]>
Commit | Line | Data |
---|---|---|
dd3b701a JB |
1 | --- sssd-1.11.4/Makefile.am.orig 2014-02-17 19:55:32.000000000 +0100 |
2 | +++ sssd-1.11.4/Makefile.am 2014-03-16 09:12:48.437424185 +0100 | |
3 | @@ -1617,8 +1617,19 @@ libsss_krb5_common_la_SOURCES = \ | |
4 | src/providers/krb5/krb5_auth.c \ | |
5 | src/providers/krb5/krb5_access.c \ | |
6 | src/providers/krb5/krb5_child_handler.c \ | |
7 | - src/providers/krb5/krb5_init_shared.c | |
8 | + src/providers/krb5/krb5_init_shared.c \ | |
9 | + src/util/sss_krb5.c \ | |
10 | + src/util/find_uid.c | |
11 | + | |
12 | +libsss_krb5_common_la_LIBADD = \ | |
13 | + $(KEYUTILS_LIBS) \ | |
14 | + $(SYSTEMD_LOGIN_LIBS) \ | |
15 | + $(KRB5_LIBS) \ | |
16 | + libsss_debug.la | |
17 | + | |
18 | libsss_krb5_common_la_LDFLAGS = \ | |
19 | + $(SYSTEMD_LOGIN_CFLAGS) \ | |
20 | + $(KRB5_CFLAGS) \ | |
21 | -avoid-version | |
22 | ||
23 | libsss_ldap_la_SOURCES = \ | |
24 | @@ -1672,15 +1683,12 @@ libsss_simple_la_LDFLAGS = \ | |
25 | -module | |
26 | ||
27 | libsss_krb5_la_SOURCES = \ | |
28 | - src/providers/krb5/krb5_init.c \ | |
29 | - src/util/find_uid.c \ | |
30 | - src/util/sss_krb5.c | |
31 | + src/providers/krb5/krb5_init.c | |
32 | libsss_krb5_la_CFLAGS = \ | |
33 | $(AM_CFLAGS) \ | |
34 | $(DHASH_CFLAGS) | |
35 | libsss_krb5_la_LIBADD = \ | |
36 | $(DHASH_LIBS) \ | |
37 | - $(KEYUTILS_LIBS) \ | |
38 | $(KRB5_LIBS) \ | |
39 | libsss_krb5_common.la | |
40 | libsss_krb5_la_LDFLAGS = \ | |
41 | @@ -1720,12 +1728,10 @@ libsss_ipa_la_SOURCES = \ | |
42 | src/providers/ad/ad_srv.c \ | |
43 | src/providers/ad/ad_domain_info.c \ | |
44 | src/util/user_info_msg.c \ | |
45 | - src/util/find_uid.c \ | |
46 | - src/util/sss_ldap.c \ | |
47 | - src/util/sss_krb5.c | |
48 | + src/util/sss_ldap.c | |
49 | libsss_ipa_la_CFLAGS = \ | |
50 | $(AM_CFLAGS) \ | |
51 | - $(LDAP_CFLAGS) \ | |
52 | + $(OPENLDAP_CFLAGS) \ | |
53 | $(DHASH_CFLAGS) \ | |
54 | $(NDR_NBT_CFLAGS) \ | |
55 | $(KRB5_CFLAGS) | |
56 | @@ -1733,7 +1739,6 @@ libsss_ipa_la_LIBADD = \ | |
57 | $(OPENLDAP_LIBS) \ | |
58 | $(DHASH_LIBS) \ | |
59 | $(NDR_NBT_LIBS) \ | |
60 | - $(KEYUTILS_LIBS) \ | |
61 | $(KRB5_LIBS) \ | |
62 | libsss_ldap_common.la \ | |
63 | libsss_krb5_common.la \ | |
64 | @@ -1772,21 +1777,20 @@ libsss_ad_la_SOURCES = \ | |
65 | src/providers/ad/ad_subdomains.h \ | |
66 | src/providers/ad/ad_domain_info.c \ | |
67 | src/providers/ad/ad_domain_info.h \ | |
68 | - src/util/find_uid.c \ | |
69 | src/util/user_info_msg.c \ | |
70 | - src/util/sss_krb5.c \ | |
71 | src/util/sss_ldap.c | |
72 | ||
73 | libsss_ad_la_CFLAGS = \ | |
74 | $(AM_CFLAGS) \ | |
75 | - $(LDAP_CFLAGS) \ | |
76 | + $(OPENLDAP_CFLAGS) \ | |
77 | + $(SASL_CFLAGS) \ | |
78 | $(DHASH_CFLAGS) \ | |
79 | $(KRB5_CFLAGS) \ | |
80 | $(NDR_NBT_CFLAGS) | |
81 | libsss_ad_la_LIBADD = \ | |
82 | $(OPENLDAP_LIBS) \ | |
83 | + $(SASL_LIBS) \ | |
84 | $(DHASH_LIBS) \ | |
85 | - $(KEYUTILS_LIBS) \ | |
86 | $(KRB5_LIBS) \ | |
87 | $(NDR_NBT_LIBS) \ | |
88 | libsss_ldap_common.la \ | |
89 | diff --git a/configure.ac b/configure.ac | |
90 | index 9934b50..a46e26d 100644 | |
91 | --- a/configure.ac | |
92 | +++ b/configure.ac | |
93 | @@ -262,7 +262,7 @@ fi | |
94 | ||
95 | AM_CHECK_INOTIFY | |
96 | ||
97 | -AC_CHECK_HEADERS([sasl/sasl.h],,AC_MSG_ERROR([Could not find SASL headers])) | |
98 | +PKG_CHECK_MODULES([SASL], [libsasl2], [], [AC_MSG_ERROR([Could not find SASL library])]) | |
99 | ||
100 | AC_CACHE_CHECK([whether compiler supports __attribute__((destructor))], | |
101 | sss_client_cv_attribute_destructor, | |
102 | diff --git a/src/external/krb5.m4 b/src/external/krb5.m4 | |
103 | index 1a50bf1..54c5883 100644 | |
104 | --- a/src/external/krb5.m4 | |
105 | +++ b/src/external/krb5.m4 | |
106 | @@ -37,8 +37,8 @@ SAVE_CFLAGS=$CFLAGS | |
107 | SAVE_LIBS=$LIBS | |
108 | CFLAGS="$CFLAGS $KRB5_CFLAGS" | |
109 | LIBS="$LIBS $KRB5_LIBS" | |
110 | -AC_CHECK_HEADERS([krb5.h krb5/krb5.h]) | |
111 | -AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [], | |
112 | +AC_CHECK_HEADERS([krb5.h krb5/krb5.h profile.h]) | |
113 | +AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info, krb5_authdatatype], [], [], | |
114 | [ #ifdef HAVE_KRB5_KRB5_H | |
115 | #include <krb5/krb5.h> | |
116 | #else | |
117 | @@ -46,6 +46,7 @@ AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [], | |
118 | #endif | |
119 | ]) | |
120 | AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \ | |
121 | + krb5_unparse_name_ext \ | |
122 | krb5_free_unparsed_name \ | |
123 | krb5_get_init_creds_opt_set_expire_callback \ | |
124 | krb5_get_init_creds_opt_set_fast_ccache_name \ | |
125 | @@ -59,12 +60,33 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \ | |
126 | krb5_kt_free_entry \ | |
127 | krb5_princ_realm \ | |
128 | krb5_get_time_offsets \ | |
129 | + krb5_get_kdc_sec_offset \ | |
130 | krb5_principal_get_realm \ | |
131 | krb5_cc_cache_match \ | |
132 | krb5_timestamp_to_sfstring \ | |
133 | krb5_set_trace_callback \ | |
134 | krb5_find_authdata \ | |
135 | - krb5_cc_get_full_name]) | |
136 | + krb5_cc_get_full_name \ | |
137 | + krb5_free_string \ | |
138 | + krb5_xfree]) | |
139 | + | |
140 | +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H | |
141 | + #include <krb5/krb5.h> | |
142 | + #else | |
143 | + #include <krb5.h> | |
144 | + #endif | |
145 | + ]], | |
146 | + [[ krb5_get_init_creds_opt_set_canonicalize(NULL, 0); ]])], | |
147 | + [AC_DEFINE([KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS], [2], [number of arguments])]) | |
148 | +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H | |
149 | + #include <krb5/krb5.h> | |
150 | + #else | |
151 | + #include <krb5.h> | |
152 | + #endif | |
153 | + ]], | |
154 | + [[ krb5_get_init_creds_opt_set_canonicalize(NULL, NULL, 0); ]])], | |
155 | + [AC_DEFINE([KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS], [3], [number of arguments])]) | |
156 | + | |
157 | CFLAGS=$SAVE_CFLAGS | |
158 | LIBS=$SAVE_LIBS | |
159 | ||
160 | diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c | |
161 | index 725687d..586c7dd 100644 | |
162 | --- a/src/krb5_plugin/sssd_krb5_locator_plugin.c | |
163 | +++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c | |
164 | @@ -340,6 +340,7 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data, | |
165 | switch (socktype) { | |
166 | case SOCK_STREAM: | |
167 | case SOCK_DGRAM: | |
168 | + case 0: /* any */ | |
f74665dc | 169 | break; |
dd3b701a JB |
170 | default: |
171 | return KRB5_PLUGIN_NO_HANDLE; | |
172 | @@ -374,7 +375,7 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data, | |
173 | ai->ai_family, ai->ai_socktype)); | |
174 | ||
175 | if ((family == AF_UNSPEC || ai->ai_family == family) && | |
176 | - ai->ai_socktype == socktype) { | |
177 | + (ai->ai_socktype == socktype || socktype == 0)) { | |
178 | ||
179 | ret = cbfunc(cbdata, socktype, ai->ai_addr); | |
180 | if (ret != 0) { | |
181 | diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c | |
182 | index ab62d64..7b9e513 100644 | |
183 | --- a/src/providers/ad/ad_common.c | |
184 | +++ b/src/providers/ad/ad_common.c | |
185 | @@ -525,7 +525,7 @@ errno_t | |
186 | ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, | |
187 | const char *primary_servers, | |
188 | const char *backup_servers, | |
189 | - const char *krb5_realm, | |
190 | + const char *krb5_realm_str, | |
191 | const char *ad_service, | |
192 | const char *ad_gc_service, | |
193 | const char *ad_domain, | |
194 | @@ -585,13 +585,13 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, | |
195 | service->sdap->kinit_service_name = service->krb5_service->name; | |
196 | service->gc->kinit_service_name = service->krb5_service->name; | |
197 | ||
198 | - if (!krb5_realm) { | |
199 | + if (!krb5_realm_str) { | |
200 | DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm set\n")); | |
201 | ret = EINVAL; | |
202 | goto done; | |
203 | } | |
204 | service->krb5_service->realm = | |
205 | - talloc_strdup(service->krb5_service, krb5_realm); | |
206 | + talloc_strdup(service->krb5_service, krb5_realm_str); | |
207 | if (!service->krb5_service->realm) { | |
208 | ret = ENOMEM; | |
209 | goto done; | |
210 | @@ -795,7 +795,7 @@ ad_set_ad_id_options(struct ad_options *ad_opts, | |
211 | struct sdap_options *id_opts) | |
212 | { | |
213 | errno_t ret; | |
214 | - char *krb5_realm; | |
215 | + char *krb5_realm_str; | |
216 | char *keytab_path; | |
217 | ||
218 | /* We only support Kerberos password policy with AD, so | |
219 | @@ -810,20 +810,20 @@ ad_set_ad_id_options(struct ad_options *ad_opts, | |
220 | } | |
221 | ||
222 | /* Set the Kerberos Realm for GSSAPI */ | |
223 | - krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); | |
224 | - if (!krb5_realm) { | |
225 | + krb5_realm_str = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); | |
226 | + if (!krb5_realm_str) { | |
227 | /* Should be impossible, this is set in ad_get_common_options() */ | |
228 | DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n")); | |
229 | ret = EINVAL; | |
230 | goto done; | |
231 | } | |
232 | ||
233 | - ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm); | |
234 | + ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm_str); | |
235 | if (ret != EOK) goto done; | |
236 | DEBUG(SSSDBG_CONF_SETTINGS, | |
237 | ("Option %s set to %s\n", | |
238 | id_opts->basic[SDAP_KRB5_REALM].opt_name, | |
239 | - krb5_realm)); | |
240 | + krb5_realm_str)); | |
241 | ||
242 | keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB); | |
243 | if (keytab_path) { | |
244 | @@ -983,7 +983,7 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx, | |
245 | errno_t ret; | |
246 | struct dp_option *krb5_options; | |
247 | const char *ad_servers; | |
248 | - const char *krb5_realm; | |
249 | + const char *krb5_realm_str; | |
250 | ||
251 | TALLOC_CTX *tmp_ctx = talloc_new(NULL); | |
252 | if (!tmp_ctx) return ENOMEM; | |
253 | @@ -1010,8 +1010,8 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx, | |
254 | ||
255 | /* Set krb5 realm */ | |
256 | /* Set the Kerberos Realm for GSSAPI */ | |
257 | - krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); | |
258 | - if (!krb5_realm) { | |
259 | + krb5_realm_str = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); | |
260 | + if (!krb5_realm_str) { | |
261 | /* Should be impossible, this is set in ad_get_common_options() */ | |
262 | DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n")); | |
263 | ret = EINVAL; | |
264 | @@ -1021,12 +1021,12 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx, | |
265 | /* Force the kerberos realm to match the AD_KRB5_REALM (which may have | |
266 | * been upper-cased in ad_common_options() | |
267 | */ | |
268 | - ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm); | |
269 | + ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm_str); | |
270 | if (ret != EOK) goto done; | |
271 | DEBUG(SSSDBG_CONF_SETTINGS, | |
272 | ("Option %s set to %s\n", | |
273 | krb5_options[KRB5_REALM].opt_name, | |
274 | - krb5_realm)); | |
275 | + krb5_realm_str)); | |
276 | ||
277 | /* Set flag that controls whether we want to write the | |
278 | * kdcinfo files at all | |
279 | diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c | |
280 | index 42cfbbf..073c50e 100644 | |
281 | --- a/src/providers/krb5/krb5_child.c | |
282 | +++ b/src/providers/krb5/krb5_child.c | |
283 | @@ -77,7 +77,7 @@ static krb5_error_code get_changepw_options(krb5_context ctx, | |
284 | return kerr; | |
285 | } | |
286 | ||
287 | - sss_krb5_get_init_creds_opt_set_canonicalize(options, 0); | |
288 | + sss_krb5_get_init_creds_opt_set_canonicalize(ctx, options, 0); | |
289 | krb5_get_init_creds_opt_set_forwardable(options, 0); | |
290 | krb5_get_init_creds_opt_set_proxiable(options, 0); | |
291 | krb5_get_init_creds_opt_set_renew_life(options, 0); | |
292 | @@ -88,6 +88,7 @@ static krb5_error_code get_changepw_options(krb5_context ctx, | |
293 | return 0; | |
294 | } | |
295 | ||
296 | +#ifdef HAVE_PAC_RESPONDER | |
297 | static errno_t sss_send_pac(krb5_authdata **pac_authdata) | |
298 | { | |
299 | struct sss_cli_req_data sss_data; | |
300 | @@ -107,6 +108,7 @@ static errno_t sss_send_pac(krb5_authdata **pac_authdata) | |
301 | ||
302 | return EOK; | |
303 | } | |
304 | +#endif /* HAVE_PAC_RESPONDER */ | |
305 | ||
306 | static void sss_krb5_expire_callback_func(krb5_context context, void *data, | |
307 | krb5_timestamp password_expiration, | |
308 | @@ -395,7 +397,8 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ, | |
309 | { | |
310 | krb5_error_code kerr; | |
311 | krb5_creds *cred = NULL; | |
312 | - krb5_data *krb5_realm; | |
313 | + const char *realm_name; | |
314 | + int realm_length; | |
315 | ||
316 | cred = calloc(sizeof(krb5_creds), 1); | |
317 | if (cred == NULL) { | |
318 | @@ -409,12 +412,12 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ, | |
319 | goto done; | |
320 | } | |
321 | ||
322 | - krb5_realm = krb5_princ_realm(ctx, princ); | |
323 | + sss_krb5_princ_realm(ctx, princ, &realm_name, &realm_length); | |
324 | ||
325 | kerr = krb5_build_principal_ext(ctx, &cred->server, | |
326 | - krb5_realm->length, krb5_realm->data, | |
327 | + realm_length, realm_name, | |
328 | KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, | |
329 | - krb5_realm->length, krb5_realm->data, 0); | |
330 | + realm_length, realm_name, 0); | |
331 | if (kerr != 0) { | |
332 | DEBUG(1, ("krb5_build_principal_ext failed.\n")); | |
333 | goto done; | |
334 | @@ -670,7 +673,8 @@ static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr) | |
335 | goto done; | |
336 | } | |
337 | ||
338 | - kerr = krb5_unparse_name_ext(kr->ctx, kr->creds->client, &upn, &upn_len); | |
339 | + kerr = sss_krb5_unparse_name_ext(kr->ctx, kr->creds->client, | |
340 | + &upn, &upn_len); | |
341 | if (kerr != 0) { | |
342 | DEBUG(SSSDBG_OP_FAILURE, ("krb5_unparse_name failed.\n")); | |
343 | goto done; | |
344 | @@ -678,7 +682,7 @@ static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr) | |
345 | ||
346 | ret = pam_add_response(kr->pd, SSS_KRB5_INFO_UPN, upn_len, | |
347 | (uint8_t *) upn); | |
348 | - krb5_free_unparsed_name(kr->ctx, upn); | |
349 | + sss_krb5_free_unparsed_name(kr->ctx, upn); | |
350 | if (ret != EOK) { | |
351 | DEBUG(1, ("pack_response_packet failed.\n")); | |
352 | goto done; | |
353 | @@ -700,7 +704,9 @@ static krb5_error_code validate_tgt(struct krb5_req *kr) | |
354 | krb5_principal validation_princ = NULL; | |
355 | bool realm_entry_found = false; | |
356 | krb5_ccache validation_ccache = NULL; | |
357 | +#ifdef HAVE_PAC_RESPONDER | |
358 | krb5_authdata **pac_authdata = NULL; | |
359 | +#endif | |
360 | ||
361 | memset(&keytab, 0, sizeof(keytab)); | |
362 | kerr = krb5_kt_resolve(kr->ctx, kr->keytab, &keytab); | |
363 | @@ -794,6 +800,7 @@ static krb5_error_code validate_tgt(struct krb5_req *kr) | |
364 | goto done; | |
365 | } | |
366 | ||
367 | +#ifdef HAVE_PAC_RESPONDER | |
368 | /* Try to find and send the PAC to the PAC responder. | |
369 | * Failures are not critical. */ | |
370 | if (kr->send_pac) { | |
371 | @@ -816,6 +823,7 @@ static krb5_error_code validate_tgt(struct krb5_req *kr) | |
372 | kerr = 0; | |
f74665dc | 373 | } |
dd3b701a JB |
374 | } |
375 | +#endif /* HAVE_PAC_RESPONDER */ | |
376 | ||
377 | done: | |
378 | if (validation_ccache != NULL) { | |
379 | @@ -836,7 +844,8 @@ done: | |
380 | ||
381 | } | |
382 | ||
383 | -static void krb5_set_canonicalize(krb5_get_init_creds_opt *opts) | |
384 | +static void krb5_set_canonicalize(krb5_context ctx, | |
385 | + krb5_get_init_creds_opt *opts) | |
386 | { | |
387 | int canonicalize = 0; | |
388 | char *tmp_str; | |
389 | @@ -847,7 +856,7 @@ static void krb5_set_canonicalize(krb5_get_init_creds_opt *opts) | |
390 | } | |
391 | DEBUG(SSSDBG_CONF_SETTINGS, ("%s is set to [%s]\n", | |
392 | SSSD_KRB5_CANONICALIZE, tmp_str ? tmp_str : "not set")); | |
393 | - sss_krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize); | |
394 | + sss_krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize); | |
395 | } | |
396 | ||
397 | static krb5_error_code get_and_save_tgt_with_keytab(krb5_context ctx, | |
398 | @@ -865,7 +874,7 @@ static krb5_error_code get_and_save_tgt_with_keytab(krb5_context ctx, | |
399 | krb5_get_init_creds_opt_set_address_list(&options, NULL); | |
400 | krb5_get_init_creds_opt_set_forwardable(&options, 0); | |
401 | krb5_get_init_creds_opt_set_proxiable(&options, 0); | |
402 | - krb5_set_canonicalize(&options); | |
403 | + krb5_set_canonicalize(ctx, &options); | |
f74665dc | 404 | |
dd3b701a JB |
405 | kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL, |
406 | &options); | |
407 | @@ -1094,9 +1103,9 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) | |
408 | ||
409 | memset(&result_code_string, 0, sizeof(krb5_data)); | |
410 | memset(&result_string, 0, sizeof(krb5_data)); | |
411 | - kerr = krb5_change_password(kr->ctx, kr->creds, | |
412 | - discard_const(newpassword), &result_code, | |
413 | - &result_code_string, &result_string); | |
414 | + kerr = krb5_set_password(kr->ctx, kr->creds, | |
415 | + discard_const(newpassword), NULL, | |
416 | + &result_code, &result_code_string, &result_string); | |
417 | ||
418 | if (kerr == KRB5_KDC_UNREACH) { | |
419 | return ERR_NETWORK_IO; | |
420 | @@ -1109,7 +1118,8 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) | |
421 | ||
422 | if (result_code_string.length > 0) { | |
423 | DEBUG(1, ("krb5_change_password failed [%d][%.*s].\n", result_code, | |
424 | - result_code_string.length, result_code_string.data)); | |
425 | + (int) result_code_string.length, | |
426 | + (char *) result_code_string.data)); | |
427 | user_error_message = talloc_strndup(kr->pd, result_code_string.data, | |
428 | result_code_string.length); | |
429 | if (user_error_message == NULL) { | |
430 | @@ -1117,9 +1127,11 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) | |
431 | } | |
f74665dc | 432 | } |
dd3b701a JB |
433 | |
434 | - if (result_string.length > 0 && result_string.data[0] != '\0') { | |
435 | + if (result_string.length > 0 && | |
436 | + ((char *) result_string.data)[0] != '\0') { | |
437 | DEBUG(1, ("krb5_change_password failed [%d][%.*s].\n", result_code, | |
438 | - result_string.length, result_string.data)); | |
439 | + (int) result_string.length, | |
440 | + (char *) result_string.data)); | |
441 | talloc_free(user_error_message); | |
442 | user_error_message = talloc_strndup(kr->pd, result_string.data, | |
443 | result_string.length); | |
444 | @@ -1695,7 +1707,8 @@ static errno_t k5c_recv_data(struct krb5_req *kr, int fd, uint32_t *offline) | |
445 | static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) | |
f74665dc | 446 | { |
dd3b701a JB |
447 | krb5_principal fast_princ_struct; |
448 | - krb5_data *realm_data; | |
449 | + const char *realm_name; | |
450 | + int realm_length; | |
451 | char *fast_principal_realm; | |
452 | char *fast_principal; | |
f74665dc | 453 | krb5_error_code kerr; |
dd3b701a JB |
454 | @@ -1726,8 +1739,11 @@ static int k5c_setup_fast(struct krb5_req *kr, char *lifetime_str, bool demand) |
455 | return KRB5KRB_ERR_GENERIC; | |
456 | } | |
457 | free(tmp_str); | |
458 | - realm_data = krb5_princ_realm(kr->ctx, fast_princ_struct); | |
459 | - fast_principal_realm = talloc_asprintf(kr, "%.*s", realm_data->length, realm_data->data); | |
460 | + sss_krb5_princ_realm(kr->ctx, fast_princ_struct, | |
461 | + &realm_name, &realm_length); | |
462 | + | |
463 | + fast_principal_realm = talloc_asprintf(kr, "%.*s", | |
464 | + realm_length, realm_name); | |
465 | if (!fast_principal_realm) { | |
466 | DEBUG(1, ("talloc_asprintf failed.\n")); | |
467 | return ENOMEM; | |
468 | @@ -1889,7 +1905,7 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) | |
469 | } | |
470 | ||
471 | if (!offline) { | |
472 | - krb5_set_canonicalize(kr->options); | |
473 | + krb5_set_canonicalize(kr->ctx, kr->options); | |
474 | ||
475 | use_fast_str = getenv(SSSD_KRB5_USE_FAST); | |
476 | if (use_fast_str == NULL || strcasecmp(use_fast_str, "never") == 0) { | |
477 | diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c | |
478 | index c40f0dd..4ab359e 100644 | |
479 | --- a/src/providers/krb5/krb5_common.c | |
480 | +++ b/src/providers/krb5/krb5_common.c | |
481 | @@ -33,7 +33,7 @@ | |
482 | #include "providers/krb5/krb5_opts.h" | |
483 | #include "providers/krb5/krb5_utils.h" | |
484 | ||
485 | -#ifdef HAVE_KRB5_CC_COLLECTION | |
486 | +#ifdef HAVE_PROFILE_H | |
487 | /* krb5 profile functions */ | |
488 | #include <profile.h> | |
489 | #endif | |
490 | @@ -91,7 +91,7 @@ done: | |
491 | return ret; | |
492 | } | |
493 | ||
494 | -#ifdef HAVE_KRB5_CC_COLLECTION | |
495 | +#ifdef HAVE_PROFILE_H | |
496 | /* source default_ccache_name from krb5.conf */ | |
497 | static errno_t sss_get_system_ccname_template(TALLOC_CTX *mem_ctx, | |
498 | char **ccname) | |
499 | @@ -895,7 +895,7 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx, | |
500 | { | |
501 | int ret; | |
502 | struct remove_info_files_ctx *ctx; | |
503 | - const char *krb5_realm; | |
504 | + const char *krb5_realm_str; | |
505 | ||
506 | if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) { | |
507 | DEBUG(1, ("Missing KDC service name!\n")); | |
508 | @@ -908,14 +908,14 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx, | |
509 | return ENOMEM; | |
510 | } | |
511 | ||
512 | - krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); | |
513 | - if (krb5_realm == NULL) { | |
514 | + krb5_realm_str = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); | |
515 | + if (krb5_realm_str == NULL) { | |
516 | DEBUG(1, ("Missing krb5_realm option!\n")); | |
517 | ret = EINVAL; | |
518 | goto done; | |
519 | } | |
520 | ||
521 | - ctx->realm = talloc_strdup(ctx, krb5_realm); | |
522 | + ctx->realm = talloc_strdup(ctx, krb5_realm_str); | |
523 | if (ctx->realm == NULL) { | |
524 | DEBUG(1, ("talloc_strdup failed!\n")); | |
525 | ret = ENOMEM; | |
526 | @@ -950,19 +950,19 @@ done: | |
527 | errno_t krb5_install_sigterm_handler(struct tevent_context *ev, | |
528 | struct krb5_ctx *krb5_ctx) | |
529 | { | |
530 | - const char *krb5_realm; | |
531 | + const char *krb5_realm_str; | |
532 | char *sig_realm; | |
533 | struct tevent_signal *sige; | |
534 | ||
535 | BlockSignals(false, SIGTERM); | |
536 | ||
537 | - krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); | |
538 | - if (krb5_realm == NULL) { | |
539 | + krb5_realm_str = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); | |
540 | + if (krb5_realm_str == NULL) { | |
541 | DEBUG(1, ("Missing krb5_realm option!\n")); | |
542 | return EINVAL; | |
543 | } | |
544 | ||
545 | - sig_realm = talloc_strdup(krb5_ctx, krb5_realm); | |
546 | + sig_realm = talloc_strdup(krb5_ctx, krb5_realm_str); | |
547 | if (sig_realm == NULL) { | |
548 | DEBUG(1, ("talloc_strdup failed!\n")); | |
549 | return ENOMEM; | |
550 | diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c | |
551 | index 91f701a..fb7304b 100644 | |
552 | --- a/src/providers/krb5/krb5_init.c | |
553 | +++ b/src/providers/krb5/krb5_init.c | |
554 | @@ -64,7 +64,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, | |
555 | const char *krb5_backup_servers; | |
556 | const char *krb5_kpasswd_servers; | |
557 | const char *krb5_backup_kpasswd_servers; | |
558 | - const char *krb5_realm; | |
559 | + const char *krb5_realm_str; | |
560 | const char *errstr; | |
561 | int errval; | |
562 | int errpos; | |
563 | @@ -103,15 +103,15 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, | |
564 | krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC); | |
565 | krb5_backup_servers = dp_opt_get_string(ctx->opts, KRB5_BACKUP_KDC); | |
566 | ||
567 | - krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM); | |
568 | - if (krb5_realm == NULL) { | |
569 | + krb5_realm_str = dp_opt_get_string(ctx->opts, KRB5_REALM); | |
570 | + if (krb5_realm_str == NULL) { | |
571 | DEBUG(0, ("Missing krb5_realm option!\n")); | |
572 | return EINVAL; | |
573 | } | |
574 | ||
575 | ret = krb5_service_init(ctx, bectx, | |
576 | SSS_KRB5KDC_FO_SRV, krb5_servers, | |
577 | - krb5_backup_servers, krb5_realm, | |
578 | + krb5_backup_servers, krb5_realm_str, | |
579 | dp_opt_get_bool(krb5_options->opts, | |
580 | KRB5_USE_KDCINFO), | |
581 | &ctx->service); | |
582 | @@ -137,7 +137,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, | |
583 | } else { | |
584 | ret = krb5_service_init(ctx, bectx, | |
585 | SSS_KRB5KPASSWD_FO_SRV, krb5_kpasswd_servers, | |
586 | - krb5_backup_kpasswd_servers, krb5_realm, | |
587 | + krb5_backup_kpasswd_servers, krb5_realm_str, | |
588 | dp_opt_get_bool(krb5_options->opts, | |
589 | KRB5_USE_KDCINFO), | |
590 | &ctx->kpasswd_service); | |
591 | diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c | |
592 | index 19c838d..16f724b 100644 | |
593 | --- a/src/providers/ldap/ldap_child.c | |
594 | +++ b/src/providers/ldap/ldap_child.c | |
595 | @@ -97,7 +97,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, | |
596 | ||
597 | /* ticket lifetime */ | |
598 | SAFEALIGN_COPY_INT32_CHECK(&ibuf->lifetime, buf + p, size, &p); | |
599 | - DEBUG(SSSDBG_TRACE_LIBS, ("lifetime: %d\n", ibuf->lifetime)); | |
600 | + DEBUG(SSSDBG_TRACE_LIBS, ("lifetime: %d\n", (int)ibuf->lifetime)); | |
601 | ||
602 | return EOK; | |
603 | } | |
604 | @@ -310,7 +310,8 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, | |
605 | DEBUG(SSSDBG_CONF_SETTINGS, ("Will canonicalize principals\n")); | |
606 | canonicalize = 1; | |
607 | } | |
608 | - sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize); | |
609 | + sss_krb5_get_init_creds_opt_set_canonicalize(context, | |
610 | + &options, canonicalize); | |
611 | ||
612 | krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc, | |
613 | keytab, 0, NULL, &options); | |
614 | @@ -343,8 +344,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, | |
615 | } | |
616 | DEBUG(SSSDBG_TRACE_INTERNAL, ("credentials stored\n")); | |
617 | ||
618 | -#ifdef HAVE_KRB5_GET_TIME_OFFSETS | |
619 | - krberr = krb5_get_time_offsets(context, &kdc_time_offset, | |
620 | + krberr = sss_krb5_get_time_offsets(context, &kdc_time_offset, | |
621 | &kdc_time_offset_usec); | |
622 | if (krberr) { | |
623 | DEBUG(SSSDBG_OP_FAILURE, ("Failed to get KDC time offset: %s\n", | |
624 | @@ -356,10 +356,6 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, | |
625 | } | |
626 | } | |
627 | DEBUG(SSSDBG_TRACE_INTERNAL, ("Got KDC time offset\n")); | |
628 | -#else | |
629 | - /* If we don't have this function, just assume no offset */ | |
630 | - kdc_time_offset = 0; | |
631 | -#endif | |
f74665dc | 632 | |
633 | krberr = 0; | |
634 | *ccname_out = ccname; | |
dd3b701a JB |
635 | diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c |
636 | index b3a048c..a50a072 100644 | |
637 | --- a/src/providers/ldap/ldap_common.c | |
638 | +++ b/src/providers/ldap/ldap_common.c | |
639 | @@ -1261,7 +1261,7 @@ done: | |
640 | static const char * | |
641 | sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) | |
642 | { | |
643 | - char *krb5_realm = NULL; | |
644 | + char *krb5_realm_str = NULL; | |
645 | const char *realm = NULL; | |
646 | krb5_error_code krberr; | |
647 | krb5_context context = NULL; | |
648 | @@ -1272,15 +1272,15 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) | |
649 | goto done; | |
650 | } | |
f74665dc | 651 | |
dd3b701a JB |
652 | - krberr = krb5_get_default_realm(context, &krb5_realm); |
653 | + krberr = krb5_get_default_realm(context, &krb5_realm_str); | |
654 | if (krberr) { | |
655 | DEBUG(2, ("Failed to get default realm name: %s\n", | |
656 | sss_krb5_get_error_message(context, krberr))); | |
657 | goto done; | |
658 | } | |
659 | ||
660 | - realm = talloc_strdup(mem_ctx, krb5_realm); | |
661 | - krb5_free_default_realm(context, krb5_realm); | |
662 | + realm = talloc_strdup(mem_ctx, krb5_realm_str); | |
663 | + krb5_free_default_realm(context, krb5_realm_str); | |
664 | if (!realm) { | |
665 | DEBUG(0, ("Out of memory\n")); | |
666 | goto done; | |
667 | @@ -1301,7 +1301,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, | |
668 | int ret; | |
669 | const char *krb5_servers; | |
670 | const char *krb5_backup_servers; | |
671 | - const char *krb5_realm; | |
672 | + const char *krb5_realm_str; | |
673 | const char *krb5_opt_realm; | |
674 | struct krb5_service *service = NULL; | |
675 | TALLOC_CTX *tmp_ctx; | |
676 | @@ -1315,15 +1315,15 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, | |
677 | krb5_opt_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM); | |
678 | if (krb5_opt_realm == NULL) { | |
679 | DEBUG(2, ("Missing krb5_realm option, will use libkrb default\n")); | |
680 | - krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx); | |
681 | - if (krb5_realm == NULL) { | |
682 | + krb5_realm_str = sdap_gssapi_get_default_realm(tmp_ctx); | |
683 | + if (krb5_realm_str == NULL) { | |
684 | DEBUG(0, ("Cannot determine the Kerberos realm, aborting\n")); | |
685 | ret = EIO; | |
686 | goto done; | |
f74665dc | 687 | } |
dd3b701a JB |
688 | } else { |
689 | - krb5_realm = talloc_strdup(tmp_ctx, krb5_opt_realm); | |
690 | - if (krb5_realm == NULL) { | |
691 | + krb5_realm_str = talloc_strdup(tmp_ctx, krb5_opt_realm); | |
692 | + if (krb5_realm_str == NULL) { | |
693 | ret = ENOMEM; | |
694 | goto done; | |
f74665dc | 695 | } |
dd3b701a | 696 | @@ -1331,7 +1331,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, |
f74665dc | 697 | |
dd3b701a JB |
698 | ret = krb5_service_init(mem_ctx, bectx, |
699 | SSS_KRB5KDC_FO_SRV, krb5_servers, | |
700 | - krb5_backup_servers, krb5_realm, | |
701 | + krb5_backup_servers, krb5_realm_str, | |
702 | dp_opt_get_bool(opts, | |
703 | SDAP_KRB5_USE_KDCINFO), | |
704 | &service); | |
705 | @@ -1340,14 +1340,14 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, | |
706 | goto done; | |
707 | } | |
708 | ||
709 | - ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm); | |
710 | + ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm_str); | |
711 | if (ret != EOK) { | |
712 | DEBUG(0, ("Failed to install sigterm handler\n")); | |
713 | goto done; | |
714 | } | |
715 | ||
716 | ret = sdap_install_offline_callback(mem_ctx, bectx, | |
717 | - krb5_realm, SSS_KRB5KDC_FO_SRV); | |
718 | + krb5_realm_str, SSS_KRB5KDC_FO_SRV); | |
719 | if (ret != EOK) { | |
720 | DEBUG(0, ("Failed to install sigterm handler\n")); | |
721 | goto done; | |
722 | diff --git a/src/tests/dlopen-tests.c b/src/tests/dlopen-tests.c | |
723 | index dd4cc75..9c09e33 100644 | |
724 | --- a/src/tests/dlopen-tests.c | |
725 | +++ b/src/tests/dlopen-tests.c | |
726 | @@ -80,6 +80,8 @@ struct so { | |
727 | LIBPFX"libsss_ipa.so", NULL } }, | |
728 | { "libsss_krb5.so", { LIBPFX"libdlopen_test_providers.so", | |
729 | LIBPFX"libsss_krb5.so", NULL } }, | |
730 | + { "libsss_krb5_common.so", { LIBPFX"libdlopen_test_providers.so", | |
731 | + LIBPFX"libsss_krb5_common.so", NULL } }, | |
732 | { "libsss_ldap.so", { LIBPFX"libdlopen_test_providers.so", | |
733 | LIBPFX"libsss_ldap.so", NULL } }, | |
734 | { "libsss_proxy.so", { LIBPFX"libdlopen_test_providers.so", | |
735 | diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c | |
736 | index 0c6b68b..102827e 100644 | |
737 | --- a/src/tests/krb5_child-test.c | |
738 | +++ b/src/tests/krb5_child-test.c | |
739 | @@ -290,17 +290,17 @@ child_done(struct tevent_req *req) | |
740 | static void | |
741 | printtime(krb5_timestamp ts) | |
742 | { | |
743 | +#ifdef HAVE_KRB5_TIMESTAMP_TO_SFSTRING | |
744 | krb5_error_code kret; | |
745 | char timestring[BUFSIZ]; | |
746 | char fill = '\0'; | |
747 | ||
748 | -#ifdef HAVE_KRB5_TIMESTAMP_TO_SFSTRING | |
749 | kret = krb5_timestamp_to_sfstring(ts, timestring, BUFSIZ, &fill); | |
750 | if (kret) { | |
751 | KRB5_CHILD_TEST_DEBUG(SSSDBG_OP_FAILURE, kret); | |
752 | } | |
753 | printf("%s", timestring); | |
754 | -#else | |
755 | +#elif defined(HAVE_KRB5_FORMAT_TIME) | |
756 | printf("%s", ctime(&ts)); | |
757 | #endif /* HAVE_KRB5_TIMESTAMP_TO_SFSTRING */ | |
758 | } | |
759 | @@ -333,8 +333,8 @@ print_creds(krb5_context kcontext, krb5_creds *cred, const char *defname) | |
760 | } | |
f74665dc | 761 | |
762 | done: | |
dd3b701a JB |
763 | - krb5_free_unparsed_name(kcontext, name); |
764 | - krb5_free_unparsed_name(kcontext, sname); | |
765 | + sss_krb5_free_unparsed_name(kcontext, name); | |
766 | + sss_krb5_free_unparsed_name(kcontext, sname); | |
767 | } | |
768 | ||
769 | static errno_t | |
770 | @@ -381,7 +381,7 @@ print_ccache(const char *cc) | |
771 | ret = EOK; | |
772 | done: | |
773 | krb5_cc_close(kcontext, cache); | |
774 | - krb5_free_unparsed_name(kcontext, defname); | |
775 | + sss_krb5_free_unparsed_name(kcontext, defname); | |
776 | krb5_free_principal(kcontext, princ); | |
777 | krb5_free_context(kcontext); | |
778 | return ret; | |
779 | diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c | |
780 | index f8a7e6f..a954d10 100644 | |
781 | --- a/src/util/sss_krb5.c | |
782 | +++ b/src/util/sss_krb5.c | |
783 | @@ -535,7 +535,9 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context, | |
784 | ||
785 | void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name) | |
786 | { | |
787 | -#ifdef HAVE_KRB5_FREE_UNPARSED_NAME | |
788 | +#ifdef HAVE_KRB5_XFREE | |
789 | + krb5_xfree(name); | |
790 | +#elif HAVE_KRB5_FREE_UNPARSED_NAME | |
791 | krb5_free_unparsed_name(context, name); | |
792 | #else | |
793 | if (name != NULL) { | |
794 | @@ -545,6 +547,15 @@ void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name) | |
795 | #endif | |
796 | } | |
797 | ||
798 | +void KRB5_CALLCONV sss_krb5_free_string(krb5_context ctx, char *val) | |
799 | +{ | |
800 | +/* TODO: ensure at least on is available in krb5.m4 */ | |
801 | +#ifdef HAVE_KRB5_FREE_STRING | |
802 | + krb5_free_string(ctx, val); | |
803 | +#elif HAVE_KRB5_XFREE | |
804 | + (void) krb5_xfree(val); | |
805 | +#endif | |
806 | +} | |
807 | ||
808 | krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_expire_callback( | |
809 | krb5_context context, | |
810 | @@ -800,15 +811,16 @@ cleanup: | |
811 | #endif /* HAVE_KRB5_UNPARSE_NAME_FLAGS */ | |
812 | } | |
813 | ||
814 | -void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts, | |
815 | +void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_context ctx, | |
816 | + krb5_get_init_creds_opt *opts, | |
817 | int canonicalize) | |
818 | { | |
819 | - /* FIXME: The extra check for HAVE_KRB5_TICKET_TIMES is a workaround due to Heimdal | |
820 | - * defining krb5_get_init_creds_opt_set_canonicalize() with a different set of | |
821 | - * arguments. We should use a better configure check in the future. | |
822 | - */ | |
823 | -#if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && defined(HAVE_KRB5_TICKET_TIMES) | |
824 | +#if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && \ | |
825 | + KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 2 | |
826 | krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize); | |
827 | +#elif defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && \ | |
828 | + KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 3 | |
829 | + (void) krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize); | |
830 | #else | |
831 | DEBUG(SSSDBG_OP_FAILURE, ("Kerberos principal canonicalization is not available!\n")); | |
832 | #endif | |
833 | @@ -1063,10 +1075,51 @@ done: | |
834 | KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr); | |
835 | } | |
f74665dc | 836 | } |
dd3b701a JB |
837 | - krb5_free_string(ctx, tmp_ccname); |
838 | + sss_krb5_free_string(ctx, tmp_ccname); | |
839 | ||
840 | return ret_ccname; | |
841 | #else | |
842 | return NULL; | |
843 | #endif /* HAVE_KRB5_CC_COLLECTION */ | |
844 | } | |
845 | + | |
846 | +krb5_error_code KRB5_CALLCONV | |
847 | +sss_krb5_unparse_name_ext(krb5_context ctx, | |
848 | + krb5_const_principal principal, | |
849 | + char **name, | |
850 | + unsigned int *len) | |
851 | +{ | |
852 | + krb5_error_code kerr; | |
853 | + | |
854 | +#ifdef HAVE_KRB5_UNPARSE_NAME_EXT | |
855 | + kerr = krb5_unparse_name_ext(ctx, principal, name, len); | |
856 | +#else | |
857 | + kerr = krb5_unparse_name(ctx, principal, name); | |
858 | + if (kerr == 0 && *name) | |
859 | + *len = strlen(*name); | |
860 | +#endif /* HAVE_KRB5_UNPARSE_NAME_EXT */ | |
861 | + | |
862 | + return kerr; | |
863 | +} | |
864 | + | |
865 | +krb5_error_code KRB5_CALLCONV | |
866 | +sss_krb5_get_time_offsets(krb5_context ctx, | |
867 | + krb5_timestamp *seconds, | |
868 | + int32_t *microseconds) | |
869 | +{ | |
870 | +#if defined(HAVE_KRB5_GET_TIME_OFFSETS) | |
871 | + return krb5_get_time_offsets(ctx, seconds, microseconds); | |
872 | +#elif defined(HAVE_KRB5_GET_KDC_SEC_OFFSET) | |
873 | + int32_t _seconds; | |
874 | + krb5_error_code ret; | |
875 | + | |
876 | + ret = krb5_get_kdc_sec_offset(ctx, &_seconds, microseconds); | |
877 | + *seconds = _seconds; | |
878 | + return ret; | |
879 | +#else | |
880 | + (void) ctx; | |
881 | + *seconds = 0; | |
882 | + *microseconds = 0; | |
883 | + return 0; | |
884 | +#endif | |
885 | +} | |
886 | diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h | |
887 | index db47e0a..c7b9a69 100644 | |
888 | --- a/src/util/sss_krb5.h | |
889 | +++ b/src/util/sss_krb5.h | |
890 | @@ -70,6 +70,8 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context, | |
891 | ||
892 | void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name); | |
893 | ||
894 | +void KRB5_CALLCONV sss_krb5_free_string(krb5_context ctx, char *val); | |
895 | + | |
896 | int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, | |
897 | krb5_context context, krb5_keytab keytab); | |
898 | ||
899 | @@ -136,7 +138,8 @@ krb5_error_code | |
900 | sss_krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, | |
901 | int flags, char **name); | |
902 | ||
903 | -void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts, | |
904 | +void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_context ctx, | |
905 | + krb5_get_init_creds_opt *opts, | |
906 | int canonicalize); | |
907 | ||
908 | enum sss_krb5_cc_type { | |
909 | @@ -167,6 +170,10 @@ typedef krb5_times sss_krb5_ticket_times; | |
910 | /* Redirect libkrb5 tracing towards our DEBUG statements */ | |
911 | errno_t sss_child_set_krb5_tracing(krb5_context ctx); | |
912 | ||
913 | +#ifndef HAVE_KRB5_AUTHDATATYPE | |
914 | +typedef int32_t krb5_authdatatype; | |
915 | +#endif | |
916 | + | |
917 | krb5_error_code sss_krb5_find_authdata(krb5_context context, | |
918 | krb5_authdata *const *ticket_authdata, | |
919 | krb5_authdata *const *ap_req_authdata, | |
920 | @@ -184,4 +191,14 @@ char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx, | |
921 | krb5_context ctx, | |
922 | krb5_principal principal, | |
923 | const char *location); | |
924 | + | |
925 | +krb5_error_code KRB5_CALLCONV | |
926 | +sss_krb5_unparse_name_ext(krb5_context ctx, | |
927 | + krb5_const_principal principal, | |
928 | + char **name, | |
929 | + unsigned int *len); | |
930 | +krb5_error_code KRB5_CALLCONV | |
931 | +sss_krb5_get_time_offsets(krb5_context ctx, | |
932 | + krb5_timestamp *seconds, | |
933 | + int32_t *microseconds); | |
934 | #endif /* __SSS_KRB5_H__ */ | |
bf8e7304 JB |
935 | #--- sssd-1.11.4/src/external/pac_responder.m4.orig 2014-02-17 19:55:32.000000000 +0100 |
936 | #+++ sssd-1.11.4/src/external/pac_responder.m4 2014-03-22 17:59:50.707675270 +0100 | |
937 | #@@ -21,7 +21,8 @@ | |
938 | # Kerberos\ 5\ release\ 1.9* | \ | |
939 | # Kerberos\ 5\ release\ 1.10* | \ | |
940 | # Kerberos\ 5\ release\ 1.11* | \ | |
941 | #- Kerberos\ 5\ release\ 1.12*) | |
942 | #+ Kerberos\ 5\ release\ 1.12* | \ | |
943 | #+ heimdal\ *) | |
944 | # krb5_version_ok=yes | |
945 | # AC_MSG_RESULT([yes]) | |
946 | # ;; |