s3: not use as-needed by default and auto use if enable-developer is active

[samba.git] / source3 / libsmb / clikrb5.c

diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 0d79ea706329ac987a3f8a3497399a95ab4213a2..68b45d89089be3245bb878d981f43af4b7a4e3a3 100644 (file)
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -828,9 +828,10 @@ cleanup_princ:
 /*
   get a kerberos5 ticket for the given service
 */
-int cli_krb5_get_ticket(const char *principal, time_t time_offset,
+int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
+                       const char *principal, time_t time_offset,
                        DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
-                       uint32 extra_ap_opts, const char *ccname,
+                       uint32_t extra_ap_opts, const char *ccname,
                        time_t *tgs_expire,
                        const char *impersonate_princ_s)
 
@@ -881,10 +882,10 @@ int cli_krb5_get_ticket(const char *principal, time_t time_offset,
                goto failed;
        }
 
-       get_krb5_smb_session_key(context, auth_context,
-                                session_key_krb5, False);
+       get_krb5_smb_session_key(mem_ctx, context, auth_context,
+                                session_key_krb5, false);
 
-       *ticket = data_blob(packet.data, packet.length);
+       *ticket = data_blob_talloc(mem_ctx, packet.data, packet.length);
 
        kerberos_free_data_contents(context, &packet);
 
@@ -901,16 +902,21 @@ failed:
        return retval;
 }
 
- bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote)
- {
+bool get_krb5_smb_session_key(TALLOC_CTX *mem_ctx,
+                             krb5_context context,
+                             krb5_auth_context auth_context,
+                             DATA_BLOB *session_key, bool remote)
+{
        krb5_keyblock *skey = NULL;
        krb5_error_code err = 0;
        bool ret = false;
 
        if (remote) {
-               err = krb5_auth_con_getremotesubkey(context, auth_context, &skey);
+               err = krb5_auth_con_getremotesubkey(context,
+                                                   auth_context, &skey);
        } else {
-               err = krb5_auth_con_getlocalsubkey(context, auth_context, &skey);
+               err = krb5_auth_con_getlocalsubkey(context,
+                                                  auth_context, &skey);
        }
 
        if (err || skey == NULL) {
@@ -918,19 +924,25 @@ failed:
                goto done;
        }
 
-       DEBUG(10, ("Got KRB5 session key of length %d\n",  (int)KRB5_KEY_LENGTH(skey)));
-       *session_key = data_blob(KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey));
-       dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length);
+       DEBUG(10, ("Got KRB5 session key of length %d\n",
+                  (int)KRB5_KEY_LENGTH(skey)));
+
+       *session_key = data_blob_talloc(mem_ctx,
+                                        KRB5_KEY_DATA(skey),
+                                        KRB5_KEY_LENGTH(skey));
+       dump_data_pw("KRB5 Session Key:\n",
+                    session_key->data,
+                    session_key->length);
 
        ret = true;
 
- done:
+done:
        if (skey) {
                krb5_free_keyblock(context, skey);
        }
 
        return ret;
- }
+}
 
 
 #if defined(HAVE_KRB5_PRINCIPAL_GET_COMP_STRING) && !defined(HAVE_KRB5_PRINC_COMPONENT)
@@ -2270,8 +2282,10 @@ char *smb_krb5_principal_get_realm(krb5_context context,
 
 #else /* HAVE_KRB5 */
  /* this saves a few linking headaches */
- int cli_krb5_get_ticket(const char *principal, time_t time_offset, 
-                       DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts,
+ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
+                       const char *principal, time_t time_offset,
+                       DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
+                       uint32_t extra_ap_opts,
                        const char *ccname, time_t *tgs_expire,
                        const char *impersonate_princ_s)
 {