]> git.pld-linux.org Git - packages/sssd.git/blame - sssd-heimdal.patch
projects / packages / sssd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- rediff patches
[packages/sssd.git] / sssd-heimdal.patch
CommitLineData
ccdb83c2
JR		 1diff -urNp -x '*.orig' sssd-1.13.4.org/src/external/krb5.m4 sssd-1.13.4/src/external/krb5.m4
2--- sssd-1.13.4.org/src/external/krb5.m4 2016-04-13 16:48:41.000000000 +0200
3+++ sssd-1.13.4/src/external/krb5.m4 2021-03-03 21:59:13.332396954 +0100
dd3b701a
JB		 4@@ -37,8 +37,8 @@ SAVE_CFLAGS=$CFLAGS
5 SAVE_LIBS=$LIBS
6 CFLAGS="$CFLAGS $KRB5_CFLAGS"
7 LIBS="$LIBS $KRB5_LIBS"
8-AC_CHECK_HEADERS([krb5.h krb5/krb5.h])
9-AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [],
10+AC_CHECK_HEADERS([krb5.h krb5/krb5.h profile.h])
11+AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info, krb5_authdatatype], [], [],
12 [ #ifdef HAVE_KRB5_KRB5_H
13 #include <krb5/krb5.h>
14 #else
7168e7f9 15@@ -46,6 +46,7 @@ AC_CHECK_TYPES([krb5_ticket_times, krb5_
dd3b701a
JB		 16 #endif
17 ])
18 AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \
19+ krb5_unparse_name_ext \
20 krb5_free_unparsed_name \
21 krb5_get_init_creds_opt_set_expire_callback \
22 krb5_get_init_creds_opt_set_fast_ccache_name \
7168e7f9 23@@ -65,7 +66,28 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_
dd3b701a
JB		 24 krb5_set_trace_callback \
25 krb5_find_authdata \
7168e7f9
JB		 26 krb5_kt_have_content \
27+ krb5_get_kdc_sec_offset \
dd3b701a 28+ krb5_free_string \
7168e7f9
JB		 29+ krb5_xfree \
30 krb5_cc_get_full_name])
dd3b701a
JB		 31+
32+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H
33+ #include <krb5/krb5.h>
34+ #else
35+ #include <krb5.h>
36+ #endif
37+ ]],
38+ [[ krb5_get_init_creds_opt_set_canonicalize(NULL, 0); ]])],
39+ [AC_DEFINE([KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS], [2], [number of arguments])])
40+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H
41+ #include <krb5/krb5.h>
42+ #else
43+ #include <krb5.h>
44+ #endif
45+ ]],
46+ [[ krb5_get_init_creds_opt_set_canonicalize(NULL, NULL, 0); ]])],
47+ [AC_DEFINE([KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS], [3], [number of arguments])])
48+
49 CFLAGS=$SAVE_CFLAGS
50 LIBS=$SAVE_LIBS
7168e7f9 51 CFLAGS="$CFLAGS $KRB5_CFLAGS"
ccdb83c2
JR		 52diff -urNp -x '*.orig' sssd-1.13.4.org/src/krb5_plugin/sssd_krb5_locator_plugin.c sssd-1.13.4/src/krb5_plugin/sssd_krb5_locator_plugin.c
53--- sssd-1.13.4.org/src/krb5_plugin/sssd_krb5_locator_plugin.c 2016-04-13 16:48:41.000000000 +0200
54+++ sssd-1.13.4/src/krb5_plugin/sssd_krb5_locator_plugin.c 2021-03-03 21:59:13.332396954 +0100
55@@ -339,6 +339,7 @@ krb5_error_code sssd_krb5_locator_lookup
dd3b701a
JB		 56 switch (socktype) {
57 case SOCK_STREAM:
58 case SOCK_DGRAM:
59+ case 0: /* any */
f74665dc 60 break;
dd3b701a
JB		 61 default:
62 return KRB5_PLUGIN_NO_HANDLE;
ccdb83c2 63@@ -373,7 +374,7 @@ krb5_error_code sssd_krb5_locator_lookup
dd3b701a
JB		 64 ai->ai_family, ai->ai_socktype));
65
66 if ((family == AF_UNSPEC || ai->ai_family == family) &&
67- ai->ai_socktype == socktype) {
68+ (ai->ai_socktype == socktype || socktype == 0)) {
69
70 ret = cbfunc(cbdata, socktype, ai->ai_addr);
71 if (ret != 0) {
ccdb83c2
JR		 72diff -urNp -x '*.orig' sssd-1.13.4.org/src/providers/ad/ad_common.c sssd-1.13.4/src/providers/ad/ad_common.c
73--- sssd-1.13.4.org/src/providers/ad/ad_common.c 2016-04-13 16:48:41.000000000 +0200
74+++ sssd-1.13.4/src/providers/ad/ad_common.c 2021-03-03 21:59:13.332396954 +0100
75@@ -644,7 +644,7 @@ errno_t
dd3b701a
JB		 76 ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
77 const char *primary_servers,
78 const char *backup_servers,
79- const char *krb5_realm,
80+ const char *krb5_realm_str,
81 const char *ad_service,
82 const char *ad_gc_service,
83 const char *ad_domain,
ccdb83c2 84@@ -704,13 +704,13 @@ ad_failover_init(TALLOC_CTX *mem_ctx, st
dd3b701a
JB		 85 service->sdap->kinit_service_name = service->krb5_service->name;
86 service->gc->kinit_service_name = service->krb5_service->name;
87
88- if (!krb5_realm) {
89+ if (!krb5_realm_str) {
38af2cc5 90 DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm set\n");
dd3b701a
JB		 91 ret = EINVAL;
92 goto done;
93 }
94 service->krb5_service->realm =
95- talloc_strdup(service->krb5_service, krb5_realm);
96+ talloc_strdup(service->krb5_service, krb5_realm_str);
97 if (!service->krb5_service->realm) {
98 ret = ENOMEM;
99 goto done;
ccdb83c2
JR		 100@@ -918,7 +918,7 @@ ad_set_sdap_options(struct ad_options *a
101 struct sdap_options *id_opts)
dd3b701a
JB		 102 {
103 errno_t ret;
104- char *krb5_realm;
105+ char *krb5_realm_str;
106 char *keytab_path;
107
108 /* We only support Kerberos password policy with AD, so
ccdb83c2 109@@ -933,20 +933,20 @@ ad_set_sdap_options(struct ad_options *a
dd3b701a
JB		 110 }
111
112 /* Set the Kerberos Realm for GSSAPI */
113- krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
114- if (!krb5_realm) {
115+ krb5_realm_str = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
116+ if (!krb5_realm_str) {
117 /* Should be impossible, this is set in ad_get_common_options() */
38af2cc5 118 DEBUG(SSSDBG_FATAL_FAILURE, "No Kerberos realm\n");
dd3b701a
JB		 119 ret = EINVAL;
120 goto done;
121 }
122
123- ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm);
124+ ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm_str);
125 if (ret != EOK) goto done;
126 DEBUG(SSSDBG_CONF_SETTINGS,
38af2cc5 127 "Option %s set to %s\n",
dd3b701a 128 id_opts->basic[SDAP_KRB5_REALM].opt_name,
38af2cc5
JB		 129- krb5_realm);
130+ krb5_realm_str);
dd3b701a
JB		 131
132 keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB);
133 if (keytab_path) {
ccdb83c2 134@@ -1137,7 +1137,7 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx,
dd3b701a
JB		 135 errno_t ret;
136 struct dp_option *krb5_options;
137 const char *ad_servers;
138- const char *krb5_realm;
139+ const char *krb5_realm_str;
140
141 TALLOC_CTX *tmp_ctx = talloc_new(NULL);
142 if (!tmp_ctx) return ENOMEM;
ccdb83c2 143@@ -1164,8 +1164,8 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx,
dd3b701a
JB		 144
145 /* Set krb5 realm */
146 /* Set the Kerberos Realm for GSSAPI */
147- krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
148- if (!krb5_realm) {
149+ krb5_realm_str = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
150+ if (!krb5_realm_str) {
151 /* Should be impossible, this is set in ad_get_common_options() */
38af2cc5 152 DEBUG(SSSDBG_FATAL_FAILURE, "No Kerberos realm\n");
dd3b701a 153 ret = EINVAL;
ccdb83c2 154@@ -1175,12 +1175,12 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx,
dd3b701a
JB		 155 /* Force the kerberos realm to match the AD_KRB5_REALM (which may have
156 * been upper-cased in ad_common_options()
157 */
158- ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm);
159+ ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm_str);
160 if (ret != EOK) goto done;
161 DEBUG(SSSDBG_CONF_SETTINGS,
38af2cc5 162 "Option %s set to %s\n",
dd3b701a 163 krb5_options[KRB5_REALM].opt_name,
38af2cc5
JB		 164- krb5_realm);
165+ krb5_realm_str);
dd3b701a
JB		 166
167 /* Set flag that controls whether we want to write the
168 * kdcinfo files at all
ccdb83c2
JR		 169diff -urNp -x '*.orig' sssd-1.13.4.org/src/providers/krb5/krb5_child.c sssd-1.13.4/src/providers/krb5/krb5_child.c
170--- sssd-1.13.4.org/src/providers/krb5/krb5_child.c 2016-04-13 16:48:41.000000000 +0200
171+++ sssd-1.13.4/src/providers/krb5/krb5_child.c 2021-03-03 21:59:13.332396954 +0100
172@@ -136,7 +136,7 @@ static krb5_error_code set_lifetime_opti
38af2cc5
JB		 173 return 0;
174 }
175
176-static void set_canonicalize_option(krb5_get_init_creds_opt *opts)
177+static void set_canonicalize_option(krb5_context ctx, krb5_get_init_creds_opt *opts)
178 {
179 int canonicalize = 0;
180 char *tmp_str;
ccdb83c2 181@@ -147,23 +147,23 @@ static void set_canonicalize_option(krb5
dd3b701a 182 }
38af2cc5
JB		 183 DEBUG(SSSDBG_CONF_SETTINGS, "%s is set to [%s]\n",
184 SSSD_KRB5_CANONICALIZE, tmp_str ? tmp_str : "not set");
185- sss_krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize);
186+ sss_krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize);
187 }
dd3b701a 188
3278078b
JB		 189-static void set_changepw_options(krb5_get_init_creds_opt *options)
190+static void set_changepw_options(krb5_context ctx, krb5_get_init_creds_opt *options)
38af2cc5 191 {
dd3b701a
JB		 192- sss_krb5_get_init_creds_opt_set_canonicalize(options, 0);
193+ sss_krb5_get_init_creds_opt_set_canonicalize(ctx, options, 0);
194 krb5_get_init_creds_opt_set_forwardable(options, 0);
195 krb5_get_init_creds_opt_set_proxiable(options, 0);
196 krb5_get_init_creds_opt_set_renew_life(options, 0);
38af2cc5
JB		 197 krb5_get_init_creds_opt_set_tkt_life(options, 5*60);
198 }
199
200-static void revert_changepw_options(krb5_get_init_creds_opt *options)
201+static void revert_changepw_options(krb5_context ctx, krb5_get_init_creds_opt *options)
202 {
203 krb5_error_code kerr;
204
205- set_canonicalize_option(options);
206+ set_canonicalize_option(ctx, options);
207
208 /* Currently we do not set forwardable and proxiable explicitly, the flags
209 * must be removed so that libkrb5 can take the defaults from krb5.conf */
ccdb83c2 210@@ -177,6 +177,7 @@ static void revert_changepw_options(krb5
dd3b701a
JB		 211 }
212
38af2cc5 213
dd3b701a
JB		 214+#ifdef HAVE_PAC_RESPONDER
215 static errno_t sss_send_pac(krb5_authdata **pac_authdata)
216 {
217 struct sss_cli_req_data sss_data;
ccdb83c2 218@@ -199,6 +200,7 @@ static errno_t sss_send_pac(krb5_authdat
dd3b701a
JB		 219
220 return EOK;
221 }
222+#endif /* HAVE_PAC_RESPONDER */
223
224 static void sss_krb5_expire_callback_func(krb5_context context, void *data,
225 krb5_timestamp password_expiration,
ccdb83c2 226@@ -630,7 +632,8 @@ static krb5_error_code create_empty_cred
dd3b701a
JB		 227 {
228 krb5_error_code kerr;
229 krb5_creds *cred = NULL;
230- krb5_data *krb5_realm;
231+ const char *realm_name;
232+ int realm_length;
233
234 cred = calloc(sizeof(krb5_creds), 1);
235 if (cred == NULL) {
ccdb83c2 236@@ -644,12 +647,12 @@ static krb5_error_code create_empty_cred
dd3b701a
JB		 237 goto done;
238 }
239
240- krb5_realm = krb5_princ_realm(ctx, princ);
241+ sss_krb5_princ_realm(ctx, princ, &realm_name, &realm_length);
242
243 kerr = krb5_build_principal_ext(ctx, &cred->server,
244- krb5_realm->length, krb5_realm->data,
245+ realm_length, realm_name,
246 KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
247- krb5_realm->length, krb5_realm->data, 0);
248+ realm_length, realm_name, 0);
249 if (kerr != 0) {
38af2cc5 250 DEBUG(SSSDBG_CRIT_FAILURE, "krb5_build_principal_ext failed.\n");
dd3b701a 251 goto done;
ccdb83c2 252@@ -987,7 +990,8 @@ static errno_t add_ticket_times_and_upn_
dd3b701a
JB		 253 goto done;
254 }
255
256- kerr = krb5_unparse_name_ext(kr->ctx, kr->creds->client, &upn, &upn_len);
257+ kerr = sss_krb5_unparse_name_ext(kr->ctx, kr->creds->client,
258+ &upn, &upn_len);
259 if (kerr != 0) {
38af2cc5 260 DEBUG(SSSDBG_OP_FAILURE, "krb5_unparse_name failed.\n");
dd3b701a 261 goto done;
ccdb83c2 262@@ -995,7 +999,7 @@ static errno_t add_ticket_times_and_upn_
dd3b701a
JB		 263
264 ret = pam_add_response(kr->pd, SSS_KRB5_INFO_UPN, upn_len,
265 (uint8_t *) upn);
266- krb5_free_unparsed_name(kr->ctx, upn);
267+ sss_krb5_free_unparsed_name(kr->ctx, upn);
268 if (ret != EOK) {
38af2cc5 269 DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n");
dd3b701a 270 goto done;
ccdb83c2 271@@ -1017,7 +1021,9 @@ static krb5_error_code validate_tgt(stru
dd3b701a
JB		 272 krb5_principal validation_princ = NULL;
273 bool realm_entry_found = false;
274 krb5_ccache validation_ccache = NULL;
275+#ifdef HAVE_PAC_RESPONDER
276 krb5_authdata **pac_authdata = NULL;
277+#endif
278
279 memset(&keytab, 0, sizeof(keytab));
280 kerr = krb5_kt_resolve(kr->ctx, kr->keytab, &keytab);
ccdb83c2 281@@ -1111,6 +1117,7 @@ static krb5_error_code validate_tgt(stru
dd3b701a
JB		 282 goto done;
283 }
284
285+#ifdef HAVE_PAC_RESPONDER
286 /* Try to find and send the PAC to the PAC responder.
287 * Failures are not critical. */
288 if (kr->send_pac) {
ccdb83c2 289@@ -1133,6 +1140,7 @@ static krb5_error_code validate_tgt(stru
dd3b701a 290 kerr = 0;
f74665dc 291 }
dd3b701a
JB		 292 }
293+#endif /* HAVE_PAC_RESPONDER */
294
295 done:
296 if (validation_ccache != NULL) {
ccdb83c2 297@@ -1168,7 +1176,7 @@ static krb5_error_code get_and_save_tgt_
dd3b701a
JB		 298 krb5_get_init_creds_opt_set_address_list(&options, NULL);
299 krb5_get_init_creds_opt_set_forwardable(&options, 0);
300 krb5_get_init_creds_opt_set_proxiable(&options, 0);
38af2cc5
JB		 301- set_canonicalize_option(&options);
302+ set_canonicalize_option(ctx, &options);
f74665dc 303
dd3b701a
JB		 304 kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL,
305 &options);
ccdb83c2 306@@ -1382,7 +1390,7 @@ static errno_t changepw_child(struct krb
3278078b
JB		 307 prompter = sss_krb5_prompter;
308 }
309
310- set_changepw_options(kr->options);
311+ set_changepw_options(kr->ctx, kr->options);
312 sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length);
7168e7f9
JB		 313 if (realm_length == 0) {
314 DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_princ_realm failed.\n");
ccdb83c2 315@@ -1434,9 +1442,9 @@ static errno_t changepw_child(struct krb
dd3b701a
JB		 316
317 memset(&result_code_string, 0, sizeof(krb5_data));
318 memset(&result_string, 0, sizeof(krb5_data));
319- kerr = krb5_change_password(kr->ctx, kr->creds,
320- discard_const(newpassword), &result_code,
321- &result_code_string, &result_string);
322+ kerr = krb5_set_password(kr->ctx, kr->creds,
323+ discard_const(newpassword), NULL,
324+ &result_code, &result_code_string, &result_string);
325
326 if (kerr == KRB5_KDC_UNREACH) {
327 return ERR_NETWORK_IO;
ccdb83c2 328@@ -1450,7 +1458,7 @@ static errno_t changepw_child(struct krb
dd3b701a 329 if (result_code_string.length > 0) {
38af2cc5
JB		 330 DEBUG(SSSDBG_CRIT_FAILURE,
331 "krb5_change_password failed [%d][%.*s].\n", result_code,
332- result_code_string.length, result_code_string.data);
333+ (int) result_code_string.length, (char *) result_code_string.data);
dd3b701a
JB		 334 user_error_message = talloc_strndup(kr->pd, result_code_string.data,
335 result_code_string.length);
336 if (user_error_message == NULL) {
ccdb83c2 337@@ -1458,10 +1466,10 @@ static errno_t changepw_child(struct krb
dd3b701a 338 }
f74665dc 339 }
dd3b701a
JB		 340
341- if (result_string.length > 0 && result_string.data[0] != '\0') {
38af2cc5
JB		 342+ if (result_string.length > 0 && ((char *) result_string.data)[0] != '\0') {
343 DEBUG(SSSDBG_CRIT_FAILURE,
344 "krb5_change_password failed [%d][%.*s].\n", result_code,
345- result_string.length, result_string.data);
346+ (int) result_string.length, (char *) result_string.data);
dd3b701a
JB		 347 talloc_free(user_error_message);
348 user_error_message = talloc_strndup(kr->pd, result_string.data,
349 result_string.length);
ccdb83c2 350@@ -1512,7 +1520,7 @@ static errno_t changepw_child(struct krb
38af2cc5
JB		 351
352 /* We changed some of the gic options for the password change, now we have
353 * to change them back to get a fresh TGT. */
354- revert_changepw_options(kr->options);
355+ revert_changepw_options(kr->ctx, kr->options);
356
357 kerr = get_and_save_tgt(kr, newpassword);
358
ccdb83c2 359@@ -1583,7 +1591,7 @@ static errno_t tgt_req_child(struct krb5
3278078b
JB		 360 "Failed to unset expire callback, continue ...\n");
361 }
362
363- set_changepw_options(kr->options);
364+ set_changepw_options(kr->ctx, kr->options);
365 kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ,
366 discard_const(password),
367 sss_krb5_prompter, kr, 0,
ccdb83c2 368@@ -2166,7 +2174,8 @@ static errno_t k5c_recv_data(struct krb5
38af2cc5 369 static int k5c_setup_fast(struct krb5_req *kr, bool demand)
f74665dc 370 {
dd3b701a
JB		 371 krb5_principal fast_princ_struct;
372- krb5_data *realm_data;
373+ const char *realm_name;
374+ int realm_length;
375 char *fast_principal_realm;
376 char *fast_principal;
f74665dc 377 krb5_error_code kerr;
ccdb83c2 378@@ -2195,8 +2204,11 @@ static int k5c_setup_fast(struct krb5_re
dd3b701a
JB		 379 return KRB5KRB_ERR_GENERIC;
380 }
381 free(tmp_str);
382- realm_data = krb5_princ_realm(kr->ctx, fast_princ_struct);
383- fast_principal_realm = talloc_asprintf(kr, "%.*s", realm_data->length, realm_data->data);
384+ sss_krb5_princ_realm(kr->ctx, fast_princ_struct,
385+ &realm_name, &realm_length);
386+
387+ fast_principal_realm = talloc_asprintf(kr, "%.*s",
388+ realm_length, realm_name);
389 if (!fast_principal_realm) {
38af2cc5 390 DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
dd3b701a 391 return ENOMEM;
ccdb83c2 392@@ -2482,7 +2494,7 @@ static int k5c_setup(struct krb5_req *kr
dd3b701a
JB		 393 }
394
395 if (!offline) {
38af2cc5
JB		 396- set_canonicalize_option(kr->options);
397+ set_canonicalize_option(kr->ctx, kr->options);
7168e7f9 398 }
dd3b701a 399
7168e7f9 400 /* TODO: set options, e.g.
ccdb83c2
JR		 401diff -urNp -x '*.orig' sssd-1.13.4.org/src/providers/krb5/krb5_common.c sssd-1.13.4/src/providers/krb5/krb5_common.c
402--- sssd-1.13.4.org/src/providers/krb5/krb5_common.c 2016-04-13 16:48:41.000000000 +0200
403+++ sssd-1.13.4/src/providers/krb5/krb5_common.c 2021-03-03 21:59:13.332396954 +0100
dd3b701a
JB		 404@@ -33,7 +33,7 @@
405 #include "providers/krb5/krb5_opts.h"
406 #include "providers/krb5/krb5_utils.h"
407
408-#ifdef HAVE_KRB5_CC_COLLECTION
409+#ifdef HAVE_PROFILE_H
410 /* krb5 profile functions */
411 #include <profile.h>
412 #endif
413@@ -91,7 +91,7 @@ done:
414 return ret;
415 }
416
417-#ifdef HAVE_KRB5_CC_COLLECTION
418+#ifdef HAVE_PROFILE_H
419 /* source default_ccache_name from krb5.conf */
420 static errno_t sss_get_system_ccname_template(TALLOC_CTX *mem_ctx,
421 char **ccname)
ccdb83c2 422@@ -921,7 +921,7 @@ errno_t krb5_install_offline_callback(st
dd3b701a
JB		 423 {
424 int ret;
425 struct remove_info_files_ctx *ctx;
426- const char *krb5_realm;
427+ const char *krb5_realm_str;
428
429 if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) {
38af2cc5 430 DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name!\n");
ccdb83c2 431@@ -934,14 +934,14 @@ errno_t krb5_install_offline_callback(st
dd3b701a
JB		 432 return ENOMEM;
433 }
434
435- krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
436- if (krb5_realm == NULL) {
437+ krb5_realm_str = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
438+ if (krb5_realm_str == NULL) {
38af2cc5 439 DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
dd3b701a
JB		 440 ret = EINVAL;
441 goto done;
442 }
443
444- ctx->realm = talloc_strdup(ctx, krb5_realm);
445+ ctx->realm = talloc_strdup(ctx, krb5_realm_str);
446 if (ctx->realm == NULL) {
38af2cc5 447 DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
dd3b701a 448 ret = ENOMEM;
ccdb83c2 449@@ -976,19 +976,19 @@ done:
dd3b701a
JB		 450 errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
451 struct krb5_ctx *krb5_ctx)
452 {
453- const char *krb5_realm;
454+ const char *krb5_realm_str;
455 char *sig_realm;
456 struct tevent_signal *sige;
457
458 BlockSignals(false, SIGTERM);
459
460- krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
461- if (krb5_realm == NULL) {
462+ krb5_realm_str = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
463+ if (krb5_realm_str == NULL) {
38af2cc5 464 DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
dd3b701a
JB		 465 return EINVAL;
466 }
467
468- sig_realm = talloc_strdup(krb5_ctx, krb5_realm);
469+ sig_realm = talloc_strdup(krb5_ctx, krb5_realm_str);
470 if (sig_realm == NULL) {
38af2cc5 471 DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
dd3b701a 472 return ENOMEM;
ccdb83c2
JR		 473diff -urNp -x '*.orig' sssd-1.13.4.org/src/providers/krb5/krb5_init.c sssd-1.13.4/src/providers/krb5/krb5_init.c
474--- sssd-1.13.4.org/src/providers/krb5/krb5_init.c 2016-04-13 16:48:41.000000000 +0200
475+++ sssd-1.13.4/src/providers/krb5/krb5_init.c 2021-03-03 21:59:13.332396954 +0100
38af2cc5 476@@ -64,7 +64,7 @@ int sssm_krb5_auth_init(struct be_ctx *b
dd3b701a
JB		 477 const char *krb5_backup_servers;
478 const char *krb5_kpasswd_servers;
479 const char *krb5_backup_kpasswd_servers;
480- const char *krb5_realm;
481+ const char *krb5_realm_str;
482 const char *errstr;
483 int errval;
484 int errpos;
38af2cc5 485@@ -103,15 +103,15 @@ int sssm_krb5_auth_init(struct be_ctx *b
dd3b701a
JB		 486 krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC);
487 krb5_backup_servers = dp_opt_get_string(ctx->opts, KRB5_BACKUP_KDC);
488
489- krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM);
490- if (krb5_realm == NULL) {
491+ krb5_realm_str = dp_opt_get_string(ctx->opts, KRB5_REALM);
492+ if (krb5_realm_str == NULL) {
38af2cc5 493 DEBUG(SSSDBG_FATAL_FAILURE, "Missing krb5_realm option!\n");
dd3b701a
JB		 494 return EINVAL;
495 }
496
497 ret = krb5_service_init(ctx, bectx,
498 SSS_KRB5KDC_FO_SRV, krb5_servers,
499- krb5_backup_servers, krb5_realm,
500+ krb5_backup_servers, krb5_realm_str,
501 dp_opt_get_bool(krb5_options->opts,
502 KRB5_USE_KDCINFO),
503 &ctx->service);
38af2cc5 504@@ -138,7 +138,7 @@ int sssm_krb5_auth_init(struct be_ctx *b
dd3b701a
JB		 505 } else {
506 ret = krb5_service_init(ctx, bectx,
507 SSS_KRB5KPASSWD_FO_SRV, krb5_kpasswd_servers,
508- krb5_backup_kpasswd_servers, krb5_realm,
509+ krb5_backup_kpasswd_servers, krb5_realm_str,
510 dp_opt_get_bool(krb5_options->opts,
511 KRB5_USE_KDCINFO),
512 &ctx->kpasswd_service);
ccdb83c2
JR		 513diff -urNp -x '*.orig' sssd-1.13.4.org/src/providers/krb5/krb5_keytab.c sssd-1.13.4/src/providers/krb5/krb5_keytab.c
514--- sssd-1.13.4.org/src/providers/krb5/krb5_keytab.c 2016-04-13 16:48:41.000000000 +0200
515+++ sssd-1.13.4/src/providers/krb5/krb5_keytab.c 2021-03-03 21:59:13.332396954 +0100
516@@ -85,6 +85,10 @@ static krb5_error_code do_keytab_copy(kr
517 return 0;
518 }
519
520+#ifndef MAX_KEYTAB_NAME_LEN
521+#define MAX_KEYTAB_NAME_LEN 1100
522+#endif
523+
524 krb5_error_code copy_keytab_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx,
525 const char *inp_keytab_file,
526 char **_mem_name,
527diff -urNp -x '*.orig' sssd-1.13.4.org/src/providers/ldap/ldap_child.c sssd-1.13.4/src/providers/ldap/ldap_child.c
528--- sssd-1.13.4.org/src/providers/ldap/ldap_child.c 2016-04-13 16:48:41.000000000 +0200
529+++ sssd-1.13.4/src/providers/ldap/ldap_child.c 2021-03-03 21:59:13.332396954 +0100
7168e7f9 530@@ -99,7 +99,7 @@ static errno_t unpack_buffer(uint8_t *bu
dd3b701a
JB		 531
532 /* ticket lifetime */
7168e7f9
JB		 533 SAFEALIGN_COPY_UINT32_CHECK(&ibuf->lifetime, buf + p, size, &p);
534- DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %u\n", ibuf->lifetime);
535+ DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %ld\n", (long)(ibuf->lifetime));
dd3b701a 536
7168e7f9
JB		 537 /* UID and GID to run as */
538 SAFEALIGN_COPY_UINT32_CHECK(&ibuf->uid, buf + p, size, &p);
ccdb83c2 539@@ -384,7 +384,8 @@ static krb5_error_code ldap_child_get_tg
38af2cc5 540 DEBUG(SSSDBG_CONF_SETTINGS, "Will canonicalize principals\n");
dd3b701a
JB		 541 canonicalize = 1;
542 }
543- sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize);
544+ sss_krb5_get_init_creds_opt_set_canonicalize(context,
545+ &options, canonicalize);
546
7168e7f9
JB		 547 ccname_file = talloc_asprintf(tmp_ctx, "%s/ccache_%s",
548 DB_PATH, realm_name);
ccdb83c2 549@@ -463,8 +464,7 @@ static krb5_error_code ldap_child_get_tg
dd3b701a 550 }
38af2cc5 551 DEBUG(SSSDBG_TRACE_INTERNAL, "credentials stored\n");
dd3b701a
JB		 552
553-#ifdef HAVE_KRB5_GET_TIME_OFFSETS
554- krberr = krb5_get_time_offsets(context, &kdc_time_offset,
555+ krberr = sss_krb5_get_time_offsets(context, &kdc_time_offset,
556 &kdc_time_offset_usec);
557 if (krberr) {
38af2cc5 558 DEBUG(SSSDBG_OP_FAILURE, "Failed to get KDC time offset: %s\n",
ccdb83c2 559@@ -476,10 +476,6 @@ static krb5_error_code ldap_child_get_tg
dd3b701a
JB		 560 }
561 }
38af2cc5 562 DEBUG(SSSDBG_TRACE_INTERNAL, "Got KDC time offset\n");
dd3b701a
JB		 563-#else
564- /* If we don't have this function, just assume no offset */
565- kdc_time_offset = 0;
566-#endif
f74665dc 567
7168e7f9
JB		 568 DEBUG(SSSDBG_TRACE_INTERNAL,
569 "Renaming [%s] to [%s]\n", ccname_file_dummy, ccname_file);
ccdb83c2
JR		 570diff -urNp -x '*.orig' sssd-1.13.4.org/src/providers/ldap/ldap_common.c sssd-1.13.4/src/providers/ldap/ldap_common.c
571--- sssd-1.13.4.org/src/providers/ldap/ldap_common.c 2016-04-13 16:48:41.000000000 +0200
572+++ sssd-1.13.4/src/providers/ldap/ldap_common.c 2021-03-03 21:59:13.332396954 +0100
573@@ -363,7 +363,7 @@ done:
dd3b701a
JB		 574 static const char *
575 sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx)
576 {
577- char *krb5_realm = NULL;
578+ char *krb5_realm_str = NULL;
579 const char *realm = NULL;
580 krb5_error_code krberr;
581 krb5_context context = NULL;
ccdb83c2 582@@ -374,15 +374,15 @@ sdap_gssapi_get_default_realm(TALLOC_CTX
dd3b701a
JB		 583 goto done;
584 }
f74665dc 585
dd3b701a
JB		 586- krberr = krb5_get_default_realm(context, &krb5_realm);
587+ krberr = krb5_get_default_realm(context, &krb5_realm_str);
588 if (krberr) {
38af2cc5
JB		 589 DEBUG(SSSDBG_OP_FAILURE, "Failed to get default realm name: %s\n",
590 sss_krb5_get_error_message(context, krberr));
dd3b701a
JB		 591 goto done;
592 }
593
594- realm = talloc_strdup(mem_ctx, krb5_realm);
595- krb5_free_default_realm(context, krb5_realm);
596+ realm = talloc_strdup(mem_ctx, krb5_realm_str);
597+ krb5_free_default_realm(context, krb5_realm_str);
598 if (!realm) {
38af2cc5 599 DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory\n");
dd3b701a 600 goto done;
ccdb83c2 601@@ -415,7 +415,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx
dd3b701a
JB		 602 int ret;
603 const char *krb5_servers;
604 const char *krb5_backup_servers;
605- const char *krb5_realm;
606+ const char *krb5_realm_str;
607 const char *krb5_opt_realm;
608 struct krb5_service *service = NULL;
609 TALLOC_CTX *tmp_ctx;
ccdb83c2 610@@ -430,16 +430,16 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx
dd3b701a 611 if (krb5_opt_realm == NULL) {
38af2cc5
JB		 612 DEBUG(SSSDBG_OP_FAILURE,
613 "Missing krb5_realm option, will use libkrb default\n");
dd3b701a
JB		 614- krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx);
615- if (krb5_realm == NULL) {
616+ krb5_realm_str = sdap_gssapi_get_default_realm(tmp_ctx);
617+ if (krb5_realm_str == NULL) {
38af2cc5
JB		 618 DEBUG(SSSDBG_FATAL_FAILURE,
619 "Cannot determine the Kerberos realm, aborting\n");
dd3b701a
JB		 620 ret = EIO;
621 goto done;
f74665dc 622 }
dd3b701a
JB		 623 } else {
624- krb5_realm = talloc_strdup(tmp_ctx, krb5_opt_realm);
625- if (krb5_realm == NULL) {
626+ krb5_realm_str = talloc_strdup(tmp_ctx, krb5_opt_realm);
627+ if (krb5_realm_str == NULL) {
628 ret = ENOMEM;
629 goto done;
f74665dc 630 }
ccdb83c2 631@@ -447,7 +447,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx
f74665dc 632
dd3b701a
JB		 633 ret = krb5_service_init(mem_ctx, bectx,
634 SSS_KRB5KDC_FO_SRV, krb5_servers,
635- krb5_backup_servers, krb5_realm,
636+ krb5_backup_servers, krb5_realm_str,
637 dp_opt_get_bool(opts,
638 SDAP_KRB5_USE_KDCINFO),
639 &service);
ccdb83c2 640@@ -456,14 +456,14 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx
dd3b701a
JB		 641 goto done;
642 }
643
644- ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm);
645+ ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm_str);
646 if (ret != EOK) {
38af2cc5 647 DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n");
dd3b701a
JB		 648 goto done;
649 }
650
651 ret = sdap_install_offline_callback(mem_ctx, bectx,
652- krb5_realm, SSS_KRB5KDC_FO_SRV);
653+ krb5_realm_str, SSS_KRB5KDC_FO_SRV);
654 if (ret != EOK) {
38af2cc5 655 DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n");
dd3b701a 656 goto done;
ccdb83c2
JR		 657diff -urNp -x '*.orig' sssd-1.13.4.org/src/tests/krb5_child-test.c sssd-1.13.4/src/tests/krb5_child-test.c
658--- sssd-1.13.4.org/src/tests/krb5_child-test.c 2016-04-13 16:48:41.000000000 +0200
659+++ sssd-1.13.4/src/tests/krb5_child-test.c 2021-03-03 21:59:13.332396954 +0100
660@@ -283,17 +283,17 @@ child_done(struct tevent_req *req)
dd3b701a
JB		 661 static void
662 printtime(krb5_timestamp ts)
663 {
664+#ifdef HAVE_KRB5_TIMESTAMP_TO_SFSTRING
665 krb5_error_code kret;
666 char timestring[BUFSIZ];
667 char fill = '\0';
668
669-#ifdef HAVE_KRB5_TIMESTAMP_TO_SFSTRING
670 kret = krb5_timestamp_to_sfstring(ts, timestring, BUFSIZ, &fill);
671 if (kret) {
672 KRB5_CHILD_TEST_DEBUG(SSSDBG_OP_FAILURE, kret);
673 }
674 printf("%s", timestring);
675-#else
676+#elif defined(HAVE_KRB5_FORMAT_TIME)
677 printf("%s", ctime(&ts));
678 #endif /* HAVE_KRB5_TIMESTAMP_TO_SFSTRING */
679 }
ccdb83c2 680@@ -326,8 +326,8 @@ print_creds(krb5_context kcontext, krb5_
dd3b701a 681 }
f74665dc 682
683 done:
dd3b701a
JB		 684- krb5_free_unparsed_name(kcontext, name);
685- krb5_free_unparsed_name(kcontext, sname);
686+ sss_krb5_free_unparsed_name(kcontext, name);
687+ sss_krb5_free_unparsed_name(kcontext, sname);
688 }
689
690 static errno_t
ccdb83c2 691@@ -374,7 +374,7 @@ print_ccache(const char *cc)
dd3b701a
JB		 692 ret = EOK;
693 done:
694 krb5_cc_close(kcontext, cache);
695- krb5_free_unparsed_name(kcontext, defname);
696+ sss_krb5_free_unparsed_name(kcontext, defname);
697 krb5_free_principal(kcontext, princ);
698 krb5_free_context(kcontext);
699 return ret;
ccdb83c2
JR		 700diff -urNp -x '*.orig' sssd-1.13.4.org/src/util/sss_krb5.c sssd-1.13.4/src/util/sss_krb5.c
701--- sssd-1.13.4.org/src/util/sss_krb5.c 2016-04-13 16:48:41.000000000 +0200
702+++ sssd-1.13.4/src/util/sss_krb5.c 2021-03-03 21:59:13.332396954 +0100
66c0dc33
JB		 703@@ -20,7 +20,9 @@
704 #include <stdio.h>
705 #include <errno.h>
706 #include <talloc.h>
707+#ifdef HAVE_PROFILE_H
708 #include <profile.h>
709+#endif
710
711 #include "config.h"
712
ccdb83c2 713@@ -485,7 +487,9 @@ void KRB5_CALLCONV sss_krb5_get_init_cre
dd3b701a
JB		 714
715 void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name)
716 {
717-#ifdef HAVE_KRB5_FREE_UNPARSED_NAME
718+#ifdef HAVE_KRB5_XFREE
719+ krb5_xfree(name);
720+#elif HAVE_KRB5_FREE_UNPARSED_NAME
721 krb5_free_unparsed_name(context, name);
722 #else
723 if (name != NULL) {
ccdb83c2 724@@ -495,6 +499,15 @@ void KRB5_CALLCONV sss_krb5_free_unparse
dd3b701a
JB		 725 #endif
726 }
727
728+void KRB5_CALLCONV sss_krb5_free_string(krb5_context ctx, char *val)
729+{
730+/* TODO: ensure at least on is available in krb5.m4 */
731+#ifdef HAVE_KRB5_FREE_STRING
732+ krb5_free_string(ctx, val);
733+#elif HAVE_KRB5_XFREE
734+ (void) krb5_xfree(val);
735+#endif
736+}
737
738 krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_expire_callback(
739 krb5_context context,
ccdb83c2 740@@ -753,15 +766,16 @@ cleanup:
dd3b701a
JB		 741 #endif /* HAVE_KRB5_UNPARSE_NAME_FLAGS */
742 }
743
744-void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts,
745+void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_context ctx,
746+ krb5_get_init_creds_opt *opts,
747 int canonicalize)
748 {
749- /* FIXME: The extra check for HAVE_KRB5_TICKET_TIMES is a workaround due to Heimdal
750- * defining krb5_get_init_creds_opt_set_canonicalize() with a different set of
751- * arguments. We should use a better configure check in the future.
752- */
753-#if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && defined(HAVE_KRB5_TICKET_TIMES)
754+#if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && \
755+ KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 2
756 krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize);
757+#elif defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && \
758+ KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 3
759+ (void) krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize);
760 #else
7168e7f9 761 DEBUG(SSSDBG_OP_FAILURE, "Kerberos principal canonicalization is not available!\n");
dd3b701a 762 #endif
ccdb83c2 763@@ -1023,7 +1037,7 @@ done:
dd3b701a
JB		 764 KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
765 }
f74665dc 766 }
dd3b701a
JB		 767- krb5_free_string(ctx, tmp_ccname);
768+ sss_krb5_free_string(ctx, tmp_ccname);
769
770 return ret_ccname;
771 #else
ccdb83c2 772@@ -1076,6 +1090,7 @@ krb5_error_code sss_krb5_kt_have_content
66c0dc33
JB		 773
774 bool sss_krb5_realm_has_proxy(const char *realm)
775 {
776+#ifdef HAVE_PROFILE_H
777 krb5_context context = NULL;
778 krb5_error_code kerr;
779 struct _profile_t *profile = NULL;
ccdb83c2 780@@ -1128,4 +1143,48 @@ done:
66c0dc33
JB		 781 krb5_free_context(context);
782
783 return res;
784+#else
785+ return false;
786+#endif
787+}
dd3b701a
JB		 788+
789+krb5_error_code KRB5_CALLCONV
790+sss_krb5_unparse_name_ext(krb5_context ctx,
791+ krb5_const_principal principal,
792+ char **name,
793+ unsigned int *len)
794+{
795+ krb5_error_code kerr;
796+
797+#ifdef HAVE_KRB5_UNPARSE_NAME_EXT
798+ kerr = krb5_unparse_name_ext(ctx, principal, name, len);
799+#else
800+ kerr = krb5_unparse_name(ctx, principal, name);
801+ if (kerr == 0 && *name)
802+ *len = strlen(*name);
803+#endif /* HAVE_KRB5_UNPARSE_NAME_EXT */
804+
805+ return kerr;
806+}
807+
808+krb5_error_code KRB5_CALLCONV
809+sss_krb5_get_time_offsets(krb5_context ctx,
810+ krb5_timestamp *seconds,
811+ int32_t *microseconds)
812+{
813+#if defined(HAVE_KRB5_GET_TIME_OFFSETS)
814+ return krb5_get_time_offsets(ctx, seconds, microseconds);
815+#elif defined(HAVE_KRB5_GET_KDC_SEC_OFFSET)
816+ int32_t _seconds;
817+ krb5_error_code ret;
818+
819+ ret = krb5_get_kdc_sec_offset(ctx, &_seconds, microseconds);
820+ *seconds = _seconds;
821+ return ret;
822+#else
823+ (void) ctx;
824+ *seconds = 0;
825+ *microseconds = 0;
826+ return 0;
827+#endif
66c0dc33 828 }
ccdb83c2
JR		 829diff -urNp -x '*.orig' sssd-1.13.4.org/src/util/sss_krb5.h sssd-1.13.4/src/util/sss_krb5.h
830--- sssd-1.13.4.org/src/util/sss_krb5.h 2016-04-13 16:48:41.000000000 +0200
831+++ sssd-1.13.4/src/util/sss_krb5.h 2021-03-03 21:59:13.332396954 +0100
7168e7f9 832@@ -70,6 +70,8 @@ void KRB5_CALLCONV sss_krb5_get_init_cre
dd3b701a
JB		 833
834 void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name);
835
836+void KRB5_CALLCONV sss_krb5_free_string(krb5_context ctx, char *val);
837+
7168e7f9
JB		 838 krb5_error_code find_principal_in_keytab(krb5_context ctx,
839 krb5_keytab keytab,
840 const char *pattern_primary,
841@@ -133,7 +135,8 @@ krb5_error_code
dd3b701a
JB		 842 sss_krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal,
843 int flags, char **name);
844
845-void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts,
846+void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_context ctx,
847+ krb5_get_init_creds_opt *opts,
848 int canonicalize);
849
850 enum sss_krb5_cc_type {
7168e7f9 851@@ -164,6 +167,10 @@ typedef krb5_times sss_krb5_ticket_times
dd3b701a
JB		 852 /* Redirect libkrb5 tracing towards our DEBUG statements */
853 errno_t sss_child_set_krb5_tracing(krb5_context ctx);
854
855+#ifndef HAVE_KRB5_AUTHDATATYPE
856+typedef int32_t krb5_authdatatype;
857+#endif
858+
859 krb5_error_code sss_krb5_find_authdata(krb5_context context,
860 krb5_authdata *const *ticket_authdata,
861 krb5_authdata *const *ap_req_authdata,
ccdb83c2 862@@ -186,4 +193,14 @@ krb5_error_code sss_krb5_kt_have_content
7168e7f9 863 krb5_keytab keytab);
e1f3ee2a
ER		 864
865 bool sss_krb5_realm_has_proxy(const char *realm);
dd3b701a
JB		 866+
867+krb5_error_code KRB5_CALLCONV
868+sss_krb5_unparse_name_ext(krb5_context ctx,
869+ krb5_const_principal principal,
870+ char **name,
871+ unsigned int *len);
872+krb5_error_code KRB5_CALLCONV
873+sss_krb5_get_time_offsets(krb5_context ctx,
874+ krb5_timestamp *seconds,
875+ int32_t *microseconds);
876 #endif /* __SSS_KRB5_H__ */
System Security Services Daemon
This page took 0.204385 seconds and 4 git commands to generate.