620 | |
dd3b701a JB |
621 | ret = krb5_service_init(mem_ctx, bectx, |
622 | SSS_KRB5KDC_FO_SRV, krb5_servers, | |
623 | - krb5_backup_servers, krb5_realm, | |
624 | + krb5_backup_servers, krb5_realm_str, | |
625 | dp_opt_get_bool(opts, | |
626 | SDAP_KRB5_USE_KDCINFO), | |
627 | &service); | |
38af2cc5 | 628 | @@ -1384,14 +1384,14 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx |
dd3b701a JB |
629 | goto done; |
630 | } | |
631 | ||
632 | - ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm); | |
633 | + ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm_str); | |
634 | if (ret != EOK) { | |
38af2cc5 | 635 | DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n"); |
dd3b701a JB |
636 | goto done; |
637 | } | |
638 | ||
639 | ret = sdap_install_offline_callback(mem_ctx, bectx, | |
640 | - krb5_realm, SSS_KRB5KDC_FO_SRV); | |
641 | + krb5_realm_str, SSS_KRB5KDC_FO_SRV); | |
642 | if (ret != EOK) { | |
38af2cc5 | 643 | DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n"); |
dd3b701a | 644 | goto done; |
dd3b701a JB |
645 | diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c |
646 | index 0c6b68b..102827e 100644 | |
647 | --- a/src/tests/krb5_child-test.c | |
648 | +++ b/src/tests/krb5_child-test.c | |
649 | @@ -290,17 +290,17 @@ child_done(struct tevent_req *req) | |
650 | static void | |
651 | printtime(krb5_timestamp ts) | |
652 | { | |
653 | +#ifdef HAVE_KRB5_TIMESTAMP_TO_SFSTRING | |
654 | krb5_error_code kret; | |
655 | char timestring[BUFSIZ]; | |
656 | char fill = '\0'; | |
657 | ||
658 | -#ifdef HAVE_KRB5_TIMESTAMP_TO_SFSTRING | |
659 | kret = krb5_timestamp_to_sfstring(ts, timestring, BUFSIZ, &fill); | |
660 | if (kret) { | |
661 | KRB5_CHILD_TEST_DEBUG(SSSDBG_OP_FAILURE, kret); | |
662 | } | |
663 | printf("%s", timestring); | |
664 | -#else | |
665 | +#elif defined(HAVE_KRB5_FORMAT_TIME) | |
666 | printf("%s", ctime(&ts)); | |
667 | #endif /* HAVE_KRB5_TIMESTAMP_TO_SFSTRING */ | |
668 | } | |
669 | @@ -333,8 +333,8 @@ print_creds(krb5_context kcontext, krb5_creds *cred, const char *defname) | |
670 | } | |
f74665dc | 671 | |
672 | done: | |
dd3b701a JB |
673 | - krb5_free_unparsed_name(kcontext, name); |
674 | - krb5_free_unparsed_name(kcontext, sname); | |
675 | + sss_krb5_free_unparsed_name(kcontext, name); | |
676 | + sss_krb5_free_unparsed_name(kcontext, sname); | |
677 | } | |
678 | ||
679 | static errno_t | |
680 | @@ -381,7 +381,7 @@ print_ccache(const char *cc) | |
681 | ret = EOK; | |
682 | done: | |
683 | krb5_cc_close(kcontext, cache); | |
684 | - krb5_free_unparsed_name(kcontext, defname); | |
685 | + sss_krb5_free_unparsed_name(kcontext, defname); | |
686 | krb5_free_principal(kcontext, princ); | |
687 | krb5_free_context(kcontext); | |
688 | return ret; | |
689 | diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c | |
690 | index f8a7e6f..a954d10 100644 | |
691 | --- a/src/util/sss_krb5.c | |
692 | +++ b/src/util/sss_krb5.c | |
693 | @@ -535,7 +535,9 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context, | |
694 | ||
695 | void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name) | |
696 | { | |
697 | -#ifdef HAVE_KRB5_FREE_UNPARSED_NAME | |
698 | +#ifdef HAVE_KRB5_XFREE | |
699 | + krb5_xfree(name); | |
700 | +#elif HAVE_KRB5_FREE_UNPARSED_NAME | |
701 | krb5_free_unparsed_name(context, name); | |
702 | #else | |
703 | if (name != NULL) { | |
704 | @@ -545,6 +547,15 @@ void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name) | |
705 | #endif | |
706 | } | |
707 | ||
708 | +void KRB5_CALLCONV sss_krb5_free_string(krb5_context ctx, char *val) | |
709 | +{ | |
710 | +/* TODO: ensure at least on is available in krb5.m4 */ | |
711 | +#ifdef HAVE_KRB5_FREE_STRING | |
712 | + krb5_free_string(ctx, val); | |
713 | +#elif HAVE_KRB5_XFREE | |
714 | + (void) krb5_xfree(val); | |
715 | +#endif | |
716 | +} | |
717 | ||
718 | krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_expire_callback( | |
719 | krb5_context context, | |
720 | @@ -800,15 +811,16 @@ cleanup: | |
721 | #endif /* HAVE_KRB5_UNPARSE_NAME_FLAGS */ | |
722 | } | |
723 | ||
724 | -void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts, | |
725 | +void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_context ctx, | |
726 | + krb5_get_init_creds_opt *opts, | |
727 | int canonicalize) | |
728 | { | |
729 | - /* FIXME: The extra check for HAVE_KRB5_TICKET_TIMES is a workaround due to Heimdal | |
730 | - * defining krb5_get_init_creds_opt_set_canonicalize() with a different set of | |
731 | - * arguments. We should use a better configure check in the future. | |
732 | - */ | |
733 | -#if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && defined(HAVE_KRB5_TICKET_TIMES) | |
734 | +#if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && \ | |
735 | + KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 2 | |
736 | krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize); | |
737 | +#elif defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && \ | |
738 | + KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 3 | |
739 | + (void) krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize); | |
740 | #else | |
741 | DEBUG(SSSDBG_OP_FAILURE, ("Kerberos principal canonicalization is not available!\n")); | |
742 | #endif | |
743 | @@ -1063,10 +1075,51 @@ done: | |
744 | KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr); | |
745 | } | |
f74665dc | 746 | } |
dd3b701a JB |
747 | - krb5_free_string(ctx, tmp_ccname); |
748 | + sss_krb5_free_string(ctx, tmp_ccname); | |
749 | ||
750 | return ret_ccname; | |
751 | #else | |
752 | return NULL; | |
753 | #endif /* HAVE_KRB5_CC_COLLECTION */ | |
754 | } | |
755 | + | |
756 | +krb5_error_code KRB5_CALLCONV | |
757 | +sss_krb5_unparse_name_ext(krb5_context ctx, | |
758 | + krb5_const_principal principal, | |
759 | + char **name, | |
760 | + unsigned int *len) | |
761 | +{ | |
762 | + krb5_error_code kerr; | |
763 | + | |
764 | +#ifdef HAVE_KRB5_UNPARSE_NAME_EXT | |
765 | + kerr = krb5_unparse_name_ext(ctx, principal, name, len); | |
766 | +#else | |
767 | + kerr = krb5_unparse_name(ctx, principal, name); | |
768 | + if (kerr == 0 && *name) | |
769 | + *len = strlen(*name); | |
770 | +#endif /* HAVE_KRB5_UNPARSE_NAME_EXT */ | |
771 | + | |
772 | + return kerr; | |
773 | +} | |
774 | + | |
775 | +krb5_error_code KRB5_CALLCONV | |
776 | +sss_krb5_get_time_offsets(krb5_context ctx, | |
777 | + krb5_timestamp *seconds, | |
778 | + int32_t *microseconds) | |
779 | +{ | |
780 | +#if defined(HAVE_KRB5_GET_TIME_OFFSETS) | |
781 | + return krb5_get_time_offsets(ctx, seconds, microseconds); | |
782 | +#elif defined(HAVE_KRB5_GET_KDC_SEC_OFFSET) | |
783 | + int32_t _seconds; | |
784 | + krb5_error_code ret; | |
785 | + | |
786 | + ret = krb5_get_kdc_sec_offset(ctx, &_seconds, microseconds); | |
787 | + *seconds = _seconds; | |
788 | + return ret; | |
789 | +#else | |
790 | + (void) ctx; | |
791 | + *seconds = 0; | |
792 | + *microseconds = 0; | |
793 | + return 0; | |
794 | +#endif | |
795 | +} | |
796 | diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h | |
797 | index db47e0a..c7b9a69 100644 | |
798 | --- a/src/util/sss_krb5.h | |
799 | +++ b/src/util/sss_krb5.h | |
800 | @@ -70,6 +70,8 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context, | |
801 | ||
802 | void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name); | |
803 | ||
804 | +void KRB5_CALLCONV sss_krb5_free_string(krb5_context ctx, char *val); | |
805 | + | |
806 | int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, | |
807 | krb5_context context, krb5_keytab keytab); | |
808 | ||
809 | @@ -136,7 +138,8 @@ krb5_error_code | |
810 | sss_krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, | |
811 | int flags, char **name); | |
812 | ||
813 | -void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts, | |
814 | +void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_context ctx, | |
815 | + krb5_get_init_creds_opt *opts, | |
816 | int canonicalize); | |
817 | ||
818 | enum sss_krb5_cc_type { | |
819 | @@ -167,6 +170,10 @@ typedef krb5_times sss_krb5_ticket_times; | |
820 | /* Redirect libkrb5 tracing towards our DEBUG statements */ | |
821 | errno_t sss_child_set_krb5_tracing(krb5_context ctx); | |
822 | ||
823 | +#ifndef HAVE_KRB5_AUTHDATATYPE | |
824 | +typedef int32_t krb5_authdatatype; | |
825 | +#endif | |
826 | + | |
827 | krb5_error_code sss_krb5_find_authdata(krb5_context context, | |
828 | krb5_authdata *const *ticket_authdata, | |
829 | krb5_authdata *const *ap_req_authdata, | |
830 | @@ -184,4 +191,14 @@ char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx, | |
831 | krb5_context ctx, | |
832 | krb5_principal principal, | |
833 | const char *location); | |
834 | + | |
835 | +krb5_error_code KRB5_CALLCONV | |
836 | +sss_krb5_unparse_name_ext(krb5_context ctx, | |
837 | + krb5_const_principal principal, | |
838 | + char **name, | |
839 | + unsigned int *len); | |
840 | +krb5_error_code KRB5_CALLCONV | |
841 | +sss_krb5_get_time_offsets(krb5_context ctx, | |
842 | + krb5_timestamp *seconds, | |
843 | + int32_t *microseconds); | |
844 | #endif /* __SSS_KRB5_H__ */ | |
bf8e7304 JB |
845 | #--- sssd-1.11.4/src/external/pac_responder.m4.orig 2014-02-17 19:55:32.000000000 +0100 |
846 | #+++ sssd-1.11.4/src/external/pac_responder.m4 2014-03-22 17:59:50.707675270 +0100 | |
847 | #@@ -21,7 +21,8 @@ | |
848 | # Kerberos\ 5\ release\ 1.9* | \ | |
849 | # Kerberos\ 5\ release\ 1.10* | \ | |
850 | # Kerberos\ 5\ release\ 1.11* | \ | |
851 | #- Kerberos\ 5\ release\ 1.12*) | |
852 | #+ Kerberos\ 5\ release\ 1.12* | \ | |
853 | #+ heimdal\ *) | |
854 | # krb5_version_ok=yes | |
855 | # AC_MSG_RESULT([yes]) | |
856 | # ;; |